Ports Circuits and Tunnels Configuration Guide

Ports, Circuits, and Tunnels Configuration Guide
SmartEdge OS
Release 5.0.3 Part Number 220-0580-01
Corporate Headquarters Redback Networks Inc. 300 Holger Way San Jose, CA 95134-1362 USA http://www.redback.com Tel: +1 408 750 5000
19982005, Redback Networks Inc. All rights reserved. Redback and SmartEdge are trademarks registered at the U.S. Patent & Trademark Office and in other countries. AOS, NetOp, SMS, and User Intelligent Networks are trademarks or service marks of Redback Networks Inc. All other products or services mentioned are the trademarks, service marks, registered trademarks or registered service marks of their respective owners. All rights in copyright are reserved to the copyright owner. Company and product names are trademarks or registered trademarks of their respective owners. Neither the name of any third party software developer nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission of such third party.
Rights and Restrictions

All statements, specifications, recommendations, and technical information contained are current or planned as of the date of publication of this document. They are reliable as of the time of this writing and are presented without warranty of any kind, expressed or implied. In an effort to continuously improve the product and add features, Redback Networks Inc. ("Redback") reserves the right to change any specifications contained in this document without prior notice of any kind. Redback shall not be liable for technical or editorial errors or omissions which may occur in this document. Redback shall not be liable for any indirect, special, incidental or consequential damages resulting from the furnishing, performance, or use of this document.
Third Party Software

The following third party software may be included with this Software and is subject to the following terms and conditions: The OpenLDAP Version 2.0.1 1999 The OpenLDAP Foundation; OpenSymphony Software License, Version 1.1 2001-2004 The OpenSymphony Group; TOAD 2004 Quest Software, Inc.; NuSOAP Web Services Toolkit for PHP 2002 NuSphere Corporation; The PHP License, versions 2.02 and 3.0 1999 - 2002 The PHP Group; The OpenSSL toolkit Copyright 1998-2003 The OpenSSL Project; Apache HTTP 2000 The Apache Software Foundation; Java 2003 Sun Microsystems, Inc.; ISC Dhcpd 3.0pl2 1995, 1996, 1997, 1998, 1999 Internet Software Consortium - DHCP; IpFilter 2003 Darren Reed; Perl Kit 1989-1999 Larry Wall; SNMP Monolithic Agent 2002 SNMP Research International, Inc.; VxWorks 1984-2000, Wind River Systems, Inc.; Point-to-Point Protocol (PPP) 1989, Carnegie-Mellon University; Dynamic Host Configuration Protocol (DHCP) 1997, 1998 The Internet Software Consortium; portions of the Redback SmartEdge Operating System use cryptographic software written by Eric Young (eay@cryptsoft.com); Redback adaptation and implementation of the UDP and TCP protocols developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. 1982, 1986, 1988, 1990, 1993, 1995 The Regents of the University of California. All advertising materials mentioning features or use of this Software must display the following acknowledgment: This product includes software developed by the University of California, Berkeley and its contributors. This Software includes software developed by Sun Microsystems, Inc., Internet Software Consortium, Larry Wall, the Apache Software Foundation (http://www.apache.org/) and their contributors. Such software is provided AS IS, without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. LICENSORS AND ITS CONTRIBUTORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL LICENSOR OR ITS CONTRIBUTORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see http://www.apache.org/. Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. The portions of this Software developed by Larry Wall may be distributed and are subject to the GNU General Public License as published by the Free Software Foundation.
FCC Notice
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. 1. MODIFICATIONS
The FCC requires the user to be notified that any changes or modifications made to this device that are not expressly approved by Redback could void the users authority to operate the equipment. 2. CABLES
Connection to this device must be made with shielded cables with metallic RFI/EMI connector hoods to maintain compliance with FCC Rules and Regulations. (This statement only applies to copper cables, Ethernet, DS-3, E1, T1, and so forth. It does not apply to fiber cables.) 3. POWER CORD SET REQUIREMENTS
The power cord set used with the System must meet the requirements of the country, whether it is 100-120 or 220-264 VAC. For the U.S. and Canada, the cord set must be UL Listed and CSA Certified and suitable for the input current of the system. For DC-powered systems, the installation instructions need to be followed.
VCCI Class A Statement
European Community Mark
The marking on this product signifies that it meets all relevant European Union directives.
Safety Notices
1. Laser Equipment: CAUTION! Use of controls or adjustments of performance or procedures other than those specified herein may result in hazardous radiation exposure. Class 1 Laser ProductProduct is certified by the manufacturer to comply with DHHS Rule 21 Subchapter J. CAUTION! Invisible laser radiation when an optical interface is open. 2. Lithium Battery Warnings:
It is recommended that, when required, Redback replace the lithium battery. WARNING! Do not mutilate, puncture, or dispose of batteries in fire. The batteries can burst or explode, releasing hazardous chemicals. Discard used batteries according to the manufacturers instructions and in accordance with your local regulations. Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type as recommended by the manufacturers instructions. VARNING Eksplosionsfara vid felaktigt batteribyte. Anvnd samma batterityp eller en ekvivalent typ som rekommenderas av apparattillverkaren. Kassera anvnt batteri enligt fabrikantens instruktion. ADVARSEL! LithiumbatteriEksplosionsfare ved fejlagtig hndtering. Udskiftning m kun ske med batteri af samme fabrikat og type. Levr det brugte batteri tilbage tilleverandren. VARIOTUS Paristo voi rjht, jos se on virheellisesti asennettu. Vaihda paristo ainoastaan valmistajan suosittelemaan tyyppiin. Hvit kytetty paristo valmistajan ohjeiden mikaisesti. ADVARSEL Eksplosjonsfare ved feilaktig skifte av batteri. Benytt samme batteritype eller en tilsvarende type anbefait av apparatfabrikanten. Brukte batterier kasseres i henhold til fabrikantens instruksjoner. WAARSCHUWING! Bij dit produkt zijn batterijen geleverd. Wanneer deze leeg zijn, moet u ze niet weggooien maar inleveren als KCA.
Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx Command Modes and Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Task Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii Online Navigation Aids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii Ordering Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Part 1: Introduction Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 SmartEdge OS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Independent System Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 System Redundancy and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 SmartEdge OS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 SmartEdge OS Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Ports, Channels, and Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 GRE Tunnels and VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 L2TP Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Overlay Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Static Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Dynamic Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 Command Modes and Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 Command Mode Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 No and Default Forms of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 Whats Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
Contents
Part 2: Traffic Cards, Ports, and Channels Chapter 2: Traffic Card Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 atm mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 clock-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12 maximum ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14 sonet-eu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16 Chapter 3: ATM, Ethernet, and POS Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Configuring ATM Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Configure Operational Features for an ATM Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Configure Maintenance Features for an ATM Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Configuring Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Configure Operational Features for an Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 Configure a Maintenance Feature for an Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Configuring POS Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Configure Operational Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Configure a POS Port for APS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Configure Maintenance Features for a POS Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 ATM Port Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Ethernet Port Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 POS Port Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 alarm-report-only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 atm scramble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 c2byte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 cablelength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 ccod-mode port-listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 clock-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 crc16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23 equipment-loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25 flow-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26 framing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27 keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29 link-dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31 loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33 mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35 medium . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36 mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 over-subscription-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 path-trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 port atm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42 port ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
vi
port pos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46 scramble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 transport unmatched-encap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52 Chapter 4: Clear-Channel and Channelized Port and Channel Configuration . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Configuring Channelized OC-12 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Configure Operational Features for a Channelized OC-12 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Configure the Maintenance Feature for a Channelized OC-12 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Configuring DS-3 Channels or Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Configure Operational Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Configure the Maintenance Feature for a DS-3 Channel or Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Configuring DS-1 Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Configure Operational Features for a DS-1 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 Configure the Maintenance Feature for a DS-1 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Configuring Clear-Channel E3 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Configure Operational Features for a Clear-Channel E3 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Configure the Maintenance Feature for a Clear-Channel E3 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 Configuring Channelized STM-1 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 Configure Operational Features for a Channelized STM-1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 Configure Maintenance Features for a Channelized STM-1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 Configuring E1 Channels or Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 Configure Operational Features for an E1 Channel or Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 Configure the Maintenance Feature for an E1 Channel or Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 Configuring a DS-0 Channel Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 Configure Operational Features for a DS-0 Channel Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 Configure the Maintenance Feature for a DS-0 Channel Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 Channelized OC-12 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 DS-3 Channel and Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 DS-1 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Clear-Channel E3 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Channelized STM-1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 E1 Channel and Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 DS-0 Channel Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 au3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18 aug-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 cablelength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 channel-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 clock-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 crc32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26 dsu bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 dsu mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 dsu scramble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 equipment-loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 framing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 idle-character . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 invert-data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Contents
vii
keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . national . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . path-trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port channelized-ds3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port channelized-oc12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port channelized-stm1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port ds0s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port ds1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port ds3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port e1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . port e3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . timeslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . yellow-alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-41 4-43 4-47 4-49 4-50 4-52 4-54 4-56 4-58 4-61 4-63 4-65 4-67 4-69 4-71 4-72 4-74 4-76
Chapter 5: APS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Configure an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Configure the Working and Protect Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Add Ports to an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Manage Ports in an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Delete a Port from an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Replace a Port in an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Change the Configuration of the Working and Protect Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Configure an APS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Request a Lockout Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Request a Forced Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Request a Manual Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 aps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 aps group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 aps switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15 Part 3: Circuits Chapter 6: Circuit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ATM Profiles, VPs, and PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frame Relay Profiles and PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure an 802.1Q Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure an 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure an 802.1Q Tunnel and the 802.1Q PVCs Within It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 6-2 6-2 6-3 6-6 6-6 6-6 6-6 6-7 6-8
viii
Configuring ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 ATM Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 Specify the Card Mode for the SAR Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Configure an ATM Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Configure a Shaped ATM VP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Configure an ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Configuring Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 Configure a Frame Relay Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Configure the Interface Type and LMI Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Configure a Frame Relay PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 802.1Q PVC Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 802.1Q PVC Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 ATM Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 ATM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 ATM VPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26 ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26 ATM HSVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26 Frame Relay Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 Frame Relay PVC on DS-3 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 Frame Relay PVC on POS Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28 atm profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29 atm pvc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-31 atm vp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39 clpbit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-41 congestion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-42 counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-45 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-46 dot1q profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-47 dot1q pvc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-48 dot1q tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-52 encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-53 frame-relay auto-detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-54 frame-relay intf-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-56 frame-relay keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-58 frame-relay lmi-n391dte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-60 frame-relay lmi-n392dce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-62 frame-relay lmi-n392dte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-64 frame-relay lmi-n393dce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-66 frame-relay lmi-n393dte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-68 frame-relay lmi-t392dce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-70 frame-relay lmi-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-72 frame-relay profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-74 frame-relay pvc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-75 idle-down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-77 ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-79 mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-81 oam fault-monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-83 oam manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-84 oam xc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-86 report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-88 shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-90
Contents
ix
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-93 Chapter 7: CLIPS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Configuring CLIPS Static Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Configuring Dynamic CLIPS Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Configuring a CLIPS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Configuring CLIPS Exclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Static CLIPS Circuit for a Single PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 Static CLIPS for a Range of PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 Static CLIPS Circuits Using an IP Address Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 Dynamic CLIPS Circuits Using Local Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 Dynamic CLIPS Using Global RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 CLIPS Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 CLIPS Exclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 clips-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 clips pvc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14 service clips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16 service clips-exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18 service clips-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20 Chapter 8: PPP and PPPoE Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 PPP-Encapsulated Circuits and Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 PPP Oversubscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 Multilink PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 PPP Keepalive Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 PPPoE Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Configuring PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Configure PPP Global Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Configure a PPP-Encapsulated Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Configure a PPP-Encapsulated Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Configure a PPP-Encapsulated ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Configure MP on ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 Configure a Subscriber Record for PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 Configuring PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 Configure PPPoE Global Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 Configure a PPPoE-Encapsulated Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 Configure a PPPoE-Encapsulated ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 Configure a PPPoE-Encapsulated 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11 Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11 Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11 Configure a Subscriber Record for PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 PPP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 PPP Configuration with Dynamic Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 PPP Configuration with Restricted Dynamic Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 MP Configuration on ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 PPPoE Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14 Advertise a List of Services (Domains) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Create and Delete a MOTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 Point a Subscribers Browser to a URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 ppp keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16 ppp mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19 ppp multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20 ppp multilink lfi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21 ppp our-options mru . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23 ppp our-options multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25 ppp peer-options mru . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27 ppp pppoe-large-mru . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29 pppoe always-send-padt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30 pppoe client route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31 pppoe motm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32 pppoe service-name accept-all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33 pppoe services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34 pppoe tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35 pppoe url . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36 Chapter 9: Link Aggregation Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 PPP-Encapsulated Channels and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Frame Relay-Encapsulated Channels and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 IPoE- and 802.1Q-Encapsulated Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Configuring an MP Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Configure an MP Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to an MP Bundle . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 Configuring an MFR Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 Configure an MFR Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 Configure an Aggregated Frame Relay PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7 Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to the MFR Bundle . . . . . . . . . . . . . . . . . . . . . . . 9-7 Configuring an Ethernet Link Group for IPoE-Encapsulated Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8 Configure an Ethernet Link Group for IPoE-Encapsulated Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8 Configure and Add an Ethernet Port to an Ethernet Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9 Configuring an 802.1Q Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10 Configure an 802.1Q Link Group for 802.1Q-Encapsulated Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10 Configure an Aggregated 802.1Q PVC in the 802.1Q Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 Configure and Add an Ethernet Port to the 802.1Q Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12 MP Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12 MFR Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13 Ethernet Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14 802.1Q Link Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16 frame-relay multilink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17 link-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19 mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22 minimum-links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23 mp endpoint-discriminator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24
Contents
xi
Part 4: Bridging and Cross-Connecting Chapter 10: Bridging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Rate Limiting Using a Bridge Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Configuring Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 Configure a Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 Configure a Bridged Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 Configure a Bridge Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 Configure a Bridged Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7 Configure a Bridged 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7 Configure a Bridged ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8 Configure a Bridged Subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9 Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 Bridged Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 Bridge Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10 Bridged Trunk Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11 Bridged Tributary Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11 Bridged Subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12 aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13 bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14 bridge mac-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16 bridge-only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17 bridge profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18 broadcast rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-21 learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22 mac-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23 mac-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24 multicast rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25 restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26 trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27 unknown-dest rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28 Chapter 11: Cross-Connection Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Non-Interworking Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ATM PVC to ATM PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ATM PVC to 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.1Q PVC to 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filtering Traffic Using Non-Interworking Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filtering Using Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filtering Using Circuits with Unlike Encapsulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interworking Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cross-Connecting Circuits Without Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cross-Connect ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cross-Connect 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cross-Connect an ATM PVC to an 802.1Q PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 11-2 11-2 11-2 11-3 11-4 11-4 11-4 11-5 11-6 11-6 11-7 11-7 11-8 11-8
xii
Complete the Configuration of the ATM or 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8 Cross-Connecting Parent and Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9 Configure Ports and Circuits for Non-Cross-Connected Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9 Cross-Connect ATM or 802.1Q PVC Parent and Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9 Cross-Connecting a Circuit with a Child Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10 Configure Ports and Circuits for Non-Cross-Connected Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11 Cross-Connect an Inbound Child Circuit with an Outbound Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11 Cross-Connect an Inbound Circuit with an Outbound Child Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12 Cross-Connecting an ATM PVC to an 802.1Q PVC for Interworking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12 Configuration Guidelines for an Interworking Cross-Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13 Cross-Connect an ATM PVC to an 802.1Q PVC for Interworking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13 Complete the Configuration of the ATM and 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13 Cross-Connected ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14 Cross-Connected Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14 Cross-Connected Circuit with Child Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15 Cross-Connected Circuits for Interworking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16 circuit protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17 ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19 xc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21 Part 5: Tunnels Chapter 12: GRE Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Using GRE Tunnels and Tunnel Circuits with IPv6 Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Using GRE Tunnels and Tunnel Circuits with IPv4 Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Using GRE Tunnels and Tunnel Circuits for VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Configuration Guidelines for GRE Tunnels and Tunnel Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Configuration Guidelines for GRE Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Configuration Guidelines for GRE Tunnel Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5 Configure a GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5 Configure a GRE Tunnel Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6 Configure a GRE Tunnel Circuit Not Being Used as a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6 Configure a GRE Tunnel Circuit Used as a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8 GRE Tunnel with a Single Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8 GRE Tunnels with Multiple Circuits Used as VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13 clear-df . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15 gre-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16 gre-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18 ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20 keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21 log-state-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23 tunnel map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25 Chapter 13: L2TP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Contents
xiii
L2TP Tunnels and Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Tunnel Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 L2TP Peer Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 Session Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 RADIUS and Accounting Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Mapping Subscribers to Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Slot Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6 QoS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7 Avoiding Unwanted Fragmentation and Reassembly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8 L2TP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8 Configure a Context for L2TP Peers and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9 Configure an LNS Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-10 Configure an LNS Peer Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11 Configure an LAC Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12 Configure a Subscriber for L2TP Peer Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13 Configure an L2TP Tunnel Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 SmartEdge Router as a LAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 Context Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 LNS Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 Group of LNS Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15 Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15 SmartEdge Router as an LNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16 Context Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16 LAC Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16 SmartEdge Router as a Tunnel Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16 L2TP Slot Redundancy for an LAC Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-17 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-18 algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19 deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-21 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-23 domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-24 function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-26 hello-timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-27 l2tp calling-number format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-28 l2tp clear-radius-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30 l2tp deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31 l2tp fragment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-33 l2tp-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-34 l2tp-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-36 l2tp proxy-auth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-39 l2tp renegotiate lcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-40 l2tp strict-deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-42 lns card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-43 local-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-45 max-sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-46 max-tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-48 peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-49 retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-51 session-auth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-52 timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-54 tunnel-auth key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-55 tunnel domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-56
xiv
tunnel name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-58 tunnel-window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-59 Chapter 14: Overlay Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 Configure an Overlay Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Configure an Overlay Tunnel Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 ipv6-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8 ipv6 v4tunnel-peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10 log-state-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12 mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14 tunnel map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16 Part 6: Bindings Chapter 15: Bindings Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2 Types of Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2 Binding Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 Binding Summary Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Bindings for POS Ports with and Without Frame Relay PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Bindings for PDH Channels and Ports with and Without Frame Relay PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6 Bindings for Ethernet Ports and 802.1Q PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6 Bindings for ATM PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7 Bindings for CLIPS PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8 Bindings for Child Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Create a Static Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Create a Dynamic Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10 Static Binding for a Single Circuit to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10 Static Binding for Multiple Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11 Restricted Dynamic Binding for a Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11 bind authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12 bind auto-subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15 bind interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18 bind subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-20 Part 7: Hardware Management Chapter 16: Hardware Management Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1 Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2 Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2 diag pod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3
Contents
xv
system alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 Part 8: Appendixes Appendix A: L2TP Attribute-Value Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
xvi
About This Guide
This guide describes the tasks and commands used to configure the following SmartEdge OS features: traffic cards; ports; channels; Automatic Protection Switching (APS); circuits, including permanent virtual circuits (PVCs); clientless Internet Protocol (IP) service selection (CLIPS) circuits; Point-to-Point Protocol (PPP) and PPP over Ethernet (PPPoE) information; link aggregation; bridging; cross-connections between circuits; Generic Routing Encapsulation (GRE) tunnels (including Internet Protocol version 6 [IPv6] over GRE tunnels); overlay tunnels (IPv6 over IP Version 4 [IPv4]), and Layer 2 Tunneling Protocol (L2TP) tunnels; bindings between ports, channels, PVCs, and interfaces; hardware alarm and power-on diagnostics. This guide also includes descriptions of commands used to navigate the command-line interface (CLI) and manage configuration files. This preface includes the following sections: Related Publications Intended Audience Organization Conventions Ordering Documentation
Related Publications
In parallel with this guide, use the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS, which describes the tasks and the commands used to monitor, administer, and troubleshoot system features described in this guide. Use this guide and the Ports, Circuits, and Tunnels Operations Guide in conjunction with the following publications: Basic Configuration Guide for the SmartEdge OS Describes the tasks and commands used to configure the following SmartEdge OS features: access to the system; basic system parameters; contexts, interfaces, and subscribers; system-wide management features, including bulk statistics, logging facilities, and the Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) functions.
About This Guide
xvii
Related Publications
Routing Protocols Configuration Guide for the SmartEdge OS Describes the tasks and commands used to configure the following SmartEdge OS features: static IP routing; dynamically verified static routing (DVSR); Virtual Router Redundancy Protocol (VRRP); Routing Information Protocol (RIP) and RIP next generation (RIPng); Open Shortest Path First (OSPF) and OSPF Version 3 (OSPFv3); Border Gateway Protocol (BGP); BGP/multiprotocol label switching Virtual Private Networks (BGP/MPLS VPNs); Intermediate System-to-Intermediate System (IS-IS); IP multicast, including Internet Group Management Protocol (IGMP), Multicast Source Discovery Protocol (MSDP), and Protocol Independent Multicast (PIM); routing policies; MPLS; Layer 2 Virtual Private Networks (L2VPNs); and Label Distribution Protocol (LDP). BGP, OSPFv3, RIPng, and routing policies include tasks and commands that provide limited support for IPv6 routing.
IP Services and Security Configuration Guide for the SmartEdge OS Describes the tasks and commands used to configure the following SmartEdge OS features: Address Resolution Protocol (ARP), Neighbor Discovery (ND) protocol for IPv6 routers, Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), Domain Name System (DNS), HTTP redirect, access control lists (ACLs), forward policies, Network Address Translation (NAT) policies, service policies, quality of service (QoS) policies, authentication, authorization, and accounting (AAA), Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+), key chains, and lawful intercept (LI).
Basic System Operations Guide for the SmartEdge OS Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Basic System Configuration Guide; commands include all clear, debug, monitor, process, and show commands, along with other operations-based commands, such as on-demand diagnostics.
Routing Protocols Operations Guide for the SmartEdgeOS Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Routing Protocols Configuration Guide; commands include all clear, debug, monitor, process, and show commands, along with other operations-based commands.
IP Services and Security Operations Guide for the SmartEdge OS Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the IP Services and Security Configuration Guide; commands include all clear, debug, and show commands, along with other operations-based commands.
SmartEdge 800 Router Hardware Guide for the SmartEdge OS Describes the SmartEdge 800 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and cards.
SmartEdge 400 Router Hardware Guide for the SmartEdge OS Describes the SmartEdge 400 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and cards.
xviii
Intended Audience
Intended Audience
This publication is intended for system and network administrators experienced in access and internetwork administration.
Organization
This guide is organized as follows: Part 1, Introduction Provides and overview of the SmartEdge OS features, functions, and applications. Part 2, Traffic Cards, Ports, and Channels Describes the tasks and commands used to configure and manage traffic cards, their ports and channels, and APS groups. Part 3, Circuits Describes the tasks and commands used to configure basic features for circuits, including CLIPS, encapsulated circuits with PPP or PPPoE, and link-aggregated circuits. Part 4, Bridging and Cross-Connecting Describes the tasks and commands used to configure basic features for bridges, bridge groups, and cross-connections between circuits. Part 5, Tunnels Describes the tasks and commands used to configure basic features for GRE tunnels and tunnel circuits, L2TP peers and groups, and overlay tunnel configurations. Part 6, Bindings Describes the tasks and commands used to bind ports, channels, and circuits to interfaces. Part 7, Hardware Management Describes the tasks and commands used to configure these features, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. Part 8, Appendixes Describes the standard Layer 2 Tunneling Protocol (L2TP) attribute value pairs (AVPs) supported by the SmartEdge OS, in order by AVP number. Note There are three indexes in this guide: an index of tasks and features, an index of commands, and an index of CLI modes with the commands found within each mode.
About This Guide
xix
Conventions
Conventions
This guide uses special conventions for the following elements: Command Modes and Privilege Levels Command Syntax Examples Task Tables Online Navigation Aids
Command Modes and Privilege Levels

Commands are issued in exec mode or in one of many configuration modes. By default, the majority of commands in exec mode have a privilege level of 3, while commands in any configuration mode have a privilege level of 10. Exceptions are noted in parentheses ( ) in the Command Mode section in any command description; for example, exec (15). For a hierarchy list of command modes, see the Command Mode Hierarchy section in Chapter 1, Overview. For detailed information about command modes and privilege levels, see the User Interface section in Chapter 1, Overview.
Command Syntax
Table 1 lists the descriptions of the elements used in a command syntax statement. Table 1 Command Syntax Terminology
Definition An item for which you must supply a value. A combination of: A keyword and its argument. Two or more keywords that cannot be specified independently. Two or more arguments that cannot be specified independently. Keyword An optional or required item that must be entered exactly as shown. min-wait seconds line fdl ansi dest dest-wildcard all Example Fragment slot
Syntax Element Argument Construct
Table 2 describes separator characters used in a command syntax statement. Table 2

Character @ /
Separator Characters in Command Syntax Statement

Use Separates the prefix name from the suffix name. Separates slot from port, IP address from prefix length, and separates fields in URLs. Example Fragment sub-name@ctx-name slot[/port] {ip-addr | /prefix-length} /device[/directory]/filename.ext
xx
Conventions
Table 2
Character :
Separator Characters in Command Syntax Statement (continued)

Use Separates port from channel and a channel from a subchannel Example Fragment port[:chan-num] ds3-chan-num[:ds1-chan-num]
Separates starting value from ending value Separates output modifiers from keywords and arguments in show commands1
start-end show configuration | include port
1. For more information about the use of the pipe ( | ) character, see the Using the CLI chapter in the Basic System Configuration Guide for the SmartEdge OS.
The following guidelines apply to separator characters in Table 2: The separator character between the prefix and suffix names in a structured username is configurable; the @ character is the default and is used in command syntax throughout this guide. Separator characters act as one-character keywords; therefore, they are always shown in bold.
Table 3 lists the characters and formats used in command syntax statements. Table 3
Convention Commands and keywords are indicated in bold. Arguments for which you must supply the value are indicated in italics. Square brackets ([ ]) indicate optional arguments, keywords, and constructs within scripts or commands. Alternative arguments, keywords, and constructs within commands are separated by the pipe character ( | ). Alternative, but required arguments, keywords, and constructs are shown within grouped braces ({ }), and are separated by the pipe character ( | ). Optional and required arguments, keywords, and constructs can be nested with grouped braces and square brackets, where the syntax requires such format.
Text Formats and Characters in Command Syntax Statements

Example no ip unnumbered banner login delimited-text show clock [universal] enable [level] public-key {DSA | RSA} [after-key existing-key | position key-position] {new-key | ftp url} debug ssh {all | ssh-general | sshd-detail | sshd-general} ip address ip-addr {netmask | /prefix-length} [secondary] enable authentication {none | method [method [method]]}
Examples
Examples use the following conventions: System prompts are of the form [context]hostname(mode)#, [context]hostname#, or [context]hostname>. In this case, context indicates the current context, hostname represents the configured name of the SmartEdge system, and mode indicates the string for the current configuration mode, if applicable. Whether the prompt includes the # or the > symbol depends on the privilege level. For further information about privilege levels, see Chapter 1, Overview. For example, the prompt in the local context on the system Redback in context configuration mode is:
[local]Redback(config-ctx)#
About This Guide
xxi
Conventions
Information displayed by the system is in Courier font. Information that you enter is in Courier bold font.
Task Tables
Tasks to configure features are described in task tables under the Configuration Tasks section in each chapter. The command syntax displays only the root command, which is hyperlinked to the location where the complete command syntax is described in the Command Descriptions section of the chapter. Table 4 displays an example of a task table. Table 4
# 1. Task Create or select a Frame Relay PVC and access Frame Relay PVC configuration mode.
Configure a Frame Relay PVC

Root Command frame-relay pvc Notes Enter this command in DS-0, DS-1, DS-3, E1, E3, or port configuration mode. You must have previously specified Frame Relay encapsulation for this command to be available. Enter this command in Frame Relay PVC configuration mode. Enter this command in Frame Relay PVC configuration mode.
2. 3.
Associate the IP address of the remote host on the circuit. Bind the Frame Relay PVC to an existing interface in an existing context.
ip host bind interface
Additional conventions for the task tables in this guide include: Alternative tasks are shown as bulleted lists. The task description indicates that they are alternatives. Subtasks are shown as an unnumbered list under a task heading. Optional subtasks are shown as unnumbered lists. The task description indicates that they are optional. see step 4.
Online Navigation Aids

To aid in accessing information in the online format for this guide, the following types of cross-references are hyperlinks: Cross-references to chapters, sections, tables, and figures in the text Lists of section headings within a chapter or appendix Commands listed in the Related Commands section at the end of each command description Entries in the table of context Entries in indexes
Note Hyperlinks in PDF files appear the same as regular text; however, your cursor changes from an open hand icon to a pointing finger icon when you move your cursor over a hyperlink.
xxii
Ordering Documentation
Redback documentation is available on CD-ROM, which ships with Redback products. The appropriate CD-ROMS are included with your products as follows: SMS product SmartEdge router product NetOp product (includes NetOp EMS and NetOp PM)
To order additional copies of the appropriate CD-ROM or printed, bound books, perform the following steps: 1. Log on to the Redback Networks Support web site at http://www.redback.com and enter a username and password. If you do not have a logon username and password, contact your Redback Networks support representative, or send an e-mail to supportlogin@redback.com with a copy of the show hardware command output, your contact name, company name, address, and telephone number. 2. On the Redback Networks Support web site, select one of the Redback Networks product line tabs at the bottom of the web page, click Documentation on the navigation bar, and then click To Order Books on the navigation bar. To electronically provide feedback on our documentation, perform the following steps: 1. On the Documentation web page, click Feedback on the navigation bar. 2. Complete and submit the documentation feedback form. We appreciate your comments.
About This Guide
xxiii
xxiv
Part 1
Introduction
This part provides an overview of the SmartEdge OS features, functions, and applications, and consists of Chapter 1, Overview.
Chapter 1
Overview
The edge of the network is a highly demanding environment due to the large number of access terminations and the need to perform in-service upgrades to handle new feature deployments. The SmartEdge router hardware and software products provide multiservice optical platforms that enable the next generation of services in the new access network. The SmartEdge OS runs on all the SmartEdge routers, including the SmartEdge 800, SmartEdge 800s, and SmartEdge 400. The SmartEdge router products are edge routing platforms that provide: High-performanceEnables line-rate packet forwarding. RobustnessEnables packet reliability, meeting rigorous uptime and availability requirements. ScalabilitySupports a large number of access terminations. FlexibilityProvides platforms that can support multiple services.
This chapter describes the SmartEdge OS software, including the following sections: SmartEdge OS Architecture SmartEdge OS Applications SmartEdge OS Concepts User Interface Whats Next?
Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted.
Overview
1-1
SmartEdge OS Architecture
The SmartEdge OS is the advanced software system that works in conjunction with the ASIC-based SmartEdge hardware products to provide a scalable and robust multiservice platform, including the features described in the following sections: Independent System Processes System Redundancy and Synchronization
The SmartEdge OS performs the route processing and other control functions and runs on the controller card. The packet forwarding function is performed by Packet Processing ASICs (PPAs) on the individual traffic cards. Figure 1-1 illustrates the SmartEdge OS architecture. Figure 1-1 SmartEdge OS Architecture
1-2
The SmartEdge OS is based on a general-purpose operating system; each major system component (see Table 1-1) runs as a separate process in the system. Table 1-1 SmartEdge OS System Components
Function Forces all authentication requests and accounting updates to a single set of Remote Authentication Dial-In User Service (RADIUS) servers. Provides a lean and stable base for the SmartEdge OS. Monitors and controls the operation of the other processes in the system. Controls all system configurations using a transaction-oriented database. Monitors and disseminates the state of all interfaces, ports, and circuits in the system. Run as an independent processes, maintaining independent Routing Information Bases (RIBs). The routing processes send the routing information to the central RIB. Downloads forwarding tables to the traffic cards. Run as independent processes, each in its own protected address space. Includes the PPA ASICs, which contain the Forwarding Information Base (FIB) and forwarding code.
System Component Authentication, authorization, and accounting (AAA) NetBSD kernel Process Manager (PM) Router Configuration Manager (RCM) Interface and Circuit State Manager (ISM) Routing protocols
RIB Feature modules Traffic card
Independent System Processes

The implementation of the major software components as independent processes provides several benefits: Processes in the system can be independently stopped, restarted, and upgraded without reloading the entire system or individual traffic cards. The system continues to operate in the event of a failure or disruption to any single component.
The separation of the route processing and control functions (performed by the SmartEdge OS software running on the controller card) from the forwarding function (performed on the individual traffic cards) also provides several benefits: Dedicated route processing functions are not affected by heavy traffic; dedicated packet forwarding is not affected by routing instability in the network. The architecture enables line-rate forwarding on all traffic cards. New features can be added to the control software on the controller without affecting the forwarding performance. The architecture provides nonstop forwarding during system upgrades or reloads; the traffic cards continue to forward packets.
Overview
1-3
SmartEdge OS Applications
System Redundancy and Synchronization

Among other redundancy features, the SmartEdge routers and the operating system support dual controller cards; one card acts as the active controller and the other acts as its hot standby: Both controller cards contain disk memory (compact-flash) cards that store the operating system image, its associated files, and the configuration database. A synchronization process ensures that the standby controller is always ready to become the active controller: When either the software release or the firmware on the active controller is upgraded, the standby controller automatically synchronizes its software or firmware version to that of the active controller. When a user modifies the contents of the compact-flash card (for example, by saving a configuration to a file, copying a file, or deleting a file), the change is propagated to the compact flash of the standby controller. The configuration database of the active and standby controllers are always synchronized.
To guard against system inconsistency, the synchronization process is protected.While the synchronization is in progress, switchover from the active to the standby controller is not allowed. If the active controller should fail during such a time, the standby does not become active. If the user attempts to force a switchover during this synchronization period, the system warns the user that the standby is not ready. The synchronization process is not affected by traffic card installation and removal. The active controller, and hence the system, continues to forward traffic and detect and notify the administrator of any faults that occur while the standby controller card is being synchronized (FAIL LED is blinking). After the synchronization is complete, the standby controller is ready to become the active controller, if the active should fail.
SmartEdge OS Applications
The SmartEdge products provide carrier-class, scalable termination and aggregation of IP-based traffic. The SmartEdge platform combines high-density optical and electrical interfaces with robust IP routing software to support business-grade IP service aggregation and delivery. The SmartEdge platform can be used as an edge aggregation router to directly connect customers. The SmartEdge OS supports a variety of interfaces and vital services such as quality of service (QoS) and inbound and outbound access control lists. New services can easily be added with software upgrades. Because of the optimized packet forwarding capabilities and support of high-bandwidth uplink interfaces, the SmartEdge platform can also be used in the metropolitan core to aggregate traffic from other routers into the long-haul transit core.
1-4
SmartEdge OS Concepts
Figure 1-2 shows an example application for the SmartEdge products. Figure 1-2 SmartEdge OS Application
SmartEdge OS concepts include the following entities (see Figure 1-3): Contexts Interfaces Subscribers Ports, Channels, and Circuits Cross-Connections Tunnels Bindings
Overview
1-5
Figure 1-3 SmartEdge OS Software Component Interrelationships
Contexts
Most networking products are designed so that the entire set of ports, circuits, and protocols operate together as one global instance. The SmartEdge OS supports an advanced feature called multiple contexts. Each context is a virtual SmartEdge router instance running within a single physical device. A context operates as a separate routing and administrative domain, with separate routing protocol instances, addressing, authentication, accounting, and so on, and does not share this information with other contexts. By separating the address and name spaces in this way, service providers can use multiple contexts to provide direct access to customers, or to provide different classes of services for customers. Service providers use a single physical device to implement this, with one or more contexts being assigned to each service provider or service class. Implementing this today with equipment from other vendors requires multiple devices. The SmartEdge router is always configured with the special local context. This context is always present on the system and cannot be deleted. In a single-context configuration, the local context is the only context present on the system. For more information about contexts, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
Interfaces
The concept of an interface in the SmartEdge OS differs from that in traditional networking devices. In traditional devices, the term, interface, is often used synonymously with port, channel, or circuit, which are physical entities. In the SmartEdge OS, an interface is a logical construct that provides higher-layer protocol and service information, such as layer 3 addressing. Interfaces are configured as part of a context and are independent of physical ports, channels, and circuits. The decoupling of the interface from the physical layer entities enables many of the advanced features offered by the SmartEdge OS. For the higher-layer protocols to become active, an interface must be associated with a physical port, channel, or circuit. This association is referred to as a binding in the SmartEdge OS. For more information, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
1-6
Subscribers
Subscribers are the end users of the high-speed access services. Subscriber records are configured as part of a context, either locally on the SmartEdge router or on a RADIUS server. Subscriber records contain the information necessary to bind a subscriber to the correct interface, and therefore, to the correct network context and services. Subscriber records can also contain other configuration information, such as authentication, access control, rate-limiting, and policing information. The number of active subscribers is a function of configuration, memory, processing power, and desired per-subscriber bandwidth. Each platform and hardware variant has a maximum active subscriber figure, which may or may not be achieved under deployment scenarios. With this release of the SmartEdge OS, the operating system supports the following subscriber management services: Dynamic service selectionThe unique capability to dynamically bind subscriber sessions to services. Provides access functions that traditional routers were not designed to provide, such as subscriber management, provisioning, authentication, and accounting. Provides the routing of subscriber traffic based on layer 3 addressing. Performs all translations necessary to convert subscriber traffic to IP, relieving the service provider backbone routers of frame translations that can cause congestion on high-volume routers. Grooms individual subscriber data streams into simplified IP flows for routers connecting to the Internet backbone.
For more information about subscribers, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
Ports, Channels, and Circuits

Ports, channels, and circuits in the SmartEdge OS represent the physical connectors and paths on the SmartEdge traffic and controller cards. Physical port, channel, and circuit configurations include both hardware and software parameters that allow the behavior of the port, channel, or circuit to be specified for a specific platform. Before any higher-layer user data can flow through a physical port, channel, or circuit, that port, channel, or circuit must be associated with an interface within a context. This association is referred to as a binding in the SmartEdge OS. The configuration for each port, channel, and circuit includes binding information.
Overview
1-7
Cross-Connections
The SmartEdge OS supports various types of cross-connections that allow you to cross-connect circuits of different types or of the same type. Types of supported cross-connections include: Transparent, self-learning bridges using Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) with RFC 1483 bridged encapsulation, Ethernet ports, or 802.1Q PVCs Cross-connections with and without filtering ATM PVCs-to-ATM PVCs ATM PVCs-to-802.1Q PVCs 802.1Q PVCs-to-802.1Q PVCs Interworking cross-connections between ATM PVCs and 802.1Q PVCs
Tunnels
The SmartEdge OS supports Generic Routing Encapsulation (GRE) over IP Version 4 (IPv4) tunnels, the GRE Virtual Private Network (VPN) model, and the Layer 2 Tunneling Protocol (L2TP) for which the SmartEdge router acts as an L2TP access concentrator (LAC). Tunnels are described in the following sections: GRE Tunnels and VPNs L2TP Tunnels Overlay Tunnels
GRE Tunnels and VPNs

GRE is a simple, stateless protocol that allows for the tunneling of IP in IP. GRE allows you to connect remote sites using private IP addresses over a public network that uses publicly routable IP addresses. GRE supports both IPv4 and IPv6 traffic. IP packets traveling through the tunnel are encapsulated with an IP header from the public address space as shown in Figure 1-4 and Figure 1-5. Figure 1-4 GRE Tunnel Packet Encapsulation for IPv4 Packets
Figure 1-5 GRE Tunnel Packet Encapsulation for IPv6 Packets
1-8
One of the more common applications of GRE tunneling is the creation of VPNs to connect to remote sites. Multiple SmartEdge OS contexts and GRE tunnel circuits, one for each VPN, demultiplex traffic for each VPN into its own IP address space. Thus each context acts as a dedicated virtual router for a VPN, where the IP address space (for example, private addresses as described in RFC 1918, Address Allocation for Private Internets) and routing databases are maintained separately from other contexts.
L2TP Tunnels
L2TP tunnels are User Datagram Protocol (UDP)/IP-encapsulated circuits that carry subscriber Point-to-Point Protocol (PPP) sessions to another router. The router is designated as an LNS or an LAC, depending on its relationship with the SmartEdge router: When functioning as an LNS, the SmartEdge router accepts IP packets from LACs in the network and terminates them. When functioning as an LAC, the SmartEdge router terminates subscriber PPP sessions and tunnels these sessions to a number of LNSs.
In each context configured on the system, the SmartEdge router can function as an LAC to one or more LNSs, as an LNS to one or more LACs, or as both a LAC and an LNS. Figure 1-6 shows a SmartEdge router acting as a LAC: terminating subscriber PPP sessions and tunneling these sessions to a number of L2TP peers that are acting as LNSs. Figure 1-6 L2TP Tunnels over UDP/IP
Overlay Tunnels
An overlay tunnel is used within a site or between sites; it is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. You can configure overlay tunnels between border routers or between a border router and a host. The host or router at each end of a tunnel must support both the IPv4 and IPv6 protocol stacks. The SmartEdge OS implementation of overlay tunnels is based on the RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers. IPv6 is fully described in RFC 2460, Internet Protocol Version 6 (IPv6) Specification.
Overview
1-9
The changes from IPv4 to IPv6 include: Increase in address size from 32 bits to 128 bits Simplified header Extensible header with optional extension headers Designed to co-exist with IPv4 Uses multicast addresses instead of broadcast addresses
For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.
Bindings
Bindings form the association in the SmartEdge OS between the ports, channels, or circuits and the higher-layer routing protocols configured for a given context. No user data can flow on a port, channel, or circuit until some higher-layer service is configured and associated with it. After a port, channel, or circuit is bound to an interface, traffic flows through the context as it would through any IP router. Bindings are either statically mapped during configuration or dynamically created based on subscriber characteristics as defined in the local database, or on a RADIUS server; see the Static Bindings and Dynamic Bindings sections that follow.
Static Bindings
With static bindings, a port, channel, or circuit is bound directly to an interface. In this case, the port, channel, or circuit is hard-wired to the higher-layer protocols defined for the interface. Multiple ports, channels, or circuits can be bound to a single interface. A circuit can also be statically bound to a particular subscriber in a given context. In this case, the binding between the circuit and the higher-layer protocols is determined indirectly, through the subscriber record. In Figure 1-7, subscriber joe is configured with an IP address that maps to interface if1 in the context local. When the virtual circuit on ATM port 6/1 is bound to subscriber joe, the SmartEdge OS determines the interface that the circuit will be bound to by examining the subscriber information for joe.
Dynamic Bindings
Dynamic binding occurs when a circuit is bound to the higher-layer protocols based on session information. For example, a PPP-encapsulated session can be bound to a particular context and interface by examining the authenticated structured subscriber name in the form sub-name@ctx-name. Note The separator character between the sub-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide. Dynamic binding is the key to enabling advanced features, such as dynamic service and provider selection. Dynamic binding also enables simultaneous access to multiple services on a single circuit.
1-10
User Interface
Figure 1-7 also shows a dynamic binding between the virtual circuit on ATM port 6/1 and interface if5 in context ispgold. When the subscriber initiates a PPP session using the structured subscriber name, mary@ispgold, the SmartEdge OS determines the context (ispgold) for the connection, and selects an interface (if5) to which to bind the circuit. Successful dynamic binding depends on subscriber information for subscriber mary configured in context ispgold, and successful PPP authentication during PPP session establishment. The binding between this circuit and the ispgold context will be removed when the PPP session is terminated. Because the binding on the circuit is dynamic, this same circuit could be used by a different subscriber to select a different service. Figure 1-7 Static and Dynamic Bindings
User Interface
The primary user interface to the SmartEdge OS is the command-line interface (CLI). The CLI concepts are described in the following sections: Command Modes and Prompts Command Mode Hierarchy Privilege Levels No and Default Forms of Commands
For more information about using CLI commands, see the Using the CLI chapter in Basic System Configuration Guide for the SmartEdge OS.
Overview
1-11
User Interface
Command Modes and Prompts

The two major modes are exec and global configuration. When a session is initiated, the CLI is set to the exec mode by default. The exec mode allows you to examine the state of the system and perform most monitoring, troubleshooting, and administration tasks using a subset of the available CLI commands. Exec mode prompts can be one of the following forms, depending on the user privilege level (see the Privilege Levels section):
[local]hostname# [local]hostname>
In this example, local is the context in which commands are applied and hostname is the currently configured hostname of the router. When you exit exec mode, using the exit command; this also ends the CLI session. Global configuration mode is the top-level configuration mode; all other configuration modes are accessed from this mode. These modes allow you to interactively configure the system through the CLI, or to create and modify a configuration file offline by entering configuration commands using any text editor. After you have saved the file, you can then load it to the operating system at a later time. To access global configuration mode, enter the configure command (in exec mode). Configuration mode prompts are of the following form:
[local]hostname(mode-name)#
In the example above, local is the context in which commands are applied, hostname is the currently configured hostname of the router, and mode-name is a string indicating the name of the current configuration mode. The prompt (in global configuration mode), assuming the factory default hostname of Redback and the local context, is as follows:
[local]Redback(config)#
Each feature supported through the SmartEdge OS can have one or more configuration modes, some of which you access using a command (in global configuration mode). Table 1-2 lists the configuration modes for the commands described in this guide and the commands that you enter to access them.
Command Mode Hierarchy

Command modes exist in a hierarchy; that is, you must access the higher-level command mode before you can access a lower-level command mode in the same chain. Note For modes relevant to routing protocol features, see the Overview chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. For modes relevant to IP services and security features, see the Overview chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.
1-12
User Interface
Figure 1-8 shows the hierarchy of the command modes used to configure features for ports, circuits and tunnels. Figure 1-8 Command Mode Hierarchy for Ports, Circuits and Tunnels Commands
Overview
1-13
User Interface
Table 1-2 lists the command modes (in alphabetical order) relevant to ports, circuits and tunnels features. It includes the commands that enable access to each mode, and the command-line prompt for each mode. Table 1-2
Mode Name exec administrator APS ATM DS-3 ATM OC ATM profile ATM PVC ATM child protocol AU-3 bridge bridge profile bulkstats card CLIPS PVC context dot1q profile dot1q PVC dot1q child protocol DS-0 group DS-1 DS-3 E1 E3 Frame Relay profile Frame Relay PVC global GRE peer GRE tunnel interface L2TP group L2TP peer
Mode Access Commands and System Prompts

Commands Used to Access (user logon) administrator command from context configuration mode aps group command from global configuration mode port atm command from global configuration mode port atm command from global configuration mode atm profile command from global configuration mode atm pvc command from ATM OC and ATM DS-3 configuration mode circuit protocol command from ATM PVC configuration mode au3 command from STM-1 configuration mode bridge command from context configuration mode bridge-profile command from global configuration mode bulkstats policy command from context configuration mode card command from global configuration mode clips pvc command from ATM PVC, dot1Q PVC, and port configuration modes context command from global configuration mode dot1q profile command from global configuration mode dot1q pvc command from port configuration mode circuit protocol command from dot1q PVC configuration mode port ds0s command from global configuration mode port ds1 command from global configuration mode port channelized-ds3 and port d3 commands from global configuration mode port e1 command from global configuration mode port e3 command from global configuration mode frame-relay profile from global configuration mode frame-relay pvc command from DS-0, DS-1, DS-3, E1, E3, and port configuration modes configure command from exec mode gre-peer command from context configuration mode gre-tunnel command from tunnel map configuration mode interface command from context configuration mode l2tp-group command from context configuration mode l2tp-peer command from context configuration mode Command-Line Prompt # or > (config-administrator)# (config-aps)# (config-atm-ds3)# (config-atm-oc)# (config-atm-profile)# (config-atm-pvc)# (config-atm-child-proto)# (config-au3)# (config-bridge)# (config-bridge-profile)# (config-bulkstats)# (config-card)# (config-clips-pvc)# (config-ctx)# (config-dot1q-profile)# (config-dot1q-pvc)# (config-dot1q-child-proto)# (config-ds0-group)# (config-ds1)# (config-ds3)# (config-e1)# (config-e3)# (config-fr-profile)# (config-fr-pvc)# (config)# (config-gre-peer)# (config-gre-tunnel)# (config-if)# (config-l2tp-group)# (config-l2tp)#
1-14
User Interface
Table 1-2
Mode Name link group link PVC macro NetOp port SNMP server
Mode Access Commands and System Prompts (continued)

Commands Used to Access link-group command from global configuration mode dot1q pvc command from link group configuration mode macro command from global configuration mode netop command from global configuration mode port channelized oc-12, port ethernet, and port pos commands from global configuration mode snmp server command from global configuration mode software license command from global configuration mode stats-collection command from global configuration mode port channelized-stm1 command from global configuration mode subscriber command from context configuration mode tunnel map command from global configuration mode Command-Line Prompt (config-link-group)# (config-link-pvc)# (config-macro)# (config-netop)# (config-port)# (config-snmp-server)# (config-license)# (config-stats-collection)# (config-stm1)# (config-sub)# (config-tunnel-map)#
software license stats collection STM-1 subscriber tunnel map
Privilege Levels
The SmartEdge OS supports 16 different privilege levels for administrators and for commands. By default, administrators are assigned an initial privilege level of 6; administrators can only issue commands that are assigned at the same level as their own privilege level or lower than their privilege level. Each command in the CLI is assigned a default privilege level. At a privilege level of 6 or higher, the prompt in the CLI displays a number sign (#) instead of an angle bracket (>). There are two types of administrators: LocalAn administrator authenticated to the local context. The local administrator has a structured administrator name of the form admin-name@local. Non-localAn administrator authenticated to any context other than the local context. An example of a non-local administrator has a administrator name of the form admin-name@ctx-name is joe@vpn1, where vpn1 is the name of the context.
Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide. An administrator authenticated to the local context, given appropriate administrator privileges, can configure all functions on the SmartEdge router, including functions for each context, and global entities, such as ports, port profiles, SNMP, and so on. Non-local administrators have no configuration mode privileges, and have restricted exec mode privileges. To configure administrator privilege levels, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
Overview
1-15
Whats Next?
Each command has a default privilege level that determines, given the privilege assigned to the administrator, who can enter the command. The majority of commands (in exec mode) have a default privilege level of 3, while commands in any configuration mode have a default privilege level of 10. Exceptions are noted in parentheses ( ) in the Command Mode section in any command description; for example, exec (15). Command privilege levels are configurable; to change the default privilege level for a command, see the Basic System Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
No and Default Forms of Commands

Many configuration commands support the no keyword. Entering the no keyword in front of a command disables the function or removes the command from the configuration. For example, to enable PPP keepalive checks, enter the ppp keepalive command (in context configuration mode). To subsequently disable PPP keepalive checks and remove the command from the configuration, enter the no ppp keepalive command (in context configuration mode). Many configuration commands support the default keyword. Entering the default keyword in front of a command returns a parameter or feature to the default state.
Whats Next?
You can interactively configure the SmartEdge router through the CLI. You can also configure the SmartEdge router using a text editor to create a configuration file and then loading that file on to the router. The SmartEdge OS configuration process is transaction-based and supports atomic transactions, including commits and aborts, against the configuration database. Sequences of commands can be entered and validated before being applied, and automated provisioning systems can be interfaced to the SmartEdge for flow-through provisioning and scheduled command execution. The CLI commands are described in the Using the CLI chapter in the Basic System Configuration Guide for the SmartEdge OS.
1-16
Part 2
Traffic Cards, Ports, and Channels
This part describes how to configure and manage traffic cards, their ports and channels, and Automatic Protection Switching (APS) groups; it consists of the following chapters: Chapter 2, Traffic Card Configuration Chapter 3, ATM, Ethernet, and POS Port Configuration Chapter 4, Clear-Channel and Channelized Port and Channel Configuration Chapter 5, APS Configuration
Chapter 2
Traffic Card Configuration
This chapter provides an overview of SmartEdge traffic cards, describes the tasks used to configure traffic card parameters, provides configuration examples, and describes the commands used to configure SmartEdge traffic cards through the SmartEdge OS. The commands described in this chapter are common to all card types, except where noted. For information about the tasks and commands used to monitor, troubleshoot, and administer traffic cards, see the Card, Port, and Channel Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for Asynchronous Transfer Mode (ATM), Ethernet, and Packet over SONET/SDH (POS) ports are described in Chapter 3, ATM, Ethernet, and POS Port Configuration. Configuration tasks and commands for clear-channel and channelized ports and channels are described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration. Configuration tasks and commands for permanent virtual circuits (PVCs) are described in Chapter 6, Circuit Configuration.
For protocol- or feature-specific commands that appear in card configuration mode, see the appropriate chapter in this guide, or the Routing Protocols Configuration Guide for the SmartEdge OS, or the IP Services and Security Configuration Guide for the SmartEdge OS. Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted. The term, first-generation ATM OC card, refers to a 2-port ATM OC-3c/STM-1c or ATM OC-12c/STM-4c card; similarly, the term, second-generation ATM OC card, refers to a 4-port ATM OC-3c/STM-1c or Enhanced ATM OC-12c/STM-4c card. The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
2-1
Overview
Overview
Traffic cards are the individual I/O cards in a SmartEdge system. The SmartEdge router supports many different types of traffic cards, and configuration tasks for each card may vary, depending on its type. Table 2-1 lists the traffic cards supported in this release; in the table, ER, IR, LR, and SR abbreviations are used for Extended Reach, Intermediate Reach, Long Reach, and Short Reach, respectively. Table 2-1 SmartEdge Traffic Cards
Cards Supported OC-48c/STM-16c ER (1-port card) OC-48c/STM-16c LR (1-port card) OC-48c/STM-16c SR (1-port card) OC-12c/STM-4c IR (4-port card) OC-3c/STM-1c IR (8-port card) Channelized SONET Channelized OC-12 to DS-3 IR (1-port card) Channelized OC-12 to DS-1 IR (1-port card) Channelized SDH ATM Channelized STM-1 (3-port card) ATM OC-12c/STM-4c IR (1-port card) Enhanced ATM OC-12c/STM-4c IR (1-port card) ATM OC-3c/STM-1c IR (2- and 4-port cards) ATM DS-3 (12-port card) PDH Channelized DS-3 (3-port card) Channelized DS-3 (12-port card) Clear-Channel DS-3 (12-port card) Clear-Channel E3 (6-port card) Channelized E1 (24-port card) Ethernet 10/100 Ethernet (12-port card) Gigabit Ethernet (4-port card) Advanced Gigabit Ethernet (4-port card) Gigabit Ethernet 3 (4-port card) Gigabit Ethernet 1020 (20-port card) 10 Gigabit Ethernet (1-port,10-Gbps card)
Type of Traffic Card SONET/SDH
For more information about traffic cards, see the Traffic Card Descriptions chapter in the SmartEdge 800 Router Hardware Guide or SmartEdge 400 Router Hardware Guide.
2-2
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task table displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure the basic features for a traffic card, perform the tasks described in Table 2-2. Table 2-2
# 1. 2. Task Provision a card and access card configuration mode. Specify the number of configurable ports.
Configure a Traffic Card

Root Command card maximum ports Notes Enter this command in global configuration mode. Enter this command in card configuration mode. This command applies to ATM DS-3 cards only. The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis.
3.
Specify card-specific attributes (all attributes are optional): Enable SONET path maintenance, path trace, and path alarm monitoring features for the card. sonet-eu Enter this command in card configuration mode. This command applies to first-generation ATM OC and all POS cards only. Enter this command in card configuration mode. This command applies to ATM DS-3 and second-generation ATM OC cards only. The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis. Enter this command in card configuration mode. This command applies to ATM DS-3 and second-generation ATM OC cards only. The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis.
Select the clock source for the card.
clock-source
Specify the mode for the segmentation and reassembly (SAR) image in the card.
atm mode
Configuration Examples
The following example configures a POS OC-12c/STM-4c traffic card in slot 3 and enables the SONET path and alarm monitoring:
[local]Redback(config)#card oc12-4-port 3 [local]Redback(config-card)#sonet-eu [local]Redback(config-card)#exit
The following example configures a 4-port ATM OC-3c/STM-1c card in slot 4 and specifies the ATM priority mode for the card:
[local]Redback(config)#card atm-oc3-4-port 4 [local]Redback(config-card)#atm mode atm-priority Note: enable atm-priority SAR image will cause card reload commit to continue; abort to exit without change
2-3
Command Descriptions
[local]Redback(config-card)#commit [local]Redback(config-card)#exit
The following example specifies the first 8 ports on an ATM DS-3 card in slot 5 as software configurable:
[local]Redback(config)#card atm-ds3 5 [local]Redback(config-card)#maximum ports 8 [local]Redback(config-card)#commit [local]Redback(config-card)#exit
This section describes the syntax and usage guidelines for the commands used to configure traffic card parameters. The commands are presented in alphabetical order. atm mode card clock-source maximum ports sonet-eu
2-4
atm mode
atm mode [atm-priority | ip-priority | vc-fair] {no | default} atm mode
Purpose
Specifies the mode in which the segmentation and reassembly (SAR) image in the Asynchronous Transfer Mode (ATM) DS-3 or second-generation ATM OC card performs traffic shaping and scheduling for virtual paths (VPs) and the permanent virtual circuits (PVCs) configured on them.
Command Mode
card configuration
Syntax Description
atm-priority ip-priority vc-fair Optional. Specifies ATM priority scheduling with shaping using traffic classes. Optional. Specifies IP priority scheduling with shaping using limited traffic classes. Optional. Specifies weighted round-robin scheduling with shaping using traffic classes; this is the default mode.
Default
Traffic scheduling is performed using the VC fairness mode.
Usage Guidelines
Use the atm mode command to specify the mode in which the SAR image in the ATM DS-3 or second-generation ATM OC card performs traffic shaping and scheduling for VPs and the PVCs configured on them. Note A PVC created on a shaped VP is referred to as a virtual circuit (VC) in the following descriptions of the modes, only to easily distinguish it from a PVC configured on a nonshaped VP. ATM priority This mode supports different ATM profiles with different shaping for VPs and the ATM VCs that you configure on them. VPs and VCs are shaped using constant bit rate (CBR), variable bit rate-real time (VBR-rt), VBR nonreal-time (VBR-nrt), or unspecified bit rate (UBR), subject to the restrictions given in the Configuring ATM section in Chapter 6, Circuit Configuration. It uses these traffic classes to perform VP and VC scheduling; VCs can also be scheduled with an attached quality of service (QoS) ATM weighted-fair queuing (WFQ) scheduling policy. PVCs configured on a nonshaped VP are shaped using any traffic class, including UBR extended (UBRe) and can be scheduled using traffic classes and an attached QoS ATMWFQ scheduling policy. Note The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis.
2-5
IP priority This mode supports different profiles with different shaping for VPs and their VCs, but restricts the shaping for VPs to CBR, UBR with the peak cell rate (PCR) option, VBR-rt, and VBR-nrt; VCs are restricted to UBR with the PCR option. It uses the IP priorities specified by an attached QoS ATMWFQ policy to perform VP and VC scheduling.
Note If the QoS ATMWFQ policy has queue 0 mode set to alternate, then the PVC that policy configured on, will be treated as low priority. It is recommended to use strict mode for the IP priority to work properly. PVCs configured on a nonshaped VP are shaped using any traffic class, except UBRe, and can be scheduled using traffic classes and an attached QoS ATMWFQ scheduling policy. (Configuring PVCs in this mode is not recommended.) Note The ATM priority and IP priority modes reduce the number of PVCs that you can configure on an ATM DS-3 or second-generation ATM OC card; performance on an ATM DS-3 port might not reach line rate for certain traffic patterns. VC fairness This mode supports different profiles with different shaping for shaped VPs and their VCs, but restricts the shaping for VPs to CBR, UBR with the PCR option, VBR-rt, and VBR-nrt; VCs are restricted to UBR without the PCR option. It uses traffic classes to perform VP scheduling; VCs are scheduled using weighted round-robin (WRR) scheduling. VCs can also be scheduled with an attached QoS ATMWFQ scheduling policy. PVCs configured on a nonshaped VP are shaped and scheduled using any traffic class. For more information about shaping, traffic classes, and traffic scheduling, see the Configuring ATM section in Chapter 6, Circuit Configuration. For more information about IP priorities, class of service (CoS) queues, and QoS ATMWFQ policies, see the QoS Scheduling Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Note The ATM priority mode replaces the hierarchical-shaped virtual circuit (HSVC) SAR image that was supported in previous releases. ATM DS-3 and second-generation ATM OC cards that were configured with the hierarchical shaping command (in card configuration mode) are automatically configured using this command with the atm-priority keyword. You cannot enter this command for an ATM DS-3 or second-generation ATM OC card for which you have already configured ATM VPs or ATM PVCs. You must remove the VPs and PVCs with one of the following commands before you can specify a different mode: The no form of the atm vp and atm pvc commands (in ATM OC, or ATM DS-3 configuration mode) The no form of the port atm command (in global configuration mode) for each port that has VPs and PVCs configured The no form of the card command (in global configuration mode)
2-6
If you attempt to specify an ATM mode that is different from the current mode, the system displays a message; you must commit the transaction using the commit command (in any configuration mode) to change the mode. You can the delete the transaction by entering the abort command (any configuration mode) to terminate the operation without changing the mode. Caution Risk of data loss. This command causes a card reload which disrupts all traffic on the card. To reduce the risk, do not change the mode of the card during peak traffic times. To view the current mode in an ATM DS-3 or second-generation ATM OC card, enter the show hardware command (in any mode) with the card and detail keywords; the mode displays in the SAR Image Type field. For information about this command, see the Hardware Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Use the no or default form of this command to specify the default mode. The same restrictions apply to the no and default forms of this command as the command itself: You must remove all ATM VPs and ATM PVCs configured for the card before changing the mode as described previously. You must enter the commit command (in card configuration mode) for the change of mode to proceed.
Examples
The following example specifies the ATM priority mode for a 4-port ATM OC-3c/STM-1c card for which no ATM VPs or PVCs are configured:
[local]Redback(config)#card atm-oc3-4-port 5 [local]Redback(config-card)#atm mode atm-priority Note: enable atm-priority SAR image will cause card reload commit to continue; abort to exit without change [local]Redback(config-card)#commit
The following example displays the current mode and its version in the 4-port ATM OC-3c/STM-1c card in slot 5:
[local]Redback(config)#show hardware card 5 detail Slot Serial No EEPROM id/ver SysFpga rev LimFpga rev IPPA memory SARC memory Voltage 1.5V Voltage 2.6V Temperature Card Status Fail LED Standby LED Chass Entitlement Ports Entitled : : : : : : : : : : : : : : : 5 9X0B5100200011 0x5a/4 0x7 0x6 256 MB 16 MB 30 1.516 (+1%) 2.646 (+1%) NORMAL (51 C) HW initialized Off Off SE400/SE800 All Type : atm-oc3-4-port Hardware Rev : 255 25 Mfg Date : 13-NOV-2002 SysFpga file rev : N/A LimFpga file rev : 0x6 EPPA memory : 256 MB Voltage 1.8V Voltage 3.3V Diag Status Active LED : 1.794 (-0%) : 3.403 (+0%) : Success : On 35
2-7
Command Descriptions SAR Image Type : atm-priority SAR Image Version : 1.3.33.10.15 Active Alarms : NONE [local]Redback(config-card)#
The following example specifies ATM priority mode for a 4-port ATM OC-3c/STM-1c card for which one or more ATM VPs or PVCs are configured:
[local]Redback(config)#card atm-oc3-4-port 5 [local]Redback(config-card)#atm mode atm-priority Cannot modify atm-priority SAR Image Type on card atm-oc3-4-port in slot 5 : VPs or PVCs exist - remove all VPs and PVCs from this card first [local]Redback(config-card)#exit [local]Redback(config)#no port atm 5/1
The following example specifies the default mode for a 4-port ATM OC-3c/STM-1c card for which no ATM VPs or PVCs are configured:
[local]Redback(config)#card atm-oc3-4-port 5 [local]Redback(config-card)#no atm mode Note: disable atm-priority SAR image will cause card reload commit to continue; abort to exit without change [local]Redback(config-card)#commit
Related Commands
card
2-8
card
card card-type slot no card card-type slot
Purpose
Specifies a card for a slot, or selects one for modification, and enters card configuration mode.
Command Mode
global configuration
Syntax Description
card-type slot Type of card, according to one of the keywords in Table 2-3. Chassis slot number of the card. The range of values depends on the type of card and the chassis in which the card is installed; see Table 2-3 for slot range data.
Default
None
Usage Guidelines
Use the card command to specify a card for a slot, or select one for modification, and enter card configuration mode. Table 2-3 lists the types of cards, the keywords for the card-type argument, and slot ranges for the slot argument. Use this command only to configure a card and its associated ports, channels, and circuits before the card is actually installed in the chassis of a SmartEdge router. If you configure a card and then insert a different card type in the slot, the ports on that card do not come up. Use the no form of this command to remove the configuration of a card from the configuration database. Note For those cards that support on-demand diagnostics, this command is also documented in the Hardware Management chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.
2-9
Table 2-3 lists the values for the card-type and slot arguments for each type of SmartEdge chassis; in the table, ER, IR, LR, and SR abbreviations are used for Extended Reach, Intermediate Reach, Long Reach, and Short Reach, respectively. Table 2-3 Card Types and Slots for the card Command
slot Argument Range Type of Traffic Card/Description SONET/SDH OC-48c/STM-16c SR OC-48c/STM-16c LR OC-48c/STM-16c ER OC-12c/STM-4c IR OC-3c/STM-1c IR ATM ATM OC-12c/STM-4c IR Enhanced ATM OC-12c/STM-4c IR 2-port ATM OC-3c/STM-1c IR 4-port ATM OC-3c/STM-1c IR ATM DS-3 (12-port card) Channelized SONET Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR Channelized SDH Channelized STM-1 to E1 IR PDH 3-port Channelized DS-3 12-port Channelized DS-3 Clear-Channel DS-3 Clear-Channel E3 Channelized E1 Ethernet 10/100 Ethernet Gigabit Ethernet Advanced Gigabit Ethernet Gigabit Ethernet 3 Gigabit Ethernet 1020 10 Gigabit Ethernet ether-12-port gigaether-4-port gigaether-4-port ge3-4-port ge-20-port 10ge-1-port 1 to 6 and 9 to 14 1 to 4 ch-ds3-3-port ch-ds3-12-port ds3-12-port e3-6-port ch-e1ds0-24-port 1 to 6 and 9 to 14 1 to 4 1 to 5 and 10 to 14 3 to 4 ch-stm1ds0-3-port 1 to 6 and 9 to 14 1 to 4 ch-oc12ds1-1-port ch-oc12ds3-1-port 1 to 6 and 9 to 14 1 to 4 atm-oc12-1-port atm-oc12e-1-port atm-oc3-2-port atm-oc3-4-port atm-ds3-12-port 1 to 5 and 10 to 14 3 to 4 1 to 6 and 9 to 14 1 to 4 oc48-1-port oc48-1-port oc48-1-port oc12-4-port oc3-8-port 1 to 6 and 9 to 14 1 to 4 card-type Keyword SmartEdge 800 Router SmartEdge 400 Router
Examples
The following example configures an ATM OC-12c/STM-4c card in slot 3:
[local]Redback(config)#card atm-oc12-1-port 3 [local]Redback(config-card)#
2-10
Related Commands
None
2-11
clock-source
clock-source {global-reference | local} default clock-source
Purpose
Specifies the source for the transmit clock on an Asynchronous Transfer Mode (ATM) DS-3 or second-generation ATM OC card.
Command Mode
card configuration
Syntax Description
global-reference Specifies the system clock on the active controller card as the clock source. local Specifies the local clock located on the traffic card.
Default
The source for the transmit clock is the local clock located on the traffic card.
Usage Guidelines
Use the clock-source command to specify the source for the transmit clock on an ATM DS-3 or second-generation ATM OC card. You can specify (during port configuration) whether the port uses this or another clock source. The choice of the clock source for an ATM DS-3 or second-generation ATM OC card allows its ports to function without packet loss during a switchover to the standby controller card when the active controller card is removed from the SmartEdge chassis. If the clock source is the system clock on the active controller card, packets can be lost during the brief interval of the switchover. For this reason, it is highly recommended that you specify the local clock on the ATM DS-3 or second-generation ATM OC card as the clock source. Table 2-4 shows the possible clock source configurations for the card and its ports and the impact during switchover. Table 2-4 Clock Source Configurations and Potential Packet Loss
Port Clock Source loop card-reference local (the default) loop card-reference (the default) Impact During Switchover Potential loss of packets Potential loss of packets No loss of packets No loss of packets
Card Clock Source global-reference
Use the default form of this command to set the clock source to the default.
2-12
Examples
The following example specifies the internal clock on the 4-port ATM OC-3c/STM-1c card in slot 4 as the clock source:
[local]Redback(config)#card atm-oc3-4-port 4 [local]Redback(config-card)#clock-source local
This configuration prevents packet loss should the active controller card be removed from the chassis.
Related Commands
clock-sourceATM DS-3 configuration mode clock-sourceATM OC configuration mode
2-13
maximum ports
maximum ports num-ports {no | default} maximum ports [num-ports]
Purpose
Specifies the number of software-configurable ports on an Asynchronous Transfer Mode (ATM) DS-3 card.
Command Mode
card configuration
Syntax Description
num-ports Number of ports that can be configured. Optional only in the no and default forms. The allowed values are 4, 8, and 12.
Default
All ports on the card are software configurable.
Usage Guidelines
Use the maximum ports command to specify the number of software-configurable ports on an ATM DS-3 card. Ports 1, 2, and so on (up to and including the name of the num-ports argument) are enabled with this command. The effect of this command is to increase the number of permanent virtual circuits (PVCs) that can be created on any of the software-configurable ports for each traffic class. For more information about the number of PVCs that can be created on each port, see the ATM Configuration Guidelines section in Chapter 6, Circuit Configuration. You must enter this command before you enter any other port-level configuration commands for this card; it fails if there are any existing ports configured for this card. You must enter the commit command (in any configuration mode) before you configure any ports on the card. The commit command reloads the segmentation and reassembly (SAR) image on the card, which causes the limit specified by the maximum ports command to take effect. The remaining ports are held (in shutdown mode) and cannot be configured. An error message displays if you specify one of these ports when entering the port atm command (in global configuration mode). Use the no or default form of this command to specify that all ports are software configurable. Note The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis.
Examples
The following example specifies ports 1 to 8 on the ATM DS-3 card in slot 5 are software configurable:
[local]Redback(config)#card atm-ds3 5 [local]Redback(config-card)#maximum ports 8 [local]Redback(config-card)#commit
2-14
Related Commands
port atm
2-15
sonet-eu
sonet-eu no sonet-eu
Purpose
Enables the Synchronous Optical Network (SONET) path trace, path maintenance, and path alarm monitoring features on a 2-port Asynchronous Transfer Mode (ATM) OC-3c/STM-1c, ATM OC-12c/STM-4c, or a Packet over SONET/SDH (POS) card.
Command Mode
card configuration
Syntax Description
This command has no keywords or arguments.
Default
SONET path maintenance and path alarm monitoring features are disabled.
Usage Guidelines
Use the sonet-eu command to enable the SONET path trace, path maintenance, and path alarm monitoring features on a 2-port ATM OC-3c/STM-1c, ATM OC-12c/STM-4c, or a POS card. Path alarm monitoring includes remote defect indication (RDI-P), B3 error count, un-equipped (UNEQ-P), path label mismatch (PLM-P), and far end bit error (FEBE) count. This information displays in the output for the show port counters and show port detail commands (in any mode), and cleared using the clear port counters command (in exec mode). The flag N in the display of the show chassis command (in any mode) indicates that a card has this feature enabled. Note This command applies to any first-generation ATM OC card or any POS card, regardless of the framing of its ports. POS cards include OC-48c/STM-16c, OC-12c/STM-4c, and OC-3c/STM-1c. This command is not needed for a second-generation ATM OC card and is not available for any channelized SONET and Synchronous Digital Hierarchy (SDH) card. Use the no form of this command to disable SONET path trace, path maintenance, and path alarm monitoring features. Note The no form of this command does not disable the SONET path trace, path maintenance, and path alarm monitoring features until the next time the card is reloaded. You must reload the card with the reload command (in exec mode) to disable the feature.
2-16
Examples
The following example enables SONET path maintenance and alarm monitoring on a POS OC-12c/STM-4c traffic card in slot 1:
[local]Redback(config)#card oc12-4-port 1 [local]Redback(config-card)#sonet-eu [local]Redback(config-card)#end
The following example disables SONET path maintenance and alarm monitoring on a POS OC-12c/STM-4c traffic card in slot 1:
[local]Redback(config)#card oc12-4-port 1 [local]Redback(config-card)#no sonet-eu [local]Redback(config-card)#end
Related Commands
None
2-17
2-18
Chapter 3
ATM, Ethernet, and POS Port Configuration
This chapter provides an overview of Asynchronous Transfer Mode (ATM), Ethernet, and Packet over SONET/SDH (POS) ports, describes the tasks used to configure them, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. The commands described in this chapter are common to all these port types, except where noted. For information about the tasks and commands used to monitor, troubleshoot, and administer these ports, see the Card, Port, and Channel Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for traffic cards are described in Chapter 2, Traffic Card Configuration. Configuration tasks and commands for circuits are described in Chapter 6, Circuit Configuration.
For protocol- or feature-specific commands that appear in ATM, ATM DS-3, or port configuration mode, see the appropriate chapter in this guide, in the Routing Protocols Configuration Guide, or the IP Services and Security Configuration Guide for the SmartEdge OS. Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted. The term, Gigabit Ethernet, applies to any ethernet traffic card that supports a port speed of 1 Gbps or greater; unless explicitly stated, the speed of any Gigabit Ethernet port is 1 Gbps. The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
3-1
Overview
Overview
In a SmartEdge system, traffic cards are the individual I/O cards; ports are the physical interfaces on the traffic cards. The SmartEdge routers support many different types of traffic cards and ports. The ATM, Ethernet, and POS ports described in this chapter are ports on the following traffic cards: ATM cards: ATM OC-3c/STM-1c, ATM OC-12c/STM-4c, Enhanced ATM OC-12c/STM-4c, and ATM DS-3 Note The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis. Ethernet cards: 10/100 Ethernet, and Gigabit Ethernet (any version). Ethernet management port on a controller card. POS cards: OC-3c/STM-1c, OC-12c/STM-4c, and OC-48c/STM-16c.
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. Port configuration tasks for each type of port are described in the following sections: Configuring ATM Ports Configuring Ethernet Ports Configuring POS Ports
Configuring ATM Ports

ATM ports are of two types: those on an OC card, such as the ATM OC-12c/STM-4c, and those on the ATM DS-3 card. You configure ATM OC ports in ATM OC configuration mode and ATM DS-3 ports in ATM DS-3 configuration mode. Not all configuration tasks apply to all types of cards and ports; in the task descriptions that follow, the configuration mode indicates the type of port to which the task applies. ATM OC cards are also of two kinds: First-generation ATM OC2-port ATM OC-3c/STM-1c and ATM OC-12c/STM-4c Second-generation ATM OC4-port ATM OC-3c/STM-1c and Enhanced ATM OC-12c/STM-4c
The second-generation cards have more memory and support more ATM permanent virtual circuits (PVCs) and enhanced queuing and traffic shaping capabilities than the first-generation cards. Note The term, first-generation ATM OC port, refers to a port on a 2-port ATM OC-3c/STM-1c or ATM OC-12c/STM-4c traffic card; similarly, the term, second-generation ATM OC port, refers to a port on a 4-port ATM OC-3c/STM-1c or Enhanced ATM OC-12c/STM-4c traffic card.
3-2
Configuration Tasks
This section includes the following topics: Configure Operational Features for an ATM Port Configure Maintenance Features for an ATM Port
Configure Operational Features for an ATM Port

You configure operational features to support normal operations. To configure operational features for an ATM port, perform the tasks described in Table 3-1. Unless otherwise noted, enter all commands in either ATM DS-3 or ATM OC configuration mode, depending on the type of port you are configuring. Table 3-1
# 1. Task Select (begin the configuration of) an ATM port and access either ATM OC or ATM DS-3 configuration mode. Specify general attributes for the port (all attributes are optional): Associate a description with the port. Specify the framing. description framing Enter this command in port configuration mode. Enter this command in port configuration mode. Framing options vary depending on the type of ATM port. Enter this command in port configuration mode. The default MAC address is assigned based on the MAC address extracted from the EEPROM of the card. Use the no form to disable this feature.
Configure Operational Features for an ATM Port

Root Command port atm Notes Enter this command in global configuration mode.
2.
Specify the MTU payload size without fragmentation. Assign a different MAC address. Disable ATM cell payload scrambling. Specify an over-subscription rate for the port. Apply an existing bulkstats schema profile to the port.
mtu mac-address atm scramble over-subscription-rate bulkstats schema
For a description of the bulkstats schema command listed in this table, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
3-3
Configuration Tasks
Table 3-1
# 3. Task
Configure Operational Features for an ATM Port (continued)

Root Command Notes
Specify port-type specific attributes for the port (all attributes are optional): Enable port to remain up after alarm reception. Specify the cable length. Specify the clock source. alarm-report-only cablelength clock-source Enter this command in ATM OC configuration mode. This command is for ATM OC ports only. Enter this command in ATMS DS-3 configuration mode. This command is for ATM DS-3 ports only. You can enter this command in port configuration mode as well. This command (in card configuration mode) is for ATM DS-3 and second-generation ATM OC ports only. This command is not yet available. Enter this command in ATM DS-3 configuration mode. This command is for ATM DS-3 ports only. Use the no form to disable this feature. This command is for first- and second-generation ATM OC ports only. Enter this command for each threshold to be specified. Use the no form to enable the port.
Enable port listening mode. Enable the port to respond to or ignore remote loopback requests. Enable the port to maintain steady state for subscribers. Specify the exponent of the SD-BER and SF-BER thresholds. 4. Enable the port (begin operations on it).
ccod-mode port-listen equipment-loopback link-dampening threshold
shutdown
You are now ready to configure ATM virtual paths (VPs) and permanent virtual circuits (PVCs) on the port. See Chapter 6, Circuit Configuration, for information about configuring ATM VPs and PVCs.
Configure Maintenance Features for an ATM Port

You configure maintenance features only if the port is experiencing problems. To configure maintenance features for an ATM port, perform one or both of the tasks described in Table 3-2. Table 3-2
Task Specify a path trace message for an ATM OC port.
Configure Maintenance Features for an ATM Port

Root Command path-trace Notes This command is available only for ports on second-generation ATM OC cards. Enter this command in ATM OC configuration mode.
Change to a loopback state on a port to test port operation.
loopback
Enter this command in ATM OC or ATM DS-3 configuration mode.
Configuring Ethernet Ports

Ethernet ports are of three types: the management port on a controller card, ports on a 10/100 Ethernet, and ports on any version of the Gigabit Ethernet cards. You configure any of these types of ports in port configuration mode. Not all configuration tasks apply to all types of ports. In the task descriptions that follow, the description applies to all types of ports unless otherwise noted. This section includes the following topics: Configure Operational Features for an Ethernet Port Configure a Maintenance Feature for an Ethernet Port
3-4
Configuration Tasks
Configure Operational Features for an Ethernet Port

You configure operational features to support normal operations. To configure operational features for an Ethernet port, perform the tasks described in Table 3-3. Table 3-3
# 1. 2. Task Select (begin the configuration of) an Ethernet port and access port configuration mode.
Configure Operational Features for an Ethernet Port

Root Command port ethernet Notes Enter this command in global configuration mode.
Specify general attributes for the port (all attributes are optional): Associate a description with the port. Specify the encapsulation for the port. description encapsulation Enter this command in port configuration mode. Enter this command in port configuration mode. Specify pppoe encapsulation. Use this command only if you do not intend to create 802.1Q PVCs on it. Enable transport of packets with unrecognized tags. Specify the MTU payload size without fragmentation. Apply an existing bulkstats schema profile to the port. transport unmatchedencap mtu bulkstats schema Enter this command in port configuration mode. Enter this command in port configuration mode Use this command only if you are not adding the port to a link group. For a description of the bulkstats schema command listed in this table, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
3.
Specify card-specific attributes for the port (all attributes are optional): Specify the speed and duplex mode. medium Enter this command in port configuration mode. This command is for a port on a 10/100 Ethernet card only. Enter this command in port configuration mode. Use the no form to disable this feature. This command is for a port on any version of a Gigabit Ethernet card. Enter this command in port configuration mode. Use the no form to disable this feature. Enter this command in port configuration mode. Enter this command in the mode matching the type of port you are configuring. Use this command only if you have not added the port to a link group, or if you do not intend to create 802.1Q PVCs on it. Enter this command in the mode matching the type of port you are configuring, or in port configuration mode. Use the no form to enable the port.
Disable flow control negotiation.
flow-control
Enable the port to maintain steady state for subscribers. 4. 5. Add the port to an existing link group. Bind the port to an existing interface in an existing context.
link-dampening link-group bind interface
6.
Enable the port (begin operations on it).
shutdown
You are now ready to use the port or configure 802.1Q PVCs on it. For information about configuring 802.1Q PVCs, see Chapter 6, Circuit Configuration.
3-5
Configuration Tasks
Configure a Maintenance Feature for an Ethernet Port

You configure a maintenance feature only if the port is experiencing problems. To configure a maintenance feature for an Ethernet port, perform the task described in Table 3-4. Table 3-4
Task Change to a loopback state on a port to test port operation.
Configure a Maintenance Feature for an Ethernet Port

Root Command loopback Notes Enter this command in port configuration mode.
Configuring POS Ports

A POS port is a port on an OC-3c/STM-1c, OC-12c/STM-4c, or OC-48c/STM-16c card. You configure a POS port on any of these cards in port configuration mode. To configure a POS port, perform the tasks described in the following sections: Configure Operational Features Configure a POS Port for APS Configure Maintenance Features for a POS Port
Configure Operational Features

The following configuration guidelines apply to POS ports that are to be protected with APS: To be a protect port in an Automatic Protection Switching (APS) group, you must configure it to have the identical configuration as the working port. If you need to change the configuration of a working port, you must ensure that you apply the configuration changes to both the working and protect ports (the configurations must be identical). If a port has already been assigned as a working or protect port in an APS group, then that port must first be removed from the APS group before making any subsequent changes to the configuration for that port. Binding a working port to an interface is not considered a change to the port configuration; thus, this action is allowed on an APS working port.
3-6
Configuration Tasks
You configure operational features to support normal operations. To configure operational features for a POS port, perform the tasks described in Table 3-5. Table 3-5
# 1. 2. Task Select (begin the configuration of) a POS port and access port configuration mode.
Configure Operational Features for a POS Port

Root Command port pos Notes Enter this command in global configuration mode.
Specify general attributes for the port (all attributes are optional): Associate a description with the port. Specify the framing. Specify the MTU payload size without fragmentation. Specify the exponent of the SD-BER and SF-BER thresholds. Disable SPE scrambling. description framing mtu threshold Enter this command in port configuration mode. Enter this command in port configuration mode. Enter this command in port configuration mode. Enter this command in port configuration mode. Enter this command for each threshold to be specified. Enter this command in port configuration mode. Use the no form to disable this feature. Enter this command in port configuration mode. Enter this command in port configuration mode. Redback recommends the 32-bit CRC. Enter this command in port configuration mode. Enter this command in port configuration mode. For more information about the bulkstats schema command, see Bulkstats Configuration chapter in the Basic System Configuration Guide for theSmartEdge OS. Enter this command in port configuration mode. Enter this command in the mode matching the type of port you are configuring. Use this command only if you do not intend to create Frame Relay PVCs on it, or add it to an APS group. Enter this command in port configuration mode. Use this command only if you do not intend to add it to an APS group. Use the no form to enable the port.
scramble
Define the value for the C2 byte. Specify a 16-bit CRC.
c2byte crc16
Specify the encapsulation type. Apply an existing bulkstats schema profile to the port.
encapsulation bulkstats schema
3. 4.
Specify the parameters for the Cisco HDLC keepalive function. Bind the port to an existing interface in an existing context.
keepalive bind interface
5.
shutdown
You are now ready to add the port to an APS group, use the port, or configure Frame Relay PVCs on it. For information about configuring Frame Relay PVCs, see Chapter 6, Circuit Configuration.
3-7
Configure a POS Port for APS

To configure a POS port for APS, perform the tasks described in Table 3-6. Table 3-6
# 1. 2. Task Enable the port (begin operations on it). Assign the port as a working or protect port in an APS group. Bind the port to an existing interface in an existing context.
Configure a POS Port for APS

Root Command shutdown aps Notes Enter this command in port configuration mode. Use the no form to enable the port. Enter this command in port configuration mode. You must enable the port before you can add it to an APS group. Enter this command in port configuration mode. You bind only the working port after you assign it to an APS group; you do not bind the protect port.
3.
bind interface
Configure Maintenance Features for a POS Port

You configure the maintenance features only if the port is experiencing problems. To configure the maintenance features for a POS port, perform one or both of the tasks described in Table 3-7. Enter all commands in port configuration mode. Table 3-7
Task Specify a path trace message. Change to a loopback state on a port to test port operation.
Configure Maintenance Features for a POS Port

Root Command path-trace loopback Notes
This section includes the following sections: ATM Port Examples Ethernet Port Examples POS Port Examples
ATM Port Examples

The follow example configures port 1 on a 2-port ATM OC-3c/STM-1c card in slot 4. ATM cell payload scrambling and Synchronous Optical Network (SONET) framing are enabled by default. The port is not bound to an interface because it will have ATM PVCs configured on it.
[local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#description 2-port ATM OC-3c/STM-1c port [local]Redback(config-atm-oc)#alarm-report-only plm-p [local]Redback(config-atm-oc)#mtu 4000 [local]Redback(config-atm-oc)#threshold sd-ber 6 [local]Redback(config-atm-oc)#threshold sf-ber 5
3-8
Command Descriptions [local]Redback(config-atm-oc)#over-subscription-rate 100 [local]Redback(config-atm-oc)#no shutdown
Ethernet Port Examples

The following example configures port parameters for port 1 on a 12-port 10/100 Ethernet card in slot 2. The port is not bound to an interface because it will have 802.1Q PVCs configured on it.
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#description SNMP port [local]Redback(config-port)#mtu 1000 [local]Redback(config-port)#medium auto [local]Redback(config-port)#no shutdown
POS Port Examples

The following example configures port parameters for port 1 on a 4-port POS OC-12c/STM-4c traffic card in slot 3. Payload scrambling is enabled (by default) with the default value for the C2 byte along with the default CRC32. The port is not bound to an interface because it will have Frame Relay PVCs configured on it.
[local]Redback(config-card)#port pos 3/1 [local]Redback(config-port)#description POS OC-12c/STM-4c port [local]Redback(config-port)#framing sdh [local]Redback(config-port)#encapsulation frame-relay [local]Redback(config-port)#no shutdown
This section describes the syntax and usage guidelines for the commands used to configure ATM, Ethernet, and POS ports. The commands are presented in alphabetical order. alarm-report-only atm scramble c2byte cablelength ccod-mode port-listen clock-source crc16 description encapsulation equipment-loopback flow-control framing keepalive link-dampening loopback mac-address medium mtu over-subscription-rate path-trace port atm port ethernet port pos scramble shutdown threshold transport unmatched-encap
3-9
alarm-report-only
alarm-report-only {plm-p | uneq-p | plm-p uneq-p} {no | default} alarm-report-only {plm-p | uneq-p | plm-p uneq-p}
Purpose
Enables the port to remain up when the SmartEdge router receives the specified alarms.
Command Mode
ATM OC configuration
Syntax Description
plm-p uneq-p Specifies the payload label mismatch path alarms. Specifies the unequipped path alarms.
Default
The reception of a path alarm causes the SmartEdge router to shut down the port.
Usage Guidelines
Use the alarm-report-only command to enable the port to remain up when the SmartEdge router receives the specified alarms. Ignoring an alarm does not completely mask it. When you configure this command for a particular alarm, the system still logs the alarm and displays it in the show port command (with the detail keyword), but the SmartEdge router does not shut down the port. You can use successive calls to this command to cumulatively build a list of alarms that will not trigger port shutdown. Use the no or default form of this command to specify the default condition for the indicated alarm. To view the state of alarm reporting, use the show configuration command (in any mode), or use the show port detail command (in any mode). For more information on this command, see Chapter 2, Card, Port, and Channel Operations in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Note All ATM OC traffic cards support this command.
Examples
The following example enables ATM Port 1/1 to remain functional even if the SmartEdge router receives a PLM-P alarm:
[local]Redback(config)#port atm 1/1 [local]Redback(config-atm-oc)#alarm-report-only plm-p
Related Commands
None
3-10
atm scramble
For an ATM OC port in ATM OC configuration mode, the command syntax is: atm scramble no atm scramble For an ATM DS-3 port in ATM DS-3 configuration mode, the command syntax is: atm scramble-ds3 no atm scramble-ds3
Purpose
Enables Asynchronous Transfer Mode (ATM) cell payload scrambling on an ATM OC or ATM DS-3 port.
Command Mode
ATM DS-3 configuration ATM OC configuration
Syntax Description
Default
ATM cell payload scrambling is enabled on the port.
Usage Guidelines
Use the atm scramble command on an ATM OC port, or the atm scramble-ds3 command on an ATM DS-3 port, to enable ATM cell payload scrambling as specified in section 4.5.3 in the ITU-T I432 specification. Note Enabling or disabling ATM cell payload scrambling on an ATM port has no impact on the C2 byte, which is not included in the ATM cell payload; it is always set to 0x13. Use the no form of this command to disable ATM cell payload scrambling.
Examples
The following example disables ATM cell payload scrambling on ATM port 1 of the ATM OC card installed in slot 11:
[local]Redback(config)#port atm 11/1 [local]Redback(config-atm-oc)#no atm scramble
3-11
The following example disables ATM cell payload scrambling on ATM port 1 of the ATM DS-3 card installed in slot 12:
[local]Redback(config)#port atm 12/1 [local]Redback(config-atm-ds3)#no atm scramble-ds3
Related Commands
port atm
3-12
c2byte
c2byte value default c2byte
Purpose
Defines the value for the Path Signal Label (C2) byte for a Packet over SONET/SDH (POS) port.
Command Mode
port configuration
Syntax Description
value Value to send in the C2 byte. The range of values is 0 to 255; the default value is 22 (hexadecimal 0x16).
Default
The default value is 22 (hexadecimal 0x16).
Usage Guidelines
Use the c2byte command to define the value for the C2 byte for a POS port. RFC 2615, PPP over SONET/SDH, specifies that a C2 byte value of 22 (hexadecimal 0x16) is used to indicate Point-to-Point Protocol (PPP) with X^43 + 1 scrambling, and the value of 207 (hexadecimal 0xCF) is used to indicate PPP without scrambling. Note The SmartEdge OS automatically configures the C2 byte to 22 (0x16) when synchronous payload envelope (SPE) scrambling is enabled, and to 207 (0xCF) when SPE scrambling is disabled; see the scramble command. If you need to define a different C2 byte value to interoperate with another vendors equipment and you need to enable SPE scrambling, first enable SPE scrambling (it is enabled by default), and then override the C2 byte value with this command. Note This command applies only to a POS port on an OC-48c/STM-16c, OC-12c/STM-4c, or OC-3c/STM-1c card. Note The C2 byte for a port on any Asynchronous Transfer Mode (ATM) OC card is fixed at 0x13 and cannot be changed. Use the default form of this command to define the C2 byte with the default value.
Examples
The following example defines the value 22 (hexadecimal value 0x16) for the C2 byte for a POS port in slot 9:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#c2byte 22
3-13
Related Commands
port pos scramble
3-14
cablelength
cablelength length {no | default} cablelength
Purpose
Specifies the length of the cable connected to an Asynchronous Transfer Mode (ATM) DS-3 port.
Command Mode
ATM DS-3 configuration
Syntax Description
length Length of the cable in feet. The range of values is 0 to 450.0 ft (137.2m).
Default
The default cable length is 349.0 ft (106.4m).
Usage Guidelines
Use the cablelength command to specify the length of the cable connected to an ATM DS-3 port. Use the no or default form of this command to specify the default length. Note The operating system recognizes only two categories of DS-3 cables: short, which is any length up to and including 349.0 ft (106.4m), and long, which is any length over 349.0 ft (106.4m). Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for DS-3 ports on channelized or clear-channel DS-3 cards.
Examples
The following example specifies a cable length of 225.0 ft (68.6m):
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-ds3)#cablelength 225
Related Commands
port atm
3-15
ccod-mode port-listen
ccod-mode port-listen {no | default} ccod-mode port-listen
Purpose
Enables port listening mode for this Asynchronous Transfer Mode (ATM) port.
Command Mode
Syntax Description
Default
Port listening mode is disabled for all ATM ports.
Usage Guidelines
Use the ccod-mode port-listen command to enable port listening mode for this ATM port. This command is available only for ports on second-generation ATM OC and ATM DS-3 cards. Note Enabling port listening mode with this command must precede the configuration of any ATM VPs or PVCs on this port. Use this command to allow you to specify the full range of ATM virtual path identifiers (VPIs) and virtual circuit identifiers (VCIs) (VCI 0 to 255, VPI 1 to 65,535) when entering the atm pvc on-demand command (in ATM OC or ATM DS-3 configuration mode) to create listening on-demand ATM permanent virtual circuits (PVCs) for this port. Otherwise, the range that you specify must be within the limits for that type of port. This command does not change the maximum number of active PVCs that are supported on the type of ATM port on which you are creating them, nor the number of active PVCs that are supported for each traffic class on that type of ATM port. For PVC limits for ATM ports and traffic classes, see the tables that specify PVC limits in the ATM Configuration Guidelines section. Use the no or default form of this command to disable port listening mode for this port.
Examples
The following example enables port listening mode for port 2 on the 4-port ATM OC-3c/STM-1c card in slot 3:
[local]Redback(config)#port atm 3/2 [local]Redback(config-atm-oc)#ccod-mode port-listen
3-16
Related Commands
None
3-17
clock-source
In ATM DS-3 and ATM OC configuration modes, the command syntax is: clock-source {card-reference | loop} default clock-source In port configuration mode, the command syntax is: clock-source {local | loop} default clock-source
Purpose
Specifies the transmit clock source for a port on an Asynchronous Transfer Mode (ATM) DS-3, second-generation ATM OC, or 10 Gigabit Ethernet (10GE) traffic card.
Command Mode
ATM DS-3 configuration ATM OC configuration port configuration
Syntax Description
card-reference loop local Specifies the clock source that has been specified for the traffic card. This is the default clock source for ATM DS-3 and ATM OC ports. Specifies the receive clock derived from the incoming signal on the port as the transmit clock source. Specifies the onboard clock on a 10GE traffic card as the clock source. This is the default clock source for 10GE ports.
Default
For ATM DS-3 and ATM OC ports, the transmit clock source is the clock source specified for the traffic card. For 10GE ports, the transmit clock source is the onboard clock.
Usage Guidelines
Use the clock-source command to specify the transmit clock source for a port on an ATM DS-3, second-generation ATM OC, or 10GE traffic card. Use the card-reference keyword to specify the clock source that has been specified for the ATM traffic card with the clock-source command (in card configuration mode). Use the local keyword to specify the onboard clock on a 10GE traffic card as the clock source. Use the loop keyword to specify the receive clock from the incoming signal on the port as the transmit clock source.
3-18
Caution Risk of data loss. If you specify the onboard clock on the active controller card as the clock source for the ATM card using the clock-source command with the global-reference keyword (in card configuration mode), there might be a brief traffic interruption on all ports on the card if the active controller card is removed from the system. To reduce the risk, specify the derived received clock on the ATM card as the clock source (using the clock-source command with the local keyword) for an ATM DS-3 or second-generation ATM OC card. The clock source choice for an ATM DS-3, and second-generation ATM OC card allows its ports to function without packet loss during a switchover to the standby controller card when the active controller card is removed from the SmartEdge chassis. If the clock source for the traffic card is the system clock on the active controller card, packets can be lost during the brief interval of the switchover. For this reason, we highly recommend that you specify the local clock on the ATM DS-3 or second-generation ATM OC card as the clock source for its ports. Table 3-8 shows the possible clock source configurations for the ATM traffic card and its ports, and the impact during switchover. Table 3-8 ATM Port Configurations and Potential Packet Loss
Port Clock Source loop card-reference local (the default source) loop card-reference (the default source) Impact During Switchover Potential loss of packets Potential loss of packets No loss of packets No loss of packets
ATM Card Clock Source global-reference
Use the default form of this command to set the clock source to the default. Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for a DS-3 or E1 channel or port, E3 port, or DS-1 channel.
Examples
The following example specifies the derived receive clock for the ATM DS-3 port as the transmit clock source:
[local]Redback(config)#card atm-oc3-4-port 3 [local]Redback(config-card)#clock-source global reference [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-ds3)#clock-source loop
In this configuration, packet loss can occur should the active controller card be removed from the chassis. The following example specifies the local clock as the source for the transmit clock for a 4-port ATM OC-3c/STM-1c card and its port 1:
[local]Redback(config)#card atm-oc3-4-port 4 [local]Redback(config-card)#clock-source local [local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#clock-source card-reference
This configuration prevents packet loss should the active controller card be removed from the chassis.
3-19
Related Commands
clock-sourcecard configuration mode port atm port ethernet
3-20
crc16
crc16 no crc16
Purpose
Specifies a 16-bit cyclic redundancy check (CRC) on a Packet over SONET/SDH (POS) port.
Command Mode
port configuration
Syntax Description
Default
A 32-bit CRC is used.
Usage Guidelines
Use the crc16 command to specify a 16-bit CRC on a POS port configured with either Synchronous Optical Network (SONET) or Synchronous Digital Hierarchy (SDH) framing. Note We recommend a 32-bit CRC. Note This command applies only to a POS port on an OC-48c/STM-16c, OC-12c/STM-4c, or OC-3c/STM-1c card. Use the no form of this command to specify a 32-bit CRC.
Examples
The following example specifies a 16-bit CRC for a POS port in slot 9:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#crc16
Related Commands
port pos
3-21
description
description text {no | default} description
Purpose
Associates textual information with a port.
Command Mode
Syntax Description
text Text string that identifies the port. Can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters.
Default
No description is associated with a port.
Usage Guidelines
Use the description command to associate textual information with the port. This text displays by the show port detail command for the port. Use the no or default form of this command to delete the existing description. Because there can be only one description for a port, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example associates a description with the management port on the controller card in slot 7:
[local]Redback(config)#port ethernet 7/1 [local]Redback(config-port)#description Management port
Related Commands
port atm port ethernet port pos
3-22
encapsulation
For a Packet over SONET/SDH (POS) port, the command syntax is: encapsulation {cisco-hdlc | frame-relay | ppp} no encapsulation For an Ethernet port, the command syntax is: encapsulation pppoe no encapsulation
Purpose
Specifies the encapsulation type for a POS or Ethernet port.
Command Mode
port configuration
Syntax Description
cisco-hdlc frame-relay ppp Specifies Cisco High-Level Data Link Control (HDLC) or other higher layer protocol as the encapsulation type; this is the default. Specifies Frame Relay as the encapsulation type as described in RFC 1490, Multiprotocol Interconnect over Frame Relay. Specifies Point-to-Point Protocol (PPP) encapsulation, as described in RFC 2615, PPP over SONET/SDH and RFC 1662, PPP in HDLC-like Framing as the encapsulation type. Specifies Point-to-Point over Ethernet (PPPoE) encapsulation.
pppoe
Default
The encapsulation type for POS ports is Cisco HDLC; for Ethernet ports it is IP over Ethernet (IPoE).
Usage Guidelines
Use the encapsulation command to specify the encapsulation type for a POS or Ethernet port. Note If this port is to be a working or protect port in an APS group, you must specify Cisco HDLC encapsulation. The commands that are available depend on the encapsulation type specified by this command. For example, if you specify Cisco HDLC, none of the Frame Relay commands are available. Use the no form of this command to specify the default encapsulation type.
3-23
Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for a clear-channel DS-3 channel or port, E3 port, E1 channel or port, DS-1 channel, or DS-0 channel group; and in Chapter 6, Circuit Configuration,for Ethernet ports with 802.1Q permanent virtual circuits (PVCs).
Examples
The following example specifies Frame Relay encapsulation for a POS port:
[local]Redback(config)#port pos 4/1 [local]Redback(config-port)#encapsulation frame-relay
Related Commands
port pos
3-24
equipment-loopback
equipment-loopback {customer | network} default equipment-loopback
Purpose
Enables an Asynchronous Transfer Mode (ATM) DS-3 port to respond to or ignore remote loopback requests.
Command Mode
ATM DS-3 configuration
Syntax Description
customer network Configures the ATM DS-3 port to respond to remote loopback requests; this is the default. Configures the ATM DS-3 port to ignore remote loopback requests.
Default
The ATM DS-3 port responds to remote loopback requests.
Usage Guidelines
Use the equipment-loopback command to configure an ATM DS-3 port to respond to or ignore remote loopback requests. Use the default form of this command to return to the port to its default behavior of responding to remote loopback requests. Note This command is also documented in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for a DS-3 channel or port or for a DS-1 channel.
Examples
The following example configures port 1 on the ATM DS-3 card in slot 3 to ignore remote loopback requests:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-ds3)#equipment-loopback network
Related Commands
port atm
3-25
flow-control
flow-control no flow-control
Purpose
Enables flow control negotiation on a Gigabit Ethernet port.
Command Mode
port configuration
Syntax Description
Default
Flow control is disabled for ports on the first and second versions of the Gigabit Ethernet (GE) cards; it is enabled for ports on the Gigabit Ethernet 3 (GE3), Gigabit Ethernet 1020 (GE1020), and 10 Gigabit Ethernet (10GE) cards.
Usage Guidelines
Use the flow-control command to enable flow control negotiation on a Gigabit Ethernet port.
Note This command applies only to Gigabit Ethernet ports. Note Auto-negotiation (AN) is always on for all types of Gigabit Ethernet ports with the exception of 10GE ports; it is not applicable to 10GE ports AN is not configurable. When configuring a link, the following guidelines apply to the near- and far-end ports: For GE3 ports, AN must be on. For all other types of GE ports (GE and GE1020), AN can be on or off.
Use the no form of this command to disable flow control negotiation.
Examples
The following example disables flow control on a Gigabit Ethernet port:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#no flow-control
Related Commands
port ethernet
3-26
framing
For an Asynchronous Transfer Mode (ATM) DS-3 port, the syntax in ATM DS-3 configuration mode is: framing {cbit-adm | cbit-plcp} default framing For an ATM OC or Packet over SONET/SDH (POS) port, the syntax in ATM OC or port configuration mode is: framing {sdh | sonet} default framing
Purpose
Specifies the framing for an ATM DS-3, ATM OC, or POS port.
Command Mode
Syntax Description
cbit-adm cbit-plcp sdh sonet Uses ATM direct mapping (ADM) as the mechanism to map ATM cells in to a DS-3 frame. This is the default setting. Uses the Physical Layer Convergence Protocol (PLCP) to map ATM cells in to a DS-3 frame. Specifies Synchronous Digital Hierarchy (SDH) framing for an ATM OC or POS port. Specifies Synchronous Optical Network (SONET) framing for an ATM OC or POS port; this is the default framing.
Default
The default framing for an ATM DS-3 port is ADM. The default framing for an ATM OC or POS port is SONET.
Usage Guidelines
Use the framing command to specify the framing for an ATM DS-3, ATM OC, or POS port. Note This command does not apply to channelized OC-12 ports. Framing changes can be made on an ATM DS-3 port only if it has no permanent virtual circuits (PVCs) configured on it. The system provides the following error message if you attempt to change the framing on a port with PVCs already configured on it:
Cannot change Framing while PVCs/VPs exist on any port on this card Please remove all PVCs/VPs on this card and try again
3-27
When the framing is changed on one ATM DS-3 port, all ports on the card are also changed automatically. The framing on all ports must be the same. Use the default form of this command to set the framing to the default setting.
Examples
The following command sets the framing for an ATM DS-3 port to cbit-plcp:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-ds3)#framing cbit-plcp
The following command sets the framing for an ATM OC port to sdh:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#framing sdh
Related Commands
port atm
3-28
keepalive
keepalive check-interval {minutes | seconds} time [retries retry-num] no keepalive default keepalive [check-interval] [retries]
Purpose
Enables the keepalive function on a Packet over SONET/SDH (POS) port that is encapsulated with Cisco High-Level Data Link Control (HDLC).
Command Mode
port configuration
Syntax Description
check-interval minutes seconds time Sets the time interval between keepalive checks. Specifies that the unit of measure for the time argument is minutes. Specifies that the unit of measure for the time argument is seconds; the default. Time in either minutes or seconds (depending on the preceding keyword) between keepalive checks. The range of values is 1 to 60 minutes, or 1 to 300 seconds; the default value is 10 seconds. Optional. Number of times the system is to retry an unsuccessful keepalive check. The range of values is 2 to 10; the default value is 3.
retries retry-num
Default
The keepalive function is enabled with an interval of 10 seconds and 3 retries.
Usage Guidelines
Use the keepalive command to enable the keepalive function on a POS port that is encapsulated with Cisco HDLC. This command specifies the interval between keepalive messages and the number of unconfirmed messages, either keepalive or packets, before declaring that the connection is broken. If the remote end does not have the keepalive function enabled, the connection is declared broken after the specified number of keepalive messages have been sent. If the remote end does have the keepalive function enabled, the connection is declared broken after the specified number of packet or keepalive messages have been sent and are unconfirmed. The interval must be the same on both ends of the connection.
Note The keepalive function is disabled on a port in an Automatic Protection Switching (APS) group when the traffic status of the port is Standby. Use the no form of this command to disable the keepalive function.
3-29
Use the default form of this command or enter the command without keywords to specify the default values for the interval and number of messages. Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for a clear-channel DS-3 channel or port, E3 port, DS-1 channel, or a DS-0 channel group.
Examples
The following example specifies the keepalive interval as 20 and the number of unconfirmed messages as 5 on a POS port:
[local]Redback(config)#port pos 1/8 [local]Redback(config-port)#encapsulation cisco-hdlc [local]Redback(config-port)#keepalive check-interval seconds 20 retries 5
Related Commands
port pos
3-30
link-dampening
link-dampening no link-dampening
Purpose
Enables subscribers to maintain a steady state on an Asynchronous Transfer Mode (ATM) or Ethernet port.
Command Mode
Syntax Description
Default
Disabled on all Gigabit Ethernet and ATM ports.
Usage Guidelines
Use the link-dampening command to enable subscribers to maintain a steady state on an ATM or Ethernet port. If the system declares that the ATM or Ethernet port is down, the port down event is delayed for 2.5 seconds, and the subscriber sees no state change for that port. When the ATM or Ethernet port comes back up, the port must be up for 10 seconds before the system declares that the port is up. Note This command is recommended for ports configured on a subscriber facing card. Note This command does not apply to the shutdown or no shutdown command (in ATM DS-3, ATM OC, and port configuration mode). Using these commands causes the port to go down immediately. Use the no form of this command to disable link-dampening.
Examples
The following example enables subscribers to maintain a steady state on an Ethernet port:
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#link-dampening
The following example disables the link-dampening command on an Ethernet port:

[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#no link-dampening
3-31
Related Commands
3-32
loopback
For an Ethernet port, the syntax in port configuration mode is: loopback no loopback For an Asynchronous Transfer Mode (ATM) DS-3 port, the syntax in ATM DS-3 configuration mode is: loopback {line | local | payload | remote} no loopback {line | local | payload | remote} For a port on a 4-port ATM OC-3c/STM-1c card, the syntax in ATM OC configuration mode is: loopback {internal | line | payload} no loopback For a port on any other ATM OC card or a Packet over SONET/SDH (POS) port, the syntax in ATM OC or port configuration mode is: loopback {internal | line} no loopback
Purpose
Changes the operation of an ATM DS-3, ATM OC, Ethernet, or POS port to a loopback state.
Command Mode
Syntax Description
internal line local payload Tests the internal functions of an ATM OC or POS port by looping the transmit line to the receive line. Tests the line operation of an ATM DS-3, ATM OC, or POS port by looping the receive line to the transmit line. Tests the internal functions on an ATM DS-3 port by looping the transmit line to the receive line. Indicates that when the DS-3 frame on an ATM DS-3 port or the SDH or SONET payload on a port on a 4-port ATM OC-3c/STM-1c card is received and the frame or payload is extracted, it is to be reframed and returned. Verifies remote link connectivity and quality at the DS-3 signal level for an ATM DS-3 port. This option is available only if its admin state is up.
remote
3-33
Default
Port operation is in a normal state.
Usage Guidelines
Use the loopback command to change the operation of a port or channel to a loopback state. The internal keyword for all ports except a port on a second-generation ATM OC card, causes all transmitted traffic to be looped back and not sent to the remote site; instead the remote site receives a loss of signal (LOS). For a port on a second-generation ATM OC card, the port software injects an alarm indication signal-line (AIS-L) and then resumes transmitting traffic. Use the show port detail command (in exec mode) to display the administrative state of the port. The Admin state field must be up to verify the remote link connectivity and quality with the remote keyword. Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized STM-1 ports. Use the no form of this command to restore the port operation to a normal state.
Examples
The following example changes the port operation of an ATM OC port to loop transmitted frames back to the receive line:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#loopback internal
The following example changes the port operation of an Ethernet port to a loopback state:
[local]Redback(config)#port ethernet 5/1 [local]Redback(config-port)#loopback
Related Commands
3-34
mac-address
mac-address mac-addr default mac-address mac-addr
Purpose
Assigns a medium access control (MAC) address on an Asynchronous Transfer Mode (ATM) OC or ATM DS-3 port.
Command Mode
Syntax Description
mac-addr MAC address to be used for the port in the form hh:hh:hh:hh:hh:hh.
Default
When the ATM OC or ATM DS-3 card is inserted in the SmartEdge chassis, the MAC address is extracted from the EEPROM and assigned to each port on the card as sequential addresses starting with the base address for port 1.
Usage Guidelines
Use the mac-address command to assign a MAC address on an ATM port. Use the default form of this command to return the MAC address to the address that has been extracted from the EEPROM on the ATM OC or ATM DS-3 card.
Examples
The following example assigns 00:03:04:10:a4:bc as the MAC address on port 1 of the ATM DS-3 card in slot 3:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atmd3)#mac-address 00:03:04:10:a4:bc
Related Commands
port atm
3-35
medium
medium {auto | speed speed duplex mode} default medium
Purpose
Specifies the Ethernet port speed and duplex mode.
Command Mode
port configuration
Syntax Description
auto Specifies that the port should auto-sense whether it is connected to a 10-Mbps or 100-Mbps Ethernet segment and the duplex mode of that segment; this is the recommended setting and the default for 10/100 Ethernet ports. Ethernet port speed. Specify as either 10 or 100 Mbps. Port duplex mode. Specify as either half (half-duplex) or full (full-duplex).
speed speed duplex mode
Default
10/100 Ethernet ports auto-sense the speed in full-duplex mode.
Usage Guidelines
Use the medium command to specify the 10/100 Ethernet port speed and duplex mode. Use the speed and duplex keywords to force an Ethernet port to use the specified speed and duplex mode. Note This command does not apply to ports on Gigabit Ethernet cards. Note The port does not come up if the medium speed or the duplex mode is configured incorrectly. Use the default form of this command to restore the default speed and duplex mode.
Examples
The following example specifies the speed at 10 Mbps and full-duplex mode for port 1 in slot 4:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#medium speed 10 duplex full
Related Commands
None
3-36
mtu
mtu size default mtu
Purpose
Specifies the maximum transmission unit (MTU) size of the payload without fragmentation for an Asynchronous Transfer Mode (ATM) OC port, an ATM DS-3 port, an Ethernet or Gigabit Ethernet port, or a Packet over SONET/SDH (POS) port.
Command Mode
Syntax Description
size MTU payload size in bytes. The range of values and the default depend on the type of port; see Table 3-9.
Default
The default MTU payload size is dependent on the type of port; see Table 3-9.
Usage Guidelines
Use the mtu command to specify the MTU size of the payload without fragmentation for an ATM, Ethernet, Gigabit Ethernet, or POS port. Table 3-9 lists the range of values and default for each type of port. Table 3-9
Port Type ATM OC or DS-3 Ethernet Gigabit Ethernet POS
Values for MTU Payload size Argument

Range of Values (Bytes) 256 to 12,800 256 to 1,500 256 to 9,198 256 to 12,800 Default (Bytes) 4,470 1,500 1,500 4,470
Note The MTU size for an ATM port is the size of the IP packet to be segmented into ATM cells. The Layer 2 headers are automatically added to the payload size and do not cause fragmentation; you do not include them when selecting the value of the size argument. Note You can also specify the MTU size at the interface level; the MTU size used is the minimum of the two values.
3-37
Note If you change the MTU value for a Point-to-Point Protocol (PPP)-encapsulated channel or port that you have already configured and enabled with the no form of the shutdown command in the appropriate configuration mode, the change does not take effect until you shut down the channel or port, and then re-enable it. Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for a clear-channel DS-3 or E1 channel or port, E3 port, DS-1 channel, or DS-0 channel group. Use the default form of this command to specify the default MTU payload size.
Examples
The following example specifies a MTU payload size of 1000 bytes for Ethernet port 1 in slot 4:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#mtu 1000
In this example, the Layer 2 headers for an Ethernet port include an 18-byte Ethernet header, a 4-byte 802.1q header, and up to 4 4-byte multiprotocol label switching (MPLS) labels, for a total of 38 bytes. Thus, in this example, the actual maximum packet size without fragmentation is 1038 bytes.
Related Commands
None
3-38
over-subscription-rate
over-subscription-rate rate no over-subscription-rate default over-subscription-rate
Purpose
Specifies the over-subscription rate allowed on an Asynchronous Transfer Mode (ATM) OC port or an ATM DS-3 port.
Command Mode
Syntax Description
rate Over-subscription rate as a percentage. The range of values is 0 to 10,000%; the default value is unlimited.
Default
The default rate is unlimited.
Usage Guidelines
Use the over-subscription-rate command to specify the over-subscription rate allowed on an ATM OC port or on an ATM DS-3 port. A rate of 0% allows permanent virtual circuits (PVCs) to be created on the port up to the bandwidth of the port; a rate of 1,000% allows PVCs to be created on the port up to the bandwidth of the port +1000%. Use the no form of this command to specify a rate of 0%. Use the default form of this command to specify the default rate.
Examples
The following example specifies an over-subscription rate of 100% for port 1 of the ATM OC-3c/STM-1c card in slot 4:
[local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#over-subscription-rate 100
With framing bits taken into account, the ATM OC-3c/STM-1c port has a bandwidth of 149.76 Mbps. With an over-subscription rate of 100%, PVCs can be created up to a bandwidth of 299.52 Mbps on this port.
Related Commands
None
3-39
path-trace
path-trace message text no path-trace message
Purpose
Specifies the text string to be traced on a port on a Packet over SONET/SDH (POS) or second-generation Asynchronous Transfer Mode (ATM) OC card.
Command Mode
ATM OC configuration port configuration
Syntax Description
message text Specifies that a text string follows. Text string with up to 62 ASCII characters, depending on the type of port: POS portsMaximum length is 62. Second-generation ATM OC portsFor Synchronous Optical Network (SONET)-framed ports, the maximum length is 62; for Synchronous Digital Hierarchy (SDH)-framed ports, the maximum length is 15.
Default
The transmitted text string is Redback.
Usage Guidelines
Use the path-trace command to specify the text string to be traced on a port on a POS or second-generation ATM OC card. The actual message length is 16 or 64 bytes, with one additional byte required for framing for a 15-character message and two additional bytes required for a 62-character message. Note For a POS port, you must first enable the path trace, path maintenance, and path alarm monitoring features for the card on which the port is configured, using the sonet-eu command (in card configuration mode). The sonet eu command is not needed for ports on a second-generation ATM OC card. Use the no form of this command to specify the default text string. You cannot disable the path-trace feature for second-generation ATM OC cards; to disable the path-trace feature for ports on POS cards, you must enter the no form for the sonet-eu command (in card configuration mode). Use the show port detail command (in any mode) to display the path-trace length and message.
3-40
Note This command is also described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized STM-1 ports.
Examples
The following example enables path trace and specifies the text string, this is a test, for port 1 on the POS card in slot 9:
[local]Redback(config)#card oc48-1-port 9 [local]Redback(config-card)#sonet-eu [local]Redback(config-card)#exit [local]Redback(config)#port pos 9/1 [local]Redback(config-port)#path-trace message this is a test
Related Commands
sonet-eu
3-41
port atm
port atm slot/port no port atm slot/port
Purpose
Selects an Asynchronous Transfer Mode (ATM) port and enters ATM OC or ATM DS-3 configuration mode.
Command Mode
Syntax Description
slot port Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 3-10. Card port number. The range of values depends on the type of card; see Table 3-11.
Default
None
Usage Guidelines
Use the port atm command to select an ATM port on a card of any type and enter ATM OC or ATM DS-3 configuration mode. Table 3-10 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 3-10 Slot Ranges for ATM Traffic Cards
slot Argument Range Traffic Card Type ATM OC-12c/STM-4c IR Enhanced ATM OC-12c/STM-4c IR 2-port ATM OC-3c/STM-1c IR 4-port ATM OC-3c/STM-1c IR ATM DS-3 1 to 5 and 10 to 14 3 to 4 SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
3-42
Table 3-11 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 3-11 Port Ranges for ATM Traffic Cards
Physical Ports 1 1 2 4 12 Low-Density Version No No No Yes No Low-Density Ports 1, 3
Traffic Card Type ATM OC-12c/STM-4c IR Enhanced ATM OC-12c/STM-4c IR 2-port ATM OC-3c/STM-1c IR 4-port ATM OC-3c/STM-1c IR ATM DS-3
If you have previously limited the number of software configurable ports, using the maximum ports command (in card configuration mode), for an ATM DS-3 card, and the port that you specify is not a software configurable port, this command fails and an error message displays. To enable the port, use the no shutdown command in ATM OC or ATM DS-3 configuration mode. Use the no form of this command to delete the port configuration from the configuration database.
Examples
The following example selects port 2 on an ATM OC card in slot 6, and enables the port:
[local]Redback(config)#port atm 6/2 [local]Redback(config-atm-oc)#no shutdown
The following example selects port 1 on the ATM DS-3 card in slot 3, and enables the port:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-ds3)#no shutdown
Related Commands
maximum ports shutdownATM DS-3 configuration mode shutdownATM OC configuration mode
3-43
port ethernet
port ethernet slot/port no port ethernet slot/port
Purpose
Selects an Ethernet port and enters port configuration mode.
Command Mode
Syntax Description
Default
None
Usage Guidelines
Use the port ethernet command to select an Ethernet port and enter port configuration mode. The Ethernet port can be of any type, including Gigabit Ethernet ports and the Ethernet management port on the active controller card. Table 3-12 lists the values for the slot argument for each type of SmartEdge chassis; the slot number for the active controller card is always 7 in a SmartEdge 800 chassis and 6 in a SmartEdge 400 chassis. Table 3-12 Slot Ranges for Ethernet Traffic Cards
slot Argument Range Traffic Card Type 10/100 Ethernet Gigabit Ethernet Advanced Gigabit Ethernet Gigabit Ethernet 3 Gigabit Ethernet 1020 10 Gigabit Ethernet SmartEdge 800 Router 1 to 6 and 9 to 14 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4 1 to 4
Note The SmartEdge 800s chassis, which does not have BNC connectors, does not support Asynchronous Transfer Mode (ATM) DS-3 or Plesiochronous Digital Hierarchy (PDH) traffic cards.
3-44
Table 3-13 lists the range of values for the port argument; the value of the port argument for the Ethernet management port is always 1. Table 3-13 Port Ranges for Ethernet Traffic Cards
Traffic Card Type 10/100 Ethernet Gigabit Ethernet Advanced Gigabit Ethernet Gigabit Ethernet 3 Gigabit Ethernet 1020 10 Gigabit Ethernet Physical Ports 12 4 4 4 20 1 Low-Density Version No Yes Yes No No No Low-Density Ports 1, 3 1, 3
To enable the port, use the no shutdown command in port configuration mode. Note If the system has dual controller cards installed, it is sufficient to configure the Ethernet management port on the controller card in slot 7 (SmartEdge 800 chassis) or 6 (SmartEdge 400 chassis), depending on the chassis. Access to the system is switched to the standby controller card if it should become the active controller card during normal operations. Only the management port on the active controller card is enabled. Use the no form of this command to delete the port configuration from the configuration database.
Examples
The following example configures an Ethernet port on the Ethernet card installed in slot 2:
[local]Redback(config)#port ethernet 2/2 [local]Redback(config-port)#no shutdown
Related Commands
shutdownport configuration mode
3-45
port pos
port pos slot/port no port pos slot/port
Purpose
Configures a Packet over SONET/SDH (POS) port and enters port configuration mode.
Command Mode
Syntax Description
Default
None
Usage Guidelines
Use the port pos command to configure a POS port on an OC-3c/STM-1c, OC-12c/STM-4c, or OC-48c/STM-16 card, and to enter port configuration mode. Table 3-14 lists the values for the slot argument for each type of SmartEdge chassis; in the table, ER, IR, LR, and SR abbreviations are used for Extended Reach, Intermediate Reach, Long Reach, and Short Reach, respectively. Table 3-14 Slot Ranges for POS Traffic Cards
slot Argument Range Traffic Card Type OC-48c/STM-16c SR OC-48c/STM-16c LR OC-48c/STM-16c ER OC-12c/STM-4c IR OC-3c/STM-1c IR 1 to 6 and 9 to 14 1 to 6 and 9 to 14 1 to 4 1 to 4 SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
Note The SmartEdge 800s chassis, which does not have BNC connectors, does not support Asynchronous Transfer Mode (ATM) DS-3 or Plesiochronous Digital Hierarchy (PDH) traffic cards.
3-46
Table 3-15 lists the range of values for the port argument. Table 3-15 Port Ranges for POS Traffic Cards
Traffic Card Type OC-48c/STM-16c SR OC-48c/STM-16c LR OC-48c/STM-16c ER OC-12c/STM-4c IR OC-3c/STM-1c IR Physical Ports 1 1 1 1 to 4 1 to 8 Low-Density Version No No No No No Low-Density Ports
To enable the port, use the no shutdown command in port configuration mode. Use the no form of this command to delete the port configuration from the configuration database.
Examples
The following example configures an POS port on the OC card installed in slot 6:
[local]Redback(config)#port pos 6/1 [local]Redback(config-port)#no shutdown
Related Commands
3-47
scramble
scramble no scramble default scramble
Purpose
Enables X^43+1 synchronous payload envelope (SPE) scrambling on a Packet over SONET/SDH (POS) port, as specified in RFC 2615, PPP over SONET/SDH.
Command Mode
port configuration
Syntax Description
Default
SPE scrambling is enabled on the port.
Usage Guidelines
Use the scramble command to enable X^43 +1 scrambling on a POS port, as specified in RFC 2615, PPP over SONET/SDH. Note Enabling or disabling scrambling on a port also changes the Path Label Signal (C2) byte value to the default specified in RFC 2615. See the c2byte command (in port configuration mode) on page 13. Note This command does not apply to Asynchronous Transfer Mode (ATM), Ethernet, or channelized OC-12 ports. Use the no form of this command to disable SPE payload scrambling. Use the default form of this command to enable SPE payload scrambling.
Examples
The following example disables SPE scrambling for port 1 on the POS card in slot 11. It also results in the C2 value being set to the value of 0xCF.
[local]Redback(config)#port pos 11/1 [local]Redback(config-port)#no scramble
Related Commands
c2byte
3-48
shutdown
shutdown no shutdown
Purpose
Disables the specified Asynchronous Transfer Mode (ATM) OC, ATM DS-3, Ethernet, or Packet over SONET/SDH (POS) port.
Command Mode
Syntax Description
Default
All ports are disabled.
Usage Guidelines
Use the shutdown command to enable or disable the specified ATM, ATM DS-3, Ethernet, or POS port. No data is transmitted or received when the port is disabled (shut down). Note You must enable POS port before adding it to an Automatic Protection Switching (APS) group. Note By default, any ATM permanent virtual circuits (PVCs) that you configure on an ATM port are enabled, but you must enable the port for them to function. Use the no form of this command to enable a port and have data transmitted or received on the port. To display the port or channel state, enter the show port detail command (in any mode). This command is also described in the following chapters: Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized OC-12 and STM-1 ports, DS-3 and E1 channels and ports, DS-1 channels, and DS-0 channel groups. Chapter 6, Circuit Configuration, for ATM, Frame Relay, and 802.1Q permanent virtual circuits (PVCs). Chapter 11, Cross-Connection Configuration, for cross-connected circuits. Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnel circuits.
3-49
Examples
The following example enables port 1 in for the Ethernet card installed in slot 2:
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#no shutdown
Related Commands
3-50
threshold
threshold {sd-ber sd-ber-exp | sf-ber sf-ber-exp} {no | default} threshold {sd-ber | sf-ber}
Purpose
Specifies the Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) signal degrade bit error rate (SD-BER) or signal fail BER (SF-BER) threshold for a SONET/SDH port.
Command Mode
ATM OC configuration port configuration
Syntax Description
sd-ber sd-ber-exp Value of the exponent for the threshold. The range of values is 5 to 9; the default value is 7. sf-ber sf-ber-exp Value of the exponent for the threshold. The range of values is 3 to 5; the default value is 4.
Default
The default thresholds for SD-BER and SF-BER are 10E-7 and 10E-4, respectively.
Usage Guidelines
Use the threshold command to specify the SONET/SDH SD-SER or SF-BER threshold for a SONET/SDH port. Note This command does not apply to channelized OC-12 ports. Use the no or default form of this command to specify the default values for the SF-BER and SD-BER thresholds.
Examples
The following example specifies the SD-BER and SF-BER thresholds as 10E-8 and 10E-6 for port 1 on the ATM OC-12c/STM-4c card in slot 3:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#threshold sd-ber 8 [local]Redback(config-atm-oc)#threshold sf-ber 6
Related Commands
port atm port pos
3-51
transport unmatched-encap
transport unmatched-encap no transport unmatched-encap
Purpose
Enables the transport of packets with unrecognized encapsulations by transporting the packet over a circuit that best matches the unknown encapsulation.
Command Mode
port configuration dot1q-pvc configuration
Syntax Description
Default
The system drops any packets for which a recognized circuit matching the encapsulation cannot be determined.
Usage Guidelines
Use the transport unmatched-encap command to enable the transport of packets with unrecognized encapsulations by transporting the packet over a circuit that best matches the unknown encapsulation. Note This command applies only on 802.1Q encapsulated ports and 802.1Q PVC tunnels. When a packet arrives at an 802.1Q encapsulated port, the port must determine on which circuit the packet is arriving, so the port can send the packet to the binding entity (router, bridge, or cross-connected circuit) for transport out. There are three possible cases of packet arrival: the packet carries a recognized encapsulation, one which matches a known circuit the packet carries an unmatched encapsulation with one 802.1Q PVC VLAN ID tag the packet carries an unmatched encapsulation with a combination of an outer 802.1q PVC tunnel ID tag and an inner 802.1Q PVC VLAN ID tag
In the case of a recognized encapsulation, the port determines the circuit on which the packet arrived and sends the packet on to the binding entity of that circuit. An example: a packet has a VLAN ID tag of 100, and the port recognizes 100 as being associated with circuit ethernet 4/1 vlan-ID 100. The port then determines that ethernet 4/1 vlan ID 100 has a binding to a bridge, and transports the packet using the bridge. However, if the 100 VLAN ID tag is unmatched, the port checks its own properties, determining if you configured it with the transport unmatched-encap command (in port configuration mode). If so, the port transports the packet using the circuit associated with the port. If not, the port drops the packet.
3-52
If the packet has a combination of an outer and inner VLAN ID, such as 100:500, the port first checks to see if it recognizes that combination. If so, the port sends the packet to the binding entity of the circuit associated with 100:500. However, if 100:500 is unmatched, the port checks to see if there is a known encapsulation for 100 (the outer tunnel). If 100 is matched, the port checks to see if you configured the outer 802.1Q PVC tunnel 100 with the transport unmatched-encap command (in dot1q-pvc configuration mode). If you have configured the PVC with this command, the port will send the packet to the binding entity of the circuit associated with 100. If you didnt configure the outer tunnel with this command, the port will drop the packet. See Table 3-16 for a breakdown of the transport logic.
.
Table 3-16 Transporting Logic for Packets with Unrecognized Encapsulations

Outer Tunnel Circuit (PVC 100) unmatched unmatched no trans, any trans, no bind trans, no bind trans, bind any, any unmatched no bind unmatched unmatched Inner Circuit (PVC 100:500) unmatched Received Packet (VLAN tags) 100 100:500 100:500 100 100:500 100:500 100:500 Matching Circuit port port port PVC 100 PVC 100 PVC 100 PVC 100:500
Ingress Port transport transport transport any any transport any
Transport Tags 100 100:500 100:500 drop drop 500 drop
After the port determines which circuit to use, the port checks to see if its own binding is set either to a bridged interface or to an L2VPN cross-connected tunnel. If either case is true, the port sends the packet out. If neither case is true, the port drops the packet. When the port transports the packet, it strips all VLAN ID tags from the packet. If an 802.1Q PVC tunnel transports the packet, then the port strips only one VLAN ID, the outer tag. For instance, if the original tag of the packet was 100:500, the port will strip the 100 tag, but leave the 500 tag on the packet. Note For more information on bridged interfaces, see Chapter 10, Bridging Configuration. For more information on cross-connected tunnels see Chapter 11, Cross-Connection Configuration.
Note You can only configure this command on ports whose configured encapsulation is dot1q. Also, a tunnel should have its encapsulation set to 1qtunnel. Use the no form of this command to disable transport of packets with unrecognized encapsulations; packets will be dropped.
Examples
The following example configures an ethernet port to transport any unrecognized tagged traffic.
[local]Redback(mode)# [local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#transport unmatched-encap [local]Redback(config-port)#end
3-53
The following example configures a dot1q tunnel to transport any unrecognized PVC traffic:
[local]Redback(config)#port ethernet 4/2 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 100 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#transport unmatched-encap [local]Redback(config-dot1q-pvc)#end
Related Commands
None
3-54
Chapter 4
Clear-Channel and Channelized Port and Channel Configuration

This chapter provides an overview of ports that support one or more data channels, describes the tasks used to configure them, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. The commands described in this chapter are common to the following port types, except where noted: Clear-channel portsDS-3, E1, E3 cards Channelized portsDS-3, E1, channelized OC-12, channelized STM-1 cards
For information about the tasks and commands used to monitor, troubleshoot, and administer these ports, see the Card, Port, and Channel Operations chapter in the Ports, Circuits and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for cards are described in Chapter 2, Traffic Card Configuration. Configuration tasks and commands for circuits are described in Chapter 6, Circuit Configuration.
Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted. The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis. For protocol-specific, or feature-specific, commands that are present in DS-0, DS-1, DS-3, E1, and E3 configuration modes, see the appropriate chapter in this guide, or the Routing Protocols Configuration Guide, or the IP Services and Security Configuration Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
4-1
Overview
Overview
In a SmartEdge system, traffic cards are the individual I/O cards; ports are the physical interfaces on the traffic cards, and a channel is a logical subdivision of the bandwidth of a channelized port. The SmartEdge routers support many types of ports and channels: Channelized OC-12, channelized STM-1 ports Clear-channel DS-3 and E1 ports and channels Clear-channel E3 ports Channelized DS-3 and E1 ports and channels DS-1 channels and DS-0 channel groups
Note Throughout this guide, the term, port, refers to the physical entity on a traffic card; the term, channel, refers to a logical subdivision of the bandwidth of a port or of a channel with greater bandwidth. Traffic cards that support the various types of channelized or clear-channel ports or channels are as follows: The ports on a channelized OC-12-to-DS-3 card support clear-channel DS-3 channels only. The ports on a channelized OC-12-to-DS-3/DS-1 card support channelized or clear-channel DS-3 channels. The ports on a channelized STM-1 card support channelized or clear-channel E1 channels. The ports on a clear-channel DS-3 card are clear-channel DS-3 ports only. The ports on a channelized DS-3 card can be channelized or clear-channel ports. The ports on a clear-channel E3 card are clear-channel E3 ports only. The ports on a channelized E1 card can be channelized or clear-channel ports.
The bandwidth provided by channelized ports and channels is as follows: Each port on a channelized OC-12 to DS-3 or OC-12 to DS-3/DS-1 card provides the bandwidth for up to 12 DS-3 channels. Each port on a channelized STM-1 card provides the bandwidth for up to 63 E1 channels; E1 channels can be channelized or clear-channel. A channelized DS-3 port or channel provides the bandwidth for 28 DS-1 channels, each of which has the bandwidth for 24 DS-0 channels. A channelized E1 port or channel supports up to 31 DS-0 channels for user traffic in a DS-0 channel group.
Note The SmartEdge 800s chassis, which does not have BNC connectors, does not support Asynchronous Transfer Mode (ATM) DS-3 or Plesiochronous Digital Hierarchy (PDH) cards.
4-2
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. Channelized port configuration tasks are described in the following sections: Configuring Channelized OC-12 Ports Configuring DS-3 Channels or Ports Configuring DS-1 Channels Configuring Clear-Channel E3 Port Configuring Channelized STM-1 Ports Configuring E1 Channels or Ports Configuring a DS-0 Channel Group
Configuring Channelized OC-12 Ports

Each channelized OC-12 port supports 12 STS-1s; you can create a DS-3 channel in each STS-1. Configuring a channelized OC-12 port is described in the following topics: Configure Operational Features for a Channelized OC-12 Port Configure the Maintenance Feature for a Channelized OC-12 Port
Configure Operational Features for a Channelized OC-12 Port

You configure operational features to support normal operations. To configure operational features for a channelized OC-12 port, perform the tasks described in Table 4-1. Table 4-1
# 1. 2. Task Select (begin the configuration of) a channelized OC-12 port and access port configuration mode.
Configure Operational Features for a Channelized OC-12 Port

Root Command port channelized-oc12 Notes Enter this command in global configuration mode.
Specify general attributes for the port (all attributes are optional): Associate a description with the port. Apply an existing bulkstats schema profile to the port. description bulkstats schema Enter this command in port configuration mode. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in port configuration mode. Use the no form to enable the port.
3.
shutdown
4-3
Configuration Tasks
You are now ready to configure the DS-3 channels on the port. Two types of DS-3 channels are supported: channelized, with up to 28 DS-1 channels, and clear-channel. To configure DS-3 channels, see the Configuring DS-3 Channels or Ports section.
Configure the Maintenance Feature for a Channelized OC-12 Port

You configure the maintenance feature only if a port is experiencing problems. To configure the maintenance feature for a channelized OC-12 port, perform the task described in Table 4-2. Table 4-2
Task Change to a loopback state on the port to test port operation.
Configure the Maintenance Feature for a Channelized OC-12 Port

Root Command loopback Notes Enter this command in port configuration mode.
Configuring DS-3 Channels or Ports

Configuring a DS-3 channel or port is described in the following topics: Configure Operational Features Configure the Maintenance Feature for a DS-3 Channel or Port
Configure Operational Features

You configure operational features to support normal operations. To configure a DS-3 channel or port for normal operations, perform the tasks described in one of the following sections: Clear-Channel DS-3 Channel or Port Channelized DS-3 Channel or Port
4-4
Configuration Tasks
Clear-Channel DS-3 Channel or Port

To configure operational features for a clear-channel DS-3 channel or port, perform the tasks described in Table 4-3. Unless otherwise noted, enter all commands in DS-3 configuration mode. Table 4-3
# 1. Task Select (begin the configuration of) a clear-channel DS-3 channel or port and access DS-3 configuration mode. Specify general attributes for the channel or port (all attributes are optional): Associate a description with the channel or port. Specify the framing. Specify the MTU packet size without fragmentation. Set the CRC length. Specify the clock source. Specify the idle character. Specify the cable length. Enable the channel or port to respond to or ignore remote loopback requests. Specify the DSU vendor. Specify the DSU subrate bandwidth. Enable DS-3 payload scrambling. Specify the type of encapsulation. Specify the parameters for the Cisco HDLC keepalive function. Apply an existing bulkstats schema profile to the channel or port. description framing mtu crc32 clock-source idle-character cablelength equipment-loopback dsu mode dsu bandwidth dsu scramble encapsulation keepalive bulkstats schema For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Use this command only if you do not intend to create Frame Relay PVCs on it. Use the no form to enable the channel or port. . This command does not apply to DS-3 channels on channelized OC-12 ports. This command is only available in DS-1 or DS-3 configuration mode. You can enter this command in port configuration as well.
Configure Operational Features for a Clear-Channel DS-3 Channel or Port

Root Command port ds3 Notes Enter this command in global configuration mode.
2.
3. 4.
Bind the channel or port to an existing interface in an existing context. Enable the channel or port (begin operations on it).
bind interface shutdown
You are now ready to use the channel or port or configure Frame Relay PVCs on it. For more information about Frame Relay PVCs, see Chapter 6, Circuit Configuration.
Channelized DS-3 Channel or Port

To configure operational features for a channelized DS-3 channel or port, perform the tasks described in Table 4-4. Unless otherwise noted, enter all commands in DS-3 configuration mode.
4-5
Configuration Tasks
Table 4-4
# 1. Task
Configure Operational Features for a Channelized DS-3 Channel or Port

Root Command port channelized-ds3 Notes Enter this command in global configuration mode.
Create or select (begin the configuration of) a channelized DS-3 channel or port and access DS-3 configuration mode. Specify general attributes for the channel or port (all attributes are optional): Associate a description with the channel or port. Specify the framing. Specify the clock source. Specify the cable length. Enable the channel or port to respond to or ignore remote loopback requests. Apply an existing bulkstats schema profile to the channel or port.
2.
description framing clock-source cablelength equipment-loopback bulkstats schema
You can enter this command in port configuration mode as well.
This command does not apply to DS-3 channels on channelized OC-12 ports.
For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. You can enter this command in port configuration as well. Use the no form to enable the channel or port.
3.
Enable the channel or port (begin operations on it).
shutdown
You are now ready to configure the constituent DS-1 channels on the channelized DS-3 channel or port. For more information about DS-1 channels, see the Configuring DS-1 Channels section.
Configure the Maintenance Feature for a DS-3 Channel or Port

You configure the maintenance feature only if a channel or port is experiencing problems. To configure the maintenance feature for a clear-channel or channelized DS-3 channel or port, perform the task described in Table 4-5. Table 4-5
Task Change to a loopback state on the channel or port to test channel or port operation.
Configure the Maintenance Feature for a DS-3 Channel or Port

Root Command loopback Notes Enter this command in DS-3 configuration mode.
Configuring DS-1 Channels

Configuring a DS-1 channel is described in the following topics: Configure Operational Features for a DS-1 Channel Configure the Maintenance Feature for a DS-1 Channel
4-6
Configuration Tasks
Configure Operational Features for a DS-1 Channel

You configure operational features to support normal operations. To configure operational features for a DS-1 channel, perform the tasks described in Table 4-6. Unless otherwise noted, enter all commands in DS-1 configuration mode. Table 4-6
# 1. Task Create or select (begin the configuration of) a DS-1 channel and access DS-1 configuration mode. Specify general attributes for the channel (all attributes are optional): Associate a description with the channel. Specify the framing. Set the speed of the channel. Specify the MTU packet size without fragmentation. Set the CRC length. Specify the clock source. Specify the idle character. Define the range of time slots for the DS-0 channels on the channel. Enable the detection or generation of yellow alarms. Enable the channel to respond to or ignore remote loopback requests. Specify the type of encapsulation. Specify the parameters for the Cisco HDLC keepalive function. Enable the inversion of the data stream. Apply an existing bulkstats schema profile to the channel. description framing speed mtu crc32 clock-source idle-character timeslot yellow-alarm equipment-loopback encapsulation keepalive invert-data bulkstats schema Use this command only if you are not adding the channel to an MP or MFR bundle. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. The channel must have PPP or Frame Relay encapsulation to add it to an MP or MFR bundle, respectively. Use this command only if you have not added the channel to an MP or MFR bundle or if you do not intend to create Frame Relay PVCs on it. Use the no form to enable the channel. You can enter this command in port configuration mode as well.
Configure Operational Features for a DS-1 Channel

Root Command port ds1 Notes Enter this command in global configuration mode.
2.
3.
Add the channel to an existing MP or MFR bundle. Bind the channel to an existing interface in an existing context. Enable the channel (begin operations on it).
link-group
4.
bind interface
5.
shutdown
You are now ready to use the channel or configure Frame Relay PVCs on the channel. For information about configuring Frame Relay PVCs, see Chapter 6, Circuit Configuration.
4-7
Configuration Tasks
Configure the Maintenance Feature for a DS-1 Channel

You configure the maintenance feature only if a channel is experiencing problems. To configure the maintenance feature for a DS-1 channel, perform the task described in Table 4-7. Table 4-7
Task Change to a loopback state on the channel to test channel operation.
Configure the Maintenance Feature for a DS-1 Channel

Root Command loopback Notes Enter this command in DS-1 configuration mode.
Configuring Clear-Channel E3 Port

Configuring a Clear-Channel E3 port is described in the following topics: Configure Operational Features for a Clear-Channel E3 Port Configure the Maintenance Feature for a Clear-Channel E3 Port
Configure Operational Features for a Clear-Channel E3 Port

You configure operational features to support normal operations. To configure operational features for a clear-channel E3 port, perform the tasks described in Table 4-8. Unless otherwise noted, enter all commands in E3 configuration mode.
4-8
Configuration Tasks
Table 4-8
# 1. Task
Configure Operational Features for a Clear-Channel E3 Port

Root Command port e3 Notes Enter this command in global configuration mode.
Select (begin the configuration of) a clear-channel E3 port and access E3 configuration mode. Specify general attributes for the port (all attributes are optional): Associate a description with the port. Specify the framing. Specify the MTU packet size without fragmentation. Set the CRC length. Specify the clock source. Specify the idle character. Enable the national bit. Specify the type of encapsulation. Specify the parameters for the Cisco HDLC keepalive function. Apply an existing bulkstats schema profile to the port.
2.
description framing mtu crc32 clock-source idle-character national encapsulation keepalive bulkstats schema For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in port configuration mode. Use this command only if you do not intend to create Frame Relay PVCs on it. Enter this command in port configuration mode. as well. Use the no form to enable the port.
3.
Bind the port to an existing interface in an existing context. Enable the port (begin operations on it).
bind interface
4.
shutdown
You are now ready to use the port or configure Frame Relay PVCs on it. For information about configuring Frame Relay PVCs, see Chapter 6, Circuit Configuration.
Configure the Maintenance Feature for a Clear-Channel E3 Port

You configure the maintenance feature only if a port is experiencing problems. To configure the maintenance feature for a clear-channel E3 port, perform the task described in Table 4-9. Table 4-9
Task Change to a loopback state on the port to test port operation.
Configure the Maintenance Feature for a Clear-Channel E3 Port

Root Command loopback Notes Enter this command in E3 configuration mode.
Configuring Channelized STM-1 Ports

Each channelized STM-1 port supports up to 63 E1 channels. Configuring a channelized STM-1 port is described in the following topics:
4-9
Configuration Tasks
Configure Operational Features for a Channelized STM-1 Port Configure Maintenance Features for a Channelized STM-1 Port
Configure Operational Features for a Channelized STM-1 Port

You configure operational features to support normal operations. To configure operational features for a channelized STM-1 port, perform the tasks described in Table 4-10. Unless otherwise noted, enter all commands in STM-1 configuration mode. Table 4-10 Configure Operational Features for a Channelized STM-1 Port
# 1. Task Select (begin the configuration of) a channelized STM-1 port and access STM-1 configuration mode. Specify general attributes for the port (all attributes are optional): Associate a description with the port. Enable an E1 mapping for the port. Select the AUG mapping. Select an AU-3 group. Apply an existing bulkstats schema profile to the port. description channel-mapping aug-mapping au3 bulkstats schema Enter this command in port configuration mode. This can be used in either AU-3 or AU-4 mapping. The default value is AU-4 mapping. This command is not available unless you have selected AU-3 mapping. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Use the no form to enable the port. Root Command port channelized-stm1 Notes Enter this command in global configuration mode.
2.
3.
shutdown
You are now ready to configure the E1 channels on the port. To configure an E1 channel, see the Configuring E1 Channels or Ports section.
Configure Maintenance Features for a Channelized STM-1 Port

You configure the maintenance features only if a port is experiencing problems. To configure the maintenance features for a channelized STM-1 port, perform the tasks described in Table 4-11. Enter all commands in STM-1 configuration mode, unless otherwise noted. Table 4-11
# 1. 2. Task Specify a path trace message or the message length. Change to a loopback state on the port to test port operation.
Configure Maintenance Features for a Channelized STM-1 Port

Root Command path-trace loopback Notes Enter this command in STM-1 or AU3 configuration mode.
4-10
Configuration Tasks
Configuring E1 Channels or Ports

Configuring an E1 channel or port is described in the following topics: Configure Operational Features for an E1 Channel or Port Configure the Maintenance Feature for an E1 Channel or Port
Configure Operational Features for an E1 Channel or Port

You configure operational features to support normal operations. To configure an E1 channel or port for normal operations, perform the tasks described in one of the following sections: Clear-Channel E1 Channel or Port Channelized E1 Channel or Port
Clear-Channel E1 Channel or Port

To configure operational features for a clear-channel E1 channel or port, perform the tasks described in Table 4-12. Unless otherwise noted, enter all commands in E1 configuration mode. Table 4-12 Configure Operational Features for a Clear-Channel E1 Channel or Port
# 1. 2. Task Select (begin the configuration of) an E1 channel or port and access E1 configuration mode. Specify general attributes for the channel or port (all attributes are optional): Associate a description with the channel or port. Specify the framing. Specify the MTU packet size without fragmentation. Set the CRC length. Specify the clock source. Specify the idle character. Specify the type of encapsulation. Specify the parameters for the Cisco HDLC keepalive function. Enable the inversion of the data stream. Apply an existing bulkstats schema profile to the channel or port. description framing mtu crc32 clock-source idle-character encapsulation keepalive invert-data bulkstats schema Use this command only if you are not adding the channel or port to an MP or MFR bundle.For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. The channel or port must have PPP or Frame Relay encapsulation to add it to an MP or MFR bundle, respectively. Specify the unframed keyword for a clear-channel E1 channel or port. Root Command port e1 Notes Enter this command in global configuration mode.
3.
Add the channel or port to an existing MP or MFR bundle.
link-group
4-11
Configuration Tasks
Table 4-12 Configure Operational Features for a Clear-Channel E1 Channel or Port (continued)
# 4. Task Bind the channel or port to an existing interface in an existing context. Enable the channel or port (begin operations on it). Root Command bind interface Notes Use this command only if you have not added the channel or port to an MP or MFR bundle or if you do not intend to create Frame Relay PVCs on it. Use the no form to enable the channel or port.
5.
shutdown
If you have not added the clear-channel E1 channel or port to an MP or MFR bundle, you are now ready to use the channel or port, or configure Frame Relay PVCs on it. For information about configuring Frame Relay PVCs, see Chapter 6, Circuit Configuration.
Channelized E1 Channel or Port

To configure operational features for a channelized E1 channel or port, perform the tasks described in Table 4-13. Unless otherwise noted, enter all commands in E1 configuration mode. Table 4-13 Configure Operational Features for an Channelized E1 Channel or Port
# 1. 2. Task Select (begin the configuration of) an E1 channel or port and access E1 configuration mode. Specify general attributes for the channel or port (all attributes are optional): Associate a description with the channel or port. Specify the framing. Specify the clock source. Apply an existing bulkstats schema profile to the channel or port. description framing clock-source bulkstats schema For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Use the no form to enable the channel or port. Specify either the crc4 or non-crc4 keyword for a channelized E1 channel or port. Root Command port e1 Notes Enter this command in global configuration mode.
3.
Enable the channel or port (begin operations on it).
shutdown
You are now ready to configure its DS-0 channel groups on the channelized E1 channel or port. For more information, see the Configuring a DS-0 Channel Group section.
Configure the Maintenance Feature for an E1 Channel or Port

You configure the maintenance feature only if a channel or port is experiencing problems. To configure the maintenance feature for a channelized or clear-channel E1 channel or port, perform the task described in Table 4-14. Table 4-14 Configure the Maintenance Feature for an E1 Channel or Port
Task Change to a loopback state on the channel or port to test channel or port operation. Root Command loopback Notes Enter this command in E1 configuration mode.
4-12
Configuration Tasks
Configuring a DS-0 Channel Group

You configure a DS-0 channel group on a channelized E1 channel or port. Configuring a DS-0 channel group is described in the following topics: Configure Operational Features for a DS-0 Channel Group Configure the Maintenance Feature for a DS-0 Channel Group
Configure Operational Features for a DS-0 Channel Group

You configure operational features to support normal operations. To configure operational features for a DS-0 channel group, perform the tasks described in Table 4-15. Unless otherwise noted, enter all command sin DS-0 configuration mode. Table 4-15 Configure Operational Features for a DS-0 Channel Group
# 1. Task Create or select (begin the configuration of) a DS-0 channel group and access DS-0 group configuration mode. Specify general attributes for the channel group (all attributes are optional): Associate a description with the channel group. Define the range of time slots for the group. Specify the MTU packet size without fragmentation. Set the CRC length. Specify the idle character. Specify the type of encapsulation. Specify the parameters for the Cisco HDLC keepalive function. Enable the inversion of the data stream. Enable notifications of up and down conditions for Cisco HDLC, PPP, and Frame Relay encapsulation layers. Apply an existing bulkstats schema profile to the channel. description timeslot mtu crc32 idle-character encapsulation keepalive invert-data traps Root Command port ds0s Notes Enter this command in global configuration mode.
2.
bulkstats schema
For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Use this command only if you do not intend to create Frame Relay PVCs on the channel group. Use the no form to enable the channel group.
3. 4.
Bind the channel group to an existing interface in an existing context. Enable the channel group (begin operations on it).
bind interface shutdown
You are now ready to use the channel group or configure Frame Relay PVCs on it. See Chapter 6, Circuit Configuration, for information about configuring Frame Relay PVCs.
4-13
Configure the Maintenance Feature for a DS-0 Channel Group

You configure the maintenance feature only if a channel group is experiencing a problem. To configure the maintenance feature for a DS-0 channel group, perform the tasks described in Table 4-1. Table 4-16 Configure the Maintenance Feature for a DS-0 Channel Group
Task Change to a loopback state on the channel group to test channel group operation. Root Command loopback Notes Enter this command in DS-0 group configuration mode.
This section includes the following types of examples: Channelized OC-12 Port DS-3 Channel and Port DS-1 Channel Clear-Channel E3 Port Channelized STM-1 Port E1 Channel and Port DS-0 Channel Group
Channelized OC-12 Port

The following example configures port 1 on the channelized OC-12 card in slot 4 using all the defaults:
[local]Redback#config [local]Redback(config)#port channelized-oc12 4/1 [local]Redback(config-port)#description channelized OC-12 [local]Redback(config-port)#no shutdown
DS-3 Channel and Port

The following example configures clear-channel DS-3 channel 1 on the first constituent STS-1 on port 1 on the channelized OC-12 in slot 4 using all the defaults, and sets the encapsulation to frame-relay:
[local]Redback#config [local]Redback(config)#port ds3 4/1:1 [local]Redback(config-ds3)#description clear-channel ds3 [local]Redback(config-ds3)#encapsulation frame-relay [local]Redback(config-ds3)#no shutdown
4-14
The following example configures port 1 on the channelized DS-3 card in slot 2 using all the defaults:
[local]Redback#config [local]Redback(config)#port channelized-ds3 2/1 [local]Redback(config-ds3)#description channelized ds3 [local]Redback(config-ds3)#no shutdown
DS-1 Channel
The following example configures a DS-1 channel 1 on DS-3 port 1 on the channelized DS-3 card in slot 2 using all the defaults, but specifying the encapsulation:
[local]Redback#config [local]Redback(config)#port ds1 2/1:1 [local]Redback(config-ds1)#description ds1 on DS-3 port [local]Redback(config-ds1)#encapsulation frame-relay [local]Redback(config-ds1)#no shutdown
The following example configures a DS-1 channel 2 on DS-3 channel 1 on port 1 on the channelized OC-12 card in slot 4 using all the defaults, but specifying the encapsulation:
[local]Redback#config [local]Redback(config)#port ds1 4/1:1:2 [local]Redback(config-ds1)#description ds1 on channelized OC-12 port [local]Redback(config-ds1)#encapsulation frame-relay [local]Redback(config-ds1)#no shutdown
Clear-Channel E3 Port
The following example configures clear-channel E3 port 1 on the clear-channel E3 card in slot 4 using all the defaults, and sets the encapsulation to frame-relay:
[local]Redback#config [local]Redback(config)#port e3 4/1 [local]Redback(config-e3)#description clear-channel e3 [local]Redback(config-e3)#encapsulation frame-relay [local]Redback(config-e3)#no shutdown
Channelized STM-1 Port

The following example configures port 1 on the channelized STM-1 card in slot 3 using all the defaults:
[local]Redback#config [local]Redback(config)#port channelized-stm1 3/1 [local]Redback(config-stm1)#description channelized STM-1 [local]Redback(config-stm1)#no shutdown
4-15
E1 Channel and Port

The following example configures clear-channel E1 channel 1 on port 1 on the channelized STM-1 card in slot 3 using all the defaults but specifying the encapsulation:
[local]Redback#config [local]Redback(config)#port e1 3/1:1 [local]Redback(config-e1)#description clear-channel E1 [local]Redback(config-e1)#framing unframed [local]Redback(config-e1)#encapsulation frame-relay [local]Redback(config-e1)#no shutdown
The following example configures port 1 on the E1 card in slot 5 using all the defaults:
[local]Redback#config [local]Redback(config)#port e1 5/1 [local]Redback(config-e1)#description channelized E1 [local]Redback(config-e1)#no shutdown
DS-0 Channel Group

The following example configures a DS-0 channel group with time slots 7, 9, 11, 13, 15, on channelized E1 port 1 on the E1 card in slot 5 using all the defaults:
[local]Redback#config [local]Redback(config)#port ds0s 5/1:7 [local]Redback(config-ds0-group)#description DS-0 channel group [local]Redback(config-ds0-group)#timeslot 7,9,13,15 [local]Redback(config-ds0-group)#no shutdown
4-16
This section describes the syntax and usage guidelines for the commands used to configure channelized ports. The commands are presented in alphabetical order. au3 aug-mapping cablelength channel-mapping clock-source crc32 description dsu bandwidth dsu mode dsu scramble encapsulation equipment-loopback framing idle-character invert-data keepalive loopback mtu national path-trace port channelized-ds3 port channelized-oc12 port channelized-stm1 port ds0s port ds1 port ds3 port e1 port e3 shutdown speed timeslot traps yellow-alarm
4-17
au3
au3 au-num
Purpose
Selects an administrative unit-3 (AU-3) on a channelized STM-1 port and enters AU-3 configuration mode.
Command Mode
STM-1 configuration
Syntax Description
au-num AU number. The range of values is 1 to 3.
Default
None
Usage Guidelines
Use the au3 command to select an AU-3 on a channelized STM-1 port and enter AU-3 configuration mode. Note The au3 command is only available in STM-1 configuration mode after you have specified the AUG mapping for the port using the aug-mapping command with the au3 keyword (in STM-1 configuration mode). By default, a channelized STM-1 port is configured with AU-4.
Examples
The following example selects an AU-3 on a channelized STM-1 port:
[local]Redback(config-stm1)#au3 3 [local]Redback(config-au3)#
Related Commands
aug-mapping path-trace port channelized-stm1
4-18
aug-mapping
aug-mapping {au3 | au4} default aug-mapping
Purpose
Specifies the administrative unit group (AUG) mapping for the channelized STM-1 port.
Command Mode
STM-1 configuration
Syntax Description
au3 au4 Specifies AU-3 mapping. Specifies AU-4 mapping; this is the default mapping.
Default
The AUG mapping is AU-4.
Usage Guidelines
Use the aug-mapping command to specify the AUG mapping for the channelized STM-1 port. If you specify the au3 keyword, the au3 command is available (in STM-1 configuration mode) and the path-trace command is not available (in STM-1 configuration mode). If you specify the au4 keyword, the path-trace command is available (in STM-1 configuration mode). Use the default form of this command to return the port to AU4 mapping.
Examples
The following example specifies AU-3 mapping for port 1 on the channelized STM-1 card in slot 1:
[local]Redback(config)#port channelized-stm1 1/1 [local]Redback(config-stm1)#aug-mapping au3
Related Commands
au3 path-trace port channelized-stm1
4-19
cablelength
cablelength length default cablelength
Purpose
Specifies the length of the cable connected to a DS-3 port.
Command Mode
DS-3 configuration
Syntax Description
length Length of the cable in feet. The range of values is 0 to 450.0 ft (137.2m) for a DS-3 port.
Default
The default cable length is 349.0 ft (106.4m) for a DS-3 port.
Usage Guidelines
Use the cablelength command to specify the length of the cable connected to a DS-3. Use the default form of this command to specify the default length. Note The operating system recognizes only two categories of DS-3 cables: short, which is any length up to and including 349.0 ft (106.4m), and long, which is any length over 349.0 ft (106.4m). Note This command does not apply to channelized OC-12 ports or to clear-channel E3 ports. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Asynchronous Transfer Mode (ATM) DS-3 ports.
Examples
The following example specifies a cable length of 225.0 ft (68.6m) for a DS-3 port:
[local]Redback(config-ds3)#cablelength 225
Related Commands
port channelized-ds3 port ds3
4-20
channel-mapping
channel-mapping itu {no | default} channel-mapping
Purpose
Enables an E1 channel mapping for an STM-1 port.
Command Mode
STM-1 configuration
Syntax Description
itu Specifies the International Telecommunication Union (ITU) mapping.
Default
The default mapping, as shown in Table 4-18, is enabled.
Usage Guidelines
Use the channel-mapping command to enable the E1 channel mapping for a port on the channelized STM-1 card. Note This command is available for either AU-3 or AU-4 mapping. The command-line interface (CLI) prevents you from using this command if there are any E1 channels created on the STM-1 port. Therefore, before using this command, you must first delete any E1 channels on this STM-1 port. If you have not deleted the E1 channels, a message displays prompting you to delete the appropriate channels on the port. To display the current mapping configurations, use the show configuration command (in any mode), with the port keyword, to display the current channel mapping for this port. Use the show port command (in any mode), with the detail keyword, to show the port details. Both commands are described in the Card, Port, and Channel Operations chapter in the Basic System Operations Guide for the SmartEdge OS. Note In AU-3 configuration mode, the AU-4 and TUG-3 columns do not appear in the default and ITU mappings. These columns are replaced by the AU-3 column only. All other mapping information remains the same. Use the no or default form of this command to specify the default mapping.
Examples
The following example enables the ITU mapping for port 1 on the channelized STM-1 card in slot 12:
[local]Redback(config)#port channelized-stm1 12/1 [local]Redback(config-stm1)#channel-mapping itu
4-21
Table 4-17 shows the itu channel mapping that is listed using the show port command (in any mode), with the detail keyword, for port 1, in slot 12 configured for AU-4. This example only shows the first eight channels. Table 4-17 ITU Channel Mapping
Slot/Port: E1 Channel 12/1:1 12/1:2 12/1:3 12/1:4 12/1:5 12/1:6 12/1:7 12/1:8 AU-4 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 TUG-3 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-2 TUG-2 1 TUG-2 1 TUG-2 1 TUG-2 2 TUG-2 2 TUG-2 2 TUG-2 3 TUG-2 3 C-12 C-12 1 C-12 2 C-12 3 C-12 1 C-12 2 C-12 3 C-12 1 C-12 2
The following example disables the ITU mapping for port 1 on the channelized STM-1 card in slot 12:
[local]Redback(config)#port channelized-stm1 12/1 [local]Redback(config-stm1)#no channel-mapping
Table 4-18 shows the default channel mapping that is listed using the show port command (in any mode), with the detail keyword, for port 1, in slot 12 configured for AU-4. This example only shows the first eight channels. Table 4-18 Default Channel Mapping
Slot/Port: E1 Channel 12/1:1 12/1:2 12/1:3 12/1:4 12/1:5 12/1:6 12/1:7 12/1:8 AU-4 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 AU-4 1 TUG-3 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-3 1 TUG-2 TUG-2 1 TUG-2 2 TUG-2 3 TUG-2 4 TUG-2 5 TUG-2 6 TUG-2 7 TUG-2 1 C-12 C-12 1 C-12 1 C-12 1 C-12 1 C-12 1 C-12 1 C-12 1 C-12 2
Related Commands
au3
4-22
clock-source
clock-source {global-reference | loop} default clock-source
Purpose
Specifies the source for the transmit clock for a clear-channel DS-3 channel or port, clear-channel E3 port, DS-1 channel, or for an E1 channel or port.
Command Mode
DS-1 configuration DS-3 configuration E1 configuration E3 configuration
Syntax Description
global-reference Specifies the system clock on the active controller card as the clock source. loop Specifies the receive clock derived from the incoming signal on the channel as the clock source.
Default
The source for the transmit clock is the source of the system clock on the active controller card.
Usage Guidelines
Use the clock-source command to specify the source for the transmit clock for a clear-channel DS-3 channel or port, clear-channel E3 port, DS-1 channel, or E1 channel or port. Use the global-reference keyword to specify the system clock on the active controller card. Use the loop keyword to select the receive clock from the incoming signal on the channel as the source. You can specify a different clock source for each clear-channel DS-3 channel and each DS-1 channel on a channelized OC-12 port. You can specify a different clock source for each clear-channel E1 channel on a channelized STM-1 port. You can specify a different clock source for each E3 port on a clear-channel E3 card. Use the show port detail command (in any mode) to display the status of the clock source. Note The clock source for the channelized OC-12 port is always derived from the system clock on the active controller card, the source you specify by entering the system clock-source command (in global configuration mode).
4-23
Note If you specify a range of DS-0 time slots other than the default range (124) with the timeslot command (in DS-1 configuration mode), you cannot specify the loop keyword as the clock source for a DS-1 channel. You will receive an error message if you attempt to specify the loop keyword with fewer time slots than the full range defined. Use the default form of this command to set the clock source to the default. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for ATM DS-3 and 4-port ATM OC-3c/STM-1c ports.
Examples
The following example selects the derived receive clock for the DS-3 port as the source for the transmit clock:
[local]Redback(config)#port ds3 3/1 [local]Redback(config-ds3)#clock-source loop
Related Commands
None
4-24
crc32
crc32 no crc32
Purpose
Set the cyclic redundancy check (CRC) length to 32 bits for the High-Level Data Link Control (HDLC) frame for a clear-channel DS-3 channel or port, E3 port, DS-1 channel, E1 channel or port, or DS-0 channel group.
Command Mode
DS-0 group configuration DS-1 configuration DS-3 configuration E1 configuration E3 configuration
Syntax Description
Default
The default CRC length is 16 bits.
Usage Guidelines
Use the crc32 command to set the CRC length to 32 bits for the HDLC frames for a clear-channel DS-3 channel or port, E3 port, DS-1 channel, E1 channel or port, or DS-0 channel group. The CRC determines if there have been any errors in data transmission, reading, or writing. Use the no form of this command to set the CRC length to 16 bits.
Examples
The following example sets the CRC length to 32 bits:
[local]Redback(config)#port ds3 3/1 [local]Redback(config-ds3)#crc32
Related Commands
port ds0s port ds1 port ds3 port e1 port e3
4-25
description
Purpose
Associates a text description with a port or channel.
Command Mode
DS-0 group configuration DS-1 configuration DS-3 configuration E1 configuration E3 configuration port configuration STM-1 configuration
Syntax Description
text Text string that identifies the channel. Can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters.
Default
No description is associated with a port or channel.
Usage Guidelines
Use the description command to associate a text description with a port or channel. This text displays by the show port detail (in any mode). Use the no or default form of this command to delete the existing description. Because there can be only one description for a port or channel; when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example associates a description with channelized OC-12 port 1 in slot 4:
[local]Redback(config)#port channelized-oc12 4/1 [local]Redback(config-port)#description channelized OC-12 in New York
4-26
Related Commands
port channelized-ds3 port channelized-oc12 port channelized-stm1 port ds0s port ds1 port ds3 port e1 port e3
4-27
dsu bandwidth
dsu bandwidth subrate {no | default} dsu bandwidth
Purpose
Sets the subrate bandwidth for the data service unit (DSU) on a clear-channel DS-3 channel or port.
Command Mode
DS-3 configuration
Syntax Description
subrate Subrate, in Kbps, of the DSU on a clear-channel DS-3 channel or port. The range of values for a clear-channel DS-3 channel or port is 300 to 44,210; the default value is 44,210.
Default
The default value is 44,210 Kbps for a clear-channel DS-3 channel or port.
Usage Guidelines
Use the dsu bandwidth command to set the subrate bandwidth for the DSU on a clear-channel DS-3 channel or port if the DSU specified by the dsu mode command (in DS-3 configuration mode) is digital-link or larscom. The CLI responds to the subrate argument with the closest acceptable bandwidth, based on the time slot size for the DSU that you specified for this DS-3 channel or port. Note This command is not supported if the DSU specified by the dsu mode command is Kentrox. Use the no or default form of this command to set the bandwidth to the default.
Examples
The following command sets the bandwidth for the DSU on DS-3 channel 1 on channelized OC-12 port 1:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu bandwidth 20000
Related Commands
dsu mode dsu scramble port ds3
4-28
dsu mode
dsu mode {digital-link | kentrox | larscom} {no | default} dsu mode
Purpose
Specifies the data service unit (DSU) vendor for a clear-channel DS-3 channel or port.
Command Mode
DS-3 configuration
Syntax Description
digital-link kentrox larscom Specifies Digital-Link as the vendor of the DSU; this is the default DSU vendor. Specifies Kentrox as the vendor of the DSU. Specifies Larscom as the vendor of the DSU.
Default
The default value is the Digital-Link DSU vendor.
Usage Guidelines
Use the dsu mode command to specify the vendor of the DSU on a clear-channel DS-3 channel or port. Use the no or default form of this command to specify the default DSU.
Examples
The following command specifies the Larscom vendor for the DSU on clear-channel DS-3 channel 1 on channelized OC-12 port 1 in slot 3:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu mode larscom
Related Commands
dsu bandwidth dsu scramble port ds3
4-29
dsu scramble
dsu scramble {no | default} dsu scramble
Purpose
Enables payload scrambling on a clear-channel DS-3 channel or port.
Command Mode
DS-3 configuration
Syntax Description
Default
Payload scrambling is disabled on the channel or port.
Usage Guidelines
Use the scramble command to enable payload scrambling on a clear-channel DS-3 channel or port. The type of scrambling is dependent on the vendor selected for the DSU for a DS-3 channel or port by the dsu mode command (in DS-3 configuration mode). Note This command is not supported if the DSU specified by the dsu mode command is Larscom. Use the no or default form of this command to disable payload scrambling.
Examples
The following example enables payload scrambling on clear-channel DS-3 channel 1 on channelized OC-12 port 1 in slot 3:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu scramble
Related Commands
dsu bandwidth dsu mode port ds3
4-30
encapsulation
encapsulation {cisco-hdlc | frame-relay | ppp} no encapsulation
Purpose
Specifies the encapsulation type for a clear-channel DS-3 channel or port, E3 port, DS-1 channel on a channelized DS-3 channel or port, E1 channel or port, or DS-0 channel group on a channelized E1 channel or port.
Command Mode
Syntax Description
cisco-hdlc frame-relay ppp Specifies the encapsulation type as Cisco High-Level Data Link Control (HDLC) (Ciscos proprietary HDLC encapsulation of IP); this is the default. Specifies the encapsulation type as Frame Relay, as described in RFC 1490, Multiprotocol Interconnect over Frame Relay. Specifies the encapsulation type as Point-to-Point Protocol (PPP) encapsulation, as described in RFC 1662, PPP in HDLC-like Framing.
Default
The default encapsulation type is Cisco HDLC.
Usage Guidelines
Use the encapsulation command to specify the encapsulation type for a clear-channel DS-3 channel or port, E3 port, DS-1 channel on a channelized DS-3 channel or port, E1 channel or port, or DS-0 channel group on a channelized E1 channel or port. The commands that are available depend on the encapsulation type specified by this command. For example, if you specify Cisco HDLC, none of the Frame Relay commands are available. Use the no form of this command to specify the default encapsulation type. Caution Risk of data loss. If the encapsulation of a channel or port is changed, some channel or port information and all circuits and circuit configurations, including any binding information, for that channel or port are deleted. To reduce the risk, postpone creating circuits and bindings until you have determined the encapsulation of the channel or port.
4-31
Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Packet over SONET/SDH (POS) ports.
Examples
The following example specifies Frame Relay encapsulation on a clear-channel DS-3 channel:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#encapsulation frame-relay
Related Commands
bind interface keepalive port ds0s port ds1 port ds3 port e1 port e3
4-32
equipment-loopback
equipment-loopback {customer | network} default equipment-loopback
Purpose
Configures a DS-3 channel or port, either clear-channel or channelized, or a DS-1 channel, to respond to or ignore remote loopback requests.
Command Mode
DS-1 configuration DS-3 configuration
Syntax Description
customer network Configures the channel or port to respond to remote loopback requests; this is the default. Configures the channel or port to ignore remote loopback requests.
Default
The channel or port responds to remote loopback requests.
Usage Guidelines
Use the equipment-loopback command to configure a DS-3 channel or port, either clear-channel or channelized, or a DS-1 channel, to respond to or ignore remote loopback requests. Note This command is not available for a fractional DS-1 channel, using the timeslot command (in DS-1 configuration mode) with any assignment of DS-0 time slots other than the default range (1 to 24). Use the default form of this command to configure the channel or port to respond to remote loopback requests. Note This command is also documented in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Asynchronous Transfer Mode (ATM) DS-3 ports.
Examples
The following example configures DS-3 channel 1 on port 1 on the channelized OC-12 card in slot 3 to ignore remote loopback requests:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#equipment-loopback network
4-33
Related Commands
loopback port channelized-ds3 port channelized-oc12 port ds1 port ds3
4-34
framing
For a clear-channel DS-3 channel or port, the syntax in DS-3 configuration mode is: framing {c-bit | m13} default framing For a clear-channel E3 port, the syntax in E3 configuration mode is: framing g751 {no | default} framing For a channelized DS-3 channel or port, the syntax in DS-3 configuration mode is: framing {c-bit | m23} default framing For a DS-1 channel, the syntax in DS-1 configuration mode is: framing {esf | sf} default framing For an E1 channel or port, the syntax is in E1 configuration mode: framing {crc4 | no-crc4 | unframed} {no | default} framing
Purpose
Specifies the framing for a clear-channel or channelized DS-3 channel or port, a clear-channel E3 port, a DS-1 channel, or an E1 channel or port.
Command Mode
DS-1 configuration DS-3 configuration E1 configuration E3 configuration
Syntax Description
c-bit g751 m13 m23 Specifies C-bit format. Available only for DS-3 channels or ports, either channelized or clear-channel; this is the default for clear-channel DS-3 channels or ports. Specifies ITU-T G.751 format. Available only for clear-channel E3 ports; this is the default. Specifies M13 framing. Available only for clear-channel DS-3 channels or ports. This option is not currently supported. Specifies M23 format. Available only for channelized DS-3 channels or ports; this is the default for channelized DS-3 channels or ports.
4-35
esf sf crc4 no-crc4 unframed
Specifies Extended Superframe Format (ESF). Available only for DS-1 channels; this is the default. Specifies Superframe Format (SF). Available only for DS-1 channels. Specifies CRC-4 framing. Available only for E1 channels or ports; this is the default, which channelizes the E1 channel or port. Specifies non-CRC-4 framing. Available only for E1 channels or ports, it removes the channelization for an E1 channel or port. Specifies no framing. Available only for E1 channels or ports, it removes the channelization for an E1 channel or port.
Default
The framing for clear-channel and channelized DS-3 channels or ports is C-bit format. The framing for clear-channel E3 ports is G.751 format. The framing for DS-1 channels is ESF. The framing for E1 channels or ports is CRC-4 format.
Usage Guidelines
Use the framing command to specify the framing for a clear-channel or channelized DS-3 channel or port, clear-channel E3 port, DS-1 channel, or El channel or port. For clear-channel E3 ports, use the no form of this command to specify the framing as unframed. For DS-1 channels, the following caution applies: Caution Risk of data loss. To specify a different framing for a DS-1 channel, where the DS-1 channel is operating in a remote (line fdl ansi, line inband, or payload) loopback state, and the new framing is not compatible with the type of remote loopback that you have operating, the system will terminate the remote loopback (change the DS-1 channel operation to a normal state) before changing the framing. To reduce the risk, postpone issuing the framing command until you are ready to terminate the remote loopback. The description of the loopback command in this chapter includes the framing format compatible with each type of remote loopback. For E1 channels or ports, the following guidelines apply: Specify the crc4 or no-crc4 keyword to create a channelized E1 channel or port. If an E1 channel or port is channelized, you can create a DS-0 channel group that consists of one or more DS-0 time slots. Use the unframed keyword specify a clear-channel E1 channel or port. Specify the no form of this command to return the E1 channel or port to its default CRC-4 framing.
Use the default form of this command to set the framing to the default, regardless of channel or port type.
Examples
The following command sets the framing for a channelized DS-3 channel 2 on port 1 to C-bit format (c-bit):
[local]Redback(config)#port channelized-ds3 3/1:2 [local]Redback(config-ds3)#framing c-bit
4-36
The following example configures a clear-channel E1 port:

[local]Redback(config)#port e1 4/1 [local]Redback(config-e1)#framing unframed
Related Commands
loopback port ds0s port ds1 port ds3 port e1 port e3
4-37
idle-character
idle-character {flags | marks} default idle-character
Purpose
Specifies the idle character to be sent between packets on a DS-0 channel group, a DS-1 channel, a clear-channel DS-3 channel or port, an E3 port, or an E1 channel or port.
Command Mode
Syntax Description
flags marks Specifies High-Level Data Link Control (HDLC) flag (0x7E) characters to be sent between packets; this is the default. Specifies mark (0xFF) characters to be sent between packets.
Default
The default value is the HDLC flag character.
Usage Guidelines
Use the idle-character command to specify the idle character to be sent between packets on a DS-0 channel group, a DS-1 channel, a clear-channel DS-3 channel or port, E3 port, or an E1 channel or port. Use the default form of this command to set the idle character to the HDLC flag character. Note Some systems interpret the mark character as an abort signal; therefore, the HDLC flag character is preferred.
Examples
The following command specifies the HDLC flag as the idle character on DS-3 channel 1 on port 1 of the channelized OC-12 card in slot 3:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#idle-character marks
4-38
Related Commands
port channelized-oc12 port ds0s port ds1 port ds3 port e1 port e3
4-39
invert-data
invert-data {no | default} invert-data
Purpose
Inverts the polarity of all bits in the DS-0 channel group, DS-1, or E1 data stream.
Command Mode
DS-0 group configuration DS-1 configuration E1 configuration
Syntax Description
Default
The default value is no inversion.
Usage Guidelines
Use the invert-data command to invert the polarity of all bits in the DS-0 channel group, DS-1, or E1 data stream. Use the no or default form of this command to return the bits in the data stream to the original polarity.
Examples
The following example inverts the polarity of all bits in the data stream on DS-1 channel 1 on DS-3 channel 1 on port 1 of the channelized OC-12 card in slot 3:
[local]Redback(config)#port ds1 3/1:1:1 [local]Redback(config-ds1)#invert-data
Related Commands
port ds0s port ds1 port e1
4-40
keepalive
keepalive check-interval {minutes | seconds} time [retries retry-num] no keepalive default keepalive [check-interval] [retries]
Purpose
Enables the keepalive function on a DS-1 channel on a channelized DS-3 channel or port, clear-channel DS-3 channel or port, E3 port, E1 channel or port, or DS-0 channel group on a channelized E1 channel or port that is encapsulated with Cisco High-Level Data Link Control (HDLC).
Command Mode
Syntax Description
check-interval minutes seconds time Sets the time interval between keepalive checks. Specifies that the unit of measure for the time argument is minutes. Specifies that the unit of measure for the time argument is seconds; this is the default. Time in either minutes or seconds (depending on the preceding keyword) between keepalive checks. The range of values is 1 to 60 minutes, or 1 to 300 seconds; the default value is 10 seconds. Optional. Number of times the system is to retry an unsuccessful keepalive check. The range of values is 2 to 10; the default value is 3.
retries retry-num
Default
The keepalive function is enabled with an interval of 10 seconds and 3 messages.
Usage Guidelines
Use the keepalive command to enable the keepalive function on a DS-1 channel on a channelized DS-3 channel or port, clear-channel DS-3 channel or port, E3 port, E1 channel or port, or DS-0 channel group on an channelized E1 channel or port that is encapsulated with Cisco HDLC.
4-41
This command specifies the interval between keepalive messages and the number of unconfirmed messages, either keepalive or packets, before declaring that the connection is broken: If the remote end does not have the keepalive function enabled, the connection is declared broken after the specified number of keepalive messages have been sent and are unconfirmed. If the remote end does have the keepalive function enabled, the connection is declared broken after the specified number of packet or keepalive messages have been sent and are unconfirmed. The interval must be the same on both ends of the connection.
Use the no form of this command to disable the keepalive function. Use the default form of this command or enter the keepalive command without keywords to set the interval and number of messages to their defaults. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Packet over SONET/SDH (POS) ports.
Examples
The following example sets the keepalive interval to 20 and the number of unconfirmed messages to 5 on clear-channel DS-3 channel 1:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#encapsulation cisco-hdlc [local]Redback(config-ds3)#keepalive check-interval seconds 20 retries
Related Commands
port ds0s port ds1 port ds3 port e1 port e3
4-42
loopback
For a DS-1 channel, the syntax in DS-1 configuration mode is: loopback {network net-type | remote rem-type} no loopback For a DS-3 channel or port, the syntax in DS-3 configuration mode is: loopback {line | local | remote} no loopback For a clear-channel E3 port, the syntax in E3 configuration mode is: loopback {line | local} no loopback For an E1 channel or port, the syntax in E1 configuration mode is: loopback {line | local} no loopback For a channelized OC-12 or STM-1 port, the syntax in port or STM-1 configuration mode is: loopback {internal | line} no loopback
Purpose
Changes the operation of a DS-1 channel, DS-3 channel or port, E3 port, E1 channel or port, or channelized OC-12 or STM-1 port to a loopback state.
Command Mode
DS-1 configuration DS-3 configuration E1 configuration E3 configuration port configuration STM-1 configuration
Syntax Description
internal line local Tests the internal functions of the port by looping the transmit line to the receive line. Tests the line operation of the channel or port by looping receive line to the transmit line. Tests the internal functions of the channel or port by looping the transmit line to the receive line.
4-43
remote
Verifies remote link connectivity and quality of the DS-3 channel or port at the DS-3 signal level. This option is available only if the DS-3 channel or port has C-bit framing and its admin state is up.
network net-type Type of loopback state for the DS-1 channel, according to one of the following keywords: lineSpecifies a full loopback (all bits) from the receive line to the transmit line. payloadSpecifies a payload loopback from the receive line to the transmit line. In either case, the DS-0 time slots (for DS-0 channels) on a DS-1 channel must be set to the default (124). remote rem-type Type of loopback state for the far end equipment, according to one of the following keywords: line fdl ansiSpecifies a facility data link (FDL) ANSI loopback. The DS-1 channel must have Extended Superframe Format (ESF) framing. line fdl bellcoreSpecifies an FDL Bellcore loopback. The DS-1 channel must have ESF framing. line inbandSpecifies an inband loopback. This option is compatible with either ESF or Superframe Format (SF) framing. This option is available only if the admin state of the DS-1 channel is up. payloadSpecifies a payload loopback. This option is compatible only with ESF framing.
Default
Port or channel operation is in a normal state.
Usage Guidelines
When you use the loopback command to change the operation of a DS-1 channel to a loopback state, follow these guidelines: For the network net-type construct: Use the line keyword to loop all received bits (a full loopback) to the transmit line. The time slots (for DS-0 channels) must be set to the default (124). Use the payload keyword to loop back only the received payload to the transmit line. The time slots (for DS-0 channels) must be set to the default (124). For the remote rem-type construct: Use the line fdl ansi keywords to request the remote end, using the FDL, to loop back the bits transmitted by the local end. This option is available only if the DS-1 channel has ESF framing and its admin state is up. Use the line fdl bellcore keywords to request the remote end, using the FDL, to loop back the bits transmitted by the local end. This option is available only if the DS-1 channel has ESF framing and its admin state is up.
4-44
Use the line inband keywords to request within the payload, that the remote end perform a full loopback. This option is available only if the admin state of the DS-1 channel is up. Use the payload keyword to request that the remote end loop back only the payload. This option is available only if the DS-1 channel has ESF framing and its admin state is up. Caution Risk of data loss. To specify a different framing for a DS-1 channel, and the DS-1 channel is operating in a remote (line fdl ansi, line inband, or payload) loopback state, and the new framing is not compatible with the type of remote loopback that you have operating, the system will terminate the remote loopback (change the DS-1 channel operation to a normal state) before changing the framing. To reduce the risk, postpone issuing the framing command until you are ready to terminate the remote loopback. After changing a DS-1 channel to the loopback state, you can use the bert command to perform a bit error rate test (BERT) to qualify the link.
When you use the loopback command to change the operation of a channelized or clear-channel DS-3 channel or port or E3 port to a loopback state, follow these guidelines: Use the line keyword to loop received frames back to the transmit line. Use the local keyword to loop transmitted frames back to the receive line without actually transmitting them. Use the remote keyword to verify remote link connectivity and quality at the DS-3 signal level. This option is available only if the DS-3 channel or port has C-bit framing and the admin state is up. After changing a DS-3 channel or port or E3 port to the loopback state, you can use the bert command to perform a bit error rate test (BERT) to qualify the links.
When you use the loopback command to change the operation of an E1 channel or port to a loopback state, follow these guidelines: Use the line keyword to loop received frames back to the transmit line. Use the local keyword to loop transmitted frames back to the receive line without actually transmitting them.
When you use the loopback command to change the operation of a channelized OC-12 or STM-1 port to a loopback state, follow these guidelines: Use the internal keyword to test the internal functions of the port. Use the line keyword to test the line operation.
Use the no form of this command to restore the port or channel operation to a normal state. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Packet over SONET/SDH (POS) and Asynchronous Transfer Mode (ATM) OC ports.
Examples
The following example changes the channel operation of a DS-1 channel to a loopback state to verify remote link connectivity:
[local]Redback(config)#port ds1 3/1:1 [local]Redback(config-ds1)#loopback remote
4-45
The following example changes the channel operation of a DS-3 channel 1 to a loopback state to verify remote link connectivity:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#loopback remote
The following example tests the internal functions of port 1 on the channelized E1 card in slot 1 by looping the transmit line to the receive line:
[local]Redback(config)#port e1 1/1 [local]Redback(config-e1)#loopback line
The following example test the line operation of the channelized STM-1 port 1 on the card in slot 1 by looping the receive line to the transmit line:
[local]Redback(config)#port channelized-stm1 1/1 [local]Redback(config-stm1)#loopback line
Related Commands
framing port channelized-ds3 port channelized-oc12 port channelized-stm1 port ds1 port ds3 port e1 port e3
4-46
mtu
mtu size default mtu
Purpose
Specifies the maximum transmission unit (MTU) payload size of the packet without fragmentation for a clear-channel DS-3 channel or port, clear-channel E3 port, E1 channel or port, DS-1 channel on a channelized DS-3 channel or port, or DS-0 channel group on a channelized E1 channel or port.
Command Mode
Syntax Description
size MTU payload size of the packet in bytes. The range of values is 256 to 12,800. The default depends on the type of channel or port; see Table 4-19.
Default
The default MTU payload size depends on the type of channel or port; see Table 4-19.
Usage Guidelines
Use the mtu command to specify the MTU payload size of the packet without fragmentation for a clear-channel DS-3 channel or port, E3 port, E1 channel or port, a DS-1 channel on a channelized DS-3 channel or port, or a DS-0 channel group on a channelized E1 channel or port. Table 4-19 lists the range of values and default for each type of channel or port. Table 4-19 Values for the MTU Payload size Argument
Channel or Port Type Clear-channel DS-3 Clear-channel E3 E1 DS-1 DS-0 channel group Range of Values (Bytes) 256 to 12,800 256 to 9,192 256 to 12,800 256 to 12,800 256 to 12,800 Default (Bytes) 4,470 4,470 1,500 1,500 1,500
The Layer 2 headers are automatically added to the payload size and do not cause fragmentation; you do not include them when selecting the value of the size argument.
4-47
Note You can also specify the MTU size at the interface level; the MTU size used is the minimum of the two values. Note If you change the MTU value for a Point-to-Point Protocol (PPP)-encapsulated channel or port that you have already configured and enabled with the no form of the shutdown command in the appropriate configuration mode, the change does not take effect until you shut down the channel or port and then re-enable it. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Asynchronous Transfer Mode (ATM) OC, ATM DS-3, Ethernet, and Packet over SONET/SDH (POS) ports. Use the default form of this command to specify the default value of the MTU payload size of the packet.
Examples
The following example specifies the MTU payload size of the packet to be 2000 on clear-channel DS-3 port 1:
[local]Redback(config)#port ds3 3/1 [local]Redback(config-ds3)#mtu 2000
Related Commands
port channelized-ds3 port ds0s port ds1 port ds3 port e1 port e3
4-48
national
national no national
Purpose
Enables or disables the national bit (bit 12 of set 1) in the E3 frame.
Command Mode
E3 configuration
Syntax Description
Default
The national bit is disabled
Usage Guidelines
Use the national command to enable the national bit (bit 12 of set 1) in the E3 frame. You enable the national bit if the digital path crosses a geographical border and only if the port is configured with G.751 framing (the default). Use the no form of this command to disable the national bit.
Examples
The following example enables the national bit for the E3 port 1 on the clear-channel E3 card in slot 4:
[local]Redback(config)#port e3 4/1 [local]Redback(config-e3)#framing g751 [local]Redback(config-e3)#national
Related Commands
framing
4-49
path-trace
path-trace {length length | message text} no path-trace message
Purpose
Specifies either the maximum length of the message or the text string to be traced on an administrative unit-3 (AU-3) or an AU-4 on a channelized STM-1 port.
Command Mode
AU-3 configuration STM-1 configuration
Syntax Description
length length Maximum length of the message, in bytes, according to one of the following keywords: 16Specifies the maximum length of the message to be 15 characters. This is the default length. 64Specifies the maximum length of the message to be 62 characters. message text Text string with up to 62 ASCII characters.
Default
The length is 16 and the message is Redback.
Usage Guidelines
Use the path-trace command to specify either the maximum length of the text or the text string to be traced on an AU-3 or AU-4 on a channelized STM-1 port. If you enter the aug-mapping au3 command (in STM-1 configuration mode), the path-trace command is no longer available in STM-1 configuration mode; it is available in AU-3 configuration mode. The first byte in a 16-character message is reserved for the results of a CRC7 calculated on the message. The final two characters in a 64-character message are reserved for the CR/LF (0x0D/0x0A). Use the no form of this command to set the maximum length to 16, and the message text to Redback. You cannot disable the path-trace feature for channelized STM-1 ports. Note The message keyword is used without the text argument in the no form of this command. Note This command is also described in Chapter 3, ATM, Ethernet, and POS Port Configuration, for ports on Packet over SONET/SDH (POS) and 4-port ATM OC-3c/STM-1c cards.
4-50
Examples
The following example specifies a path trace with a maximum message length of 64 and the text string for port 1 of the channelized STM-1 card in slot 2; the port is mapped with the default administrative unit group (AUG) mapping, AU-4:
[local]Redback(config)#port channelized-stm1 2/1 [local]Redback(config-stm1)#path-trace length 64 [local]Redback(config-stm1)#path-trace this is a test of an extended length message.
Related Commands
au3 aug-mapping port channelized-stm1
4-51
port channelized-ds3
For DS-3 channels on channelized OC-12 cards, the syntax is: port channelized-ds3 slot/port:ds3-chan-num no port channelized-ds3 slot/port:ds3-chan-num For channelized ports on DS-3 cards, the syntax is: port channelized-ds3 slot/port no port channelized-ds3 slot/port
Purpose
Selects a channelized DS-3 channel or port and enters DS-3 configuration mode.
Command Mode
Syntax Description
slot port ds3-chan-num Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-20. Port number on the channelized OC-12 or DS-3 card. The range of values depends on the type and version of the card; see Table 4-21. Number of the DS-3 channel on the channelized OC-12 port. The range of values is 1 to 12.
Default
No channelized DS-3 channels or ports are selected.
Usage Guidelines
Use the port channelized-ds3 command to select a channelized DS-3 channel on a channelized OC-12 port, or port on a DS-3 card, and enter DS-3 configuration mode. Table 4-20 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-20 Slot Ranges for Cards with Channelized DS-3 Ports and Channels
slot Argument Range Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR 3-port Channelized DS-3 12-port Channelized DS-3 1 to 5 and 10 to 14 3 to 4 SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
4-52
Table 4-21 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-21 Port Ranges for Cards with Channelized DS-3 Ports and Channels
Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR 3-port Channelized DS-3 12-port Channelized DS-3 Physical Ports 1 1 3 12 Low-Density Version No No No No Low-Density Ports
Note If you issue this command for a port on a channelized OC-12 card without first configuring the port you have specified with the slot and port arguments, the system creates the port channelized-oc-12 slot/port command in the configuration database for you. To enable the DS-3 channel or port, use the no shutdown command (in DS-3 configuration mode). Use the no form of this command to delete the port configuration from the configuration database. Note This command is not available for ports on clear-channel DS-3 cards.
Examples
The following example selects channelized DS-3 channel 1 on port 1 of the channelized OC-12 card in slot 4 and enters DS-3 configuration mode:
[local]Redback(config)#port channelized-ds3 4/1:1 [local]Redback(config-ds3)#
Related Commands
port channelized-oc12 port ds1 port ds3 shutdownDS-3 configuration mode
4-53
port channelized-oc12
port channelized-oc12 slot/port no port channelized-oc12 slot/port
Purpose
Selects a channelized OC-12 port and enters port configuration mode.
Command Mode
Syntax Description
slot port Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-22. Port number on the channelized OC-12 card. The range of values depends on the type and version of the card; see Table 4-23.
Default
No channelized OC-12 ports are created.
Usage Guidelines
Use the port channelized-oc12 command to create or select a channelized OC-12 port and enter port configuration mode. Use this command to configure port parameters that apply to all channels on the port, such as framing and loopback. Table 4-22 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-22 Slot Ranges for Channelized OC-12 Cards
slot Argument Range Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
Table 4-23 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-23 Port Ranges for Channelized OC-12 Cards
Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR Physical Ports 1 Low-Density Version No Low-Density Ports
4-54
You do not need to issue this command to select a channelized OC-12 port; the system creates the command in the configuration database when you enter the port ds3 or port ds1 command (in global configuration mode). To enable the port, use the no shutdown command (in port configuration mode). Use the no form of this command to delete the port configuration from the configuration database.
Examples
The following example selects the first channelized OC-12 port on the traffic card in slot 4 and enters port configuration mode. The no shutdown command (in port configuration mode) enables the port.
[local]Redback(config)#port channelized-oc12 4/1 [local]Redback(config-port)#no shutdown
Related Commands
4-55
port channelized-stm1
port channelized-stm1 slot/port no port channelized-stm1 slot/port
Purpose
Selects a port on a channelized STM-1 card and enters STM-1 configuration mode.
Command Mode
Syntax Description
slot port Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-24. Port number on the channelized STM-1 card. The range of values depends on the type and version of the card; see Table 4-25.
Default
No channelized STM-1 ports are created.
Usage Guidelines
Use the port channelized-stm1 command to select a port on a channelized STM-1 card and enter STM-1 configuration mode. Use this command to configure port parameters that apply to all channels on the port, such as administrative unit group (AUG) mapping and loopback. Table 4-24 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-24 Slot Ranges for Channelized STM-1 Cards
slot Argument Range Traffic Card Type Channelized STM-1 to E1 IR SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
Table 4-25 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-25 Port Ranges for Channelized STM-1 Cards
Traffic Card Type Channelized STM-1 to E1 IR Physical Ports 3 Low-Density Version No Low-Density Ports
4-56
To enable the port, use the no shutdown command (in STM-1 configuration mode). Use the no form of this command to delete the port configuration from the configuration database. Caution Risk of data loss. The no form of this command removes all configured E1 channels and DS-0 channel groups associated with the channelized STM-1 port. To reduce the risk, consider the associated E1 channels and DS-0 channel groups before removing a channelized STM-1 port.
Examples
The following example selects a channelized STM-1 port:
[local]Redback(config)#card ch-stm1ds0-3-port 1 [local]Redback(card)#exit [local]Redback(config)#port channelized-stm1 1/1 [local]Redback(config-stm1)#
Related Commands
port ds0s port e1 shutdownSTM-1 configuration mode
4-57
port ds0s
For ports on channelized STM-1 cards, the syntax is: port ds0s slot/port:e1-chan-num:ds0-chan-num no port ds0s slot/port:e1-chan-num:ds0-chan-num For channelized ports on E1 cards, the syntax is: port ds0s slot/port:ds0-chan-num no port ds0s slot/port:ds0-chan-num
Purpose
Selects a DS-0 channel group on a channelized E1 channel or port and enters DS-0 group configuration mode.
Command Mode
Syntax Description
slot port e1-chan-num ds0-chan-num Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-26. Port number for the channelized STM-1 or E1 port. The range of values depends on the type and version of the card; see Table 4-27. E1 channel number on the STM-1 port. The range of values is 1 to 63. First time slot in the DS-0 channel group. The range of values is 1 to 31.
Default
No DS-0 channel groups are created or selected.
Usage Guidelines
Use the port ds0s command to create or select a DS-0 channel group on a channelized E1 channel or port and enter DS-0 group configuration mode. Table 4-26 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-26 Slot Ranges for Cards with DS-0 Channel Groups
slot Argument Range Traffic Card Type Channelized STM-1 to E1 IR Channelized E1 SmartEdge 800 Router 1 to 6 and 9 to 14 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4 1 to 4
4-58
Table 4-27 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-27 Port Ranges for Cards with DS-0 Channel Groups
Traffic Card Type Channelized STM-1 to E1 IR Channelized E1 Physical Ports 3 24 Low-Density Version No No Low-Density Ports
Note This command requires that the E1 channel or port have either CRC-4 or non-CRC-4 framing. If you are creating the DS-0 channel group on a channelized STM-1 port, you must verify that the field programmable gate array (FPGA) on the card supports this feature. Use the show hardware detail command (in any mode) to determine the version of the FPGA file installed in the channelized STM-1 card, and compare it to the version of the FPGA file bundled into the software image. If the version of the FPGA file in the card is older, use the reload fpga command (in exec mode) to upgrade to the latest version. Caution It takes three to seven minutes for the reload fpga command to successfully complete an upgrade. Do not interrupt the process in the middle of an FPGA upgrade. If you have not selected the E1 channel or port using the port e1 command (in global configuration mode) before you enter this command, this command automatically creates the E1 channel or port with the default CRC-4 framing. The DS-0 channel number that you specify becomes the only assigned DS-0 channel in the channel group. Any other DS-0 channel that you assign to this group using the timeslot command (in DS-0 group configuration mode) must have a time slot equal to or greater than that specified with the ds0-chan-num argument. The DS-0 channel group cannot include any time slot less than the value you specify for the ds0-chan-num argument. For example, if you specify 13 as the value for the ds0-chan-num argument, you cannot include time slots 1 to 12 in the DS-0 channel group when you enter the timeslot command (in DS-0 group configuration mode). To enable the DS-0 channel group, use the no shutdown command (in DS-0 group configuration mode). Use the no form of this command to remove a DS-0 channel group from a channelized E1 channel or port.
Examples
The following example selects a channelized E1 port on a channelized E1 card and creates an associated DS-0 channel group:
[local]Redback(config)#card ch-e1ds0-24-port 1 [local]Redback(config-card)#exit !select the channelized E1 port on the channelized E1 card [local]Redback(config)#port e1 1/1 [localRedback(config-e1)#no shutdown [local]Redback(config-e1)#exit
4-59
Command Descriptions !create the DS-0 channel group with a base time slot of 5 [local]Redback(config)#port ds0s 1/1:5 [local]Redback(config-ds0-group)#no shutdown [local]Redback(config-ds0-group)#timeslot 5, 7, 9, 12, 15 [local]Redback(config-ds0-group)#no shutdown [local]Redback(config-ds0-group)#exit
The following example selects a channelized E1 channel on a port on an channelized STM-1 card and an associated DS-0 channel group:
[local]Redback(config)#card ch-stm1ds0-3-port 2 [local]Redback(card)#exit !select the channelized STM-1 port [local]Redback(config)#port channelized-stm1 2/1 [local]Redback(config-stm1)#no shutdown [local]Redback(config-stm1)#exit !create the channelized E1 channel on the channelized STM-1 port [local]Redback(config)#port e1 2/1:1 [local]Redback(config-e1)#no shutdown [local]Redback(config-e1)#exit !create the DS-0 channel group with a base time slot of 3 [local]Redback(config)#port ds0s 2/1:1:3 [local]Redback(config-ds0-group)#timeslot 3, 7, 9, 12, 15 [local]Redback(config-ds0-group)#no shutdown [local]Redback(config-ds0-group)#exit
Related Commands
port channelized-stm1 port e1 shutdownDS-0 group configuration mode timeslot
4-60
port ds1
For ports on channelized OC-12 cards, the syntax is: port ds1 slot/port:ds3-chan-num:ds1-chan-num no port ds1 slot/port:ds3-chan-num:ds1-chan-num For channelized ports on DS-3 cards, the syntax is: port ds1 slot/port:ds1-chan-num no port ds1 slot/port:ds1-chan-num
Purpose
Selects a constituent DS-1 channel on a channelized DS-3 channel or port and enters DS-1 configuration mode.
Command Mode
Syntax Description
slot port ds3-chan-num ds1-chan-num Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-28. Port number on the channelized OC-12 or DS-3 port. The range of values depends on the type and version of the card; see Table 4-29. Number of the DS-3 channel on the channelized OC-12 port. The range of values is 1 to 12. Number of the DS-1 channel you want to select. The range of values is 1 to 28.
Default
No DS-1 channels are selected.
Usage Guidelines
Use the port ds1 command to select a constituent DS-1 channel in a channelized DS-3 channel or port and enter DS-1 configuration mode. Table 4-28 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-28 Slot Ranges for Cards with DS-1 Channels
slot Argument Range Traffic Card Type Channelized OC-12 to DS-1 IR 3-port Channelized DS-3 12-port Channelized DS-3 SmartEdge 800 Router 1 to 6 and 9 to 14 1 to 5 and 10 to 14 SmartEdge 400 Router 1 to 4 3 to 4
4-61
Table 4-29 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-29 Port Ranges for Cards with DS-1 Channels
Traffic Card Type Channelized OC-12 to DS-1 IR 3-port Channelized DS-3 12-port Channelized DS-3 Physical Ports 1 3 12 Low-Density Version No No No Low-Density Ports
Note If you issue this command for a port on a channelized OC-12 card without first configuring the port and the DS-3 channel that you have specified with the slot, port, and ds3-chan-num arguments, the system creates the port channelized-oc-12 slot/port and port channelized-ds3 slot/port:ds3-chan-num commands in the configuration database for you. Note This command is not available for ports on a clear-channel DS-3 card or for ports on a channelized DS-3 card that you have created with the port ds3 command (in global configuration mode). To enable the DS-1 channel, use the no shutdown command (in DS-1 configuration mode). Use the no form of this command to delete the channel or port configuration from the configuration database.
Examples
The following example selects DS-1 channel 4 in DS-3 channel 1 on port 1 on a channelized OC-12 card in slot 4 and enters DS-1 configuration mode:
[local]Redback(config)#port ds1 4/1:1:4 [local]Redback(config-ds1)#
The following example selects DS-1 channel 4 on port 1 on a channelized DS-3 card in slot 3 and enters DS-1 configuration mode:
[local]Redback(config)#port ds1 3/1:4 [local]Redback(config-ds1)#
Related Commands
port channelized-oc12 shutdownDS-1 configuration mode
4-62
port ds3
For ports on channelized OC-12 cards, the syntax is: port ds3 slot/port:ds3-chan-num no port ds3 slot/port:ds3-chan-num For clear-channel ports on DS-3 cards, the syntax is: port ds3 slot/port no port ds3 slot/port
Purpose
Selects a clear-channel DS-3 channel or port and enters DS-3 configuration mode.
Command Mode
Syntax Description
slot port ds3-chan-num Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-30 Port number on the channelized OC-12 or DS-3 port. The range of values depends on the type and version of the card; see Table 4-31. Number of the DS-3 channel on the channelized OC-12 port. The range of values is 1 to 12.
Default
No DS-3 channels or ports are selected.
Usage Guidelines
Use the port ds3 command to select a clear-channel DS-3 channel or port and enter DS-3 configuration mode. Table 4-30 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-30 Slot Ranges for Cards with Clear-Channel DS-3 Channels or Ports
slot Argument Range Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR 12-port Clear-Channel DS-3 1 to 5 and 10 to 14 3 to 4 SmartEdge 800 Router 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4
4-63
Table 4-31 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-31 Port Ranges for Cards with Clear-Channel DS-3 Channels or Ports
Traffic Card Type Channelized OC-12 to DS-1 IR Channelized OC-12 to DS-3 IR 12-port Clear-Channel DS-3 12 No Physical Ports 1 Low-Density Version No Low-Density Ports
Note If you issue this command for a channelized OC-12 port without first configuring the port you have specified with the slot and port arguments, the system creates the port channelized-oc-12 slot/port command in the configuration database for you. To enable the DS-3 channel, use the no shutdown command (in DS-3 configuration mode). Use the no form of this command to delete the channel or port configuration from the configuration database.
Examples
The following example selects port 1 on the clear-channel DS-3 card in slot 4 and enters DS-3 configuration mode:
[local]Redback(config)#port ds3 4/1 [local]Redback(config-ds3)#
Related Commands
port channelized-ds3 port channelized-oc12 shutdownDS-3 configuration mode
4-64
port e1
For ports on channelized STM-1 cards, the syntax is: port e1 slot/port:e1-chan-num no port e1 slot/port:e1-chan-num For ports on E1 cards, the syntax is: port e1 slot/port no port e1 slot/port
Purpose
Selects an E1 channel or port and enters E1 configuration mode.
Command Mode
Syntax Description
slot port e1-chan-num Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-32. Port number on the channelized STM-1 or E1 card. The range of values depends on the version of the card; see Table 4-33. E1 channel number on the channelized STM-1 port. The range of values is 1 to 63.
Default
No E1 channels or ports are selected.
Usage Guidelines
Use the port e1 command to select an E1 channel or port and enter E1 configuration mode. When selected, the E1 channel or port is channelized with CRC4 framing. Table 4-32 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-32 Slot Ranges for Cards with E1 Channels or Ports
slot Argument Range Traffic Card Type Channelized STM-1 to E1 IR Channelized E1 SmartEdge 800 Router 1 to 6 and 9 to 14 1 to 6 and 9 to 14 SmartEdge 400 Router 1 to 4 1 to 4
4-65
Table 4-33 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach. Table 4-33 Port Ranges for Cards with E1 Channels or Ports
Traffic Card Type Channelized STM-1 to E1 IR Channelized E1 Physical Ports 3 24 Low-Density Version No No Low-Density Ports
Use the no form of this command to delete the E1 channel or port configuration from the database. Caution Risk of data loss. The no form of this command deletes any DS-0 channel groups configured for the E1 channel or port. To reduce the risk, consider the associated DS-0 channel groups before deleting an E1 channel or port.
Examples
The following example configures a channelized E1 port and a clear-channel E1port on a channelized E1 card:
[local]Redback(config)#card ch-e1ds0-24-port [local]Redback(config-card)#exit !select an E1 port and frame it as channelized [local]Redback(config)#port e1 1/1 [local]Redback(config-e1)#framing crc4 [local]Redback(config-e1)#exit !select an E1 port and frame it as clear-channel [local]Redback(config)#port e1 1/2 [local]Redback(config-e1)#framing unframed [localRedback(config-e1)#
The following example creates an E1 channel on a channelized STM-1 port:

!select the channelized STM-1 port [local]Redback(config)#port channelized-stm1 1/1 [local]Redback(config-stm1)#exit !select the E1 channel on the STM-1 port [local]Redback(config)#port e1 1/1:1 [localRedback(config-e1)#
Related Commands
port channelized-stm1 port ds0s shutdownE1 configuration mode
4-66
port e3
port e3 slot/port no port e3 slot/port
Purpose
Selects a port on a clear-channel E3 card and enters E3 configuration mode.
Command Mode
Syntax Description
slot port Chassis slot number of the card. The range of values depends on the chassis in which the card is installed; see Table 4-34 Port number on the E3 card. The range of values is listed in Table 4-35.
Default
No E3 ports are selected.
Usage Guidelines
Use the port e3 command to select a clear-channel E3 port on a clear-channel E3 card and enter E3 configuration mode. Table 4-34 lists the values for the slot argument for each type of SmartEdge chassis. Table 4-34 Slot Ranges for Cards with Clear-Channel E3 Ports
slot Argument Range Traffic Card Type 6-port Clear-Channel E3 SmartEdge 800 Router 1 to 5 and 10 to 14 SmartEdge 400 Router 3 to 4
Table 4-35 lists the range of values for the port argument. Table 4-35 Port Ranges for Cards with Clear-Channel E3 Ports
Traffic Card Type 6-port Clear-Channel E3 Physical Ports 6 Low-Density Version No Low-Density Ports
To enable the E3 port, use the no shutdown command (in E3 configuration mode). Use the no form of this command to delete the port configuration from the configuration database.
4-67
Examples
The following example selects port 1 on the clear-channel E3 card in slot 4 and enters E3 configuration mode:
[local]Redback(config)#port e3 4/1 [local]Redback(config-e3)#
Related Commands
shutdownE3 configuration mode
4-68
shutdown
Purpose
Disables the specified port, channel, or channel group.
Command Mode
DS-0 group configuration DS-1 configuration DS-3 configuration E1 configuration E3 configuration port configuration STM-1 configuration
Syntax Description
Default
All ports and channels are disabled.
Usage Guidelines
Use the shutdown command to enable or disable the specified port, channel, or channel group. No data is transmitted or received when the port, channel, or channel group is shut down. You must use the no form of this command to enable any port, channel, or channel group. To display the port or channel state, enter the show port detail command (in any mode). Use the no form of this command to enable a port, channel, or channel group. This command is also described in the following chapters: Chapter 3, ATM, Ethernet, and POS Port Configuration, for ATM OC, ATM DS-3, Ethernet, and Packet over SONET/SDH (POS) ports. Chapter 6, Circuit Configuration, for ATM, Frame Relay, and 802.1Q PVCs. Chapter 11, Cross-Connection Configuration, for cross-connected circuits. Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnel circuits.
4-69
Examples
The following example enables DS-3 channel 1 on channelized OC-12 port 1 in slot 2:
[local]Redback(config)#card ch-oc12ds3-1-port 2 [local]Redback(config)#exit [local]Redback(config)#port ds3 2/1:1 [local]Redback(config-ds3)#no shutdown
Related Commands
port channelized-ds3 port channelized-oc12 port channelized-stm1 port ds0s port ds1 port ds3 port e1 port e3
4-70
speed
speed {56 | 64} default speed
Purpose
Sets the speed for all DS-0 channels in a DS-1 channel on a channelized DS-3 channel or port.
Command Mode
DS-1 configuration
Syntax Description
56 64 Specifies that the DS-0 channel speed is 56 kbps. Specifies that the DS-0 channel speed is 64 kbps; this is the default channel speed.
Default
The default value is 64 kbps.
Usage Guidelines
Use the speed command to set the speed for all DS-0 channels in a DS-1 channel on a channelized DS-3 channel or port. Use the default form of this command to set the speed for all DS-0 channels in a DS-1 channel to the default speed.
Examples
The following example sets the DS-0 channel speed to 56 kbps:
[local]Redback(config-ds1)#speed 56
Related Commands
port channelized-ds3 port channelized-oc12 port ds1
4-71
timeslot
timeslot range default timeslot
Purpose
Defines a range of time slots for DS-0 channels in a DS-1 channel or for a DS-0 channel group in an E1 channel or port.
Command Mode
DS-0 group configuration DS-1 configuration
Syntax Description
range Range of time slots for the DS-0 channels. The range of values and the format of the range argument are dependent on the configuration mode and card type: DS-0 group configuration (DS-0 channel group)The range of values is 1 to 31. You can specify time slots using any combination of contiguous ranges and individual odd and even time slots. Use hyphens when specifying a range of contiguous time slots; use commas when specifying individual time slots. DS-1 configurationThe range of values is 1 to 24. For the channelized OC-12 and 12-port channelized DS-3 cards, you can specify only a single contiguous range. For the 3-port channelized DS-3 card, you can specify time slots using any combination of contiguous ranges and individual odd and even time slots. Use hyphens when specifying a range of contiguous time slots; use commas when specifying individual time slots.
Default
For DS-0 channels in a DS-1 channel, the default range is 1 to 24; for DS-0 channel groups in an E1 channel or port, the default value is the DS-0 channel that was specified using the port ds0s command (in global configuration mode).
Usage Guidelines
Use the timeslot command to define a range of time slots for the DS-0 channels in a DS-1 channel or for a DS-0 channel group in an E1 channel or port. You specify the range only once; if you enter the this command more than once, it overwrites the previous range. The following guidelines apply to DS-0 channels in a DS-0 channel group (DS-0 group configuration mode): Time slots must be equal to or greater than the DS-0 channel number you specified with the port ds0s command (in global configuration mode). Time slots can be listed in any order.
4-72
The following guidelines apply to DS-0 channels in a DS-1 channel (DS-1 configuration mode): You must specify the default range if you have specified the loop keyword with the clock-source command (in DS-1 configuration mode) as the clock source for a DS-1 channel. You will receive an error message if you have specified loop as the clock source and attempt to define fewer time slots than the full range. You must specify the default range to enter the loopback command (in DS-1 configuration mode) with either the network line or network payload keywords. You must specify the default range to enter the equipment-loopback command (in DS-1 configuration mode).
Use the default form of this command to set the range of time slots to the default range.
Examples
The following example assigns contiguous time slots to DS-0 channels 1-10 on DS-1 channel 2 on DS-3 port 1 on the 12-port channelized DS-3 card in slot 5:
[local]Redback(config)#port ds1 5/1:2 [local]Redback(config-ds1)#timeslot 1-10
The following example assigns consecutively odd time slots to DS-0 channels 13, 15, 17, and 19 on DS-1 channel 2 on DS-3 port 1 on the 3-port channelized DS-3 card in slot 4:
[local]Redback(config)#port ds1 4/1:2 [local]Redback(config-ds1)#timeslot 13,15,17,19
The following example assigns consecutively odd time slots to DS-0 channels 13, 15, 17, and 19 on E1 channel 2 on port 1 on the channelized STM-1 card in slot 13:
[local]Redback(config)#port ds0s 13/1:2:13 [local]Redback(config-ds0-group)#timeslot 13,15,17,19
Related Commands
port channelized-ds3 port channelized-stm1 port ds1 port e1
4-73
traps
traps ifmib {enabled | disabled} {no | default} traps ifmib
Purpose
Enables linkUp and linkDown notifications for Cisco HDLC, Point-to-Point Protocol (PPP), and Frame Relay encapsulation layers (IF-MIB encapsulation layers) on the DS-0 channel group.
Command Mode
DS-0 group configuration
Syntax Description
ifmib enabled Enables notifications for encapsulation layers on the DS-0 channel group.
ifmib disabled Disables notifications for encapsulation layers on the DS-0 channel group.
Default
If this command is not entered, notification of up and down conditions is enabled or disabled by the traps command in (SNMP server configuration mode).
Usage Guidelines
Use the traps command to enable linkUp and linkDown notifications locally for Cisco HDLC, PPP, and Frame Relay encapsulation layers on the DS-0 channel group. This command overrides, for this DS-0 channel group, any global specification for encapsulation layers you have specified with the traps command (in SNMP server configuration mode). Table 4-36 lists the combinations of global and local settings and the resulting notifications for encapsulation layers. Table 4-36 Command Settings and Encapsulation Layer Notifications
Global None Local None or default enabled disabled ifmib encaps None or default enabled disabled Encapsulation Layer Notifications None Locally enabled for this DS-0 channel group Locally disabled for this DS-0 channel group Globally enabled for all clear-channel or channelized ports and channels, including this DS-0 channel group Both globally and locally enabled for this DS-0 channel group Locally disabled for this DS-0 channel group
Use the no or default form of this command to disable encapsulation layer notifications locally; as a result, encapsulation layer notifications are enabled or disabled globally as specified with the traps command in (SNMP server configuration mode).
4-74
Examples
The following example enables encapsulation notifications globally and disables them locally for the DS-0 channel group on port 1 of a channelized E1 card:
[local]Redback(config)#snmp server enhance ifmib [local]Redback(config-snmp-server)#traps ifmib encaps [local]Redback(config-snmp-server)#exit [local]Redback(config)#port ds0s 5/1:7 [local]Redback(config-ds0-group)#traps ifmib disabled
Related Commands
snmp server trapsSNMP server configuration mode
4-75
yellow-alarm
yellow-alarm {detection | generation} no yellow-alarm {detection | generation} default yellow-alarm {detection | generation}
Purpose
Enables the detection or generation of yellow alarms on the DS-1 channel.
Command Mode
DS-1 configuration
Syntax Description
detection generation Enables yellow-alarm detection. Enables yellow-alarm generation.
Default
Detection and generation of yellow alarms are enabled.
Usage Guidelines
Use the yellow-alarm command to enable the detection or generation of yellow alarms on a DS-1 channel. Use the no form of this command to disable the specified yellow alarm function. Use the default form of this command to enable the specified yellow alarm function with its default values.
Examples
The following example disables yellow alarm detection on a DS-1 channel:
[local]Redback(config)#port ds1 4/1:1:1 [local]Redback(config-ds1)#no yellow-alarm detection
Related Commands
port ds1
4-76
Chapter 5
APS Configuration
This chapter provides an overview of Automatic Protection Switching (APS) on Packet over SONET/SDH (POS) ports, describes the tasks used to configure APS features, provides configuration examples, and detailed descriptions of the commands used to configure APS through the SmartEdge OS. For information about the commands used to monitor, troubleshoot, and administer APS, see the Card, Port, and Channel Operations chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
The SmartEdge OS supports a subset of Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) APS that is described in the Telcordia publication, GR-253-CORE, SONET Transport Systems, Common Criteria, Section 5.3, and the equivalent SDH specification described in ITU-T G-783, Appendix A. APS is supported only on POS ports with Cisco High-Level Data Link Control (HDLC) encapsulation. In addition to providing facility protection for traffic on the optical fiber ports, APS on the SmartEdge router can be used to provide equipment protection for the traffic card hosting the working port. If the traffic card fails, and the protect port is on another traffic card, the SmartEdge OS performs a protection switch to preserve the affected traffic, and allow the failed card to be serviced. Note Active subscriber counts are a function of configuration, memory, processing power, and the bandwidth desired for each subscriber. Each platform and hardware variant has a maximum active subscriber figure, which may or may not be achieved under deployment scenarios. Enabling APS requires additional memory for each configured port, and may impact the maximum number of subscribers that can be supported.
APS Configuration
5-1
Overview
The SmartEdge OS implementation of APS has the following features: APS protection is offered for POS ports on these optical card types: OC-3c/STM-1c OC-12c/STM-4c OC-48c/STM-16c The following protocols and services are required or supported on APS ports: HDLC encapsulation required SONET remote defect indication-path (RDI-P) and remote error indication-path (REI-P) generation supported For each working port, there is a single protect port, and each port must be of the same type. For example, a port on an OC-3c/STM-1c card must be paired with a port on another OC-3c/STM-1c card; an OC-3c/STM-1c card cannot be paired with an OC-12c/STM-4c card. The SmartEdge OS APS implementation supports linear 1+1 APS operating in the bidirectional mode: Traffic is transmitted only on the working port; traffic is switched to the protect port based on the quality of the received signal. The transmit and receive lines are switched as a pair. By default, protection is nonrevertive, but revertive switching is offered as an option. When the APS group is configured for revertive switching, if the working port becomes available after a switch to the protect port, the working port enters the wait to restore (WTR) state. If the working port remains clear throughout the WTR interval, a switch to the working port occurs when the WTR interval expires. You can manage ports in an APS group, using the aps switch command (in port configuration mode), to switch the working and protect ports, or temporarily disable APS switching.
Note Configuring and enabling APS can have a negative impact on the performance of the SmartEdge router. Consult your Redback representative for more information. Caution Risk of service disruption. When an APS working or protect port is deleted from an APS group, all sessions currently active on the ports are terminated. Only sessions configured on the working port can be brought back up as normal. To reduce the risk of service disruption beyond this temporary termination of sessions when deleting a working or protect port from an APS group, do not remove either the working or protect port without first performing an APS force on the active port to switch all sessions to the working port and locking out the protect port.
5-2
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure APS and manage the ports in an APS group, perform the tasks described in the following sections: Configure an APS Group Configure the Working and Protect Ports Add Ports to an APS Group Manage Ports in an APS Group Change the Configuration of the Working and Protect Ports
Configure an APS Group

To configure an APS group, perform the tasks described in Table 5-1. Table 5-1
# 1. Task Create an APS group, or select one for modification, and access APS configuration mode. Associate a description with the group. Specify the revertive switching algorithm and the WTR interval.

Root Command aps group Notes Enter this command is global configuration mode.
2. 3.
description revert The default value is nonrevertive.
Configure the Working and Protect Ports

Before you can assign a port as working port in an APS group, you must first configure it and the port that you intend to be its protect port in the group. The following requirements apply to the configuration: The configuration of the working and protect ports must be identical. To configure a POS port, see the Configuring POS Ports section in Chapter 3, ATM, Ethernet, and POS Port Configuration. You must specify Cisco HDLC encapsulation for the ports. You do not bind either port before you assign it, either as a working or protect port, to the APS group, but you must make them operational using the no shutdown command (in port configuration mode).
After you have added the ports to an APS group, you bind the working port to an existing interface, using the bind interface command (in port configuration mode); you do not bind the protect port. If you need to change the configuration of a working port you must ensure that you apply the configuration changes to both the working and protect ports (the configurations must be identical).
APS Configuration
5-3
Configuration Tasks
If a port has already been assigned as a working or protect port in an APS group, then that port must first be removed from the APS group before making any subsequent changes to the configuration for that port. Note Binding a working port to an interface is not considered a change to the port configuration; thus this action is allowed on an APS working port.
Add Ports to an APS Group

To add a port to an APS group, you assign it to the group as a working or protect port. To add ports to an APS group, perform the tasks described in Table 5-2; you can add the ports in any order. Enter both commands in port configuration mode. Table 5-2
Task Assign the working port. Assign the protect port.
Assign a Working Port and a Protect Port

Root Command aps aps Notes Use the working keyword. Use the protect keyword.
Manage Ports in an APS Group

To manage the ports in an APS group, perform one or more of the tasks described in Table 5-3. Enter all commands in port configuration mode unless otherwise noted. Table 5-3
Task Request a lockout of the protect port. Request a high-priority (forced) switch of either the working or protect port. Request a low-priority (manual) switch of either the working or protect port. Remove a posted request. Remove a port from a group. Replace a port in a group. Delete a group.
Manage Ports in an APS Group

Root Command aps switch aps switch aps switch aps switch Notes Use the lockout keyword. Use the forced keyword. Use the manual keyword. Use the no form to remove a posted request.
Perform one of the procedures listed in Table 5-4. Perform one of the procedures listed in Table 5-5. aps group Enter this command is global configuration mode. Use the no form to delete the group.
Delete a Port from an APS Group

Before deleting a port from an APS group, enter the show aps command with the detail keyword (in any mode) to determine the status of the working and protect ports. To delete a port from an APS group, perform the tasks described in Table 5-4. Enter all commands in port configuration mode. Caution Risk of service disruption. When an APS working or protect port is deleted from an APS group, all sessions currently active on the ports are terminated. Only sessions on the working port can be brought back up as normal. To reduce the risk of service disruption beyond this temporary termination of sessions when deleting a working or protect port from an APS group, perform one of the procedures provided in Table 5-4. Otherwise, the system might enter an undesirable state.
5-4
Configuration Tasks
Note Table 5-4 documents the procedures for administering an APS group only; you do not perform them if you must physically replace the traffic card on which the working port is configured. Table 5-4 Delete a Port from an APS Group
Status of Traffic Active Procedure 1. Force all sessions on the protect port to the working port with the aps switch force command for the protect port. 2. Lock out the protect port with the aps switch lockout command for the protect port. 3. Remove the protect port with the no aps command for the protect port; the working port is not removed. Standby 1. Lock out the protect port with the aps switch lockout command for the protect port. 2. Remove the protect port with the no aps command for the protect port; the working port is not removed. Working Active 1. Lock out the protect port with the aps switch lockout command for the protect port. 2. Remove the working port with the no aps command for the working port; the protect port is not removed. Standby 1. Force all sessions on the protect port to the working port with the aps switch force command for the protect port. 2. Lock out the protect port with the aps switch lockout command for the protect port. 3. Remove the working port with the no aps command for the working port; the protect port is no removed.
Port to Delete Protect
Replace a Port in an APS Group

Before you replace a port in an APS group, enter the show aps command with the detail keyword (in any mode) to determine the traffic status of the working and protect ports; perform the tasks in Table 5-5. Table 5-5
# Task
Replace a Port in an APS Group

Root Command Notes
Replace the working port: 1. 2. Remove the working port from the group. Assign the replacement port to the group as the working port. Select the task in Table 5-4 based on the traffic status of the port; the protect port is not removed. aps Use the working keyword.
Replace the protect port: 1. 2. Remove the protect port from the group. Assign the replacement port to the group as the protect port. Select the procedure in Table 5-4 based on the traffic status of the port; the working port is not removed. aps Use the protect keyword.
Change the Configuration of the Working and Protect Ports

You can change the configuration of a working port while it is a member of an APS group, but you must ensure that the configuration of the protect port is identical to that of the working port.
APS Configuration
5-5
This section provides the following examples of APS configurations: Configure an APS Group Request a Lockout Switch Request a Forced Switch Request a Manual Switch

The following example creates the APS group, lab48, with revertive switching and a WTR of 10 minutes, configures the ports on two OC-48c/STM-16c cards for the group, and adds them to the group:
[local]Redback(config)#aps group lab48 [local]Redback(config-aps)#revert 10 [local]Redback(config-aps)#exit [local]Redback(config)#port pos 2/1 [local]Redback(config-port)#encapsulation chdlc [local]Redback(config-port)#aps working lab48 [local]Redback(config-port)#bind interface if-lab48 local [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit [local]Redback(config)#port pos 3/1 [local]Redback(config-port)#encapsulation chdlc [local]Redback(config-port)#aps protect lab48 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit
Request a Lockout Switch

The following example temporarily disables APS switching on port 3/1 (the protect port) by requesting a lockout:
[local]Redback(config)#port pos 3/1 [local]Redback(config-port)#aps switch lockout
The following example re-enables switching by removing the lockout request:

[local]Redback(config)#port pos 3/1 [local]Redback(config-port)#no aps switch lockout
5-6
Request a Forced Switch

The following example posts a high-priority request to switch the sessions on working port 2/1 to the protect port:
[local]Redback(config)#port pos 2/1 [local]Redback(config-port)#aps switch force
For the request to succeed, there must be no higher-priority APS request in effect. The following example removes the high-priority request. Because the switching algorithm for the APS group is revertive, port 2/1 becomes the working port for the APS group after the WTR interval expires and no alarms have been posted against it:
[local]Redback(config)#port pos 2/1 [local]Redback(config-port)#no aps switch force
Request a Manual Switch

The following example posts a low-priority request to switch the sessions on working port 2/1 to the protect port:
[local]Redback(config)#port pos 2/1 [local]Redback(config-port)#aps switch manual
For the request to succeed, there must be no higher-priority APS request in effect. The following example removes the low-priority request. Because the switching algorithm for the APS group is revertive, port 2/1 becomes the working port for the APS group after the WTR interval expires and no alarms have been posted against it:
[local]Redback(config)#port pos 2/1 [local]Redback(config-port)#no aps switch manual
This section describes the syntax and usage guidelines for the commands used to configure APS. The commands are presented in alphabetical order. aps aps group aps switch description revert
APS Configuration
5-7
aps
aps {working | protect} aps-group-name no aps {working | protect} aps-group-name
Purpose
Assigns the port, as a working or protect port, to an existing Automatic Protection Switching (APS) group.
Command Mode
port configuration
Syntax Description
working protect aps-group-name Indicates that the port is a working port in the specified APS group. Indicates that the port is a protect port in the specified APS group. Unique alphanumeric string, used to identify a specific pair of optical ports.
Default
None
Usage Guidelines
Use the aps command to assign a port, as a working or protect port, to an existing APS group. You can add the working and protect ports in any order. Note This command applies to Cisco High-Level Data Link Control (HDLC)-encapsulated Packet over SONET/SDH (POS) ports only. Use the no form of this command to remove the port from the APS group, and return the port to normal, non-APS operation. Caution Risk of service disruption. When an APS working or protect port is deleted from an APS group, all sessions currently active on the ports are terminated. Only sessions on the working port can be brought back up as normal. To reduce the risk of service disruption beyond this temporary termination of sessions when deleting a working or protect port from an APS group, perform one of the procedures provided in Table 5-4. Otherwise, the system might enter an undesirable state. Note Removing a port from an APS group does not remove the other port.
Examples
The following example configures two ports for the APS group, lab48:
!Create the APS group [local]Redback(config)#aps group lab48 [local]Redback(config-aps)#exit
5-8
Command Descriptions !Configure the working port [local]Redback(config)#port pos 1/8 [local]Redback(config-port)#encapsulation chdlc [local]Redback(config-port)#aps working lab48 [local]Redback(config-port)#bind interface if-lab48 local [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit !Configure the protect port [local]Redback(config)#port pos 1/7 [local]Redback(config-port)#encapsulation chdlc [local]Redback(config-port)#aps protect lab48 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit
Related Commands
aps group aps switch
APS Configuration
5-9
aps group
aps group aps-group-name no aps group aps-group-name
Purpose
Creates an Automatic Protection Switching (APS) group with the specified name, or selects an existing APS group for modification, and enters APS configuration mode.
Command Mode
Syntax Description
aps-group-name Unique alphanumeric string, used to identify a specific pair of optical ports.
Default
None
Usage Guidelines
Use the aps group command to create an APS group, or select an existing APS group for modification, and enter APS configuration mode. Use the no form of this command to delete the specified APS group. Note You cannot delete an APS group if there are working and protect ports in it. You must first delete the ports from the group. (See Table 5-4 for the procedures to delete ports.)
Examples
The following example creates the APS group, lab48:
[local]Redback(config)#aps group lab48 [local]Redback(config-aps)#
Related Commands
aps
5-10
aps switch
aps switch {force | lockout | manual} no aps switch {force | lockout | manual}
Purpose
Changes the traffic state of a port in an Automatic Protection Switching (APS) group.
Command Mode
port configuration
Syntax Description
force Switches the sessions on the working port to the protect port or on the protect port to the working port, unless a request of equal or higher priority is already in effect. This is a high-priority request. Prevents the sessions on the working port from being switched to the protect port. Switches the sessions on the working port to the protect port or on the protect port to the working port, unless a request of equal or higher priority is already in effect. This is a low-priority request.
lockout manual
Default
None
Usage Guidelines
Use the aps switch command to change the traffic state of a port in an APS group. The aps switch command persists after the system is reset if the configuration has been saved using the save configuration command (in exec mode). Specify the force keyword to switch the sessions on the working port to the protect port or on the protect port to the working port. The request succeeds if no request with higher priority is in effect, and remains in effect until it is explicitly cleared with the no form of this command or implicitly cleared by a higher priority request. Specify the lockout keyword to prevent sessions on the working port from being switched to the protect port. A lockout request persists after the system is reset, and remains in effect until it is explicitly cleared with the no form of this command or implicitly cleared by a higher priority request. This option is only available for the protect port; it is ignored if you specify it for a working port. Caution Risk of disabling APS protection. Because the aps switch force command has higher priority than signal degrade or signal fail conditions, it can cause sessions to be switched to a nonfunctioning port for the APS group. To reduce the risk, use caution when using this command, or post a lower priority request with the manual keyword instead.
APS Configuration
5-11
Specify the manual keyword to switch the sessions on the working port to the protect port or on the protect port to the working port. The request succeeds if no request with higher priority is in effect, and remains in effect until it is explicitly cleared with the no form of this command or implicitly cleared by a higher priority request. APS requests (generated either by the system or by an administrator) have priority levels, which determine the order in which they are carried out. Lockout is the highest priority APS request that you can post on a port. If a lockout is in effect and a lower-priority request is posted, it is rejected; however, it is posted, and you must enter the no form of this command to clear it. Table 5-6 describes the relative priority levels, from highest to lowest priority, for APS requests. Table 5-6
Priority Highest
Priority Levels for APS Requests

Request Lockout Description Prevents the working port from being switched to the protect port, unless a request of equal or higher priority (another lockout request) is already in effect. Generated by the system if one of the following fatal port error conditions is detected: Loss of signal Loss of frame Line alarm indication signal (AIS-L) Received bit error rate (BER) exceeds the configured signal fail (SF-BER) threshold Port disabled (port is shut down) Traffic card failed or removed Forced Switches the sessions on the working port to the protect port or on the protect port to the working port, unless a request of equal or higher priority is already in effect. Generated by the system if one of the following fatal port error conditions is detected: Loss of signal Loss of frame AIS-L BER exceeds the configured SF-BER threshold Port disabled (port is shut down) Traffic card failed or removed Signal degrade Manual Received BER exceeds the configured signal degradation BER (SD-BER) threshold. Switches the sessions on the working port to the protect port or on the protect port to the working port, unless a request of equal or higher priority is already in effect. If revertive switching is configured, this switch is generated when a signal failure or signal degrade condition has been cleared and the subsequent wait to restore (WTR) timer has expired. Automatic Administrator Administrator System or Administrator Request Administrator
Signal failure on protect port
Automatic
Signal failure on working port
Automatic
Lowest
Wait to restore
Automatic
Note In the event of equal priority requests on the working and protection ports (for example, if both of them are in a signal failure state), the APS group switches to the working port. Use the no form of this command to remove (clear) the request.
5-12
Examples
The following example locks out protect port 2/1 (disables APS switching to it), then removes the lockout:
[local]Redback(config)#port pos 2/1 [local]Redback(config-port)#aps protect lab48 [local]Redback(config-port)#aps switch lockout [local]Redback(config-port)#no aps switch lockout
Related Commands
aps aps group
APS Configuration
5-13
description
description text {no | default} description [text]
Purpose
Associates textual information with an Automatic Protection Switching (APS) group.
Command Mode
APS configuration
Syntax Description
text Text string that identifies the port. Can be any alphanumeric string, including spaces, that is not longer than 80 ASCII characters.
Default
No description is associated with an APS group.
Usage Guidelines
Use the description command to associate textual information with an APS group. This text displays by the show configuration command for the APS group. Use the no or default form of this command to delete the existing description. Because there can be only one description for a port, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example associates a description with the APS group, lab48:
[local]Redback(config)#aps group lab48 [local]Redback(config-aps)#description OC-48 APS
Related Commands
None
5-14
revert
revert wtr-interval no revert default revert
Purpose
Sets the switching algorithm to revertive switching and the wait-to-restore (WTR) interval for an Automatic Protection Switching (APS) group with 1+1 architecture.
Command Mode
APS configuration
Syntax Description
wtr-interval Time to wait before reverting to the working port after it is up. The range of values is 1 to 60 minutes; the default value is 5.
Default
The default WTR interval is 5 minutes; the switching algorithm is nonrevertive switching.
Usage Guidelines
Use the revert command to set the switching algorithm to revertive switching and the WTR value for an APS group with 1+1 architecture. Use the no form of this command to set the switching algorithm to nonrevertive switching. Use the default form of this command to set the WTR to 5 minutes.
Examples
The following example sets the switching algorithm to revertive with a WRT of 3 minutes:
[local]Redback(config)#aps group lab48 [local]Redback(config-aps)#revert 3
Related Commands
None
APS Configuration
5-15
5-16
Part 3
Circuits
This part describes the tasks and commands used to configure basic features for circuits, including clientless IP service selection (CLIPS), encapsulated circuits with Point-to-Point Protocol (PPP) or PPP over Ethernet (PPPoE), and link-aggregated circuits. This part consists of the following chapters: Chapter 6, Circuit Configuration Chapter 7, CLIPS Configuration Chapter 8, PPP and PPPoE Configuration Chapter 9, Link Aggregation Configuration
Chapter 6
Circuit Configuration
This chapter provides an overview of permanent virtual circuits (PVCs) on ports or channels that have been configured with Asynchronous Transfer Mode (ATM), 802.1Q, or Frame Relay encapsulation. It describes the tasks used to configure these circuits, and provides configuration examples and detailed descriptions of the commands used to configure them through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer circuits, see the Circuit Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for all traffic cards are described in Chapter 2, Traffic Card Configuration. Configuration tasks and commands for ATM, Ethernet, or Packet over SONET/SDH (POS) ports are described in Chapter 3, ATM, Ethernet, and POS Port Configuration. Configuration tasks and commands for clear-channel and channelized ports and channels are described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration. Configuration tasks and commands for clientless IP service selection (CLIPS) circuits are described in Chapter 7, CLIPS Configuration. Configuration tasks and commands for Point-to-Point Protocol (PPP)- and PPP over Ethernet (PPPoE)-encapsulated circuits are described in Chapter 8, PPP and PPPoE Configuration. Configuration tasks and commands for link-aggregated circuits are described in Chapter 9, Link Aggregation Configuration. Configuration tasks and commands for bridged circuits are described in Chapter 10, Bridging Configuration. Configuration tasks and commands for cross-connected circuits are described in Chapter 11, Cross-Connection Configuration.
For protocol- or feature-specific commands that appear in any of the circuit configuration modes, see the appropriate chapter in this guide, or the Routing Protocols Configuration Guide, or the IP Services and Security Configuration Guide for the SmartEdge OS.
6-1
Overview
Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted. The term, first-generation ATM OC card, refers to the 2-port ATM OC-3c/STM-1c or 1-port ATM OC-12c/STM-4c card; similarly, the term, second-generation ATM OC card, refers to the 4-port ATM OC-3c/STM-1c or Enhanced ATM OC-12c/STM-4c card. The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis. Note An 802.1Q PVC is also referred to as an 802.1Q virtual LAN (VLAN); however, within this chapter, it is the PVC, not the VLAN, that is being configured. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
This section includes the following topics: 802.1Q PVCs ATM Profiles, VPs, and PVCs Frame Relay Profiles and PVCs
Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.
802.1Q PVCs
A VLAN is a separate, administratively defined, subgroup of a bridged LAN. Bridged LANs and 802.1Q encapsulation are described in the 802.1Q IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks specification, which defines an architecture and bridging protocols for the partitioning of a bridged LAN into VLANs. In the SmartEdge OS, an 802.1Q PVC that connects an 802.1Q VLAN to the SmartEdge router can be created on any 10/100, Gigabit Ethernet, or Gigabit Ethernet 3 port. Note The 802.1Q features do not apply to the Ethernet management port on the controller card.
6-2
Overview
The SmartEdge OS supports 802.1Q encapsulation on Ethernet ports. When an 802.1Q frame is received on an 802.1Q PVC, the 802.1Q header is stripped from the packet. The Ethernet packet is then routed by the system. When an outbound packet is forwarded to an 802.1Q PVC, the SmartEdge OS adds the appropriate 802.1Q header to the packet. This feature also allows for the channelization of Ethernet ports. Two types of 802.1Q PVCs are supportedstatic and on-demand. A static PVC is created in main memory when it is configured, and is always considered active, even when there is no traffic on it. An on-demand PVC is also created when it is configured, but it becomes active only when user traffic is detected on it. On-demand PVCs have two modesdormant (or listening) and active. When you configure a single on-demand PVC, or a range of on-demand PVCs, the dormant version of each PVC is created in listening mode; it does not occupy main memory. When user traffic is detected on a dormant PVC, the PVC is created in active mode in main memory. When the traffic ceases (there are no subscriber sessions connected on it), the PVC is said to be inactive. After a configurable time interval, the inactive PVC is deleted from main memory and the dormant version is again in listening mode. In this way, on-demand PVCs conserve main memory. You can assign a profile and specify the encapsulation for a range of on-demand PVCs when you configure them, or you can specify that the authentication, authorization, and accounting (AAA) and Remote Authentication Dial-In User Service (RADIUS) features to provide the profile and encapsulation. An 802.1Q PVC can be configured as a tunnel with static 802.1Q PVCs configured within it. Each static 802.1Q PVC within the tunnel has an outer VLAN tag value, which is the tunnels VLAN tag value, and a unique inner VLAN tag value. Four types of 802.1Q packets are supported; they are identified from their 802.1Q headers: 8100, 88a8, 9100, and 9200. You can also specify a user-defined type. You can configure one or more tunnels on each port; configure all tunnels on a port for the same type of 802.1Q packets.
ATM Profiles, VPs, and PVCs

ATM encapsulation is described in RFC 1483, Multiprotocol Encapsulation over ATM Adaptation Layer 5. ATM PVCs can be created on any ATM port. Using ATM, data flows over PVCs on a virtual path (VP) on an ATM port. These PVCs are identified by a virtual path identifier (VPI) and virtual circuit identifier (VCI). After you have configured an ATM port, you can configure VPs and PVCs. ATM PVCs and shaped VPs are configured using ATM profiles. (A shaped VP is a VP created with the atm vp command in ATM OC or ATM DS-3 configuration mode.) Note A PVC created on a shaped VP is sometimes referred to as a virtual circuit (VC). VC is used in the following descriptions only when it is necessary to distinguish it from a PVC configured on a nonshaped VP; otherwise, PVC is used throughout this chapter. A shaped VP is also referred to as a VP tunnel; the term, VP tunnel, is not used in this guide. For ATM PVCs configured on ports on ATM DS-3 and second-generation ATM OC cards, you can also create ATM VC tunnels by attaching a quality of service (QoS) ATM weighted-fair queuing (ATMWFQ) policy to an ATM PVC.
6-3
Overview
An ATMWFQ policy allows you to define either two, four, or eight class of service (CoS) queues of packets on each ATM PVC. Each PVC then acts as a VC tunnel. You can specify the queuing algorithm for the policy and for each queue its congestion avoidance parameters, either weighted random early detection (RED) or early packet discard (EPD). For information about attaching QoS policies of any type, see the QoS Circuit Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. ATM profiles can be either static or nonstatic. A static profile is one that you cannot modify or delete after you have assigned any ATM VP or PVC to it; to modify or delete a static profile, you must delete every VP and PVC assigned to it or reassign them to a different profile. However, you can assign an unlimited number of VPs and PVCs to a static profile. A nonstatic profile is one that you can modify at any time without deleting any VP or PVC assigned to it, subject to the constraints listed in the ATM Profiles section in the ATM Configuration Guidelines section for ATM. You can assign up to 16,000 combined VPs and PVCs to a nonstatic profile.
Note To assign a static or nonstatic profile dynamically to an ATM PVC, either by using subscriber-specific RADIUS attributes at the time a subscriber session becomes active, or by using the RADIUS Refresh function, you must have enabled the software license for dynamic services. For more information about enabling software licenses, see the Basic System Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Every ATM profile has a default traffic class, unspecified bit rate (UBR) without any option, which is assigned to each shaped ATM VP or PVC that references that profile. Other supported traffic classes include constant bit rate (CBR), variable bit rate-real time (VBR-rt), VBR nonreal-time (VBR-nrt), and UBR extended (UBRe). For ATM VPs and PVCs configured on first-generation ATM OC cards, only one mode of traffic shaping and scheduling (the default mode) is supported by the segmentation and reassembly (SAR) image. However, ATM DS-3 and second-generation ATM OC cards support multiple modes. These modes are: ATM priority This mode supports different ATM profiles with different shaping for VPs and the ATM VCs that you configure on them. VPs and VCs are shaped using constant bit rate (CBR), variable bit rate-real time (VBR-rt), VBR nonreal-time (VBR-nrt), or unspecified bit rate (UBR), subject to the restrictions given in the Configuring ATM section in Chapter 6, Circuit Configuration. It uses these traffic classes to perform VP and VC scheduling; VCs can also be scheduled with an attached QoS ATMWFQ scheduling policy. PVCs configured on a nonshaped VP are shaped using any traffic class, including UBR extended (UBRe) and can be scheduled using traffic classes and an attached QoS ATMWFQ scheduling policy. Note ATM priority mode replaces the hierarchical-shaped virtual circuit (HSVC) SAR image that was supported in previous releases. ATM DS-3 and second-generation ATM OC cards that were configured with the hierarchical shaping command (in card configuration mode) are automatically configured using this command with the atm-priority keyword.
6-4
Overview
IP priority This mode supports different profiles with different shaping for VPs and their VCs, but restricts the shaping for VPs to CBR, UBR with the peak cell rate (PCR) option, VBR-rt, and VBR-nrt; VCs are restricted to UBR with the PCR option. It uses the IP priorities specified by an attached QoS ATMWFQ policy to perform VP and VC scheduling. PVCs configured on a nonshaped VP are shaped using any traffic class except UBRe and can be scheduled using traffic classes and an attached QoS ATMWFQ scheduling policy. (Configuring PVCs in this mode is not recommended.)
Note The ATM priority and IP priority modes reduce the number of PVCs that you can configure on an ATM DS-3 or second-generation ATM OC card; performance on an ATM DS-3 port might not reach line rate for certain traffic patterns. VC fairness This mode supports different profiles with different shaping for shaped VPs and their VCs, but restricts the shaping for VPs to CBR, UBR with the PCR option, VBR-rt, and VBR-nrt; VCs are restricted to UBR without the PCR option. It uses traffic classes to perform VP scheduling; VCs are scheduled using weighted round-robin (WRR) scheduling. VCs can also be scheduled with an attached QoS ATMWFQ scheduling policy. PVCs configured on a nonshaped VP are shaped and scheduled using any traffic class. Two types of ATM PVCs are supportedexplicitly configured (static) and on-demand. A static PVC is created in main memory when it is configured, and is always considered active, even when there is no traffic on it. An on-demand PVC is also created when it is configured, but it becomes active only when user traffic is detected on it. On-demand PVCs have two modesdormant (or listening) and active. When you configure a single on-demand PVC or a range of on-demand PVCs, the dormant version of each PVC is created in listening mode; it does not occupy main memory. When user traffic is detected on a dormant PVC, the PVC is created in active mode in main memory. When the traffic ceases (there are no subscriber sessions connected on it), the PVC is said to be inactive. After a configurable time interval, the inactive PVC is deleted from main memory and the dormant version is again in listening mode. In this way, on-demand PVCs conserve main memory. You can assign a profile and specify the encapsulation for a range of on-demand PVCs when you configure them, or you can specify that the AAA and RADIUS functions provide the profile and encapsulation type. The ATM profile that AAA and RADIUS dynamically assign can be either a static or nonstatic profile that you have created previously. For more information about configuring AAA and RADIUS, see the AAA Configuration and RADIUS Configuration chapters in the IP Services and Security Configuration Guide for the SmartEdge OS.
6-5
Configuration Tasks
Frame Relay Profiles and PVCs

Frame Relay encapsulation is described in RFC 1490, Multiprotocol Interconnect over Frame Relay, and RFC 2115, Management Information Base for Frame Relay DTEs Using SMIv2. You can create Frame Relay PVCs on any Packet over SONET/SDH (POS) port, clear-channel DS-3 or E1 channel or port, E3 port, DS-1 channel, or DS-0 channel group.
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. The following sections describe 802.1Q PVC, CLIPS, ATM, and Frame Relay configuration tasks: Configuring 802.1Q PVCs Configuring ATM Configuring Frame Relay
Configuring 802.1Q PVCs

This section includes the following topics: Configure an 802.1Q Profile Configure an 802.1Q PVC Configure an 802.1Q Tunnel and the 802.1Q PVCs Within It
Configure an 802.1Q Profile

An 802.1Q profile is required to collect bulk statistics, set the priority bits, or set the rate for any 802.1Q PVC that uses the profile. To configure a profile for an 802.1Q PVC, perform the tasks described in Table 6-1. Table 6-1
# 1. Task Create an 802.1Q profile, or select an existing one for modification, and access dot1q profile configuration mode.
Configure an 802.1Q Profile

Root Command dot1q profile Notes Enter this command in global configuration mode.
2.
Specify general attributes for the profile (all attributes are optional): Associate a description with the profile. Apply an existing bulkstats schema profile to the profile. description bulkstats schema Enter this command in dot1q profile configuration mode. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
6-6
Configuration Tasks
Configure an 802.1Q PVC

To configure an 802.1Q PVC on any Ethernet port, except the Ethernet management port, perform the tasks described in Table 6-2. Unless otherwise noted, enter all commands in dot1q PVC configuration mode. Table 6-2
# 1. 2. 3. Task Bind the Ethernet port to an existing interface in an existing context. Specify 802.1Q encapsulation for the Ethernet port. Create one or more 802.1Q PVCs and access dot1q PVC configuration mode.
Configure an 802.1Q PVC

Root Command bind interface encapsulation dot1q pvc Notes Enter this command in port configuration mode to allow untagged traffic on the port. Enter this command in port configuration mode. Enter this command in port configuration mode. Use the on-demand keyword to create a range of 802.1Q PVCs that are made active only when needed.
4.
Specify general attributes for the 802.1Q PVC (all attributes are optional): Associate a description with the PVC. Enable a watchdog timer for 802.1Q PVCs created on demand. Associate the IP address of the remote host on the circuit. description idle-down ip host This command applies only to 802.1Q PVCs created using the on-demand keyword. Perform this task only for a PVC that you intend to bind directly to an interface. You cannot perform this task if you have created the PVC as part of a range of PVCs. Assigns a medium access control (MAC) address for a 802.1Q PVC. mac-address This mode is not available when configuring dot1qQ VLANS in a link group.
5.
If you are not intending to cross-connect the PVC to another circuit or if you have not created child circuits on it, bind the PVC with one of the following tasks: For a single PVC with the default (IPoE) or multi encapsulation: Create a static binding to an interface. Create a static binding through a subscriber record to an interface. For a single PVC with PPPoE encapsulation: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding. bind interface bind subscriber
For a range of PVCs created using the on-demand keyword: Create a static binding through subscriber records to an interface. 6. Disable an 802.1Q PVC (stop operations on it) until you are ready to begin operations on it. bind auto-subscriber shutdown By default, all circuits are enabled (operational).
6-7
Configuration Tasks
Configure an 802.1Q Tunnel and the 802.1Q PVCs Within It

To configure an 802.1Q tunnel and any PVCs within the tunnel on any Ethernet port, except the Ethernet management port, perform the tasks described in Table 6-3. Table 6-3
# 1. 2. 3. 4. Task Bind the Ethernet port to an existing interface in an existing context. Specify 802.1Q encapsulation for the Ethernet port. Specify the tunnel type for this port. Create a 802.1Q tunnel and access dot1q PVC configuration mode. Associate a description with the tunnel (optional). Bind the 802.1Q PVC tunnel. Create one or more 802.1Q PVCs within the tunnel and access dot1q PVC configuration mode. Associate a description with the PVC (optional).
Configure an 802.1Q PVC Tunnel and the 802.1Q PVCs Within It

Root Command bind interface encapsulation dot1q tunnel dot1q pvc Notes Enter this command in port configuration mode to allow untagged traffic on the port. Enter this command in port configuration mode. Enter this command in port configuration mode. Enter this command in port configuration mode. Specify the encapsulation with the 1qtunnel keyword. Enter this command in dot1q PVC configuration mode. Enter this command in dot1q PVC configuration mode. Enter this command in port configuration mode. Specify the VLAN ID of the tunnel followed by a colon (:) before specifying the VLAN ID of the PVC. Enter this command in dot1q PVC configuration mode.
5. 6. 7.
description bind interface dot1q pvc
8. 9.
description
If you are not intending to cross-connect the PVC within the tunnel to another circuit or if you have not created child circuits on it, bind the PVC using one of the following tasks: For a PVC with the default (IPoE) or multi encapsulation: Create a static binding to an interface. Create a static binding through a subscriber record to an interface. For a PVC with PPPoE encapsulation: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication Enter this command in dot1q PVC configuration mode. Enter this command in dot1q PVC configuration mode. You must specify the context to create a restricted dynamic binding. Enter this command in dot1q PVC configuration mode. By default, all circuits are enabled (operational). bind interface bind subscriber Enter this command in dot1q PVC configuration mode. Enter this command in dot1q PVC configuration mode.
10.
Disable an 802.1Q PVC (stop operations on it) until you are ready to begin operations on it.
shutdown
6-8
Configuration Tasks
Configuring ATM
This section includes the following topics: ATM Configuration Guidelines Specify the Card Mode for the SAR Image Configure an ATM Profile Configure a Shaped ATM VP Configure an ATM PVC
ATM Configuration Guidelines

This section includes the following configuration guidelines which affect more than one command or a combination of commands: ATM Profiles ATM and Congestion Avoidance ATM Modes and Traffic Shaping ATM and OAM ATM and QoS Number of ATM VPs and PVCs
ATM Profiles
The following guidelines apply to ATM profiles: The ATM profile must exist before you create the VP or PVC. A nonstatic ATM profile can be referenced by a maximum 16,000 ATM PVCs and VPs; static profiles can be referenced by an unlimited number of PVCs and VPs. You can create multiple static and nonstatic profiles. To modify a static profile, you must first delete all VPs and PVCs that reference it, or reassign them to a different profile. You can convert a nonstatic profile to a static one without disrupting traffic on any VPs or PVCs that reference it, but you cannot convert a static profile to a nonstatic one; you must delete it first. Deleting a profile deletes all VPs and PVCs that reference it. If you assign a profile that includes the UBRe traffic class to a PVC created on a first-generation ATM OC card, the system displays an error message and does not create the PVC.
6-9
Configuration Tasks
The following guidelines apply to ATM profiles assigned to PVCs: Changing an ATM profile can cause traffic disruption to all PVCs that reference that profile, as described in the following statements:
Caution Risk of data loss. When you change the congestion algorithm or the traffic class for the profile (in ATM profile configuration mode), all ATM PVCs that reference the profile are deleted and recreated automatically by the system and an error message displays by the system. To reduce the risk when making any change to a profile, determine if the change affects service: Create a new ATM profile with the changed configuration parameters. Use the atm pvc command (or its atm pvc explicit form) (in ATM OC or ATM DS-3 configuration mode) to assign the new profile to the ATM PVC. If the change affects service, a warning message displays when you enter the command, and you can cancel or commit the change, using the abort or commit command, respectively (in ATM OC or ATM DS-3 configuration mode). Changes to traffic class parameters, such as a rate change, the cell loss priority (CLP) bit, operations, administration, and maintenance (OAM) mechanism and parameters, PVC statistics, congestion avoidance parameters, or bulkstats functions do not affect traffic, and therefore, do not cause the error message to be displayed. To assign a different profile to an existing PVC, enter either form of the atm pvc command with the new profile name and the encapsulation.
Caution Risk of data loss. The assignment of the new profile can cause traffic to be interrupted on the affected PVC if the new profile changes the congestion algorithm or the traffic class. To reduce the risk, if the system displays an error message, you can cancel or commit the change, using the abort or commit command, respectively (in ATM OC or ATM DS-3 configuration mode). The following guidelines apply to ATM profiles assigned to shaped VPs: If you specify different ATM profiles when configuring shaped VPs and their VCs on a first-generation ATM card, you must adhere to the following guidelines: If a shaped VP references an ATM profile with a different traffic class, all VCs created on the VP must reference a profile configured with the UBR traffic class. If a PVC references an ATM profile with a different traffic class, then the VP on which it is created must be unshaped. (The VP is created implicitly by the system when its VPI is specified in the atm pvc command in ATM OC or ATM DS-3 configuration mode.) You cannot create a shaped VP with a profile that specifies the UBRe traffic class, and you cannot change the shaping of a profile to UBRe if that profile has been referenced by a shaped VP. If you attempt to change the traffic class for an ATM profile that is assigned to a shaped VP that has VCs configured on it, the system displays an error message and the command fails. You must delete all VCs that are configured on the shaped VP before you change the profile, and then recreate them. If you attempt to modify an existing shaped VP by assigning a different profile to it and that profile changes the traffic class, the system displays an error message and the command fails. You must delete all VCs configured on the shaped VP before you assign the new profile, and then recreate them. If you reference an ATM profile that enables the OAM options with the oam fault-monitor, oam manage, or oam xc commands (in ATM profile configuration mode), the OAM options are ignored.
6-10
Configuration Tasks
ATM and Congestion Avoidance

The following guidelines apply to the congestion avoidance algorithm that you specify for an ATM profile: The default congestion avoidance algorithm for an ATM profile (without the congestion command entered in ATM profile configuration mode) is weighted RED with its default parameters. Therefore, because the weighted RED algorithm is not supported for first-generation ATM OC cards, assigning an ATM profile with the default congestion algorithm to either of those cards has the same affect as assigning one that specifies the EPD algorithm with default parameters. You cannot specify more than one congestion algorithm, either weighted RED or EPD, for an ATM profile; if you specify a second algorithm, the first algorithm is silently replaced. You cannot change the congestion algorithm or the parameters for a congestion algorithm for an ATM static profile unless it is not assigned to any ATM VP or PVC. The EPD algorithm used for PVCs on the first-generation ATM OC cards is slightly different from that used for the ATM DS-3 and second-generation ATM OC cards; see the description of the congestion command for details. The default values for the EPD parameters are not the same as those applied to an ATM profile in previous releases. Changing the EPD parameters for an ATM profile that is already assigned to an ATM VP or PVC is not service affecting (traffic is not disrupted) for any ATM card. Changing the weighted RED parameters for an ATM profile that is already assigned to an ATM VP or PVC is not service affecting (traffic is not disrupted) for the second-generation ATM OC and ATM DS-3 cards. Changing the congestion avoidance algorithm from weighted RED to EPD for a profile assigned to an ATM VP or PVC on any ATM card can be service affecting: For second-generation ATM OC and ATM DS-3 cards, changing the algorithm is service affecting, but the counters are preserved. For first-generation ATM OC cards, changing the algorithm effectively changes the EPD parameters from the default values to the values of the parameters specified by the command; therefore, the change is not service affecting. Changing the congestion avoidance algorithm from EPD to weighted RED for a profile assigned to an ATM VP or PVC on any ATM card can be service affecting: For ATM DS-3 and second-generation ATM OC cards, changing the algorithm is service affecting. For first-generation ATM OC cards, changing the algorithm effectively changes the EPD parameters to their defaults, because weighted RED is not supported for these cards; therefore, the change is not service affecting.
ATM Modes and Traffic Shaping

Traffic shaping restrictions for first-generation ATM OC cards include: If you configure a VC on a shaped VP, the ATM profile that you specify for the VC must be configured for the UBR traffic class without the PCR option.
6-11
Configuration Tasks
If you configure a shaped VP, the traffic class for the profile that you reference can be any class, except UBRe; however, any ATM VC configured on that shaped VP must reference a profile with the UBR traffic class without PCR.
Traffic shaping restrictions for ATM DS-3 and second-generation ATM OC cards include: For any mode, except VC fairness, the traffic class specified in an ATM profile can restrict the number of ATM PVCs that you can configure on a port; see the Number of ATM VPs and PVCs section for details. If you configure a PVC and reference a profile that includes UBRe shaping, you cannot attach an ATMWFQ QoS policy to that PVC. For the ATM priority mode, the traffic class for a profile that you reference for the shaped VP can be any class, except UBRe; however, any VC configured on that VP must reference a profile with a traffic class that is equal to or less restrictive than that for the VP. Table 6-4 lists the traffic class combinations for VPs and VCs. Traffic Class Combinations for ATM Priority Mode
Valid VC Traffic Classes CBR, VBR-rt, VBR-nrt, UBR with PCR option, UBR VBR-rt, VBR-nrt, UBR with PCR option, UBR VBR-nrt, UBR with PCR option, UBR UBR with PCR option, UBR UBR
Table 6-4
VP Traffic Class CBR VBR-rt VBR-nrt UBR with PCR option UBR
ATM and OAM

The following OAM guidelines apply: To enable end-to-end path-level (F4) fault monitoring or OAM management for a shaped VP, you must create an ATM VC with VCI 4 on the VP that you intend to monitor; this VC must reference an ATM profile that includes the oam fault-monitor, oam manage, or oam xc command (in ATM profile configuration mode). If you specify the oam fault-monitor or oam manage command for an ATM profile that is referenced when creating a shaped VP, the OAM fault monitoring option is ignored. The oam fault-monitor command and the oam manage command (in ATM profile configuration mode) are mutually exclusive; you cannot specify fault monitoring and enable OAM management on the same ATM profile. However, you can include both the oam fault-monitor and oam xc or the oam manage and the oam xc commands (in ATM profile configuration mode) in the same profile. The oam fault-monitor and oam manage commands are operational only for ATM PVCs that are not cross-connected. If you also include an oam xc command (in ATM profile configuration mode) for this profile, and an ATM PVC that references this profile is cross-connected at a later time, the oam fault-monitor or oam manage command in the profile is disabled (ignored), and the oam xc command is made operational instead.
ATM and QoS

The following guidelines apply:
6-12
Configuration Tasks
QoS ATMWFQ policies can be attached to ATM PVCs on second-generation ATM OC and ATM DS-3 cards only. QoS priority queuing (PQ) and enhanced deficit round-robin (EDRR) policies can be attached to ATM PVCs on first-generation ATM OC cards only. If you attach an ATMWFQ QoS policy to the outbound traffic on an ATM PVC on an ATM DS-3 or second-generation ATM OCcard and that PVC references a profile with congestion parameters, the policy overrides the weighted RED or EPD parameters specified by the profile. If you attach a QoS policy, either PQ or EDRR, to the outbound traffic on an ATM PVC on a first-generation ATM OC card, both the policy and the EPD parameters are enforced. Using ATM on-demand PVCs, QoS policies cannot be configured directly on the circuit, but must be configured and applied using the subscriber record referenced in the bind auto-subscriber command.
For information about creating QoS policies CoS queues, see the QoS Scheduling Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.
Number of ATM VPs and PVCs

The combined number of ATM PVCs and VPs that you can create for each ATM port depends on the type of ATM card, the total number of circuits configured on that card, type and number of traffic classes, the SAR image (mode) that is loaded, the type of QoS policy, the number of CoS queues, and the number of dormant on-demand PVCs that are configured. It is also affected by your assignment of VPI and VCI values and, for an ATM DS-3 card, the number of ports that you have specified as software configurable. Note The tables in this section list these limits with no on-demand PVCs configured. For limits on the number of PVCs for configurations with on-demand PVCs configured, consult your local technical representative or the Redback Technical Assistance Center (TAC). The following guidelines apply to the number of shaped VPs and PVCs that you can create on a card: On any ATM card, each shaped VP is counted as a PVC. The number of PVCs also includes all circuits configured on each port; for example, an ATM port with multi encapsulation can have multiple IP over Ethernet (IPoE) and PPPoE circuits. The number of PVCs that you can configure for a traffic class depends on the type of card and its mode. Table 6-5 lists the PVC limits for each traffic class for each port on each type of card. The number of PVCs that you can configure for a traffic class depends on the type of card and its mode. Table 6-6 lists the PVC limits for each traffic class on first-generation ATM OC cards. PVC Limits on First-Generation ATM OC Ports
PVC Limits for each Traffic Class on each Port Card 2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c Default Mode 8,000 8,000 Notes Only the default mode is supported. Only the default mode is supported.
Table 6-5
Table 6-6 lists the PVC limits for each traffic class on ATM DS-3 and second-generation ATM OC cards.
6-13
Configuration Tasks
Table 6-6
PVC Limits on ATM DS-3 and Second-Generation ATM OC Ports

PVC Limits for each Traffic Class on each Port
Card 12-port ATM DS-3 4-port ATM OC-3c/STM-1c (including low-density version) Enhanced ATM OC-12c/STM-4c
ATM Priority Mode 1,000 8,000 16,000
IP Priority Mode 1,000 8,000 16,000
VC Fairness Mode 2,000 16,000 16,000
Notes All ports are software configurable.
The maximum number of of PVCs on an ATM DS-3 card does not change if the number of software configurable ports is limited. However, the maximum number of PVCs for each traffic class for each port is increased. Table 6-7 lists the number of PVCs for each ATM DS-3 port for each traffic class if the number of software configurable ports has been limited using the maximum ports command (in card configuration mode).
Table 6-7
PVC Limits for ATM DS-3 Cards with Limited Configurable Ports
PVC Limit for Each Traffic Class for Each Port
Number of Configurable ATM DS-3 Ports 4 8 12
ATM and IP Priority Modes 4,000 2,000 1,000
VC Fairness Mode 8,000 4,000 2,000
If an ATM PVC references a profile with UBRe shaping, that PVC must be counted twiceonce as a PVC with UBR shaping and once as a PVC with VBR-nrt shaping. Therefore, the maximum number of PVCs with UBR or VBR-nrt shaping and the number of PVCs with UBRe shaping cannot be be greater than the maximum number of PVCs for each traffic class and ATM mode. For example, for a port on an ATM DS-3 card (in VC fairness mode) and all ports software configurable: If you create 2,000 ATM PVCs referencing a profile with UBRe shaping, you cannot create any more PVCs with either UBR or VBR-nrt shaping. You can create 2,000 PVCs with CBR and 2,000 with VBR-rt shaping, for a total of 6,000 PVCs. If you do not create any ATM PVCs referencing a profile with UBRe shaping, you can create the maximum of 8,000 ATM PVCs: 2,000 for each traffic class. With the ATM DS-3 card in ATM or IP priority mode and all ports software configurable: If you create 1,000 ATM PVCs referencing a profile with UBRe shaping, you cannot create any more ATM PVCs with UBR or VBR-nrt shaping. In this case, you can create 1,000 ATM PVCs with CBR and 1,000 PVCs with VBR-rt shaping for a total of 3,000 PVCs. If you do not create any ATM PVCs referencing a profile with UBRe shaping, you can create the maximum of 4,000 ATM PVCs: 1,000 for each traffic class.
6-14
Configuration Tasks
If you are creating a range of on-demand PVCs on an ATM DS-3 or second-generation ATM OC port and you have configured the port in listening mode using the ccod-mode port-listen command (in ATMDS-3 or ATM OC configuration mode), you can specify the range of the listening PVCs with the VPI spanning from 0 to 255, and the VCI spanning from 1 to 65,535. Otherwise, the range that you specify must be within the limits for active PVCs; these limits depend upon the type of port, the SAR image for the card, and the traffic class specified by the profile. An error message displays if the range that you specify is not supported; see the tables (Table 6-5, Table 6-7, Table 6-9) that specify PVC limits. Regardless of the number of listening PVCs that you create, the number of active PVCs cannot be greater than those specified for each traffic class and SAR image on the type of port on which they are created; see the tables (Table 6-5, Table 6-7, Table 6-9) that specify PVC limits. The number of PVCs on ports that are configured with an ATMWFQ QoS policy is dependent on the number of CoS queues. You can create two, four, or eight CoS queues; see Table 6-11 for PVC limits. For information about creating QoS policies and CoS queues, see the QoS Scheduling Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.
If you leave large gaps between VCI values, then the number of PVCs that you can create is reduced. Whenever possible, to minimize the affect on the number of PVCs: Assign consecutive values for VCIs in groups of 64 PVCs. Limit the number of PVCs defined for each VPI to a multiple of 64.
You can create a maximum of 256 shaped and unshaped VPs on any ATM port (VPIs 0 to 255); Table 6-8 lists the limits for shaped VPs on each type of ATM card. Table 6-8
Card 12-port ATM DS-3 4-port ATM OC-3c/STM-1c (including low-density version) Enhanced ATM OC-12c/STM-4c 2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c
Shaped VP Limits for ATM Cards

Shaped VP Limits Determined by many factors, including the number of PVCs and number of CoS queues created, up to a maximum of 256 shaped VPs on each port. Determined by many factors, including the number of PVCs and number of CoS queues created, up to a maximum of 256 shaped VPs on each port. Determined by many factors, including the number of PVCs and number of CoS queues created, up to a maximum of 256 shaped VPs on each port. 64 for each card; 32 for each port. 64 for each card.
Table 6-9 list the PVC limits on shaped VPs for each type of card. Table 6-9
Card 12-port ATM DS-3 4-port ATM OC-3c/STM-1c (including low-density version) Enhanced ATM OC-12c/STM-4c 2-port ATM OC-3c/STM-1c
PVC Limits on Shaped VPs for ATM Cards

VC Limits for Shaped VPs 8,000 for each shaped VP; 8,000 for each card with all ports software configurable. 16,000 for each shaped VP; 16,000 for each card. 16,000 for each shaped VP; 16,000 for each card. 256 for each shaped VP; 5,175 for each card.
6-15
Configuration Tasks
Table 6-9
Card
PVC Limits on Shaped VPs for ATM Cards (continued)

VC Limits for Shaped VPs 256 for each shaped VP; 5,175 for each card.
1-port ATM OC-12c/STM-4c
6-16
Configuration Tasks
Table 6-10 lists the circuit and PVC limits when no ATMWFQ policy is attached. Table 6-10 PVC Limits for ATM Cards Without ATMWFQ Policy
Card 12-port ATM DS-3 12-port ATM DS-3 4-port ATM OC-3c/STM-1c (including low-density version) 4-port ATM OC-3c/STM-1c (including low-density version) Enhanced ATM OC-12c/STM-4c Enhanced ATM OC-12c/STM-4c 2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c Mode VC fairness ATM or IP priority VC fairness ATM or IP priority VC fairness ATM or IP priority Default Default Circuit and PVC Limits 8,000 for each port, 8,000 for each card with all ports software configurable. 4,000 for each port, 8,000 for each card with all ports software configurable. 16,000 for each port, 16,000 for each card. 16,000 for each port, 16,000 for each card. 16,000 for each port, 16,000 for each card. 16,000 for each port, 16,000 for each card. 8,000 for each port, 8,000 for each card. 8,000 for each port, 8,000 for each card.
Table 6-11 lists the circuit and PVC limits for ATM cards with ATMWFQ CoS Queues. Table 6-11
Card 12-port ATM DS-3
PVC Limits for ATM Cards with ATMWFQ CoS Queues

Mode VC fairness Circuit and PVC Limits 0 or 2 CoS queues: 8,000 for each port, 8,000 total for each card. 4 CoS queues: 8,000 for each port, 8,000 for each card. 8 CoS queues: 6,000 for each port, 6,000 for each card.
12-port ATM DS-3
ATM or IP priority
0 or 2 CoS queues: 4,000 for each port, 8,000 total for each card. 4 CoS queues: 4,000 for each port, 8,000 for each card. 8 CoS queues: 4,000 for each port, 6,000 for each card.
4-port ATM OC-3c/STM-1c (including low-density version)
VC fairness
4-port ATM OC-3c/STM-1c (including low-density version)
ATM or IP priority
6-17
Configuration Tasks
Table 6-11
Card
PVC Limits for ATM Cards with ATMWFQ CoS Queues (continued)
Mode VC fairness Circuit and PVC Limits 0 or 2 CoS queues: 16,000 for each port, 16,000 total for each card. 4 CoS queues: 12,800 for each port, 12,800 for each card. 8 CoS queues: 7,100 for each port, 7,100 for each card.
Enhanced ATM OC-12c/STM-4c
Enhanced ATM OC-12c/STM-4c
ATM or IP priority
Specify the Card Mode for the SAR Image

You must explicitly specify the card mode for the SAR image of a second-generation ATM OC or ATM DS-3 card on which you want to use ATM priority or IP priority traffic scheduling. To specify the card mode for the SAR image, perform the task described in Table 6-12; enter the command in card configuration mode. Table 6-12 Specify the Card Mode for the SAR Image
Task Specify the card mode. Root Command atm mode Notes This command is available only for ATM DS-3 and second-generation ATM OC cards.
Configure an ATM Profile

An ATM profile is required to create ATM PVCs or shaped VPs for ATM PVCs. An ATM profile contains common configuration information that is used by all shaped VPs and ATM PVCs that reference the profile. Typically, you configure at least one ATM profile for each traffic class that you intend to support on a SmartEdge router. You might also require additional ATM profiles for PVCs with other special requirements, such as counters, or PVCs created on demand.
6-18
Configuration Tasks
To configure an ATM profile, perform the tasks described in Table 6-13. Table 6-13 Configure an ATM Profile
# 1. 2. Task Create a new ATM profile, or to select an existing ATM profile for modification, and access ATM profile configuration mode. Root Command atm profile Notes Enter this command global configuration mode.
Specify general attributes for the profile (all attributes are optional): Associate a description with an ATM profile. Report the receive and transmit speeds of the ATM PVC to which this profile is assigned. Set the CLP bit in all cells transmitted over PVCs referencing this ATM profile. Specify the traffic class for this ATM profile. description report clpbit shaping Enter this command in ATM profile configuration mode. Enter this command in ATM profile configuration mode. Enter this command in ATM profile configuration mode. Enter this command in ATM profile configuration mode. The default value is UBR without the PCR option. Enter this command in ATM profile configuration mode. Enter this command in ATM profile configuration mode. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
Enable statistics collection for all PVCs referencing this ATM profile. Specify the weighted RED or EPD parameters for congestion avoidance. Apply an existing bulkstats schema profile to the profile.
counters congestion bulkstats schema
3.
For non-cross-connected ATM PVCs, enable OAM with one of the following tasks (optional): Enable alarm indication signal (AIS) and remote defect indication (RDI) fault monitoring for any ATM PVC that references this profile and is not cross-connected. Enable the operational state of any ATM PVC that is not cross-connected and that references this profile to be reflected by its AIS and RDI (RDI/AIS) state at the F5 level. oam fault-monitor Enter this command in ATM profile configuration mode. The default value is disabled. Enter this command in ATM profile configuration mode. The default value is disabled. Enter this command in ATM profile configuration mode. The default value is disabled.
oam manage
4.
For cross-connected ATM PVCs, enable the OAM cells received on one of the ATM PVCs to be forwarded to and transmitted on the other ATM PVC.
oam xc
Configure a Shaped ATM VP

When you create an ATM PVC, you must specify a VP for it, using a VPI. An ATM VP can be shaped or nonshaped: A shaped VP is created explicitly. You create it using the atm vp command (in ATM OC or ATM DS-3 configuration mode) and specifying its VPI and an existing ATM profile. A nonshaped VP is created implicitly. SmartEdge OS creates it when you configure an ATM PVC and specify a VPI that has not be used to create a shaped VP. To configure a shaped ATM VP, perform the task described in Table 6-14; enter this command in ATM OC or ATM DS-3 configuration mode.
6-19
Configuration Tasks
Table 6-14 Configure a Shaped ATM VP

Task Create or modify a shaped ATM VP. Root Command atm vp Notes Enter this command in ATM OC or ATM DS-3 configuration mode.
Configure an ATM PVC

To configure an ATM PVC, perform the tasks described in Table 6-15. Table 6-15 Configure an ATM PVC
# 1. Task Root Command Notes
Create or modify one or more ATM PVCs, and access ATM PVC configuration mode with one of the following tasks: Create or modify one or more ATM PVCs. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of static PVCs. Use the on-demand keyword to configure a range of PVCs that are created only when needed. Assign a different profile to an existing ATM PVC. atm pvc You must specify the encapsulation in addition to the new profile name.
2.
Specify general attributes for the PVC (all attributes are optional): Associate a description with an ATM PVC. Enable a watchdog timer for PVCs created on demand. description idle-down Enter this command in ATM PVC configuration mode. Enter this command in ATM PVC configuration mode. This command applies only to ATM PVCs created using the on-demand keyword without multi encapsulation. Enter this command in ATM PVC configuration mode. Perform this task only for an ATM PVC that you intend to bind directly to an interface. You cannot perform this task if you have created the PVC as part of a range of PVCs.
Associate the IP address and MAC address of the remote host on the circuit with the ATM PVC.
ip host
6-20
Configuration Tasks
Table 6-15 Configure an ATM PVC (continued)

If you do not intend to cross-connect the ATM PVC to another circuit, bind the ATM PVC with one of the following tasks: For an ATM PVC with bridge1483, multi, or route1483 encapsulation: Create a static binding to an interface. bind interface Enter this command in ATM PVC configuration mode. This option is not supported for on-demand ATM PVCs. Enter this command in ATM PVC configuration mode. This option is supported for a single ATM PVC; an on-demand ATM PVC must be configured with the aaa keyword. Enter this command in ATM PVC configuration mode. Perform this option only if you are binding a range of PVCs.
Create a static binding for a single PVC through a subscriber record to an interface.
bind subscriber
Create static bindings for multiple PVCs through subscriber records. For an ATM PVC with ppp encapsulation: Create an unrestricted dynamic binding. Create a restricted dynamic binding.
bind auto-subscriber
bind authentication bind authentication
Enter this command in ATM PVC configuration mode. Enter this command in ATM PVC configuration mode. You must specify the context to create a restricted dynamic binding. Enter this command in ATM PVC configuration mode. This option is supported for a single ATM PVC; an on-demand ATM PVC must be configured with the aaa keyword. Perform this option only if you are binding a range of PVCs.
Create a static binding for a single PVC through a subscriber record to an interface.
bind subscriber
Create static bindings for multiple PVCs through subscriber records. For an ATM PVC with pppoe encapsulation: Create an unrestricted dynamic binding. Create a restricted dynamic binding.
bind authentication bind authentication
Enter this command in ATM PVC configuration mode. Enter this command in ATM PVC configuration mode. You must specify the context to create a restricted dynamic binding. Enter this command in ATM PVC configuration mode. By default, all circuits are enabled (operational).
4.
Disable an ATM PVC (stop operations on it) until you are ready to begin operations on it.
shutdown
Configuring Frame Relay

This section includes the following topics: Configure a Frame Relay Profile Configure the Interface Type and LMI Parameters Configure a Frame Relay PVC
Note You must enter the encapsulation command in DS-0, DS-1, DS-3, E1, E3, or port configuration mode with the frame-relay keyword before you can enter Frame Relay commands in DS-0, DS-1, DS-3, E1, E3, or port configuration mode.
6-21
Configuration Tasks
Configure a Frame Relay Profile

To configure a Frame Relay profile, perform the tasks described in Table 6-16. Table 6-16 Configure a Frame Relay Profile
# 1. Task Create a new Frame Relay profile, or to select an existing Frame Relay profile for modification, and access Frame Relay profile configuration mode. Apply an existing bulkstats schema profile to a Frame Relay profile. Root Command frame-relay profile Notes Enter this command in global configuration mode. For more information about the bulkstats schema command, see the Bulkstats Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2.
bulkstats schema
Configure the Interface Type and LMI Parameters

For Frame Relay to operate, you must configure the interface type and the Frame Relay LMI for the port or channel with Frame Relay encapsulation. To configure the interface type and the LMI, perform the tasks described in Table 6-17. Enter all commands in DS-0, DS-1, DS-3, E1, E3, or port configuration mode. Table 6-17 Configure the Interface Type and LMI Parameters
# 1. 2. 3. 4. 5. 6. Task Specify the interface type. Specify the interval for the polling verification timer for a DCE interface type. Specify the Frame Relay LMI type. Enable the automatic detection of the LMI type. Enable the keepalive function and specify the interval value for a Frame Relay DTE interface. Specify the number of keepalive messages sent before the status message request is sent for a Frame Relay DTE interface. Root Command frame-relay intf-type frame-relay lmi-t392dce frame-relay lmi-type frame-relay auto-detect frame-relay keepalive frame-relay lmi-n391dte This is the default; use the no form to disable automatic detection. The keepalive function is enabled by default with a 10-second interval. Notes Enter this command in port configuration mode.
7.
Specify the error threshold before LMI is considered to have failed: For a Frame Relay DCE interface. For a Frame Relay DTE interface. frame-relay lmi-n392dce frame-relay lmi-n392dte
8.
Specify the monitored event count: For a Frame Relay DCE interface. For a Frame Relay DTE interface. frame-relay lmi-n393dce frame-relay lmi-n393dte
6-22
Configure a Frame Relay PVC

You can configure a Frame Relay PVC on a DS-0 channel group, DS-1 channel, a clear-channel DS-3 channel or port, an E3 port, an E1 channel or port, or a Packet over SONET/SDH (POS) port that is configured with the encapsulation frame-relay command (in DS-0, DS-1, DS-3, E1, E3, or port configuration mode). To configure a Frame Relay PVC, perform the tasks described in Table 6-18. Table 6-18 Configure a Frame Relay PVC
# 1. Task Create or select a Frame Relay PVC and access Frame Relay PVC configuration mode. Root Command frame-relay pvc Notes Enter this command in DS-0, DS-1, DS-3, E1, E3, or port configuration mode. You must have previously specified Frame Relay encapsulation for this command to be available. Enter this command in Frame Relay PVC configuration mode. Enter this command in Frame Relay PVC configuration mode. By default, all circuits are enabled (operational).
2. 3. 4.
Associate the IP address of the remote host on the circuit. Bind the Frame Relay PVC to an existing interface in an existing context. Disable a Frame Relay PVC (stop operations on it) until you are ready to begin operations on it.
ip host bind interface shutdown
This section includes the following examples: 802.1Q PVC Examples ATM Examples Frame Relay Examples
802.1Q PVC Examples

This section provides example configurations for: 802.1Q PVCs 802.1Q PVC Tunnel
802.1Q PVCs
The following example binds untagged traffic to an interface, untagged, creates two 802.1Q PVCs on an Ethernet port, and binds them to the interfaces, vlan100 and vlan200: 1. First, the interfaces are created in the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface untagged [local]Redback(config-ctx)#ip address 15.1.0.1/24 [local]Redback(config-ctx)#interface vlan100 [local]Redback(config-ctx)#ip address 15.1.1.1/24
6-23
Configuration Examples [local]Redback(config-ctx)#interface vlan200 [local]Redback(config-ctx)#ip address 15.1.2.1/24 [local]Redback(config-ctx)#exit
2. Next, the Ethernet port is configured:

[local]Redback(config)#port ethernet 5/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface untagged local [local]Redback(config-port)#encapsulation dot1q
3. Finally, the 802.1Q PVCs with VLAN tag values 100 and 200 are configured:
[local]Redback(config-port)#dot1q pvc 100 [local]Redback(config-dot1q-pvc)#description local vlan [local]Redback(config-dot1q-pvc)#bind interface vlan100 local [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 200 [local]Redback(config-dot1q-pvc)#bind interface vlan200 local [local]Redback(config-dot1q-pvc)#exit
802.1Q PVC Tunnel

The following example is identical to the previous example, but creates the 802.1Q PVCs in an 802.1Q tunnel: 1. Create the interfaces in the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface untagged [local]Redback(config-ctx)#ip address 15.1.0.1/24 [local]Redback(config-ctx)#interface vlan-tunnel [local]Redback(config-ctx)#ip address 15.1.4.1/24 [local]Redback(config-ctx)#interface vlan100 [local]Redback(config-ctx)#ip address 15.1.1.1/24 [local]Redback(config-ctx)#interface vlan200 [local]Redback(config-ctx)#ip address 15.1.2.1/24 [local]Redback(config-ctx)#exit
2. Confiugre the Ethernet port:

[local]Redback(config)#port ethernet 5/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface untagged local [local]Redback(config-port)#encapsulation dot1q
3. Create the 802.1Q PVC tunnel:

[local]Redback(config-port)#dot1q tunnel 9100 [local]Redback(config-port)#dot1q pvc 50 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#description 802.1Q tunnel [local]Redback(config-dot1q-pvc)#bind interface vlan-tunnel local
6-24
4. Create the 802.1Q PVCs within the tunnel with VLAN tag values 100 and 200:
[local]Redback(config-port)#dot1q pvc [local]Redback(config-dot1q-pvc)#bind [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc [local]Redback(config-dot1q-pvc)#bind [local]Redback(config-dot1q-pvc)#exit 50:100 interface vlan100 local 50:200 interface vlan200 local
ATM Examples
This section provides several example configurations for the various ATM software features: ATM Profiles ATM VPs ATM PVCs ATM HSVCs
ATM Profiles
The following example shows the configuration of the following ATM profiles:
vbrnrt-basic provides a profile for ATM PVCs that support VBR-nrt traffic. oam provides a profile for OAM-managed ATM PVCs. monitor provides a profile for OAM monitoring of ATM PVCs. cbr1 provides a profile for ATM PVCs and VPs that includes fault and continuity monitoring. ubr1 provides a profile for ATM PVCs that will be configured on a shaped VP.
[local]Redback(config)#atm profile vbrnrt-basic [local]Redback(config-atm-profile)#shaping vbr-nrt pcr 100000 cdvt 5000 scr 80000 bt 8000 [local]Redback(config-atm-profile)#exit [local]Redback(config)#atm profile oam [local]Redback(config-atm-profile)#shaping ubr [local]Redback(config-atm-profile)#oam manage end-to-end auto-loopback regular-timeout 45 retry-timeout 4 [local]Redback(config-atm-profile)#counters l2 [local]Redback(config-atm-profile)#exit [local]Redback(config)#atm profile monitor [local]Redback(config-atm-profile)#shaping ubr [local]Redback(config-atm-profile)#oam fault-monitor end-to-end [local]Redback(config-atm-profile)#counters l2 [local]Redback(config-atm-profile)#exit
6-25
Configuration Examples [local]Redback(config)#atm profile cbr1 [local]Redback(config-atm-profile)#shaping cbr rate 100000 cdvt 10 [local]Redback(config-atm-profile)#oam fault-monitor end-to-end [local]Redback(config-atm-profile)#counters l2 [local]Redback(config-atm-profile)#exit [local]Redback(config)#atm profile ubr1 [local]Redback(config-atm-profile)#shaping ubr [local]Redback(config-atm-profile)#counters l2 [local]Redback(config-atm-profile)#exit
ATM VPs
The following example creates a shaped ATM VP on an ATM OC port:
[local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#atm vp 100 profile cbr1
ATM PVCs
The following example creates two ATM PVCs, 4 and 110, on an ATM OC port, using the oam and ubr1 profiles on shaped VP 100, and binds them to an existing interface atmpvc in the local context:
!Create VCI 4 on VP 100 for OAM cells [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 100 4 profile oam encapsulation bridge1483 !Create the PVC that will be managed with OAM [local]Redback(config-atm-oc)#atm pvc 100 110 profile monitor encapsulation bridge1483 [local]Redback(config-atm-pvc)#description bridged 1483 PVC [local]Redback(config-atm-pvc)#bind interface atmpvc local [local]Redback(config-atm-pvc)#exit
ATM HSVCs
The following example loads the ATM priority SAR image for a 4-port ATM OC-3c/STM-1c card in slot 5, creates a shaped VP using the cbr1 profile, creates an ATM HSVC using the vbrnrt-basic profile, and then binds the HSVC to an existing atmpvc interface in the local context:
!Load the ATM priority SAR image [local]Redback(config)#card atm-oc3-4-port 5 [local]Redback(config-card)#atm mode atm-priority Note: enable atm-priority SAR image will cause card reload commit to continue; abort to exit without change [local]Redback(config-card)#commit [local]Redback(config-card)#exit !Create the shaped VP; OAM parameters will be ignored [local]Redback(config)#port atm 5/1 [local]Redback(config-atm-oc)#atm vp 100 profile cbr1
6-26
Configuration Examples !Create the HSVC and bind it [local]Redback(config-atm-oc)#atm pvc 100 101 profile vbrnrt-basic encapsulation bridge1483 [local]Redback(config-atm-pvc)#description bridged 1483 HSVC [local]Redback(config-atm-pvc)#bind interface atmpvc local [local]Redback(config-atm-pvc)#exit
Frame Relay Examples

This section provides example configurations for: Frame Relay PVC on DS-3 Channel Frame Relay PVC on POS Port
Frame Relay PVC on DS-3 Channel

The following example shows the configuration of a Frame Relay PVC on a clear-channel DS-3 channel on a channelized OC-12 port; the DS-3 channel is bound to an interface, fr3-1, in the local context: 1. First, the example selects a port on a channelized OC-12 traffic card, selects a DS-3 channel, and enters DS-3 configuration mode. Then it configures a DS-3 channel with the appropriate LMI parameters.
[local]Redback(config)#port channelized-oc12 3/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#port channelized-ds3 3/1 [local]Redback(config-ds3)#encapsulation frame-relay [local]Redback(config-ds3)#frame-relay lmi-type ansi [local]Redback(config-ds3)#frame-relay keepalive 10 [local]Redback(config-ds3)#frame-relay lmi-n391dte 6 [local]Redback(config-ds3)#frame-relay lmi-n392dte 3 [local]Redback(config-ds3)#frame-relay lmi-n393dte 4
2. Next, the example creates and binds a Frame Relay PVC to an existing interface, fr3-1:
[local]Redback(config-ds3)#frame-relay pvc dlci 16 [local]Redback(config-fr-pvc)#bind interface fr3-1 local [local]Redback(config-fr-pvc)#exit
Frame Relay PVC on POS Port

The following example shows the configuration of Frame Relay on a POS port, which is bound to an interface, fr4-1, in the local context:
[local]Redback(config)#port pos 4/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation frame-relay [local]Redback(config-port)#frame-relay lmi-type ansi [local]Redback(config-port)#frame-relay keepalive 10 [local]Redback(config-port)#frame-relay lmi-n391dte 6 [local]Redback(config-port)#frame-relay lmi-n392dte 3 [local]Redback(config-port)#frame-relay lmi-n393dte 4 [local]Redback(config-port)#frame-relay pvc dlci 16
6-27
Command Descriptions [local]Redback(config-fr-pvc)#bind interface fr4-1 local [local]Redback(config-fr-pvc)#exit
This section describes the syntax and usage guidelines for the commands used to configure circuits. The commands are presented in alphabetical order. atm profile atm pvc atm vp clpbit congestion counters description dot1q profile dot1q pvc dot1q tunnel encapsulation frame-relay auto-detect frame-relay intf-type frame-relay keepalive frame-relay lmi-n391dte frame-relay lmi-n392dce frame-relay lmi-n392dte frame-relay lmi-n393dce frame-relay lmi-n393dte frame-relay lmi-t392dce frame-relay lmi-type frame-relay profile frame-relay pvc idle-down ip host mac-address oam fault-monitor oam manage oam xc report shaping shutdown
6-28
atm profile
atm profile prof-name [static] no atm profile prof-name
Purpose
Creates a new Asynchronous Transfer Mode (ATM) profile, or selects an existing one for modification, and enters ATM profile configuration mode.
Command Mode
Syntax Description
prof-name static Alphanumeric string to be used as the name of the particular profile. Optional. Specifies the profile is to be created or modified to be a static profile.
Default
No ATM profiles are defined.
Usage Guidelines
Use the atm profile command to create a new ATM profile, or select an existing one, and enter ATM profile configuration mode. Use the static keyword to create a static ATM profile, or to modify an existing nonstatic ATM profile to convert it to a static profile. A static profile cannot be modified or deleted until all ATM virtual paths (VPs) and permanent virtual circuits (PVCs) that reference that profile are deleted or assigned to a different profile. You can convert an existing nonstatic profile to a static one even if there are ATM VPs and PVCs that reference that profile; the conversion does not affect the VPs and PVCs that reference it. However, you cannot convert a static profile to a nonstatic one; instead, you must delete it. Deleting a profile also deletes all VPs and PVCs that reference it. Note You must create an ATM profile before you can configure ATM PVCs or VPs that reference that profile. Note To assign a static or nonstatic profile dynamically to an ATM PVC, either by using subscriber-specific RADIUS attributes at the time a subscriber session becomes active, or by using the RADIUS Refresh function, you must have enabled the software license for dynamic services. For more information about enabling software licenses, see the Basic System Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
6-29
Do not change traffic class for an ATM profile that is referenced by an ATM VP without first deleting all ATM PVCs configured on that ATM VP. If an error message displays when you attempt to change the traffic class of the profile, you must then: Use the no form of the atm pvc command (any of its forms) (in ATM OC or ATM DS-3 configuration mode) to delete the ATM PVCs on all ATM VPs that reference that profile. Use the shaping command (in ATM profile configuation mode) to specify the new traffic class and its parameters. Use the atm pvc command (any of its forms) (in ATM OC or ATM DS-3 configuration mode) to recreate the ATM PVCs on all ATM VPs that reference that profile.
Note For more configuration guidelines for ATM profiles, VPs, and PVCs, see the ATM Configuration Guidelines section. Use the no form of this command to delete an ATM profile. Caution Risk of data loss. This form deletes any ATM VPs and the PVCs on those VPs or any PVCs that reference that profile.
Examples
The following example creates an ATM profile, low_rate, and enters ATM profile configuration mode:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#
The following example modifies the ATM profile, low_rate, to make it a static profile and enters ATM profile configuration mode:
[local]Redback(config)#atm profile low_rate static [local]Redback(config-atm-profile)#end
Related Commands
atm pvc atm vp
6-30
atm pvc
For a single static Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC), the syntax is: atm pvc vpi vci [profile prof-name encapsulation encaps-type] no atm pvc vpi vci [profile prof-name encapsulation encaps-type] For a range of static ATM PVCs, the syntax is: atm pvc explicit start-vpi:start-vci through end-vpi:end-vci [profile prof-name encapsulation encaps-type] no atm pvc explicit start-vpi:start-vci through end-vpi:end-vci [profile prof-name encapsulation encaps-type] For a range of ATM PVCs to be created on demand, the syntax is: atm pvc on-demand start-vpi:start-vci through end-vpi:end-vci {[profile prof-name encapsulation encaps-type] | aaa context ctx-name [prefix-string text | user-name subscriber]} no atm pvc on-demand start-vpi:start-vci through end-vpi:end-vci [[profile prof-name encapsulation encaps-type] | aaa context ctx-name [prefix-string text | user-name subscriber]]
Purpose
Configures one or more ATM PVCs, or selects one or more PVCs for modification, and enters ATM PVC configuration mode.
Command Mode
Syntax Description
vpi vci Virtual path identifier (VPI) for the virtual path (VP) when creating or modifying a single PVC. The range of values is 0 to 255. Virtual circuit identifier (VCI) when creating or modifying a single PVC. The range of values is 1 to 65,535. By convention, values 1 to 31 are reserved for system use. First virtual path identifier (VPI) when creating or modifying a range of PVCs. The range of values is 0 to 255. First virtual circuit identifier (VCI) when creating or modifying a range of PVCs. The range of values is 1 to 65,535. By convention, values 1 to 31 are reserved for system use. Specifies the end of the range. Last VPI in the range of VPs for the range of PVCs to be configured. The range of values is 0 to 255.
start-vpi start-vci
through end-vpi
6-31
end-vci profile prof-name
Last VCI in a range of PVCs to be configured. The range of values is 1 to 65,535. By convention, values 1 to 31 are reserved for system use. Optional. Existing ATM profile. Optional only when selecting an existing PVC or range of PVCs for deletion or modification.
encapsulation encaps-type Optional. Specific encapsulation type, according to one of the keywords listed in Table 6-19. Optional only when selecting an existing PVC or range of PVCs for deletion or modification. on-demand aaa Specifies a listening PVC or range of PVCs; a listening PVC is created in memory only after traffic is detected on it. Optional. Specifies that the profile for the PVCs is assigned dynamically, using authentication, authorization, and accounting (AAA) and Remote Authentication Dial-In User Service (RADIUS). Optional only when selecting an existing PVC or range of PVCs for deletion or modification. Name of the context in which are configured the RADIUS servers that are used to provide the encapsulation type and ATM profile for the on-demand ATM PVCs. Optional. String to be used as a prefix in constructing the User-Name attribute. Must not contain spaces, periods, underscores, or forward or backward slashes. Optional. String to be used for the subscriber name, in any valid structured subscriber name format; it can be up to 253 characters.
context ctx-name
prefix-string text
user-name subscriber
Default
No ATM PVCs are configured.
Usage Guidelines
Use the atm pvc command to configure one or more ATM PVCs, or select one or more PVCs for modification, and enter ATM PVC configuration mode. This command has the following forms: Use the atm pvc form of the command to configure a single explicitly configured (static) ATM PVC, or to select one for modification, and enter ATM PVC configuration mode. Use the atm pvc explicit form of the command to configure a range of static PVCs with similar characteristics, or to select the range for modification. Use the atm pvc on-demand form of the command to configure a range of on-demand PVCs, with similar characteristics, each of which is made active only when user traffic is detected on it.
Caution Risk of data loss. By convention, VCIs 1 to 31 are solely for system use, and any user data is overwritten. To reduce the risk, create VCI 4 only in connection with the oam fault-monitor or oam manage commands.
6-32
Table 6-19 lists the keywords for the encaps-type argument. Table 6-19 Types of ATM Encapsulations
Keyword bridge1483 multi ppp ppp auto ppp llc ppp nlpid ppp serial pppoe raw route1483 Description Specifies RFC 1483 bridged encapsulation. Specifies multiprotocol encapsulation. This option is only for ATM PVCs on which you will create child circuits. Specifies VC-multiplexed; the default. Enables the auto-detect feature with regard to the PPP encapsulation type. Specifies Logical Link Control-Subnetwork Access Protocol (LLC-SNAP) PPP encapsulation as defined in RFC 2364, PPP over AAL5. Specifies Network Layer Protocol Identifier (NLPID) PPP encapsulation. Specifies Serial High-Level Data Link Control (HDLC) PPP encapsulationused in non-RFC-compliant configurations. Specifies PPP over Ethernet (PPPoE) encapsulation. Specifies raw mode; this option is for static PVCs only. Specifies RFC 1483 routed encapsulation.
The following guidelines apply to encapsulation types: You cannot change the encapsulation of a PVC unless you first delete it, and then recreate it. RFC 1483 bridged encapsulation (bridge1483 keyword) requires a local medium access control (MAC) address and the MAC address of the remote host. The SmartEdge OS provides these MAC addresses as follows: The default local MAC address for the port is extracted from the EEPROM of the traffic card when the card is installed in the SmartEdge chassis. You can override this address by entering the mac-address command (in ATM OC or ATM DS-3 configuration mode). You can associate the MAC address of the remote host with the ATM PVC by entering the ip host command (in ATM PVC configuration mode). The multi keyword configures the parent PVC to carry IPoE traffic. The following guidelines apply: This keyword is applicable only to PVCs that will have child circuits to carry PPPoE, but IPoE version 6 (IPv6oE) traffic is limited to explicit ATM PVCs. For commands to create child circuits on multiprotocol ATM PVCs and cross-connect them, see Chapter 9, Link Aggregation Configuration. You must configure the interface to which you will bind the IPoE traffic with the multibind keyword. Binding types include static (bind interface command in ATM PVC configuration mode) for ATM PVC (IPoE) parent circuit and dynamic (bind authentication command in ATM child protocol configuration mode) for PPoE child circuit. PVCs with multi encapsulation are supported on all ATM traffic cards, and in port listening mode, if enabled.
6-33
If you specify the ppp auto construct, the commands that become visible are a union of those available for PPPoE and the non-PPPoE encapsulations. The SmartEdge OS handles the information entered in these commands appropriately, after the encapsulation is auto-detected.
The following guidelines apply to the atm pvc explicit form of this command: The range you specify must not overlap or encompass any range of PVCs created previously with the atm pvc explicit form of the command; it can include PVCs previously created with the atm pvc form of the command. The range of PVCs can be on a range of ATM VPs. Any PVCs in the specified range that do not already exist are created with the specified profile and encapsulation. The range of PVCs can be on a range of ATM VPs. However, an error message displays if the range includes VCIs 3 or 4. These VCIs are reserved for operations, administration, and maintenance (OAM) use. In general, avoid specifying VCIs 1 to 31. You cannot use the no atm pvc command to remove PVCs from an explicit range, but you can use the atm pvc form of the command to overwrite one or more PVCs created by the atm pvc explicit form of the command. If you subsequently use the no atm pvc command to delete such a PVC, the PVC reverts to the atm pvc explicit definition. You cannot use the bind subscriber and ip host commands in conjunction with the PVCs created by the atm pvc explicit form of the command; however, if you first modify individual PVCs in the range with the atm pvc form of the command, you can then use the bind subscriber and ip host commands with the modified PVCs. When you use the no form of the atm pvc explicit form of the command, all the PVCs in the range are deleted except for those in the range that were explicitly created with the atm pvc form of the command.
The following guidelines apply to the atm pvc on-demand form of this command: Note On-demand PVC configuration does not support more PVCs than static PVC configuration supports, although on-demand configuration does conserve memory. Raw mode encapsulation is not supported for on-demand PVCs. Otherwise, the range that you specify must be within the limits for active PVCs; these limits depend upon the type of port, the SAR image for the card, and the traffic class specified by the profile. An error message displays if the range that you specify is not supported; see the tables (Table 6-5, Table 6-7, Table 6-9) that specify PVC limits in the Number of ATM VPs and PVCs section. Note Enabling port listening mode with the ccod-mode port-listen command must precede the configuration of any ATM VPs or PVCs on that ATM port. The range of PVCs can be on a range of ATM VPs. However, an error message displays if the range includes VCIs 3 or 4. These VCIs are reserved for operations, administration, and maintenance (OAM) use. In general, avoid specifying VCIs 1 to 31. Regardless of the number of listening PVCs that you create, the number of active PVCs cannot be greater than those specified for each traffic class and SAR image on the type of port on which they are created; see the tables (Table 6-5, Table 6-7, Table 6-9) that specify PVC limits in the Number of ATM VPs and PVCs section.
6-34
You cannot overwrite a PVC range that you previously configured with the atm pvc explicit or atm pvc on-demand form of the command, unless the new range completely encompasses that previous range. If you overwrite a PVC range that was previously defined with the atm pvc explicit form of the command, the circuits are not cleared. You must use the clear atm circuit command to manually clear these circuits. If you overwrite an on-demand PVC with the atm pvc form of the command and subsequently delete such a PVC with the no atm pvc command, the PVC reverts to the atm pvc on-demand definition. You cannot use the no atm pvc command to remove PVCs from a range of on-demand PVCs. When you create a range of on-demand PVCs, you can: Use the profile and encapsulation keywords to specify the profile and encapsulation type explicitly. Use the aaa keyword to use AAA and RADIUS to assign the profile, encapsulation, and binding of the PVCs in the range at the time the PVC becomes active.
If you use the aaa keyword, you must include the context ctx-name construct to specify the context in which the RADIUS server is configured. You can also define a prefix string that is used to construct the User-Name attribute. By default, the RADIUS User-Name attribute is in the form hostname.port.slot.vpi.vci. If you define a prefix string, the RADIUS User-Name attribute is in the form prefix-string.vpi.vci. For information about RADIUS attributes and Redback VSAs, see the RADIUS Attributes appendix in the IP Services and Security Configuration Guide for the SmartEdge OS.
The subscriber argument can include both the subscriber name and the domain name in any valid format, such as sub-name@ctx-name, but it must match an entry in the RADIUS user database. The format, including the separator character, is configurable; for information about configuring the format, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.
Note If you assign a static or nonstatic profile dynamically to an ATM PVC, either by using subscriber-specific RADIUS attributes at the time a subscriber session becomes active, or by using the RADIUS Refresh function (the aaa keyword), you must have enabled the software license for dynamic services. For more information about enabling software licenses, see the Basic System Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Note For more configuration guidelines for ATM profiles, VPs, and PVCs, see the Chapter 3, ATM, Ethernet, and POS Port Configuration. Use the no form of this command to delete a previously created PVC or range of PVCs; when deleting a range of PVCs, you must specify the same circuit range as specified in the atm pvc explicit or atm pvc on-demand form of the command. If you specify the optional constructs, the system checks the PVC configuration against the input arguments and does not delete the PVC or range of PVCs unless there is a match.
6-35
Examples
The following example configures a static PVC that references a previously defined ATM profile, dslam1, an encapsulation of bridge1483, and a VPI:VCI of 0:32 on an ATM OC port:
[local]Redback(config)#port atm 2/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile dslam1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#
The following example configures a static PVC on an ATM OC port, encapsulates it with ppp mode, and specifies the auto-detect feature:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile ubr encapsulation ppp auto [local]Redback(config-atm-pvc)#
The following example configures a static PVC on an ATM OC port and encapsulates it with raw mode:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile ubr encapsulation raw [local]Redback(config-atm-pvc)#
The following example creates a range of 32 static PVCs on a single VP on an ATM OC port; all PVCs use the ATM profile, adam, and bridge1483 encapsulation:
[local]Redback(config)#port atm 3/2 [local]Redback(config-atm-oc)#atm pvc explicit 10:32 through 10:63 profile adam encapsulation bridge1483 [local]Redback(config-atm-pvc)#
The following example creates a range of 32 on-demand PVCs on a single VP on an ATM OC port; all PVCs use the ATM profile, adam, and pppoe encapsulation:
[local]Redback(config)#port atm 3/3 [local]Redback(config-atm-oc)#atm pvc on-demand 10:32 through 10:63 profile adam encapsulation pppoe [local]Redback(config-atm-pvc)#
The following example displays explicit and on-demand ATM PVCs with circuits in the down state (no PPPoE or IPoE activity):
card atm-oc3-4-port 12 port atm 12/1 atm pvc explicit 20:32 through 20:41 profile ubr encapsulation multi bind interface b_itf20 b circuit protocol pppoe bind authentication chap atm pvc on-demand 40:32 through 40:41 profile ubr encapsulation multi bind interface b_itf40 b circuit protocol pppoe bind authentication chap !
6-36
Command Descriptions [local]Redback#show atm pvc 12/1 vpi 20 vci 32 Port:Channel 12/1 :1 VPI: 20 VCI: 32 Profile: ubr Description: Status: Down Counters: L2 Encapsulation: multi Bound to: --QoS - outbound ATMWFQ policy: (None Specified) Circuit Range: yes CCOD: no First Created: Wed Oct 5 20:59:31 2005 Status Change: Wed Oct 5 20:59:31 2005 OAM Cross Connect : Disabled OAM Managed : Disabled OAM Fault Monitoring: Disabled [local]Redback#show atm pvc on-dem 12/1 vpi 40 vci 32 Port:Channel VPI VCI 12/1 :1 40 32 active: 0 idle: static: 0 wait: total: 1 VC HANDLE State Encaps --Down on-demand 0 idle-down: 0 0 dormant: 1 Binding no binding Mode dormant
[local]Redback#show atm pvc 12/1 all Traffic VPI VCI Profile 20 32 ubr 20 32 ubr 20 33 ubr 20 33 ubr 20 34 ubr 20 34 ubr 20 35 ubr 20 35 ubr 20 36 ubr 20 36 ubr 20 37 ubr 20 37 ubr 20 38 ubr 20 38 ubr 20 39 ubr 20 39 ubr 20 40 ubr 20 40 ubr 20 41 ubr 20 41 ubr pvcs down: 10
Port:Channel 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 pvcs up: 0
State Ctrs Encaps Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe Down L2 multi Down L2 pppoe total pvcs: 10
Binding b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 --b_itf20 ---
[b] [b] [b] [b] [b] [b] [b] [b] [b] [b]
[local]Redback#show atm pvc on-demand 12/1 all Port:Channel VPI VCI VC HANDLE State Encaps 12/1 :1 40 32 --Down on-demand
Binding no binding
Mode dormant
6-37
Command Descriptions 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 12/1 :1 active: 0 static: 0 total: 10 40 40 40 40 40 40 40 40 40 33 34 35 36 37 38 39 40 41 idle: wait: ------------------0 0 Down on-demand Down on-demand Down on-demand Down on-demand Down on-demand Down on-demand Down on-demand Down on-demand Down on-demand idle-down: 0 dormant: 10 no no no no no no no no no binding binding binding binding binding binding binding binding binding dormant dormant dormant dormant dormant dormant dormant dormant dormant
Related Commands
atm profile atm vp bind auto-subscriber bind interface bind subscriber idle-down ip host mac-address shaping
6-38
atm vp
atm vp vpi profile prof-name no atm vp vpi
Purpose
Creates or modifies a shaped virtual path (VP) on an Asynchronous Transfer Mode (ATM) OC or ATM DS-3 port.
Command Mode
Syntax Description
vpi profile prof-name Virtual path identifier (VPI). The range of values is 0 to 255. Profile to use for the VP.
Default
No VPs are defined.
Usage Guidelines
Use the atm vp command to create or modify a shaped VP on an ATM OC or DS-3 port. When you create an ATM permanent virtual circuit (PVC), you must specify a VP for it, using a VPI. An ATM VP can be shaped or nonshaped: Shaped VPIs associated with an ATM profile. Nonshaped VP Has no profile associated with it.
SmartEdge OS creates a nonshaped VP when you configure an ATM PVC and specify a VPI that has not be used to create a shaped VP. To create a shaped VP, you must create it explicitly using this command. You cannot convert a nonshaped VP to a shaped VP unless and until you delete all the PVCs that reference it. Deleting all the PVCs that reference it effectively deletes the nonshaped VP. Note Hierarchical-shaped virtual circuits (HSVCs), by definition, always use a shaped VP. The only modification possible for a shaped VP is to specify a different profile. To modify a shaped VP, enter this command with the name of the new profile. If the shaped VP has PVCs configured on it, the current and new profiles must specify the same traffic class; otherwise, the system displays an error message. You must then delete the PVCs or HSVCs on the shaped VP before specifying the new profile and recreate them afterwards. Note For more configuration guidelines for ATM profiles, VPs, and PVCs, see the ATM Configuration Guidelines section.
6-39
Use the no form of this command to delete a shaped VP. Note If a shaped VP is deleted, all associated PVCs or HSVCs are deleted from the configuration.
Examples
The following example creates a shaped VP on an ATM OC port and references a profile, cbr-profile:
[local]Redback(config-atm-oc)#atm vp 20 profile cbr-profile
Related Commands
atm profile atm pvc
6-40
clpbit
clpbit [propagate qos to atm] {no | default} clpbit [propagate qos to atm]
Purpose
Sets the cell loss priority (CLP) bit in all cells transmitted over Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) and that reference this ATM profile.
Command Mode
ATM profile configuration
Syntax Description
propagate qos to atm Optional. Specifies that the CLP bit is set based on the IP precedence and Differentiated Services Code Point (DSCP) bits as assigned by the quality of service (QoS) policy attached to an ATM PVC that references this profile.
Default
The CLP bit is set to zero.
Usage Guidelines
Use the clpbit command to set the CLP bit in all cells transmitted over ATM PVCs that reference this ATM profile. If you do not specify the optional propagate qos to atm construct, the CLP bit is set to one; if you do specify this, the CLP bit is set based on the IP precedence and DSCP bits. Note For more information about the use of this command for QoS propagation, see the QoS Circuit Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Use the no or default form of this command to set the CLP bit to zero in all circuits referencing that ATM profile.
Example
The following example sets the CLP bit to one in an ATM profile, low_rate. All cells transmitted over PVCs that reference this profile will have the CLP bit set to one.
[local]Redback(config)#atm profile low_rate [local]Redback(config-atmpro)clpbit
Related Commands
None
6-41
congestion
congestion {red min_threshold min max_threshold max probability prob weight weight-exp | epd [[min_threshold min] max_threshold max]} no congestion {red | epd} default congestion {red | epd}
Purpose
Specifies the congestion avoidance algorithm, either weighted random early detection (RED) or early packet discard (EPD), and its parameters for the specified Asynchronous Transfer Mode (ATM) profile.
Command Mode
Syntax Description
red epd min-threshold min Specifies the weighted RED algorithm. Specifies the EPD algorithm. For the weighted RED algorithm, the average buffer or queue occupancy in packets below which no packets are dropped. For the EPD algorithm, the number of packets below which no packets are dropped. Optional only when specifying the EPD algorithm. The range of values is 1 to 9,999; the default value is 8 packets. For the weighted RED algorithm, the average buffer or queue occupancy in packets above which all packets are dropped. For the EPD algorithm, the number of packets above which all packets are dropped. The range of values is 2 to 10,000; the default value is 26 packets. Inverse of the probability of dropping a packet as the average queue occupancy approaches the maximum threshold. The resulting probability (1/prob) is the fraction of packets dropped when the average queue depth is at the maximum threshold. The range of values is 8 to 32,768; the default value is 16. Exponent representing the inverse of the exponentially weighted moving average. The range of values is 7 to 10; the default value is 9.
max-threshold max
probability prob
weight weight-exp
Default
The default congestion avoidance algorithm is weighted RED with the default parameters.
6-42
Usage Guidelines
Use the congestion command to set the weighted RED or EPD parameters for the specified ATM profile. These parameters specify how buffer utilization is to be managed under congestion by signaling to the sources of traffic that the network is on the verge of entering a congested state. This signaling is accomplished by dropping packets according to the type of congestion algorithm and the type of port on which the ATM VP or PVC is configured: For the weighted RED algorithm, which is supported for second-generation ATM OC and ATM DS-3 cards only, packets are dropped with a probability that varies as a function of how many packets are waiting in a queue at any particular time, and of the values of the max, min, prob, and weight-exp arguments. For the EPD algorithm, packets are dropped based on the type of port: For ports on first-generation ATM OC cards, when the congestion exceeds the value of the max argument, packets are dropped until the buffers are below the value of the min argument. For ports on second-generation ATM OC and ATM DS-3 cards, when the congestion exceeds the value of the max argument, packets are dropped until the buffers are below the value of the max argument. Use the min-threshold min construct as follows: For the weighted RED algorithm, use this construct to set the average buffer or queue occupancy in packets at or below which no packets are dropped. For the EPD algorithm, use this construct to specify the minimum value below which no packets are dropped. This construct is ignored if the profile is assigned to a shaped VP or PVC on an ATM DS-3 or second-generation ATM OC card.
Use the max-threshold max construct as follows: For the weighted RED algorithm, use this construct to set the average buffer or queue occupancy in packets above which packets are dropped; as the average occupancy approaches the maximum threshold value, packets are dropped with increasing probability, as a function of the value of the prob argument. For the EPD algorithm, use this construct to set the value above which all packets are dropped.
Use the probability prob construct to establish the probability of a packet being dropped as the average queue occupancy approaches the maximum threshold value. The value of the prob argument is the inverse of the probability of a packet being dropped. The higher the value of the prob argument, the lower the probability of a packet being dropped. The average queue occupancy is computed as a moving average of the instantaneous queue occupancy. Use the weight weight-exp construct to set the inverse of the exponential moving average. The larger the value of the weight-exp argument, the longer term the average. If you reference an ATM profile that includes weighted RED parameters when creating ATM PVCs on ports on first-generation ATM OC cards, the RED parameters are ignored; in this case, these ports use the EPD congestion algorithm with the default parameters. If this command is not entered, any PVC that is created on a port on a second-generation ATM OC or ATM DS-3 card and that references this profile uses weighted RED for the congestion avoidance algorithm with the default values for the parameters.
6-43
Note For more configuration guidelines for ATM profiles, VPs, and PVCs with regard to congestion avoidance, see the ATM Configuration Guidelines section. Use the no and default forms of this command to perform the functions listed in Table 6-20. Table 6-20 Functions of Default and No Forms of the congestion Command
Command no congestion red default congestion red no congestion epd default congestion epd Function Enables RED default parameters if RED is configured; generates an error message if EPD is configured. Enables RED default parameters if RED is configured; generates an error message if EPD is configured. Enables RED default parameters if EPD is configured; generates an error message if RED is configured. Enables EPD default parameters if EPD is configured; generates an error message if RED is configured.
Examples
The following example specifies the RED parameters for an existing profile, atm-pro:
[local]Redback(config)#atm profile atm-pro [local]Redback(config-atm-profile)#congestion red min-threshold 1 max-threshold 255 probability 15 weight 10
Related Commands
atm profile atm pvc
6-44
counters
counters l2 {no | default} counters
Purpose
Enables statistics to be collected for Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) that reference the ATM profile.
Command Mode
Syntax Description
l2 Enables statistics collection for layer 2 traffic, both at the cell and segmentation and reassembly (SAR) packet level.
Default
ATM counters are enabled.
Usage Guidelines
Use the counters command to enable or disable the collection of statistics for ATM PVCs that reference the ATM profile. This command is useful if the profile will be referenced by ATM PVCs that are used for OAM traffic (VCIs 1 to 31). Use the no or default form of this command to disable statistics collection for PVCs that reference the profile.
Examples
The following example configures an ATM profile, low_rate, to enable statistics collection for layer 2 traffic (l2) on all ATM PVCs that reference the profile:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#counters l2
Related Commands
atm pvc
6-45
description
Purpose
Associates a textual description with an Asynchronous Transfer Mode (ATM), 802.1Q, or Frame Relay profile or permanent virtual circuit (PVC).
Command Mode
ATM profile configuration ATM PVC configuration dot1q profile configuration dot1q PVC configuration Frame Relay profile configuration Frame Relay PVC configuration
Syntax Description
text Text string that identifies the profile or PVC. Can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters.
Default
No description is associated with any profile or PVC.
Usage Guidelines
Use the description command to associate textual information with an ATM, 802.1Q, or Frame Relay profile or PVC. This text displays by the appropriate show command. Use the no or default form of this command to delete the existing description. Because there can be only one description for a profile or PVC, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example associates a description with an ATM PVC configured on an ATM OC port:
[local]Redback(config)#port atm 2/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile dslam1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#description ATM bridged 1483 circuit
Related Commands
None
6-46
dot1q profile
dot1q profile prof-name no dot1q profile prof-name
Purpose
Creates a new 802.1Q profile or selects an existing one for modification, and enters dot1q profile configuration mode.
Command Mode
Syntax Description
prof-name Alphanumeric string to be used as the name of the particular profile.
Default
No 802.1Q profiles are defined.
Usage Guidelines
Use the dot1q profile command to create a new 802.1Q profile or to select an existing profile for modification, and to enter dot1q profile configuration mode. Note You must create an 802.1Q profile before you can configure 802.1Q permanent virtual circuits (PVCs) that reference the profile name. Use the no form of this command to delete an 802.1Q profile. This form deletes any PVCs that reference that profile.
Examples
The following example creates an 802.1Q profile, dot1q-pro, and enters dot1q profile configuration mode:
[local]Redback(config)#dot1q profile dot1q-pro [local]Redback(config-dot1q-profile)#
Related Commands
dot1q pvc
6-47
dot1q pvc
In link group configuration mode, the syntax is: dot1q pvc vlan-id no dot1q pvc vlan-id In port configuration mode, the syntax for a 802.1Q tunnel is: dot1q pvc tunl-vlan-id [profile prof-name] encapsulation 1qtunnel no dot1q pvc tunl-vlan-id In port configuration mode, the syntax for a range of static 802.1Q PVCs is: dot1q pvc start-vlan-id [through end-vlan-id] [profile prof-name] [encapsulation encaps-type] no dot1q pvc start-vlan-id [through end-vlan-id] In port configuration mode, the syntax for a range of static 802.1Q PVCs within a tunnel is: dot1q pvc tunl-vlan-id:start-vlan-id [through end-vlan-id] [profile prof-name] [encapsulation encaps-type] no dot1q pvc tunl-vlan-id:start-vlan-id [through end-vlan-id] In port configuration mode, the syntax for a range of 802.1Q PVCs to be configured on demand is: dot1q pvc on-demand start-vlan-id [through end-vlan-id] [[profile prof-name] [encapsulation pppoe] | aaa context ctx-name [prefix-string text | user-name subscriber]] no dot1q pvc on-demand start-vlan-id
Purpose
Creates or selects an 802.1Q tunnel or one or more 802.1Q PVCs on an Ethernet port, and enters dot1q PVC or link PVC configuration mode.
Command Mode
link group configuration port configuration
Syntax Description
tunl-vlan-id vlan-id start-vlan-id through end-vlan-id profile prof-name 802.1Q virtual LAN (VLAN) tag value for the 802.1Q tunnel. The range of values is 1 to 4,095. VLAN tag value for the 802.1Q PVC. The range of values is 1 to 4,095. First 802.1Q VLAN tag value for a range of PVCs to be configured. The range of values is 1 to 4,095. Optional. Last 802.1Q VLAN tag value for a range of PVCs to be configured. Optional. Existing 802.1Q profile.
6-48
encapsulation 1qtunnel
Specifies that the PVC is a tunnel.
encapsulation encaps-type Optional. Encapsulation, according to one of the following keywords: multiSpecifies multiprotocol encapsulation. This option is intended only for 802.1Q PVCs on which you will create child circuits for cross-connecting; it is not applicable to on-demand PVCs. pppoeSpecifies Point-to-Point Protocol over Ethernet (PPPoE) encapsulation. Required for on-demand 802.1Q PVCs. If this option is not specified, the default encapsulation is IP over Ethernet (IPoE). on-demand aaa context ctx-name prefix-string text Specifies a listening PVC or range of PVCs; a listening PVC is created in memory only after traffic is detected on it. Specifies that the 802.1Q PVCs are created using Remote Authentication Dial-In User Service (RADIUS). Name of the context in which the RADIUS servers are configured for AAA configurations. String to be used as a prefix in generate the name of the subscriber record in RADIUS. Must not contain spaces, periods, underscores, or forward or backward slashes. String to be used for the exact name of the subscriber record in RADIUS, in any valid structured subscriber name format; it can be up to 253 characters.
user-name subscriber
Default
No 802.1Q PVCs or tunnels are defined.
Usage Guidelines
Use the dot1q pvc command to create or select an 802.1Q tunnel or one or more static 802.1Q PVCs on an Ethernet port, and enter dot1q PVC or link group configuration mode. Use the dot1q pvc on-demand form of the command to create or select a range of on-demand 802.1Q PVCs, with similar characteristics, each of which is made active only when traffic is detected on it. Note You cannot create 802.1Q PVCs or tunnels on the Ethernet management port on a controller card. When entered in link group configuration mode, this command creates or selects an aggregated 802.1Q PVC in the link group. When an Ethernet port is added to the link group, an 802.1Q PVC with that vlan-id tag is created on that port. When entered in port configuration mode, it creates or selects an 802.1Q tunnel or one or more 802.1Q PVCs on the single-link Ethernet port. Many 802.1Q implementations use VLAN tag value 1 as a management PVC. To ensure interoperability, we recommend that you do not use VLAN tag value 1 for non-management traffic.
6-49
You cannot specify the same VLAN tag value for an 802.1Q tunnel and an 802.1Q PVC that is not configured within the tunnel. The dot1q profile that you specify must exist before you enter this command. The encapsulation multi construct is applicable only to static 802.1Q PVCs that will have child circuits to carry PPPoE or IPv6oE traffic. In this case, the parent 802.1Q PVC carries IPoE traffic. For commands to create child circuits on 802.1Q PVCs and cross-connect them, see Chapter 11, Cross-Connection Configuration. You cannot change the encapsulation of an 802.1Q PVC unless you first delete it and then recreate it. Use the through end-vlan-id construct to create or select groups of similar PVCs on an Ethernet port. The following guidelines apply when you use the through keyword: Any 802.1Q PVCs in the specified range that do not already exist are created with the specified profile and encapsulation. Any 802.1Q PVCs in the specified range that already exist and do not have the specified encapsulation cause the command to fail; you must delete these PVCs, and then enter the dot1q pvc command again. When you use the no form of this command in conjunction with the through keyword, all 802.1Q PVCs in the range are deleted, regardless of whether those PVCs have the same profile and encapsulation.
The subscriber argument can include both the subscriber name and the domain name in any valid format, such as sub-name@ctx-name, but it must match an entry in the RADIUS user database. The format, including the separator character, is configurable; for information about configuring the format, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Use the no form of this command to delete an 802.1Q PVC or tunnel. If you delete a tunnel, all 802.1Q PVCs configured within that tunnel are also deleted.
Examples
The following example creates an 802.1Q PVC with VLAN tag value 20 on an Ethernet port:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 20 [local]Redback(config-dot1q-pvc)#
The following example creates two 802.1Q PVCs with tag values 26 and 27 for two aggregated 802.1Q PVCs in the link group, lg1:
[local]Redback(config)#link-group lg1 dot1q [local]Redback(config-link-group)#dot1q pvc 26 [local]Redback(config-link-pvc)#exit [local]Redback(config-link-group)#dot1q pvc 27 [local]Redback(config-link-pvc)#exit
6-50
The following example creates an 802.1Q tunnel with VLAN tag value 30 and an 802.1Q PVC with VLAN tag value 100 within it:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 30 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 30:100 encapsulation multi [local]Redback(config-dot1q-pvc)#
Related Commands
dot1q profile link-group
6-51
dot1q tunnel
dot1q tunnel ethertype tunl-type {no | default} dot1q tunnel ethertype tunl-type
Purpose
Specifies the type of traffic (the type found in the 802.1Q header) for any 802.1Q tunnel configured on this port.
Command Mode
port configuration
Syntax Description
ethertype tunl-type Type of 802.1Q traffic for this port, according to one of the following argument or keywords (in hexadecimal format): userCustom traffic type; the range of values is 0x0 to 0xffff. 8100Specifies the 8100 packet type; this is the default packet type. 88a8Specifies the 88a8 packet type. 9100Specifies the 9100 packet type. 9200Specifies the 9200 packet type.
Default
The default packet type is 8100.
Usage Guidelines
Use the dot1q tunnel command to specify the type of traffic (the type found in the 802.1Q header) for any 802.1Q tunnel configured on this port. Use the no or default form of this command to specify the default packet type.
Examples
The following example specifies 9100 as the packet type:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q tunnel ethertype 9100
Related Commands
dot1q pvc
6-52
encapsulation
encapsulation dot1q no encapsulation
Purpose
Specifies the encapsulation for an Ethernet port to create 802.1Q permanent virtual circuits (PVCs).
Command Mode
port configuration
Syntax Description
dot1q Specifies 802.1Q encapsulation to support 802.1Q PVCs on the Ethernet port.
Default
The encapsulation is IP over Ethernet (IPoE).
Usage Guidelines
Use the encapsulation command to specify the encapsulation for an Ethernet port to create 802.1Q PVCs. Note This command is also described for Ethernet ports without 802.1Q PVCs in Chapter 3, ATM, Ethernet, and POS Port Configuration. Use the no form of this command to specify IP over Ethernet encapsulation. Caution Risk of data loss. When you use the no form of this command to specify IPoE encapsulation, all 802.1Q PVCs defined on the port are deleted. To reduce the risk, ensure that the PVCs are not active before issuing the no form of this command.
Examples
The following example specifies 802.1Q encapsulation for port 1 in slot 4:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#encapsulation dot1q
Related Commands
dot1q pvc port ethernet
6-53
frame-relay auto-detect
frame-relay auto-detect no frame-relay auto-detect default frame-relay auto-detect
Purpose
Enables the automatic detection of the type of Local Management Interface (LMI) for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
DS-0 group configuration DS-1 configuration DS-3 configuration E1 configuration E3 configuration link group configuration port configuration
Syntax Description
Default
Auto-detection is enabled.
Usage Guidelines
Use the frame-relay auto-detect command to enable the automatic detection of the type of LMI for a Frame Relay-encapsulated channel or port, or MFR bundle. The auto-detect feature tells the system to look at the first LMI message received from the remote end, determine from the message the LMI type of the remote end, and reconfigure the LMI type at the local end to match. The original group of 4 LMI uses DLCI number 1023 as the PVC number; both the ANSI and ITU LMI use DLCI number 0. If the LMI type is not set to group-of-4 (using the frame-relay lmi-type command in DS-0, DS-1, DS-3, E1, E3, link group, or port configuration mode) and the local Frame Relay interface type is data communications equipment (DCE), this command allows the software to detect which LMI type is being used by the remote end, and use that same LMI type at the local end. Because the default interface type is data terminal equipment (DTE), the auto-detect function does not normally operate. However, if you configure the interface type to be DCE, then the auto-detect function takes effect (unless previously disabled using the no form of this command). Use the no form of this command to disable the automatic detection of the LMI type. Use the default form of this command to enable the automatic detection of the LMI type.
6-54
Examples
The following example enables automatic detection of the LMI type for a Packet over SONET/SDH (POS) port in slot 9:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay auto-detect
Related Commands
frame-relay lmi-type
6-55
frame-relay intf-type
frame-relay intf-type {dce | dte} default frame-relay intf-type
Purpose
Configures the Frame Relay interface as data communications equipment (DCE) or data terminal equipment (DTE) for a Frame Relay-encapsulated channel or port or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
dce dte Specifies that the port functions as a Frame Relay switch connected to a router. Specifies that the port is connected to a Frame Relay network.
Default
Frame Relay interfaces are set to DTE.
Usage Guidelines
Use the frame-relay intf-type command to configure the interface type for a Frame Relay-encapsulated channel or port or MFR bundle. If you configure the interface type as DCE and the Local Management Interface (LMI) is not disabled, LMI Status Enquiries are expected to be received by the port, and Status messages are sent as a response. If you configure the interface type as DTE and LMI is not disabled, LMI Status Enquiries are sent by the port, and Status messages are expected to be received. Use the default form of this command to return the Frame Relay interface setting to its default of DTE.
Examples
The following example configures a Packet over SONET/SDH (POS) port in slot 9 as a DCE interface:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay intf-type dce
6-56
Related Commands
frame-relay auto-detect frame-relay lmi-type
6-57
frame-relay keepalive
frame-relay keepalive seconds no frame-relay keepalive default frame-relay keepalive
Purpose
Enables the Frame Relay keepalive function and specifies the interval between the transmissions of keepalive messages by a data terminal equipment (DTE) interface for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
seconds Number of seconds between keepalive messages. The range of values is 0 to 60; the default value is 10.
Default
The Frame Relay keepalive function is enabled, with a 10-second interval between messages.
Usage Guidelines
Use the frame-relay keepalive command to enable the Frame Relay keepalive function and specify the interval between the transmissions of keepalive messages by a DTE interface for a Frame Relay-encapsulated channel or port, or MFR bundle. Use the no form of this command (or the frame-relay keepalive 0 command) to disable the transmission of keepalive messages completely. This allows connections to time out and terminate during periods of inactivity. Use the default form of this command to specify the default values.
Examples
The following example specifies the Frame Relay keepalive interval on DS-3 channel 1 on a channelized OC-12 port to 20 seconds:
[local]Redback(config)#port ds3 4/1:1 [local]Redback(config-ds3)#frame-relay keepalive 20
6-58
The following example specifies the Frame Relay keepalive interval on a Packet over SONET/SDH (POS) port to 20 seconds:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay keepalive 20
Related Commands
frame-relay lmi-n391dte
6-59
frame-relay lmi-n391dte exchanges default frame-relay lmi-n391dte
Purpose
Specifies the number of keepalive messages to be sent before a request for a full status message is sent for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
exchanges Number of keepalive messages (exchanges) to be sent before a full status request message is sent. The range of values is 0 to 255; the default value is 6.
Default
The number of keepalive messages sent is 6.
Usage Guidelines
Use the frame-relay lmi-n391dte command to specify the number of keepalive messages to be sent before a request for a full status message is sent for a Frame Relay-encapsulated channel or port, or MFR bundle. Use the default form of this command to specify the default value.
Examples
The following example specifies 10 as the number of keepalive messages before a request for a full status message is sent on DS-3 channel 1 on a channelized OC-12 port:
[local]Redback(config)#port ds3 4/1:1 [local]Redback(config-ds3)#frame-relay lmi-n391dte 10
The following example specifies 10 as the number of keepalive messages before a request for a full status message is sent on a Packet over SONET/SDH (POS) port:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay lmi-n391dte 10
6-60
Related Commands
frame-relay keepalive
6-61
frame-relay lmi-n392dce
frame-relay lmi-n392dce threshold no frame-relay lmi-n392dce default frame-relay lmi-n392dce
Purpose
Sets the error threshold before the Local Management Interface (LMI) is considered to have failed on a data communications equipment (DCE) interface for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
threshold Error threshold in number of errors. The range of values is 0 to 10; the default value is 3.
Default
The threshold is 3.
Usage Guidelines
Use the frame-relay lmi-n392dce command to set the error threshold before LMI is considered to have failed on a DCE interface for a Frame Relay-encapsulated channel or port, or MFR bundle. You can only use this command when you have configured the Frame Relay interface type as DCE (using the frame-relay intf-type command in DS-0, DS-1, DS-3, E1, E3, link group, or port configuration mode). The error threshold should never be greater than the monitored event count (configured with the frame-relay lmi-n393dce command in DS-1, DS-3, E1, link group, or port configuration mode) because when the error threshold meets or exceeds the monitored event count, the LMI is considered to have failed. Use the no form of this command to set the threshold value to 0. Use the default form of this command to set the error threshold to the default value of 3.
6-62
Examples
The following example sets the error threshold to 5 on a DCE interface:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay intf-type dce [local]Redback(config-port)#frame-relay lmi-n392dce 5
Related Commands
frame-relay intf-type frame-relay lmi-n392dte frame-relay lmi-n393dce
6-63
frame-relay lmi-n392dte threshold default frame-relay lmi-n392dte
Purpose
Specifies the error threshold before the Local Management Interface (LMI) is considered to have failed on a Frame Relay data terminal equipment (DTE) interface for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
threshold Error threshold in number of errors. The range of values is 0 to 10; the default value is 3.
Default
The threshold is 3.
Usage Guidelines
Use the frame-relay lmi-n392dte command to specify the error threshold before the LMI is considered to have failed on a Frame Relay DTE interface for a Frame Relay-encapsulated channel or port, or MFR bundle. The error threshold should never be greater than the monitored event count (configured with the frame-relay lmi-n393dte command in DS-0, DS-1, DS-3, E1, E3, link group, or port configuration mode). When the error threshold meets or exceeds the monitored event count, the LMI is considered to have failed. Use the default form of this command to specify the default value.
Examples
The following example specifies 5 as the error threshold on a DTE interface, which is on DS-3 channel 1 on channelized OC-12 port 1:
6-64
The following example specifies 5 as the error threshold on a DTE interface on a Packet over SONET/SDH (POS) port:
Related Commands
6-65
frame-relay lmi-n393dce
frame-relay lmi-n393dce event-count no frame-relay lmi-n393dce default frame-relay lmi-n393dce
Purpose
Sets the monitored event count on a data communications equipment (DCE) interface for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
event-count Number of events (receipts of messages across the interface) to be included in the monitored event count. The range of values is 0 to 10; the default value is 4.
Default
The monitored event count is enabled and set to 4.
Usage Guidelines
Use the frame-relay lmi-n393dce command to set the monitored event count on a DCE interface. You can only use this command if you have configured the Frame Relay interface type as DCE for a Frame Relay-encapsulated channel or port, or MFR bundle. The event count should never be less than the error threshold count (configured by the frame-relay lmi-n392dce command in DS-0, DS-1, DS-3, E1, E3, link group, or port configuration mode). When the error threshold meets or exceeds the monitored event count, the Local Management Interface (LMI) is considered to have failed. Use the no form of this command to set the monitored event count value to 0. Use the default form of this command to set the monitored event count to the default value of 4.
6-66
Examples
The following example sets the monitored event count to 5 on a DCE interface:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay intf-type dce [local]Redback(config-port)#frame-relay lmi-n393dce 5
Related Commands
frame-relay intf-type frame-relay lmi-n392dce
6-67
frame-relay lmi-n393dte event-count default frame-relay lmi-n393dte
Purpose
Specifies the monitored event count on a data terminal equipment (DTE) interface for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
event-count Number of events (receipts of messages across the interface) to be included in the monitored event count. The range of values is 0 to 10; the default value is 4.
Default
The monitored event count is 4.
Usage Guidelines
Use the frame-relay lmi-n393dte command to specify the monitored event count on a DTE interface for a Frame Relay-encapsulated channel or port, or MFR bundle. The event count should never be less than the error threshold count, which you specify by entering the frame-relay lmi-n392dte command (in DS-0, DS-1, DS-3, E1, E3, link group, or port configuration mode). When the error threshold meets or exceeds the monitored event count, the Local Management Interface (LMI) is considered to have failed. Use the default form of this command to specify the default value.
Examples
The following example specifies 5 as the monitored event count on a DTE interface, which is on DS-3 channel 1 on channelized OC-12 port 1:
6-68
The following example specifies 5 as the monitored event count on a DTE interface on a Packet over SONET/SDH (POS) port:
Related Commands
6-69
frame-relay lmi-t392dce
frame-relay lmi-t392dce seconds default frame-relay lmi-t392dce
Purpose
Specifies the interval for the polling verification timer when the interface type is data communications equipment (DCE) for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
seconds Number of seconds after which an error is counted if a message has not been received. The range of values is 5 to 60; the default value is 15.
Default
The timer interval is 15 seconds.
Usage Guidelines
Use the frame-relay lmi-t392dce command to specify the interval for the polling verification timer when the interface type is DCE for a Frame Relay-encapsulated channel or port, or MFR bundle. The polling verification timer starts each time a keepalive message is received from the remote end. If no keepalive message is received before the timer expires, an error is counted. If the number of errors exceeds the error threshold, the LMI is declared down. The value specified for the timer should be greater than the keepalive timer that is set by the remote end. Use the default form of this command to specify the default interval of 15 seconds.
Examples
The following example specifies a 10 second interval for the polling verification timer for a DCE interface type on a DS-3 channel 1 on a channelized OC-12 port:
[local]Redback(config)#port ds3 10/1:1 [local]Redback(config-ds3)#frame-relay intf-type dce [local]Redback(config-ds3)#frame-relay lmi-t392dce 10
6-70
Related Commands
frame-relay intf-type
6-71
frame-relay lmi-type
frame-relay lmi-type {ansi | group-of-4 | itu} default frame-relay lmi-type
Purpose
Specifies the Frame Relay Local Management Interface (LMI) type for a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle.
Command Mode
Syntax Description
ansi group-of-4 itu Specifies the LMI type for Annex D as defined by ANSI standard T1.617; this is the default. Specifies the original LMI as defined by Cisco, DEC, Northern Telecom, and StrataCom. Specifies the LMI type for ITU-T Q933 Annex A (formerly labeled as CCITT).
Default
The LMI type is ANSI.
Usage Guidelines
Use the frame-relay lmi-type command to specify the LMI type for the Frame Relay interface for a Frame Relay-encapsulated channel or port, or MFR bundle. Note A Packet over SONET/SDH (POS) ports support only the ANSI LMI type. Use the default form of this command to specify the default LMI type.
Examples
The following example specifies an LMI type of ITU-T Q933 Annex A for DS-3 channel 1 on a channelized OC-12 port:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#frame-relay lmi-type itu
6-72
The following example specifies an LMI type of ITU-T Q933 Annex A for a POS port:
[local]Redback(config)#port pos 9/1 [local]Redback(config-port)#frame-relay lmi-type itu
Related Commands
6-73
frame-relay profile
frame-relay profile prof-name no frame-relay profile prof-name
Purpose
Creates a new Frame Relay profile or selects an existing one for modification, and enters Frame Relay profile configuration mode.
Command Mode
Syntax Description
prof-name Alphanumeric string to be used as the name of the particular profile.
Default
No Frame Relay profiles are defined.
Usage Guidelines
Use the frame-relay profile command to create a new Frame Relay profile or to select an existing profile for modification, and enter Frame Relay profile configuration mode. Note You must create a Frame Relay profile before you can configure Frame Relay permanent virtual circuits (PVCs) that reference the profile. Use the no form of this command to delete a Frame Relay profile. This form deletes any PVCs that reference that profile.
Examples
The following example configures the Frame Relay profile, fr-pro, and enters Frame Relay profile configuration mode:
[local]Redback(config)#frame-relay profile fr-pro [local]Redback(config-fr-profile)#
Related Commands
frame-relay pvc
6-74
frame-relay pvc
In link group configuration mode, the syntax is: frame-relay pvc dlci no frame-relay pvc dlci In all other configuration modes, the syntax is: frame-relay pvc {dlci | default [profile prof-name]} no frame-relay pvc dlci
Purpose
Creates or selects a Frame Relay permanent virtual circuit (PVC) on a Frame Relay-encapsulated channel or port, or Multilink Frame Relay (MFR) bundle, and enters Frame Relay PVC or link PVC configuration mode.
Command Mode
Syntax Description
dlci default profile prof-name Data-link connection identifier (DLCI) of the individual circuit be created. The range of values is 16 to 991. Specifies the default profile and encapsulation. Not available in link group configuration mode. Optional. Name of an existing Frame Relay profile. Not available in link group configuration mode.
Default
No Frame Relay PVCs are defined.
Usage Guidelines
Use the frame-relay pvc command to create or select a Frame Relay PVC on a Frame Relay-encapsulated channel or port, or MFR bundle, and enter Frame Relay PVC or link PVC configuration mode. When entered in link group configuration mode, this command creates or selects an aggregated Frame Relay PVC in the MFR bundle. When a DS-1 channel, or clear-channel E1 channel or port, is added to the MFR bundle, a Frame Relay PVC with the specified dlci is created on that channel or port.
6-75
When entered in DS-0, DS-1, DS-3, E1, E3, or port configuration mode, creates or selects a Frame Relay PVC on the single-link channel, channel group, or port. Use the no form of this command to delete a previously configured Frame Relay PVC.
Examples
The following example encapsulates DS-3 channel 1 on channelized OC-12 port 1 for Frame Relay, creates a Frame Relay PVC with DLCI 16 to use the frame20 profile, and enters Frame Relay PVC configuration mode:
[local]Redback(config)#frame-relay profile frame20 [local]Redback(config-fr-profile)#bulkstats schema fr [local]Redback(config-fr-profile)#exit [local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#no shutdown [local]Redback(config-ds3)#encapsulation frame-relay [local]Redback(config-ds3)#frame-relay pvc 16 profile frame20 [local]Redback(config-fr-pvc)#
The following example encapsulates a POS port for Frame Relay, creates a Frame Relay PVC with DLCI 16, and enters Frame Relay PVC configuration mode:
[local]Redback(config)#frame-relay profile frame20 [local]Redback(config-fr-profile)#bulkstats schema fr-port [local]Redback(config-fr-profile)#exit [local]Redback(config)#port pos 3/1 [local]Redback(config-port)#encapsulation frame-relay [local]Redback(config-port)#frame-relay pvc 16 profile frame20 [local]Redback(config-fr-pvc)#
The following example creates a Frame Relay link group and two aggregated Frame Relay PVCs with DLCIs 26 and 27 for two sets of constituent Frame Relay PVCs to be aggregated in the MFR bundle lg1:
[local]Redback(config)#link-group lg1 mfr [local]Redback(config-link-group)#frame-relay pvc 26 [local]Redback(config-link-pvc)#exit [local]Redback(config-link-group)#frame-relay pvc 27 [local]Redback(config-link-pvc)#exit
Related Commands
frame-relay profile
6-76
idle-down
idle-down seconds {no | default} idle-down
Purpose
Enables a watchdog timer to delete any inactive Asynchronous Transfer Mode (ATM) or 802.1Q permanent virtual circuit (PVC) in a range of on-demand PVCs.
Command Mode
ATM PVC configuration dot1q PVC configuration
Syntax Description
seconds Time (in seconds) to wait before deleting an inactive on-demand 802.1Q or ATM PVC. The range of values is 0 to 600; the default value is 0. An inactive on-demand PVC is a circuit where no active subscriber sessions are present.
Default
The watchdog timer is disabled; inactive 802.1Q or ATM PVCs are not deleted.
Usage Guidelines
Use the idle-down command to enable a watchdog timer to delete any inactive ATM or 802.1Q PVC in a range of on-demand PVCs. A PVC is inactive if there are no connected subscriber sessions on it. Note The inactive circuit is deleted only from memory and becomes dormant (returns to listening mode). Note This command is not supported for on-demand ATM PVCs that you have configured with multi encapsulation.
If the timer is set and a subscriber session is initiated before the timer expires, the timer is cancelled. Use the no or default form of this command to disable the watchdog timer.
Examples
The following example sets a watchdog timer to 1 minute for a range of on-demand ATM PVCs on an ATM OC port:
[local]Redback(config)#port atm 3/3 [local]Redback(config-atm-oc)#atm pvc on-demand 10:32 through 10:63 profile adam encapsulation pppoe [local]Redback(config-atm-pvc)#idle-down 60
6-77
Related Commands
atm pvc dot1q pvc
6-78
ip host
ip host ip-addr[/prefix-length | mac-addr] no ip host ip-addr[/prefix-length | mac-addr]
Purpose
Associates an 802.1Q, Asynchronous Transfer Mode (ATM), or Frame Relay permanent virtual circuit (PVC) with the IP address and medium access control (MAC) address of the remote host on the circuit.
Command Mode
ATM PVC configuration dot1q PVC configuration Frame Relay PVC configuration link PVC configuration
Syntax Description
ip-addr prefix-length mac-addr IP address of the host on this circuit in the form A.B.C.D. Optional. Destination subnet. The range of values is 0 to 32. Optional. MAC address of the remote host on this circuit in the form hh:hh:hh:hh:hh:hh.
Default
No IP host address is associated with the PVC.
Usage Guidelines
Use the ip host command to associate an 802.1Q, ATM, or Frame Relay PVC with the IP address of the host on the circuit. Use this command only for an 802.1Q, ATM, or Frame Relay PVC that you intend to bind to an interface. Note This command is available only for individual PVCs; you cannot enter it if you have created or selected a range of PVCs. You must first select the individual PVC before you can enter this command. Note This command is not available for an 802.1Q or ATM PVC that you intend to cross-connect. Note The mac-addr argument is not available for a Frame Relay PVC or for an ATM PVC for which you have specified route1483 encapsulation. Use the no form of this command to delete the association. Note This command is also documented in Chapter 11, Cross-Connection Configuration, for IP over Ethernet (IPoE) circuits and in Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnel circuits.
6-79
Examples
The following example associates an ATM PVC on an ATM OC port with the IP address of the host on the PVC:
[local]Redback(config)#port atm 2/1 [local]Redback(config-atm-oc)#atm pvc 3 32 profile 1.vbrrt encapsulation route1483 [local]Redback(config-atm-pvc)#ip host 10.10.10.14/24
Related Commands
atm pvcATM DS-3 configuration mode atm pvcATM OC configuration mode bind interface dot1q pvc frame-relay pvc
6-80
mac-address
mac-address mac-addr {no | default} mac-address mac-addr
Purpose
Assigns a medium access control (MAC) address for a 802.1Q permanent virtual circuit (PVC).
Command Mode
dot1q PVC configuration
Syntax Description
mac-addr MAC address to be used for the port in the form hh:hh:hh:hh:hh:hh.
Default
When the Gigabit or Fast Ethernet card is inserted in the SmartEdge chassis, the MAC address is extracted from the EEPROM and assigned to each port on the Gigabit or Fast Ethernet card as sequential addresses starting with the base address for port 1. Every tunnel and PVC on a port has the same default address as the port.
Usage Guidelines
Use the mac-address command to assign a MAC address on a Gigabit or Fast Ethernet port. The mac-address command is only available under the dot1q PVC configuration mode. This command is not available when configuring 802.1Q PVCs virtual LAN (VLAN) link group. Note Do not enter a point-to-multipoint MAC address. There must not be an odd number in the first byte of the mac-address. Use the no or default form of this command to return the MAC address to the MAC address of the parent circuit.
Examples
The following example assigns 02:03:04:05:06:07 as the MAC address on a 802.1Q PVC within a tunnel on port 2 of the Gigabit or Fast Ethernet card in slot 1:
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port-dot1q)#dot1q pvc 2 lqtunnel [local]Redback(config-port-dot1q)#dot1q pvc 2:1 [local]Redback(config-dot1q-pvc)#mac-address 02:03:04:05:06:07
As a result, the port and the 802.1Q tunnel have the same default address stored in the EEPROM. Only the 802.1Q PVC has an assigned MAC address.
6-81
Related Commands
dot1q pvc port ethernet
6-82
oam fault-monitor
oam fault-monitor end-to-end {no | default} oam fault-monitor
Purpose
Enables alarm indication signal (AIS) and remote defect indication (RDI) fault monitoring for any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) that references this profile and is not cross-connected.
Command Mode
Syntax Description
end-to-end Specifies that the fault monitoring is end to end.
Default
Fault monitoring is disabled.
Usage Guidelines
Use the oam fault-monitor command to enable AIS and RDI fault monitoring of any ATM PVC that references this profile. In compliance with the ITU standard, AIS is used to report faults in the upstream (forward) direction; RDI is used to report faults in the downstream (backward) direction. If you reference this profile when configuring an ATM PVC that is later cross-connected, this command is disabled (ignored) in the profile. Note For more configuration guidelines for ATM profiles, VPs, and PVCs with regard to fault monitoring, see the ATM Configuration Guidelines section. Use the no or default form of this command to disable fault monitoring.
Examples
The following example enables fault monitoring for an ATM profile, oam:
[local]Redback(config)#atm profile oam [local]Redback(config-atm-profile)#oam fault-monitor end-to-end
Related Commands
atm pvc oam manage
6-83
oam manage
oam manage end-to-end [heartbeat [backwards] | auto-loopback [down-retry-count retries] [regular-timeout interval] [retry-timeout interval] [up-retry-count retries]] no oam manage [end-to-end [heartbeat [backwards] | auto-loopback [down-retry-count retries] [regular-timeout interval] [retry-timeout interval] [up-retry-count retries]]] default oam manage end-to-end {heartbeat | auto-loopback}
Purpose
Enables the operational state of any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) that is not cross-connected and that references this profile to be controlled by the state of its remote defect indication (RDI) and alarm indication signal (AIS) state at the F5 level.
Command Mode
Syntax Description
end-to-end heartbeat backwards auto-loopback down-retry-count retries regular-timeout interval retry-timeout interval up-retry-count retries Specifies that the operations, administration, and maintenance (OAM) management is end to end. Optional. Specifies continuity monitoring. Optional. Specifies downstream continuity monitoring. Optional. Causes the system to detect and clear the RDI and AIS state. Optional. Number of unsuccessful retries before declaring the connection to be Down. The range of values is 0 to 10; the default value is 3 retries. Optional. Loopback interval in seconds when connectivity is stable. The range of values is 1 to 300; the default value is 30 seconds. Optional. Loopback interval in seconds when connectivity is changing. The range of values is 1 to 30; the default value is 3 seconds. Optional. Number of successful retries before declaring the connection to be up. The range of values is 0 to 10; the default value is 2 retries.
Default
OAM management is disabled.
Usage Guidelines
Use the oam manage command to enable the operational state of any ATM PVC that references this profile to be controlled by the state of its RDI and AIS state at the F5 level. If the F5 RDI and AIS state is active, the operational state of the ATM PVC is down; if F5 RDI and AIS state is not active, the operational state is up.
6-84
If you reference this profile when configuring an ATM PVC that is later cross-connected, this command is disabled (ignored) in the profile. Use the heartbeat construct to enable continuity monitoring. Cells are issued repetitively with a periodicity of one cell each second independently of user cell traffic. After enabling continuity monitoring, if the PVC does not receive any monitoring cell within a time interval of 3.5 seconds, with a margin of .5 seconds, from a peer that is configured with continuity checking (heartbeat backward), the system declares a VP-AIS or a virtual circuit (VC)-AIS (or both) state due to a loss of continuity. Use the auto-loopback keyword to cause the system to detect and clear the RDI/AIS state by using OAM F4 and F5 loopback cells to be periodically transmitted and its response cells monitored when appropriate. If you specify either the heartbeat or the auto-loopback keyword, the operational state is controlled by both RDI/AIS, and either continuity check cells or ATM OAM loopback cells. If you specify neither the heartbeat nor the auto-loopback keyword, OAM management is enabled with only the fault monitoring function. In every case, the system monitors and reacts to an RDI/AIS state by declaring the ATM PVC down and sending an Simple Network Management Protocol (SNMP) trap. Note By default, because an ATM PVC is enabled when you create it, OAM management is in effect for any ATM PVC that references a profile that includes the oam manage command. However, if you disable the ATM PVC with the shutdown command (in ATM PVC configuration mode), then OAM management is not in effect. You must enable the ATM PVC with the no shutdown command (in ATM PVC configuration mode) for OAM management to determine the state of the ATM PVC. Note For more configuration guidelines for ATM profiles, VPs, and PVCs with regard to OAM, see the ATM Configuration Guidelines section. Use the no or default form of this command to disable OAM management of any ATM PVC that references this profile. To display the values of the auto-loopback parameters and the ATM PVC status, enter the show atm pvc command (in any mode).
Examples
The following example enables the operational state of any ATM PVC that references the oam profile to be controlled by both the state of its RDI/AIS and by OAM loopback:
[local]Redback(config)#atm profile oam [local]Redback(config-atm-profile)#oam manage end-to-end auto-loopback regular-timeout 45
Related Commands
atm pvc oam fault-monitor oam xc
6-85
oam xc
oam xc end-to-end {[loopback] [heartbeat] [ais/rdi]} {no | default} oam xc
Purpose
Enables operations, administration, and maintenance (OAM) cells received on one of a pair of cross-connected Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) that reference this profile to be forwarded to and transmitted on the other ATM PVC.
Command Mode
Syntax Description
end-to-end Specifies that the operations, administration, and maintenance (OAM) management is end to end. loopback heartbeat ais/rdi Optional. Specifies that the OAM loopback cells are to be forwarded. Optional. Specifies continuity monitoring; the OAM continuity check cells are forwarded. Optional. Specifies that the OAM alarm indication signal (AIS) and remote defect indication (RDI) fault monitoring cells are to be forwarded.
Default
No OAM cells are forwarded
Usage Guidelines
Use the oam xc command to enable the OAM cells received on one of a pair of cross-connected ATM PVCs that reference this profile to be forwarded to and transmitted on the other ATM PVC. If you reference this profile when configuring an ATM PVC that is not cross-connected, this command is disabled (ignored) in the profile; if the profile is also configured with either the oam fault-monitor or oam manage command (in ATM profile configuration mode), that command is enabled instead. If the ATM PVC is cross-connected at a later time, this command in the profile is enabled and either the oam fault-monitor or oam manage command is disabled. Note For more configuration guidelines for ATM profiles, VPs, and PVCs with regard to OAM, see the ATM Configuration Guidelines section. Use the no or default form of this command to disable the forwarding of all OAM cells.
6-86
Examples
The following example selectively disables the heartbeat option:
[local]Redback(config)#atm profile oam-xc [local]Redback(config-atm-profile)#oam xc end-to-end loopback ais/rdi
The following example enables all OAM cells to be forwarded across the cross-connection of two ATM PVCs on ATM OC ports:
[local]Redback(config)#atm profile oam-xc [local]Redback(config-atm-profile)#oam xc [local]Redback(config-atm-profile)#exit [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 100 [local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#atm pvc 100 [local]Redback(config-atm-oc)#exit [local]Redback(config)#xc 3/1 vpi-vci 100 end-to-end loopback heartbeat ais/rdi
100 profile oam-xc encapsulation raw 100 profile oam-xc encapsulation raw 100 to 4/1 vpi-vci 100 100
Related Commands
oam fault-monitor oam manage
6-87
report
report {tx-speed tx-kbps rx-speed rx-kbps} {no | default} report {tx-speed | rx-speed}
Purpose
Specifies the transmit and receive speeds to be included in the IEFT standard, Layer 2 Tunneling Protocol (L2TP) Rx Connect Speed attribute-value pair (AVP) #24 and Tx Connect Speed AVP #38 for any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) that references this ATM profile.
Command Mode
Syntax Description
tx-speed tx-kbps Transmit speed, in kbps, to be included in L2TP AVP #38; the range of values is 1 to 4,294,967,296. rx-speed rx-kbps Receive speed, in kbps, to be included in L2TP AVP #24; the range of values is 1 to 4,294,967,296.
Default
The RxConnect Speed is the port speed. The TxConnect Speed depends on the ATM traffic class specified for the profile; see Table 6-21.
Usage Guidelines
Use the report command to specify the receive and transmit speeds to be included in the IEFT standard L2TP Rx Connect Speed AVP #24 and Tx Connect Speed AVP #38 for any ATM PVC that references this ATM profile. Use the no or default form of this command to report default values in L2TP AVPs #24 and #38. Table 6-21 lists the default values for the TxConnect speed; for all traffic classes except UBR, the reported default value is the value of the specified argument in the shaping command (in ATM profile configuration mode). Table 6-21 Default Values for TxConnect Speed
ATM Traffic Class CBR UBR UBR pcr UBRe VBR-nrt VBR-rt Default TxConnect Speed Reported Value of the rate argument Port speed Value of the pcr argument Value of the pcr argument Value of the scr argument Value of the scr argument
6-88
Examples
The following example specifies the receive and transmit speeds as 2400 kbps in an ATM profile, low_rate:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#shaping vbr-nrt pcr 2500 cdvt 20 scr 2400 bt 10 [local]Redback(config-atm-profile)#report tx-speed 2500 [local]Redback(config-atm-profile)#report rx-speed 2500
Related Commands
shaping
6-89
shaping
shaping {cbr rate rate cdvt cdvt | ubr [pcr pcr | weight weight] | ubre mcr mcr pcr pcr bt bt | vbr-nrt pcr pcr cdvt cdvt scr scr bt bt | vbr-rt pcr pcr cdvt cdvt scr scr bt bt} default shaping
Purpose
Specifies the corresponding traffic class to use for any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) or shaped virtual path (VP) that references this profile.
Command Mode
Syntax Description
cbr rate rate cdvt cdvt Specifies traffic class based on a constant bit rate (CBR). Traffic bit rate in kbps. The range of values is 64 to 599,040. Cell delay variation tolerance (CDVT), defined as the maximum cell delay (in microseconds) between the expected arrival time and the actual arrival time. It controls how much cell clustering is allowed. The range of values is 1 to 10,000. Configures traffic class based on an unspecified bit rate (UBR). Optional. Peak cell rate (PCR); the upper limit on traffic (in kbps), that can be applied to an ATM connection. The range of values is 65 to 599,040, but it must be greater than the value specified for MCR, if specified. Optional for the UBR traffic class; required for the UBRe traffic class. Optional. Weight, in number of ATM cells, to assign to any shaped VP or PVC; applicable only to VPs and PVCs on ATM DS-3 and second-generation ATM OC cards (in VC fairness mode). This option is ignore otherwise. The range of values is 1 to 32,000 cells; the default value is 4 cells. Configures traffic class based on an unspecified bit rate extended (UBRe) that guarantees the specified MCR and allows bursts up to the specified PCR. Minimum cell rate (MCR); specifies lower limit on traffic (in kbps), that can be applied to an ATM connection. The range of values is 64 to 599,039, but it must be less than the value specified for PCR. Burst tolerance (BT); specifies the number of microseconds that traffic can be transmitted at the peak cell rate. The range of values is 1 to 10,000. Configures traffic class based on variable bit rate-nonrealtime (VBR-nrt). Sustained cell rate (SCR); specifies the rate (in kbps) that should be maintained during transmission of cells across a particular ATM connection. The range of values is 64 to 599,040. Configures traffic class based on variable bit rate-realtime (VBR-rt).
ubr pcr pcr
weight weight
ubre mcr mcr
bt bt vbr-nrt scr scr
vbr-rt
6-90
Default
Shaping is UBR with the maximum line rate.
Usage Guidelines
Use the shaping command to specify the corresponding traffic class to use for any ATM PVC or VP that references this profile. The following traffic classes are supported: Constant bit rate (CBR)CBR supports realtime applications that are sensitive to delay variations; for example, voice and video. Unspecified bit rate (UBR)UBR is the simplest type of traffic class. It provides no specific quality of service or guaranteed throughput. UBR mode is typically used to carry LAN and WAN traffic. You can optionally allow bursts of traffic up to a specified peak cell rate (PCR); PCR is the maximum rate at which traffic can be sent, measured in kbps. If PCR is not specified, the default value is the line rate. Unspecified bit rate-extended (UBRe)UBRe distributes otherwise unused bandwidth across designated connections. If there is sufficient traffic it guarantees the specified minimum cell rate (MCR) and allows bursts up to the PCR. Note UBRe is available only for ATM PVCs configured on ports on second-generation ATM OC and ATM DS-3 cards. It is not available for shaped VPs or PVCs on these cards under either of the following conditions: The VP or PVC has a QoS ATMWFQ policy attached. The PVC is configured on a shaped VP and the card has the ATM priority segmentation and reassembly (SAR) image loaded.
Variable bit rate nonrealtime (VBR-nrt)VBR-nrt supports applications that have variable rate, bursty traffic characteristics. This traffic class is suitable for critical data applications. Variable bit rate realtime (VBR-rt)VBR-rt supports time-sensitive applications that also require constrained delay and delay variation; for example, compressed audio.
Note For more configuration guidelines for ATM profiles, VPs, and PVCs with regard to traffic classes, see the ATM Configuration Guidelines section. Successive shaping commands replace the previous shaping configuration for the profile. Performance restrictions include: The following bandwidth restrictions apply to ports on the first-generation ATM OC cards: For individual PVCs, the maximum supported transmit rate is 50% of the usable bandwidth. The only exceptions are CBR- and UBR-shaped PVCs that can be established at 100% of the usable bandwidth; transmit rates between 50% and 100% of the usable bandwidth are not supported. Transmit rates greater than 50% of the usable bandwidth are not supported for a shaped VP.
6-91
The PVCs shaped with VBR-rt or VBR-nrt can experience performance limitations when other PVCs on on the same port are configured with other traffic classes. To avoid these limitations, the following settings are recommended for both VBR traffic classes: When the sustainable cell rates (SCR) is less than 50% of line rate, set the peak cell rate (PCR) to 50% of the usable bandwidth and set the burst tolerance (BT) to a value greater than 20 microseconds. When SCR is set between 50% and 100% of the usable bandwidth, set the PCR to 100% of the usable bandwidth and the BT to a value greater than 20 microseconds. VBR shaping requires the ability to increase the cell rate during a specified period. This burst period is proportional to the difference between the specified values for the PCR and SCR. Setting the values to be equal implies that no burst period is allowed. In most cases, the PCR should exceed the SCR value by a minimum of 20% of the usable bandwidth. When the PCR and SCR values are equal, the SARC switches to an enhanced VBR shaping algorithm. This algorithm provides shaping behavior similar to CBR, and the system does not display an error message. Note No burst period is allowed when the values for the PCR and SCR are equal; in this case, the BT has no effect on VBR shaping behavior.
The aggregated transmit rates for all ATM PVCs on a port must be less than its usable bandwidth or its oversubscribed bandwidth, whichever is larger. You can oversubscribe the bandwidth of an ATM port using the over-subscription-rate command (in ATM OC or ATM DS-3 configuration mode). Note The usable bandwidth (the effective speed for user traffic) of a port displays by the show port detail command (in any mode). Use the default form of this command to specify the default shaping.
Examples
The following example specifies the vbr-nrt traffic class for an ATM profile with a PCR of 2500 kbps; a CDVT of 20 ms; an SCR of 2400 kbps; and a BT of 10 ms:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#shaping vbr-nrt pcr 2500 cdvt 20 scr 2400 bt 10
Related Commands
atm pvc
6-92
shutdown
Purpose
Disables the specified link group or Asynchronous Transfer Mode (ATM), Frame Relay, or 802.1Q permanent virtual circuit (PVC).
Command Mode
ATM PVC configuration dot1q PVC configuration Frame Relay PVC configuration link group configuration link PVC configuration
Syntax Description
Default
All PVCs are enabled.
Usage Guidelines
Use the shutdown command to disable the specified link group or ATM, Frame Relay, or 802.1Q PVC. No data is transmitted or received when a PVC or link group is shut down. Use the no form of this command to enable an ATM PVC, Frame Relay PVC, 802.1Q PVC, or link group. Note You must also enable the port, channel, or both port and channel, on which circuits are configured for the circuits to function. This command is also described in the following chapters: Chapter 3, ATM, Ethernet, and POS Port Configuration, for ATM OC, ATM DS-3, Ethernet, and Packet over SONET/SDH (POS) ports. Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized OC-12 and STM-1 ports, DS-3 and E1 channels and ports, E3 ports, DS-1 channels, and DS-0 channel groups. Chapter 11, Cross-Connection Configuration, for cross-connected circuits. Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnel circuits.
6-93
Examples
The following example configures DS-3 channel 1 on port 1 of a channelized OC-12 card in slot 3:
[local]Redback(config)# [local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#encapsulation frame-relay [local]Redback(config-port)#frame-relay pvc 16 profile frame20 [local]Redback(config-fr-pvc)#no shutdown
Related Commands
atm pvc dot1q pvc frame-relay pvc
6-94
Chapter 7
CLIPS Configuration
This chapter describes the tasks and commands used to configure SmartEdge OS clientless IP service selection (CLIPS) features. For information about the tasks and commands used to monitor, troubleshoot, and administer CLIPS features, see the Circuit Configuration chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. This chapter contains the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
With CLIPS, you can preconfigure the local configuration or the database on a Remote Authentication Dial-In User Service (RADIUS) server to contain the medium access control (MAC) address and corresponding ISP or context name for a subscribers PC. When the a subscriber is authenticated, a virtual circuit is created for each medium access control (MAC) address so that multiple sessions are possible from a single customer site. The SmartEdge OS supports two types of CLIPS circuitsstatic and dynamic; both types of circuits allow incoming packets on an clear-channel source, such as an Ethernet port, an 802.1Q permanent virtual circuit (PVC), or an Asynchronous Transfer Mode (ATM) PVC, to be treated as if they came from a channelized source. By channelizing the port or PVC, packets from an individual subscriber are treated as if they are on a virtual subscriber circuit, which can be bound to an interface in a specific context. The system treats this virtual subscriber circuit as it would any other circuit; for example, you can attach a quality of service (QoS) policy, an access control list (ACL), or an HTTP redirect policy to it.
CLIPS Configuration
7-1
Configuration Tasks
Another advantage to using CLIPS is that there is no need for client software, other than Dynamic Host Configuration Protocol (DHCP) client software to support dynamic CLIPS sessions on the subscribers PC. CLIPS is extensible and can be used as more complex configurations are required for new services. A sample of current applications includes aggregated cable modem, digital subscriber line (DSL), wireless, and Ethernet-to-the-home environments. You configure a static CLIPS circuit on a physical circuit and bind it to a specific interface. The static CLIPS circuit uses the IP address that you specify in the subscriber record. The SmartEdge OS creates a dynamic CLIPS circuit on a port or PVC that you have configured for dynamic CLIPS service when a subscriber initiates a session. At that time, the Dynamic Host Configuration Protocol (DHCP) assigns the IP address for the session. (You must configure a DHCP server in the same context for which the subscriber is authenticated.) You can create groups of ports and PVCs on which dynamic CLIPS circuits will be created. These CLIPS groups provide port and PVC redundancy for the subscriber sessions initiated on those ports and PVCs. If a port or PVC that is a member of a CLIPS group becomes inoperable, traffic on its dynamic CLIPS circuits is not disrupted, but is moved to another port or PVC that is a member of the group. Members of CLIPS groups can include Ethernet or Gigabit Ethernet ports, or 802.1Q PVCs configured on those ports. CLIPS exclusion allows you to configure a port or PVC to support both dynamic CLIPS sessions and DHCP sessions. With CLIPS exclusion, you can specify which sessions are DHCP hosts; all other sessions are dynamic CLIPS sessions. You must configure a DHCP internal or relay server in each context in which a CLIPS subscriber is bound.
Configuration Tasks
To configure CLIPS circuits, perform the tasks described in the following sections: Configuring CLIPS Static Circuits Configuring Dynamic CLIPS Circuits Configuring a CLIPS Group Configuring CLIPS Exclusion
Note To configure any CLIPS circuit, you must have enabled the software license for active subscribers; CLIPS dynamic circuits also require a license for dynamic services. For more information about enabling software licenses, see the Basic System Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section.
7-2
Configuration Tasks
Configuring CLIPS Static Circuits

To configure one or more CLIPS static circuits on an Ethernet port, 802.1Q PVC, or ATM PVC, perform the tasks described in Table 7-1. Enter all commands in CLIPS PVC configuration mode, unless otherwise noted. Table 7-1
# 1. 2. Task Enable the CLIPS feature for static CLIPS PVCs. Create one or more CLIPS static circuits on an Ethernet port, 802.1Q PVC, or ATM PVC, and access CLIPS PVC configuration mode. Create a static binding, using one of the following commands: A single CLIPS PVC. A range of CLIPS PVCs. 4. Disable a CLIPS PVC (stop operations on it) until you are ready to begin operations on it. bind subscriber bind auto-subscriber shutdown
Configure CLIPS Static Circuits

Root Command service clips clips pvc Notes Enter this command in port, dot1q PVC, or ATM PVC configuration mode. Enter this command in port, dot1q PVC, or ATM PVC configuration mode. CLIPS PVCs are not supported by ATM or 802.1Q PVCs. . Enter this command in CLIPS PVC configuration mode Enter this command in CLIPS PVC configuration mode By default, all circuits are enabled (operational).
3.
Configuring Dynamic CLIPS Circuits

To configure dynamic CLIPS circuits, perform the tasks described in Table 7-2. For information about the DHCP commands, and the Redback vendor-specific attributes (VSAs), see the DHCP Configuration chapter and the RADIUS Attributes appendix, respectively, in the IP Services and Security Configuration Guide for the SmartEdge OS. Table 7-2
# 1. 2. Task Configure the IP address of a reachable DHCP server. Configure one or more DHCP proxy interfaces in the context in which the subscriber circuit is to be bound. Configure hosts to use DHCP to dynamically acquire address information for a subscribers circuit and to set the maximum number of IP addresses that can be assigned to hosts associated with the circuit.
Configure Dynamic CLIPS Circuits

Root Command dhcp relay server dhcp proxy Notes Enter this command in context configuration mode. Enter this command in interface configuration mode.
3.
dhcp max-addrs
Enter this command in subscriber configuration mode. The subscriber record or profile must have no IP address configured; enter 1 as the value for the max-num argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. Use the Redback vendor-specific attributes (VSAs) VSA 3, DHCP-Max-Leases attribute.
CLIPS Configuration
7-3
Configuration Tasks
Table 7-2
# 4. Task
Configure Dynamic CLIPS Circuits (continued)

Root Command password Notes Enter this command in subscriber configuration mode. Enter Redback as the value for the passwd argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. By default, the SmartEdge OS authenticates subscribers through the local configuration.
Configure the subscriber password.
5.
Enable CLIPS service.
service clips
Enter this command in ATM PVC, dot1q PVC, or port configuration mode. Enter the dhcp keyword.
Configuring a CLIPS Group

To configure a CLIPS group and assign a port or 802.1Q PVC to it, perform the tasks described in Table 7-3. Note CLIPS groups are available only for Ethernet and Gigabit Ethernet ports and 802.1Q PVCs that are configured on them. Table 7-3
# 1. 2. Task Configure the IP address of a reachable DHCP server. Configure one or more DHCP proxy interfaces in the context in which the subscriber circuit is to be bound. Configure hosts to use DHCP to dynamically acquire address information for a subscribers circuit and to set the maximum number of IP addresses that can be assigned to hosts associated with the circuit. Configure the subscriber password.
Configure a CLIPS Group

3.
dhcp max-addrs
Enter this command in subscriber configuration mode. The subscriber record or profile must have no IP address configured; enter 1 as the value for the max-num argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. Use Redback VSA 3, DHCP-Max-Leases attribute.
4.
password
Enter this command in subscriber configuration mode. Enter Redback as the value for the passwd argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. By default, the SmartEdge OS authenticates subscribers through the local configuration.
5. 6.
Create the CLIPS group. Assign a port or 802.1Q PVC to the CLIPS group.
clips-group service clips-group
Enter this command in global configuration mode. Enter this command in port or dot1q PVC configuration mode for each port and PVC to be assigned to the group.
7-4
Configuring CLIPS Exclusion

To configure CLIPS exclusion for a port or PVC, perform the tasks described in Table 7-4. Note CLIPS exclusion is available only for ports and PVCs that are configured for dynamic CLIPS service; you must configure the external DHCP relay or internal DHCP server and subscribers in the same context for which you configure the subscribers, as described in Table 7-4. Table 7-4
# 1. 2. Task Configure the IP address of a reachable DHCP server. Configure one or more DHCP proxy interfaces in the context in which the subscriber circuit is to be bound. Configure hosts to use DHCP to dynamically acquire address information for a subscribers circuit and to set the maximum number of IP addresses that can be assigned to hosts associated with the circuit. Configure the subscriber password.
Configure CLIPS Exclusion

3.
dhcp max-addrs
Enter this command in subscriber configuration mode. The subscriber record or profile must have no IP address configured; enter 1 as the value for the max-num argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. Use the Redback VSA 3, DHCP-Max-Leases attribute.
4.
password
Enter this command in subscriber configuration mode. Enter Redback as the value for the passwd argument. You can configure this information in the subscriber record with the RADIUS database instead of with this command. By default, the SmartEdge OS authenticates subscribers through the local configuration.
5.
Enable CLIPS service.
service clips
Enter this command in ATM PVC, dot1q PVC, or port configuration mode. Enter the dhcp keyword.
6.
Specify an exclusion condition for DHCP hosts on an ATM PVC, dot1q PVC, or Ethernet port.
service clips-exclude
Enter this command in ATM PVC, dot1q PVC, or port configuration mode.
This following sections provide CLIPS configuration examples: Static CLIPS Circuit for a Single PVC Static CLIPS for a Range of PVCs Static CLIPS Circuits Using an IP Address Pool Dynamic CLIPS Circuits Using Local Authentication Dynamic CLIPS Using Global RADIUS Authentication CLIPS Group CLIPS Exclusion
CLIPS Configuration
7-5
Static CLIPS Circuit for a Single PVC

The following example configures a CLIPS static circuit on a single PVC:
[local]Redback(config)#service multiple-contexts [local]Redback(config)#context c1 [local]Redback(config-ctx)#interface i1 multibind [local]Redback(config-if)#ip address 10.1.1.254/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber name s1 [local]Redback(config-sub)#ip address 10.1.1.1 [local]Redback(config-ctx)#exit [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 [local]Redback(config-clips-pvc)#bind subscriber s1@c1
Static CLIPS for a Range of PVCs

The following example configures 10 static CLIPS circuits on an Ethernet port:
[local]Redback(config)#service multiple-contexts [local]Redback(config)#context c1 [local]Redback(config-ctx)#interface i1 multibind [local]Redback(config-if)#ip address 10.1.1.254/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber name s1 [local]Redback(config-if)#ip address 10.1.1.1 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber name s2 [local]Redback(config-sub)#ip address 10.1.1.2 [local]Redback(config)#subscriber name s3 [local]Redback(config-sub)#ip address 10.1.1.3 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s4 [local]Redback(config-sub)#ip address 10.1.1.4 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s5 [local]Redback(config-sub)#ip address 10.1.1.5 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s6 [local]Redback(config-sub)#ip address 10.1.1.6 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s7 [local]Redback(config-sub)#ip address 10.1.1.7 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s8 [local]Redback(config-sub)#ip address 10.1.1.8 [local]Redback(config-sub)#exit
7-6
Configuration Examples [local]Redback(config-ctx)#subscriber name s9 [local]Redback(config-sub)#ip address 10.1.1.9 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name s10 [local]Redback(config-sub)#ip address 10.1.1.10 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 10 [local]Redback(config-pvc-clips)#bind auto-subscriber s c1
Static CLIPS Circuits Using an IP Address Pool

The following example automatically configures static CLIPS circuits for subscribers 1 through 253 on an Ethernet port, and assigns each subscriber an IP address from the IP pool, pool1:
[local]Redback(config)#context BASIC [local]Redback(config-ctx)#interface ingress [local]Redback(config-if)#ip address 200.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface pool1 multibind [local]Redback(config-if)#ip address 20.1.1.253/24 [local]Redback(config-if)#ip pool 20.1.1.0/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#ip address pool name pool1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit [local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface ingress BASIC [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 253 [local]Redback(config-pvc-clips)#bind auto-subscriber subscriber BASIC
Dynamic CLIPS Circuits Using Local Authentication

The following example configures dynamic CLIPS circuits on an ATM PVC and an Ethernet port using local authentication and an external DHCP proxy server:
!Configure the system for an external DHCP server [local]Redback(config)#service multiple-contexts [local]Redback(config)#context c1 [local]Redback(config-ctx)#dhcp relay server 10.2.1.1 [local]Redback(config-dhcp-relay)#exit
CLIPS Configuration
7-7
Configuration Examples !Configure an interface for a DHCP proxy server [local]Redback(config-ctx)#interface i1 multibind [local]Redback(config-if)#ip address 10.1.255.254/16 [local]Redback(config-if)#dhcp proxy 65535 [local]Redback(config-if)#exit !Configure an interface for ports and PVCs with dynamic CLIPS circuits using the DHCP proxy server [local]Redback(config-ctx)#interface dhcp-server [local]Redback(config-if)#ip address 10.2.1.2/24 [local]Redback(config-if)#exit !Configure the subscriber default profile for the DHCP proxy server [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name 02:dd:00:00:00:01 [local]Redback(config-sub)#password Redback [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit !Configure an ATM profile for an ATM PVC for dynamic CLIPS circuits in context c1 [local]Redback(config)#atm profile a1 [local]Redback(config-atm-profile)#shaping ubr [local]Redback(config-atm-profile)#exit [local]Redback(config)#card atm-oc3-4-port 1 [local]Redback(config-card)#exit [local]Redback(config)#port atm 1/1 [local]Redback(config-atm-oc)#no shutdown [local]Redback(config-atm-oc)#atm pvc 0 32 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind interface dhcp-server c1 [local]Redback(config-atm-pvc)#service clips dhcp context c1 [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit !Configure an Ethernet port for dynamic CLIPS circuits in context c1 [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#service clips dhcp context c1 [local]Redback(config-port)#bind interface dhcp-server c1
Dynamic CLIPS Using Global RADIUS Authentication

The following example configures dynamic CLIPS circuits on an Ethernet port, using global RADIUS authentication and an external DHCP proxy server:
!Configure global RADIUS authentication [local]Redback(config)#aaa global authentication subscriber radius context local [local]Redback(config)#service multiple-contexts [local]Redback(config)#context local !Configure the RADIUS server [local]Redback(config-ctx)#radius server 10.0.154.2 key Redback
7-8
Configuration Examples !Configure an interface for circuits without dynamic CLIPS [local]Redback(config-ctx)#interface i2 [local]Redback(config-if)#ip address 10.0.154.7/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#exit !Configure RADIUS authentication for a context and an external DHCP server [local]Redback(config)#context c1 [local]Redback(config-ctx)#aaa authentication subscriber radius global [local]Redback(config-ctx)#dhcp relay server 10.2.1.1 !Configure an interface for the DHCP proxy server [local]Redback(config-ctx)#interface i1 multibind [local]Redback(config-if)#ip address 10.1.255.254/16 [local]Redback(config-if)#dhcp proxy 65535 [local]Redback(config-if)#exit !Configure an interface for the ports and PVCs with dynamic CLIPS circuits [local]Redback(config-ctx)#interface dhcp-server [local]Redback(config-if)#ip address 10.2.1.2/24 [local]Redback(config-if)#exit !Configure the subscriber default profile for the DHCP proxy server [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit !Configure two Ethernet ports for dynamic CLIPS service, using the DHCP proxy server [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#service clips dhcp context c1 [local]Redback(config-port)#bind interface dhcp-server c1 [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#service clips dhcp context c1 [local]Redback(config-port)#bind interface dhcp-server c1 [local]Redback(config-port)#exit !Configure an Ethernet port that does not enable dynamic CLIPS service [local]Redback(config)#port ethernet 9/12 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface i2 local
CLIPS Group
The following example configures a CLIPS group and assign three Ethernet ports:
[local]Redback(config)#service multiple-contexts !Configure an empty CLIPS group for the c2 context [local]Redback(config)#clips-group dclips dhcp context c2 !Configure an external DHCP server [local]Redback(config)#context c2 [local]Redback(config-ctx)#dhcp relay server 10.2.1.3
CLIPS Configuration
7-9
Configuration Examples !Configure an interface for the DHCP proxy server [local]Redback(config-ctx)#interface i2 multibind [local]Redback(config-if)#ip address 10.1.255.254/16 [local]Redback(config-if)#dhcp proxy 65535 [local]Redback(config-if)#exit !Configure an interface for the ports with dynamic CLIPS circuits [local]Redback(config-ctx)#interface dhcp-server [local]Redback(config-if)#ip address 10.2.1.3/24 [local]Redback(config-if)#exit !Configure the subscriber default profile for the DHCP proxy server [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit !Configure three Ethernet ports for dynamic CLIPS service, using the DHCP proxy server !Assign each port to the CLIPS group [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#service clips-group dclips [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 4/2 [local]Redback(config-port)#service clips-group dclips [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 4/3 [local]Redback(config-port)#service clips-group dclips [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit
CLIPS Exclusion
The following example specifies exclusion conditions for a CLIPS group of Ethernet ports:
[local]Redback(config)#service multiple-contexts !Configure an empty CLIPS group for the c2 context [local]Redback(config)#clips-group dclips dhcp context c2 !Configure an external DHCP server [local]Redback(config)#context c2 [local]Redback(config-ctx)#dhcp relay server 10.2.1.3 !Configure an interface for the DHCP proxy server [local]Redback(config-ctx)#interface i2 multibind [local]Redback(config-if)#ip address 10.1.255.254/16 [local]Redback(config-if)#dhcp proxy 65535 [local]Redback(config-if)#exit
7-10
Command Descriptions !Configure an interface for the ports with dynamic CLIPS circuits [local]Redback(config-ctx)#interface dhcp-server [local]Redback(config-if)#ip address 10.2.1.3/24 [local]Redback(config-if)#exit !Configure the subscriber default profile for the DHCP proxy server [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit !Configure three Ethernet ports, assign to the CLIPS group, and exclude the DHCP host [local]Redback(config)#card ether-12-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#service clips dhcp context c2 [local]Redback(config-port)#clips exclude vendor-class-id 0xAABP2798 [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 4/2 [local]Redback(config-port)#service clips-group dclips [local]Redback(config-port)#clips exclude vendor-class-id 0xAABP2798 [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 4/3 [local]Redback(config-port)#service clips-group dclips [local]Redback(config-port)#clips exclude vendor-class-id 0xAABP2798 [local]Redback(config-port)#bind interface dhcp-server c2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#exit
This section describes the syntax and usage guidelines for the commands used to configure CLIPS. The commands are presented in alphabetical order. clips-group clips pvc service clips service clips-exclude service clips-group
CLIPS Configuration
7-11
clips-group
clips-group group-name dhcp [maximum max-num] [context ctx-name] no clips-group group-name
Purpose
Creates an empty group to which you can assign redundant ports and permanent virtual circuits (PVCs) on which will be created dynamic clientless IP service selection (CLIPS) circuits.
Command Mode
Syntax Description
group-name dhcp maximum max-num context ctx-name Name for a group of ports and PVCs on which dynamic CLIPS circuits will be created. Specifies that the Dynamic Host Configuration Protocol (DHCP) will be used for a group of ports and PVCs on which dynamic CLIPS circuits will be created. Optional. Maximum number of CLIPS sessions allowed on this group. The range of values is 1 to 16,000; the default value is 16,000. Optional. Name of the context in which the subscriber is authenticated.
Default
No CLIPS groups are created.
Usage Guidelines
Use the clips-group command to create an empty group to which you can assign redundant ports and PVCs on which will be created dynamic CLIPS circuits. CLIPS groups are available only for Ethernet and Gigabit Ethernet ports and the 802.1Q PVCs configured on them. Note The SmartEdge OS associates the CLIPS group with the slot of the first port or PVC that you assign to the group. To change the slot, you must delete the group, re-create it, and then assign to it as the first member, a port or PVC that you have configured on the card in the new slot. Use the no form of this command to delete the CLIPS group.
Examples
The following example creates the dynamic-clips group for the dhccp context:
[local]Redback(config)#clips-group dynamic-clips dhcp context dhccp
7-12
Related Commands
clips pvc service clips service clips-group
CLIPS Configuration
7-13
clips pvc
clips pvc start-ses-num [through end-ses-num] no clips pvc start-ses-num [through end-ses-num]
Purpose
Creates a static circuit or a range of clientless IP service selection (CLIPS) static circuits on an Ethernet port, a static 802.1Q permanent virtual circuit (PVC) on an Ethernet port, or an Asynchronous Transfer Mode (ATM) PVC, and enters CLIPS PVC configuration mode.
Command Mode
ATM PVC configuration dot1q PVC configuration port configuration
Syntax Description
start-ses-num through end-ses-num Numeric session ID or first numeric session ID in a range of IDs for the static circuits being created; the range of values is 1 to 131,072. Optional. Final numeric session ID in a range of IDs for the static circuits being created; the range of values is 2 to 131,072.
Default
No static circuits are created.
Usage Guidelines
Use the clips pvc command to create a static circuit or a range of static circuits on an Ethernet port, an 802.1Q PVC on an Ethernet port, or an ATM PVC, and enter CLIPS PVC configuration mode. You must first enter the service clips command in ATM PVC, dot1q PVC, or port configuration mode for this command to be available. You must have encapsulated the ATM PVC with RFC 1483 bridged encapsulation (bridge1483 keyword) for this command to be available in ATM PVC configuration mode. You cannot create static CLIPS PVCs on on-demand ATM or 802.1Q PVCs. You can specify any type of encapsulation for an 802.1Q PVC or Ethernet port, but if you encapsulate the PVC using the multi keyword, you cannot create a CLIPS PVC on a child circuit on the PVC. If you create a range of static circuits, the session ID for each circuit is appended to the prefix1 argument in the bind auto-subscriber command (in CLIPS PVC configuration mode). You can create up to 8,000 static circuits on an Ethernet port, an 802.1Q PVC on an Ethernet port, or an ATM PVC. Use the no form of this command to delete an existing static circuit or range of static circuits.
7-14
Examples
The following example creates 10 circuits with session numbers 1 to 10 on port 1 of an Ethernet card in slot 4:
[local]Redback(config)#port ether 4/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 10 [local]Redback(config-clips-pvc)#
Related Commands
bind auto-subscriberCLIPS PVC configuration mode bind subscriberCLIPS PVC configuration mode service clips
CLIPS Configuration
7-15
service clips
service clips [dhcp [maximum max-num] [context ctx-name]] no service clips
Purpose
Enables either static or dynamic clientless IP service selection (CLIPS) on an Ethernet port, an 802.1Q permanent virtual circuit (PVC) on an Ethernet port, or an Asynchronous Transfer Mode (ATM) PVC.
Command Mode
Syntax Description
dhcp maximum max-num context ctx-name Optional. Enables dynamic CLIPS service through the Dynamic Host Configuration Protocol (DHCP). Optional. Maximum number of CLIPS sessions allowed on this circuit. The range of values is 1 to 16,000; the default value is 16,000. Optional. Name of the context in which the subscriber is authenticated.
Default
CLIPS is disabled.
Usage Guidelines
Use the service clips command to enable static or dynamic CLIPS on an Ethernet port, an 802.1Q PVC on an Ethernet port, or an ATM PVC. To configure static CLIPS service, enter the service clips command without the dhcp keyword. Specify the dhcp keyword only to configure dynamic CLIPS service. For static CLIPS circuits, you must also configure one or more CLIPS PVCs using the clips pvc command (in port configuration mode); see the clips pvc command description. To use the context ctx-name construct, you must configure the IP address of a reachable Remote Authentication Dial-In User Service (RADIUS) server and enable subscriber authentication in the context in which the subscriber circuit is to be bound. Use the radius server and aaa authentication subscriber commands (in context configuration mode), respectively. If the subscriber record is stored on a RADIUS server and you do not enter the context ctx-name construct, the system authenticates the subscriber in the context defined with the aaa last-resort command (in context configuration mode). You can enable CLIPS service on this circuit, or you can assign this circuit to a CLIPS group, using the service clips-group command (in dot1q PVC or port configuration mode), but you cannot do both. Use the no form of this command to disable CLIPS service.
7-16
Examples
The following example creates eight CLIPS static circuits with session numbers ranging from 1 to 8 on port 1 of the Ethernet card installed in slot 3, and then binds each circuit to an automatically generated subscriber name beginning with the string 10-1-1:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 8 [local]Redback(config-port)#bind auto-subscriber 10-1-1 local
The following example enables dynamic CLIPS on port 1 of the Ethernet card installed in slot 3:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#service clips dhcp
Related Commands
clips pvc
CLIPS Configuration
7-17
service clips-exclude
service clips-exclude vendor-class-id id [offset position] {no | default} service clips-exclude vendor-class-id id [offset position]
Purpose
Specifies a condition by which a Dynamic Host Configuration Protocol (DHCP) host can be excluded from clientless IP service selection (CLIPS) service on this port or permanent virtual circuit (PVC).
Command Mode
Syntax Description
vendor-class-id id Contents of the DHCP option 60 ID field that is to be excluded, in one of the following formats: Alphanumeric string, enclosed in quotation marks ( ); for example, ABCD1234 Alphanumeric string, not enclosed in quotation marks; for example, redback1 Hex numeric string, not enclosed in quotation marks and prefaced with 0x or 0X; for example, 0Xabcd1234 offset position Optional. Position of the starting octet to which the exclusion condition is to be matched, according to one of the following formats: +n or nStarting octet is the nth octet in the received ID. The matching operation is performed on the nth and succeeding octets for the length of the string specified by the vendor-class-id id construct. -nStarting octet is the last octet in the received ID minus the previous (n-1) octets. The matching operation is performed on the succeeding octets for the length of the string specified by the vendor-class-id id construct. The default value is 1 (the first octet).
Default
No DHCP received IDs are excluded.
Usage Guidelines
Use the service clips-exclude command to specify a condition by which a DHCP host can be excluded from CLIPS service on this port or PVC. Any host that matches the exclusion condition is ineligible for CLIPS service and is treated as a normal DHCP client.
7-18
Note You must first enable dynamic CLIPS service for this port or PVC using the service clips or service clips-group command (in ATM PVC, dot1q PVC, or port configuration mode). You must also configure an external proxy or internal DHCP server in the same context as that in which the host messages are received. The following guidelines apply to the formats for the id argument: When you surround a string with quotation marks, they are not part of the comparison. You must enclose a string with quotation marks if the string includes a space. A hex numeric string must have an even number of characters. Any string format, alphanumeric or hex numeric, supports both uppercase and lowercase characters.
Matching is performed on an octet basis. The match fails, if after the calculation of the starting position of the octets to be matched (using the offset position construct), there are fewer octets available for matching in the received ID than are specified by the vendor-class-id id construct. To specify multiple exclusion conditions, enter this command for each condition; a DHCP host is excluded if it matches any of the specified conditions. Use the no or default form of this command to remove an exclusion condition from the configuration for this port or PVC.
Examples
The following example configures an Ethernet port for CLIPS service and excludes DHCP hosts with an ID of BP29 and an offset of 3 octets. The matching operation is performed on the 3rd through the 6th octet. If the received ID is CCBP2945, the matching operation is successful.
[local]Redback(config)#port ethernet 14/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips exclude vendor-class-id BP29 offset 3
In the following example, the same matching operation is performed but with an offset of 3. In this case the matching operation starts at the 6th octet and the match always fails because the number of octets to be matched (4) is greater than the number of octets available to be matched.
[local]Redback(config)#port ethernet 14/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips exclude vendor-class-id BP29 offset -3
Related Commands
None
CLIPS Configuration
7-19
service clips-group
service clips-group group-name no service clips-group group-name
Purpose
Assigns a port or permanent virtual circuit (PVC) to the specified clientless IP service selection (CLIPS) group.
Command Mode
dot1q PVC configuration port configuration
Syntax Description
group-name Name for a CLIPS group of ports and PVCs on which dynamic CLIPS circuits will be created.
Default
No ports or PVCs are assigned to any CLIPS group.
Usage Guidelines
Use the service clips-group command to assign this port or PVC to the specified CLIPS group. You can assign any mix of ports and PVCs to a CLIPS group. When you assign the port or PVC to the CLIPS group, you enable the creation dynamic CLIPS service on that port or PVC. You must first create the CLIPS group, using the clips-group command (in global configuration mode), before you can assign a port or PVC to it. You cannot assign ports and PVCs that you have configured on different traffic cards to the same CLIPS group. You can enable dynamic CLIPS service on this circuit using the service clips command (in ATM PVC, dot1q PVC, or port configuration mode), or you can assign this port or PVC to a CLIPS group, but you cannot do both. Use the no form of this command to remove the port or PVC from the specified CLIPS group. Note This command is available only for Ethernet and Gigabit Ethernet ports and the 802.1Q PVCs configured on them.
Examples
The following example assigns an 802.1Q PVC on an Ethernet port to the dynamic-clips group:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 3 [local]Redback(config-dot1q-pvc)#service clips-group dynamic-clips
7-20
Related Commands
clips-group service clips
CLIPS Configuration
7-21
7-22
Chapter 8
PPP and PPPoE Configuration
This chapter provides an overview of Point-to-Point Protocol (PPP) or PPP over Ethernet (PPPoE) on ports, channels, or circuits that have been configured with PPP or PPPoE encapsulation, describes the tasks used to configure PPP and PPPoE features, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer PPP and PPPoE features, see the Circuit Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related commands include: Configuration tasks and commands for Asynchronous Transfer Mode (ATM), Ethernet, and Packet over SONET/SDH (POS) ports, which support PPP or PPPoE encapsulation, are described in Chapter 3, ATM, Ethernet, and POS Port Configuration. Configuration tasks and commands for clear-channel and channelized ports and channels are described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration. Configuration tasks and commands for circuits that support PPP or PPPoE encapsulation are described in Chapter 6, Circuit Configuration. Configuration tasks and commands for child circuits that support PPPoE encapsulation are described in Chapter 11, Cross-Connection Configuration.
Note An 802.1Q permanent virtual circuit (PVC) is also referred to as an 802.1Q virtual LAN (VLAN), but within this chapter, it is the circuit that is being configured. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
8-1
Overview
Overview
This section provides an overview of the PPP and PPPoE support offered by the SmartEdge OS and includes the following sections: PPP-Encapsulated Circuits and Binding PPP Oversubscription Multilink PPP PPP Keepalive Checks PPPoE Features
PPP-Encapsulated Circuits and Binding

PPP and PPPoE features comply with the following RFCs: RFC 1332, The PPP Internet Protocol Control Protocol (IPCP) The current implementation does not support compression. RFC 1334, PPP Authentication Protocols RFC 1661, The Point-to-Point Protocol (PPP) RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses RFC 1990, The Multilink Protocol (MP) RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP) RFC 2364, PPP Over AAL5 RFC 2516, A Method for Transmitting PPP Over Ethernet, including the Extensions to a Method for Transmitting PPP over Ethernet (PPPoE) RFC 2615, PPP over SONET/SDH
The SmartEdge OS supports PPP on the following ports, channels, and circuits: POS ports Clear-channel DS-3 channels or ports Clear-channel E3 ports DS-1 channels on channelized DS-3 channels or ports Clear-channel E1 channels or ports DS-0 channel groups ATM PVCs on ATM OC and ATM DS-3 ports
On ATM PVCs, PPP encapsulation types include virtual circuit-multiplexed (VC-multiplexed), logical link control (LLC), Network Layer Protocol Identifier (NLPID), and serial (High-Level Data Link Control [HDLC]) encapsulations as described in RFC 2364.
8-2
Overview
PPP-encapsulated ATM PVCs, unlike RFC 1483-encapsulated ATM PVCs, can be dynamically bound to an interface; you can use the bind authentication command (in ATM PVC configuration mode) to dynamically bind a PPP-encapsulated ATM PVC to an interface on the basis of authentication. If you use the bind subscriber command (in ATM PVC configuration mode), the PPP-encapsulated PVC is brought up unauthenticated, meaning that no authentication data is received from the PPP remote peer. The subscriber name and password are then supplied through the command-line interface (CLI), similar to a PVC with RFC 1483 bridged- or routed-encapsulation. The bind authentication command allows you to specify the authentication protocol to be used in negotiating the PPP link. If you use the chap pap construct, for example, you indicate that both the Challenge Handshake Authentication Protocol (CHAP) and the Password Authentication Protocol (PAP) can be used, with CHAP negotiated first. CHAP uses a challenge and response protocol to provide authentication without sending clear text passwords over the network. Other authentication protocol options are available. See the description of the bind authentication command in Chapter 15, Bindings Configuration, for a complete description of all options. If you are using remote authentication using the Remote Authentication Dial-In User Service (RADIUS), the local subscriber records are replaced by the corresponding subscriber records in the RADIUS database. If you are using the CHAP, PAP, or both authentication protocols, the response from the RADIUS server (in attribute 18) is forwarded to the PPP client with the reason for the acceptance or rejection of the subscriber. Another binding option is to use the bind authentication command with the optional context ctx-name construct to create a restricted dynamic binding of a PPP-encapsulated PVC to a specific context; this binding method denies the subscriber the ability to dynamically select a context (service). An IP address is required. This IP address is assigned to the remote end of the PPP link, and there must be an interface with an IP address or network mask range that includes the IP address assigned to a subscriber during the IP Control Protocol (IPCP) phase of PPP (or that includes the IP address that has been directly configured for the subscriber). RADIUS servers must return an IP address for the subscriber that falls within the range of the interface that is configured in the appropriate context. If the authentication procedure is successful, the PPP link is established and the circuit is implicitly bound to the interface with a network address mask that includes the address of the remote PPP endpoint. If no such interface exists, then the bind command fails. Note When a second PPP session attempts to authenticate using an IP address that is already in use by an established session, the established session is terminated, and the second session is allowed to complete authentication. If the remote PPP device is a router (or the remote segment of any other encapsulation type contains a router), it might be necessary to configure one or more static routes whenever the link is brought up. This is accomplished by one or more Routing Information Protocol (RIP) configuration commands in the subscriber record.
8-3
Overview
PPP Oversubscription
Ordinarily, any bind authentication command causes the subscribers session to be counted toward the maximum number of PPP structures allocated (which depends on your platform and configuration), whether or not the subscriber is active. The alternative is to configure the system to operate so that only active PPP sessions count toward the maximum number of structures allocated. The effect is that the number of bind authentications you can have is increased, beyond the number that could actually bind and come up (PPP oversubscription). Oversubscription does not affect the maximum number of subscribers that can be terminated in a particular context (established by the aaa max subscribers command in context configuration mode) or the hard limits allowed by the SmartEdge OS. You configure PPP oversubscription using ppp auto encapsulation in the atm pvc (or its atm pvc explicit form) command (in ATM OC or ATM DS-3 configuration mode). For a complete description of both forms, see Chapter 6 Circuit Configuration.
Multilink PPP
Multilink PPP (MP) is an extension to PPP that allows a peer to use more than one physical link for communication. When using more than one physical link to connect two peers, you need a mechanism to load balance the connection across the two (or more) links in the bundle. MP is used to fragment the datagrams and send them across the multiple links in the bundle in a way that achieves optimum use of the media. Both ends of the point-to-point links must be capable of supporting MP connections. The two ends configure the data link by swapping Link Control Protocol (LCP) packets during a link establishment phase. If MP is not successfully negotiated by the two ends of the link, MP is not enabled for the connection. MP is implemented on the SmartEdge router in two forms: MP using PPP-encapsulated DS-1 channels and E1 channels and ports. Using this form of MP, you create a static MP bundle and add specific DS-1 channels, E1 channels, or E1 ports to it. For more information about configuring this form of MP and the constituent channels or ports, see Chapter 9, Link Aggregation Configuration. MP using PPP-encapsulated ATM PVCs Using this form of MP, you do not create the MP bundles; instead, the SmartEdge OS creates them dynamically, using the endpoint discriminator sent by the peer during the LCP negotiation and the subscriber name to determine whether to create a new MP bundle or add the session to a current MP bundle. The configuration for this form of MP and the constituent ATM PVCs is described later in this chapter.
8-4
Overview
PPP Keepalive Checks

Keepalive checks are LCP echo messages sent over PPP sessions in the context to determine if sessions are still active (alive). Normally, when a PPP session is ending, the peer sends the SmartEdge OS an LCP termination request (TERMREQ) message to indicate that it is ending. Keepalive checks detect abnormal disconnects that the SmartEdge OS would not otherwise know about. In addition to facilitating accurate timing of accounting information, it is important to detect these abnormal terminations so that allocated system resources can be reallocated to new sessions. The keepalive checks feature can be used with or without a data check option. The data check option is recommended when it is preferred to limit the overhead for PPP keepalive processing. However, using the data check option to determine that a session is no longer active can take longer than using the PPP keepalive feature without the data check option, by a length of one check interval. This condition occurs because with the data check enabled, the check interval timer is reset as long as data has been received since the last successful keepalive check. If a session sends data and then abnormally terminates between keepalive checks, the SmartEdge OS has no indication that the session has terminated until the following check interval timer expires with no data being received. At that point, the SmartEdge OS begins sending LCP echo requests. Without a data check, the SmartEdge OS begins sending LCP echo requests, regardless of whether data has been received since the last check. Table 8-1 compares the two scenarios. In both cases, the following configuration applies: Table 8-1 Keepalive check interval is set to 60 seconds Response timer is set to 10 seconds Number of retries is set to 2
Time Elapsed Before an Abnormally Terminated Session Is Torn Down

PPP Keepalives with Data Check Enabled Seconds Elapsed Since Previous Step Cumulative Seconds Elapsed 0
PPP Keepalives Without Data Check Enabled Seconds Elapsed Since Previous Step Cumulative Seconds Elapsed 0
Step in the Process Successful keepalive checkcheck interval timer reset to zero Packets sent by the session Abnormal termination Check interval timer expires; LCP echo request sent
Step in the Process Successful keepalive checkcheck interval timer reset to zero Packets sent by the session Abnormal termination Check interval timer expires; data check indicates data has been received since the last successful keepalive check; check interval timer is reset Check interval timer expires; data check indicates no data has been received since the last successful keepalive check; LCP echo request sent Response timer expires; first retry LCP echo request sent
5 2 53
5 7 60
5 2 53
5 7 60
Response timer expires; first retry LCP echo request sent
10
70
60
120
Response timer expires; second retry LCP echo request sent
10
80
10
130
8-5
Overview
Table 8-1
Time Elapsed Before an Abnormally Terminated Session Is Torn Down (continued)

PPP Keepalives with Data Check Enabled Seconds Elapsed Since Previous Step 10 Cumulative Seconds Elapsed 140
PPP Keepalives Without Data Check Enabled Seconds Elapsed Since Previous Step 10 Cumulative Seconds Elapsed 90
Step in the Process Response timer expires; retry limit reached; session is torn down
Step in the Process Response timer expires; second retry LCP echo request sent Response timer expires; retry limit reached; session is torn down
10
150
Time elapsed between abnormal session termination and tear down
83
Time elapsed between abnormal session termination and tear down
143
PPPoE Features
The SmartEdge OS implementation of PPPoE supports the following features: PPPoE encapsulation on Ethernet ports and ATM and 802.1Q PVCs. Both IP over Ethernet (IPoE) and PPPoE encapsulation on the same ATM or 802.1Q PVC. You must specify the multi encapsulation for these circuits when creating the PVC. Policing and rate-limiting on a per-PPP-session basis. Ability to configure a maximum number of concurrent sessions allowed on a circuit. Multiple simultaneous PPPoE sessions arriving over the same circuit while being bound to different services (contexts). Ability to advertise a list of services (domains) to a client during the discovery protocol. Ability to send messages to subscribers, including messages of the minute (MOTMs). Ability to direct the subscribers browser to open at a specific, optionally customized URL.
The SmartEdge OS supports PPPoE encapsulation on the following ports, channels, and circuits: Ethernet ports ATM PVCs on ATM OC and ATM DS-3 ports 802.1Q PVCs on Ethernet ports Child circuits on ATM and 802.1Q PVCs
8-6
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. PPP and PPPoE configuration tasks are described in the following sections: Configuring PPP Configuring PPPoE
Configuring PPP
This section includes the following topics: Configure PPP Global Attributes Configure a PPP-Encapsulated Port Configure a PPP-Encapsulated Channel Configure a PPP-Encapsulated ATM PVC Configure MP on ATM PVCs Configure a Subscriber Record for PPP
Configure PPP Global Attributes

To configure PPP global attributes, perform one or more of the tasks described in Table 8-2. Table 8-2
# 1. Task
Configure PPP Global Attributes

Root Command Notes
Specify the range with which the SmartEdge OS negotiates LCP option values for the MRU: For the SmartEdge router end of PPP sessions. For the peer at the remote end of PPP sessions. ppp our-options mru ppp peer-options mru ppp pppoe-large-mru ppp keepalive ppp keepalive Enter this command in context configuration mode with the check-interval keyword. Enter this command in context configuration mode without the check-interval keyword. Enter these commands in global configuration mode.
2. 3. 4.
Enable MRU negotiation. Enable PPP keepalive checks. Specify timing attributes.
8-7
Configuration Tasks
Configure a PPP-Encapsulated Port

To configure a PPP-encapsulated port, perform the tasks described in Table 8-3. Table 8-3
# 1. Task Specify PPP encapsulation for the DS-3, E3, E1, or POS port.
Configure a PPP-Encapsulated Port

Root Command encapsulation Notes Enter this command in DS-3, E3, E1, or port configuration mode. Specify the encapsulation as ppp.
2.
Create a static binding to an interface.
bind interface
Configure a PPP-Encapsulated Channel

To configure a PPP-encapsulated channel, perform the tasks described in Table 8-4. Table 8-4
# 1. Task Specify PPP encapsulation for the DS-3, DS-1, E1 channel or DS-0 channel group.
Configure a PPP-Encapsulated Channel

Root Command encapsulation Notes Enter this command in DS-0, DS-1, DS-3, or E1 configuration mode. Specify the encapsulation as ppp.
2.
Create a static binding to an interface.
bind interface
Configure a PPP-Encapsulated ATM PVC

To configure a PPP-encapsulated ATM PVC, perform the tasks described in Table 8-5. Table 8-5
# 1. Task Create one or more PPP-encapsulated ATM PVCs and access ATM PVC configuration mode. Create a binding with one of the following tasks: Create a static binding for a single ATM PVC through a subscriber record to an interface. Create static bindings for a set of ATM PVCs through the subscriber records. Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind subscriber bind auto-subscriber bind authentication bind authentication You must specify the context to create a restricted dynamic binding. This type of binding is not supported for ATM PVCs in PPP multilink bundles. This type of binding is not supported for ATM PVCs in PPP multilink bundles.
Configure a PPP-Encapsulated ATM PVC

Root Command atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Specify the encapsulation as ppp.
2.
Note If you are configuring an ATM PVC that will be included in a PPP multilink bundle, you must ensure that it and all other PVCs in that bundle are identical in their configuration and are on ports on the same ATM traffic card.
8-8
Configuration Tasks
Configure MP on ATM PVCs

To configure MP using PPP-encapsulated ATM PVCs, perform the tasks described in Table 8-6. Enter all commands in global configuration mode. Table 8-6
# 1. 2. 3. Task Enable PPP multilink. Specify the endpoint discriminator. Configure one or more PPP-encapsulated ATM PVCs.
Configure MP on ATM PVCs

Root Command ppp multilink ppp our-options multilink See Table 8-5 for the commands to configure a PPP-encapsulated ATM PVC. Notes
Configure a Subscriber Record for PPP

To configure a circuit for PPP in the subscriber record, perform the tasks described in Table 8-7. Enter all commands in subscriber configuration mode. Table 8-7
# 1. 2. Task Set the MTU used by PPP for the subscriber circuit. For subscriber sessions on PPP multilink bundles, limit the number of sessions a subscriber can access simultaneously.
Configure a Subscriber Record for PPP

Root Command ppp mtu port-limit The maximum number of PPP multilink sessions (links) is 8. For more information about this command, see the Subscriber Configuration chapter of the Basic System Configuration Guide for the SmartEdge OS. Notes
For descriptions of the basic tasks needed to configure a subscriber record, see the Subscriber Configuration chapter in the Basic System Configuration Guide for SmartEdge OS.
Configuring PPPoE
This section includes the following topics: Configure PPPoE Global Attributes Configure a PPPoE-Encapsulated Ethernet Port Configure a PPPoE-Encapsulated ATM PVC Configure a PPPoE-Encapsulated 802.1Q PVC Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC Configure a Subscriber Record for PPPoE
8-9
Configuration Tasks
Configure PPPoE Global Attributes

To configure PPPoE global attributes, perform one or more of the tasks described in Table 8-8. Enter all commands in global configuration mode. Table 8-8
Task Configures an option inside PPPoE daemon that terminates the PPPoE session after a PPP session is terminated. Enable acceptance and advertisement of any service name tag that is included in a PADI or PADR message. Specify which domains in the SmartEdge OS are advertised to PPPoE clients. Replace the default AC-Name PPPoE tag value.
Configure PPPoE Global Attributes

Root Command pppoe always-send-padt Notes
pppoe service-name accept-all pppoe services pppoe tag
Configure a PPPoE-Encapsulated Ethernet Port

To configure an Ethernet port for PPPoE, perform the tasks described in Table 8-9. Enter all commands in port configuration mode, unless otherwise noted. Table 8-9
# 1. 2. Task Encapsulate the Ethernet port. Bind the port with one of the following tasks: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding.
Configure an PPPoE-Encapsulated Ethernet Port

Root Command encapsulation Notes Specify the encapsulation as pppoe.
Configure a PPPoE-Encapsulated ATM PVC

To configure a PPPoE-encapsulated ATM PVC, perform the tasks described in Table 8-10. Table 8-10 Configure a PPPoE-Encapsulated ATM PVC
# 1. Task Create one or more PPPoE-encapsulated ATM PVCs and access ATM PVC configuration mode. Root Command atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Use the on-demand keyword to configure a range of PVCs that are created only when needed. Specify the encapsulation as pppoe. 2. Bind the ATM PVC with one of the following tasks: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding.
8-10
Configuration Tasks
Configure a PPPoE-Encapsulated 802.1Q PVC

To configure a PPPoE-encapsulated 802.1Q PVC, perform the tasks described in Table 8-11. Table 8-11
# 1. Task Create a PPPoE-encapsulated 802.1Q PVC and access dot1q PVC configuration mode.
Configure a PPPoE-Encapsulated 802.1Q PVC

Root Command dot1q pvc Notes Enter this command in port configuration mode. Specify the encapsulation as pppoe.
2.
Bind the 802.1Q PVC with one of the following tasks: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding.
Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC

To configure a child circuit on an ATM PVC for PPPoE, perform the tasks described in Table 8-12. Table 8-12 Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC
# 1. Task Create one or more parent ATM PVCs and access ATM PVC configuration mode. Root Command atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify the encapsulation as multi. 2. 3. Create the PPPoE-encapsulated child circuit and access ATM child protocol configuration mode. Bind the child circuit with one of the following tasks: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding. circuit protocol Specify the encapsulation as pppoe.
Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC

To configure a child circuit on an 802.1Q PVC for PPPoE, perform the tasks described in Table 8-13. Table 8-13 Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC
# 1. Task Create the parent 802.1Q PVC and access dot1q PVC configuration mode. Create the PPPoE-encapsulated child circuit and access dot1q child protocol configuration mode. Bind the child circuit with one of the following tasks: Create an unrestricted dynamic binding. Create a restricted dynamic binding. bind authentication bind authentication You must specify the context to create a restricted dynamic binding. Root Command dot1q pvc Notes Enter this command in port configuration mode. Specify the encapsulation as multi. circuit protocol Specify the encapsulation as pppoe.
2. 3.
8-11
Configure a Subscriber Record for PPPoE

To configure a subscriber record for PPPoE, perform the tasks described in Table 8-14. Enter all commands in subscriber configuration mode. Table 8-14 Configure a Subscriber Record for PPPoE
# 1. Task Assign an IP address to a subscriber record or profile. Root Command ip address Notes For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Use the same password that is specified in the bind subscriber or bind auto-subscriber command. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2.
Specify a password in the subscriber record.
password
3.
Specify optional attributes in the subscriber record or profile: Configure routes for multiple PPPoE sessions. Create a PPPoE MOTM and enable the sending of it to subscribers. Point a subscribers PPPoE client browser to a specified URL. pppoe client route pppoe motm pppoe url
For descriptions of the basic tasks needed to configure a subscriber record, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
This section includes the following examples: PPP Examples PPPoE Examples
PPP Examples
This section contains the following PPP configuration examples: PPP Configuration with Dynamic Binding PPP Configuration with Restricted Dynamic Binding MP Configuration on ATM PVCs
8-12
PPP Configuration with Dynamic Binding

In Figure 8-1, the host on the left is configured to run PPP over ATM. The SmartEdge OS is configured to dynamically bind the user to an IP interface assumed to be previously configured with an IP address of 10.1.3.1 and a mask of 255.255.255.0. Figure 8-1 ATM-to-Ethernet Network (PPP)
The following example creates the ATM PVC, using an existing ATM profile, adsl, and indicates to the system that the PVC is to be bound using an authentication process:
[local]Redback(config)#port atm 3/1 [local]Redback(config-port)#atm pvc 100 300 profile adsl encapsulation ppp [local]Redback(config-pvc)#bind authentication chap pap
PPP Configuration with Restricted Dynamic Binding

The following example constrains a PPP-encapsulated ATM PVC on an ATM OC port to be bound only in the isp.net context:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 100 1011 profile ubr encapsulation ppp [local]Redback(config-pvc)#bind authentication pap context isp.net
MP Configuration on ATM PVCs

The following example configures MP on PPP-encapsulated ATM PVCs using the IP address of the Ethernet management port, two ATM PVCs with identical configuration on the ATM card in slot 3, and a subscriber with a limit of 2 sessions:
!Configure PPP multilink global attributes with IP address of Ethernet management port [local]Redback(config)#ppp multilink [local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address !Configure the links [local]Redback(config)#port atm 3/1 [local]Redback(config-port)#atm pvc 200 100 profile adsl encapsulation ppp [local]Redback(config-pvc)#bind authentication chap pap [local]Redback(config-pvc)#exit [local]Redback(config-port)#exit
8-13
Configuration Examples [local]Redback(config)#port atm 3/2 [local]Redback(config-port)#atm pvc 200 200 profile adsl encapsulation ppp [local]Redback(config-pvc)#bind authentication chap pap [local]Redback(config-pvc)#exit [local]Redback(config-port)#exit !Configure the subscriber [local]Redback(config)#context local [local]Redback(config-ctx)#subscriber joe [local]Redback(config-sub)#port-limit 2
PPPoE Examples
This section contains the following PPPoE configuration examples: Advertise a List of Services (Domains) Create and Delete a MOTM Point a Subscribers Browser to a URL
Advertise a List of Services (Domains)

The following example configures a SmartEdge OS to advertise all of its domains (isp1, isp2, and isp3) during the PPPoE discovery protocol:
[local]Redback(config)#context isp1.net [local]Redback(config-ctx)#domain isp1 [local]Redback(config-ctx)#exit [local]Redback(config)#context isp2.net [local]Redback(config-ctx)#domain isp2 [local]Redback(config-ctx)#exit [local]Redback(config)#context isp3.net [local]Redback(config-ctx)#domain isp3 [local]Redback(config-ctx)#exit [local]Redback(config)#pppoe services all-domains
The next example configures a SmartEdge OS to advertise only the indicated domains, namely isp1 and isp2. Domains, corp1 and corp2, are not advertised, because the advertise keyword is not specified in the definitions of the two domains, and the marked-domains keyword is specified in the pppoe services command.
[local]Redback(config)#context isp1.net [local]Redback(config-ctx)#domain isp1 advertise [local]Redback(config-ctx)#exit [local]Redback(config)#context isp2.net [local]Redback(config-ctx)#domain isp2 advertise [local]Redback(config-ctx)#exit [local]Redback(config)#context corp1.com [local]Redback(config-ctx)#domain corp1 [local]Redback(config-ctx)#exit
8-14
Command Descriptions [local]Redback(config)#context corp2.com [local]Redback(config-ctx)#domain corp2 [local]Redback(config-ctx)#exit [local]Redback(config)#pppoe services marked-domains
Create and Delete a MOTM

The following example creates a message of the minute (MOTM):
[local]Redback(config-sub)#pppoe motm System down 0400 today for scheduled maintenance
The following example replaces the first MOTM with a new one:
[local]Redback(config-sub)#pppoe motm Scheduled maintenance canceled for 03/29/2003.
The following example removes the existing MOTM so that no message is sent to subscribers:
[local]Redback(config-sub)#no pppoe motm
Point a Subscribers Browser to a URL

The following example causes a PADM with the URL, http://www.loe.com/members/joe@local to be sent to the PPPoE client when the PPP session is established:
[local]Redback(config-ctx)#subscriber name joe [local]Redback(config-sub)#pppoe url http://www.loe.com/members/%U
The next example uses the pppoe url command to configure the subscriber default profile. Unless overridden by a named subscriber profile or the subscriber record itself, a PADM containing http://www.loe.com/members/name is sent to the PPPoE client of each subscriber when the PPP session is established:
[local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#pppoe url http://www.loe.com/members/%u
This section describes the syntax and usage guidelines for the commands used to configured PPP and PPPoE features. The commands are presented in alphabetical order. ppp keepalive ppp mtu ppp multilink ppp multilink lfi ppp our-options mru ppp our-options multilink ppp peer-options mru ppp pppoe-large-mru pppoe always-send-padt pppoe client route pppoe motm pppoe service-name accept-all pppoe services pppoe tag pppoe url
8-15
ppp keepalive
The first time you run this command in a context, the command syntax is: ppp keepalive check-interval {minutes | seconds} time After you specify the check interval for a context, the command syntax is: ppp keepalive {[data-check] [response-timeout seconds] [retries retry-num]} no ppp keepalive [check-interval] [data-check] default ppp keepalive {response-timeout | retries}
Purpose
Enables Point-to-Point Protocol (PPP) keepalive checks and specify PPP timing attributes.
Command Mode
context configuration
Syntax Description
check-interval minutes seconds time data-check Sets the time interval between PPP keepalive checks. Optional after you have specified the initial check interval. Specifies that the unit of measure for the time argument is minutes. Specifies that the unit of measure for the time argument is seconds. Time, in either minutes or seconds (depending on the preceding keyword), between keepalive checks. Optional. Specifies that after the PPP keepalive check interval timer expires and before a Link Control Protocol (LCP) echo request message is sent, a check is performed to determine if data has been received on the circuit since the last check interval timer expiration. Optional. Amount of time the system is to wait for a response to an LCP echo request message before incrementing the PPP keepalive retries counter. The range of values is 3 to 60 seconds; the default value is 10. Optional. Number of times the system is to retry an unsuccessful PPP keepalive check. The range of values is 2 to 10; the default value is 2.
response-timeout seconds
retries retry-num
Default
Keepalive checks are not enabled, except in the case of circuits using PPP over Ethernet (PPPoE), for which the period between keepalive checks is 5 minutes (300 seconds).
8-16
Usage Guidelines
Use the ppp keepalive command to enable PPP keepalive checks and specify PPP timing attributes. The command keywords work together to configure when and how keepalives are sent, and what action is taken as a result of the response, or lack of response. Keepalive checks are LCP echo request messages sent over PPP sessions in the context to detect abnormal session disconnects that the system would not otherwise know about. The check-interval keyword must be entered before the other command keywords are available. The check-interval keyword sets the time between LCP echo requests, in either minutes or seconds. When this time expires, an LCP echo request is sent to the PPP peer and a response timer is started. The length of the response timer is determined by the value of the response-timeout seconds construct. If a valid LCP echo is received before the response timer expires, the response timer is canceled, and the check interval timer is reset. If the response timer expires without a valid LCP echo being received, an optional check, specified by the data-check keyword, is performed to see if any data has been received on the circuit since the LCP echo request was sent. Only valid PPP packets are considered data. If data has been received since the LCP echo request was sent, the check interval timer is reset. If no data has been received, the retry counter is incremented and another LCP echo request message is sent. When the configured number of retries has been reached, set by the value of the retries retry-num construct, without a valid echo or data being received, the session is considered to be no longer alive and is torn down. The data-check keyword specifies that after the check interval timer expires and before an LCP echo request message is sent, a check is performed to determine if data has been received on the circuit since the last check interval timer expiration. If data has been received, the check interval timer is simply reset, skipping the LCP echo request message altogether. This option is recommended when it is preferred to limit the overhead for PPP keepalive processing. The tradeoff is that using the data-check keyword to determine that a session is no longer active can take longer than using the PPP keepalive feature without the data-check keyword. For an example illustrating this tradeoff, see the PPP Keepalive Checks section. Although the default period between keepalive checks for PPPoE circuits is 5 minutes (300 seconds) if keepalive checks are not enabled, PPPoE circuits take on the configured period between checks when keepalive checks are enabled. Use the no form of this command without options to disable all command options. Note The no ppp keepalive data-check form is available only if you have previously specified the check interval. Note Entering the no ppp keepalive check-interval command does not disable the keepalive feature on active sessions. Because it is a context configuration mode command, applying to all PPP sessions in the context, the command takes effect when the last active session is torn down. Use the default form of this command to specify the default value for the response timer or the number of retries. Note The default form is available only if you have previously specified the check interval.
8-17
Examples
The following example enables the PPP keepalive feature, sets the length of the response timer and the number of retries, and specifies the data check option to minimize LCP echo traffic:
[local]Redback(config-ctx)#ppp keepalive check-interval seconds 500 [local]Redback(config-ctx)#ppp keepalive data-check response-timeout 30 retries 3
Related Commands
None
8-18
ppp mtu
ppp mtu mtu
Purpose
Sets the maximum transmission unit (MTU) used by Point-to-Point Protocol (PPP) for a subscribers circuit.
Command Mode
subscriber configuration
Syntax Description
mtu Maximum transmission unit in bytes. The range of values is 128 to 12,800.
Default
There is no default value for this command.
Usage Guidelines
Use the ppp mtu command to set the MTU used by PPP for a subscriber circuit. The effect of this command is strictly local to the SmartEdge router, and therefore, does not force the router to negotiate a particular PPP MRU. Use the ppp mtu command to lower the size of data packets being sent over that subscriber link from the MRU value that has been negotiated between the SmartEdge router and the PPP client. You cannot make the size any larger than the negotiated MRU. If an MRU value lower than the value of the mtu argument in the ppp mtu command has been negotiated, the MRU value takes precedence and the ppp mtu command setting is ignored. On a normal Ethernet interface, the standard MTU is 1500. For Point-to-Point Protocol over Ethernet (PPPoE) implementation, the negotiated MTU will use the physical interface, minus eight bytes as the default.
Examples
The following command sets the PPP MTU to 768 bytes:
[local]Redback(config-sub)#ppp mtu 768
Related Commands
ip mtu ppp our-options mru ppp peer-options mru subscriber
8-19
ppp multilink
ppp multilink no ppp multilink
Purpose
Enables Point-to-Point Protocol (PPP) multilink for subscriber sessions on Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
Command Mode
Syntax Description
Default
PPP multilink for subscriber sessions on ATM PVCs is disabled.
Usage Guidelines
Use the ppp multilink command to enable PPP multilink for subscriber sessions on ATM PVCs. Use the no form of this command to disable PPP multilink for subscriber sessions on ATM PVCs.
Examples
The following example enables PPP multilink on ATM PVCs:
[local]Redback(config)#ppp multilink
Related Commands
port-limit ppp our-options multilink
8-20
ppp multilink lfi

ppp multilink lfi fragment-threshold value [priority-threshold value] no ppp multilink lfi
Purpose
Enables Point-to-Point Protocol (PPP) Link Fragmentation and Interleaving (LFI) within the specified priority or fragmentation threshold value for subscriber sessions on Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
Command Mode
Syntax Description
fragment-threshold value priority-threshold value Fragmentation on outgoing traffic. The range of values is 256 to 16,320; the default value is 0. Multiprotocol encapsulation priority level. The range of values is 0 to 7; the default value is 0.
Default
The default does not enable LFI priority and fragmentation thresholds for subscriber sessions on ATM PVCs.
Usage Guidelines
Use the ppp multilink lfi command to enable PPP LFI with the specified priority or fragmentation threshold values for subscriber sessions on ATM PVCs. Use the fragment-threshold value construct to set the fragmentation threshold on outgoing traffic. The range of values is 256 to 16,320. The threshold size is not to exceed the value specified by the user, but does not necessarily need to be the same as the fragment threshold. The default value is 0, with no packets becoming fragmented. Use the optional priority-threshold value construct to define the multiprotocol encapsulation priority level. The packet is encapsulated only if it is of lower or equal priority than the configured threshold. If the packet is not multiprotocol encapsulated, it is not fragmented, regardless of the size. All packets are multiprotocol encapsulated if their priority is lower than or equal to the threshold. The default value of 0 results in all packets being multiprotocol encapsulated. Use the no form of this command to disable LFI priority and fragmentation thresholds for subscriber sessions on ATM PVCs.
Examples
The following example enables PPP LFI with a specified fragmentation threshold value of 256:
[local]Redback(config)#ppp multilink lfi fragment-threshold 256
8-21
The following example enables PPP LFI with a specified priority threshold value of 7:
[local]Redback(config)#ppp multilink lfi priority-threshold 7
Related Commands
port-limit ppp multilink ppp our-options multilink
8-22
ppp our-options mru

ppp our-options mru initial initial-mru maximum max-mru default ppp our-options mru
Purpose
Specifies the range for the maximum receive unit (MRU) with which the SmartEdge OS negotiates Link Control Protocol (LCP) option values for the SmartEdge router end of the Point-to-Point Protocol (PPP) session.
Command Mode
Syntax Description
initial initial-mru MRU value at which negotiation begins. The range of values is 128 to 16,384; the default value is 1,500 for PPP circuits, and 1,492 for PPP over Ethernet (PPPoE) circuits.
maximum max-mru Maximum MRU value that the SmartEdge OS can negotiate. The range of values is 128 to 16,384; the default value is 16,384.
Default
If you do not use this command, the SmartEdge OS uses the default option values. For MRU, that value is 1,500 for PPP circuits and 1,492 for PPPoE circuits.
Usage Guidelines
Use the ppp our-options mru command to specify the range for the MRU with which the SmartEdge OS negotiates LCP option values for the SmartEdge router end of PPP sessions. Currently, the options available are the initial and maximum MRU values. When these values are specified, the SmartEdge OS begins negotiation for its MRU at the value of the initial-mru argument, and does not exceed the value of the max-mru argument. The resulting size guidelines are reflected in all packets sent to the SmartEdge router by the remote peer. If, after 10 attempts, an agreement with the peer can not be reached as to a local MRU between the configured initial and maximum values, the SmartEdge OS establishes the PPP session without negotiating the local MRU. In that case, the SmartEdge OS uses an MRU of 1,500 for PPP circuits and 1,492 for PPPoE circuits. Note This command affects only subscriber sessions. Use the default form of this command to return the LCP options to their default values.
8-23
Examples
The following example sets the local initial and maximum MRU values:
[local]Redback(config)#ppp our-options mru initial 1800 maximum 11000
Related Commands
ppp peer-options mru
8-24
ppp our-options multilink

ppp our-options multilink endpoint-discriminator [addr] no ppp our-options multilink endpoint-discriminator
Purpose
Specifies the address for the SmartEdge router end of multilink Point-to-Point Protocol (MP) bundles.
Command Mode
Syntax Description
endpoint-discriminator addr Specifies the endpoint discriminator for the SmartEdge router end of MP bundles. Optional. The address, either IP or medium access control (MAC), for the SmartEdge router, according to one of the constructs or keywords listed in Table 8-15.
Default
If you do not use this command, the SmartEdge OS uses the hostname and IP address of the SmartEdge router.
Usage Guidelines
Use the ppp our-options multilink command to specify the address for the SmartEdge router end of MP bundles. This command is not available until you have enabled MP using the ppp multilink command (in global configuration mode). Note This command affects only MP bundles on Point-to-Point Protocol (PPP)-encapsulated Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs). Table 8-15 lists the address types and their constructs for the addr argument. Table 8-15 Address Types
ip-addr Argument class-1 text class-2 ip-addr class-3 mac-addr class-5 text local-ip-address local-mac-addr Description Locally assigned address consisting of up to 20 characters. IP address. MAC address. Public-switched network directory number consisting of up to 15 characters. IP address of the Ethernet management port on the controller card. MAC address of the SmartEdge router; this is the default address.
8-25
Use the no form of this command to specify the local MAC address of the SmartEdge router.
Examples
The following example specifies the IP address of the Ethernet management port on the controller card as the endpoint discriminator:
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address
Related Commands
ppp multilink
8-26
ppp peer-options mru

ppp peer-options mru minimum min-mru maximum max-mru default ppp peer-options mru
Purpose
Specifies the range for the maximum receive unit (MRU) with which the SmartEdge OS negotiates Link Control Protocol (LCP) option values for the remote end of the Point-to-Point Protocol (PPP) session.
Command Mode
Syntax Description
minimum min-mru Minimum MRU value for the remote peer. The range of values is 128 to 16,384; the default value is 128.
maximum max-mru Maximum MRU value for the remote peer. The range of values is 128 to 16,384; the default value is 16,384.
Default
The SmartEdge OS negotiates LCP options with the default values.
Usage Guidelines
Use the ppp peer-options mru command to specify the range for the MRU with which the SmartEdge OS negotiates LCP option values for the remote end of PPP sessions. Note The use of this command can alter the values negotiated during LCP, but it does not force any options to be negotiated or prevent any options from being negotiated. For MRU (the only option supported at the moment), it controls the SmartEdge end of the MRU negotiation if the remote peer is willing to negotiate MRU. Currently, the options available are the minimum and maximum MRU values. When these values are specified, the SmartEdge OS negotiates the remote peers MRU value to be at least the value specified by the min-mru argument, and not greater than the value specified by the max-mru argument. The resulting size guidelines are reflected in all packets that the SmartEdge OS sends to the remote peer. If, after 10 attempts, the SmartEdge OS has not reached an agreement with the peer regarding the value of the peers MRU between the specified minimum and maximum values, the SmartEdge OS establishes the PPP session without negotiating the peers MRU. In that case, the SmartEdge OS uses the standard MRU of 1,500 for PPP circuits, and 1,492 for PPP over Ethernet (PPPoE) circuits. Note This command affects only subscriber sessions. Use the default form of this command to return the options to their default values.
8-27
Examples
The following example sets the peers minimum and maximum MRU values:
[local]Redback(config)#ppp peer-options mru minimum 200 maximum 2000
Related Commands
ppp mtu ppp our-options mru
8-28
ppp pppoe-large-mru
ppp ppoe-large-mru no ppp ppoe-large-mru
Purpose
Enables the negotiation of the maximum receive unit (MRU) for Point-to-Point Protocol over Ethernet (PPPoE) circuits.
Command Mode
Syntax Description
Default
MRU negotiation is disabled.
Usage Guidelines
Use the ppp ppoe-large-mru command to enable the negotiation of the MRU for PPPoE circuits. Unless you enable MRU negotiation, the MRU cannot exceed 1,492 bytes. Use the no form of this command to disable MRU negotiation.
Examples
The following example enables MRU negotiation:
[local]Redback(config)#ppp ppoe-large-mru
Related Commands
ppp our-options mru ppp peer-options mru
8-29
pppoe always-send-padt
pppoe always-send-padt no pppoe always-send-padt
Purpose
Configures a Point-to-Point Protocol (PPP)-encapsulated (PPPoE) option that will terminate the PPPoE session by sending a PPPoE Active Discovery Terminate (PADT) packet after the PPP session is terminated.
Command Mode
Syntax Description
Default
The PPPoE option does not terminate the PPPoE session when the PPP session is terminated.
Usage Guidelines
Use the pppoe always-send-padt command to configure a PPPoE option that terminates the PPPoE session after a PPP session is terminated. Use this command if the PPPoE client requires explicit termination of the PPPoE session. This option is a global option that will be applied to all PPPoE sessions that are currently established and for all future sessions. Use the no form of this command to disable the PPPoE option that terminates the PPPoE session once the PPP session has terminated.
Examples
The following example configures the PPPoE option to terminate the PPPoE session after the PPP session has terminated:
[local]Redback(config)#pppoe always-send-padt [local]Redback(config)#end
Related Commands
pppoe services pppoe service-name accept-all pppoe tag
8-30
pppoe client route

pppoe client route ip-addr netmask metric no pppoe client route ip-addr netmask metric
Purpose
Configures routes to be installed on the subscribers PC when multiple Point-to-Point Protocol over Ethernet (PPPoE) sessions exist.
Command Mode
Syntax Description
ip-addr netmask metric IP address of the destination host. Network mask for the route entry. Cost (number of hops) to this destination.
Default
Routes are not sent to the subscribers PPPoE client.
Usage Guidelines
Use the pppoe client route command to configure the SmartEdge router to provide different routes for different PPPoE sessions. For each PPPoE session, a route is sent in a PPPoE Active Discovery Network (PADN) message, and installed on the subscribers PC. In this way, subscribers are enabled with seamless client route provisioning on a per-PPPoE session basis. The subscribers PC client must support PADN. If the PPPoE client ignores the routes, they have no effect. As an example of this feature, one PPPoE session could provide Internet connectivity, while another session connects corporate headquarters to a remote office site. Routes to the business site might be of a very different nature than the routes that provide access to the Internet. Use the no form of this command to remove the specified route from the configuration.
Examples
The following example specifies that a route at 200.1.1.0 255.255.255.0 is to be used for concurrent multiple PPPoE sessions. This route has a metric, or hop count, of 1:
[local]Redback(config-sub)#pppoe client route 200.1.1.0 255.255.255.0 1
Related Commands
pppoe motm pppoe url
8-31
pppoe motm
pppoe motm text no pppoe motm
Purpose
Creates and enables the sending of a message of the minute (MOTM) to a subscriber when logging on.
Command Mode
Syntax Description
text Text of the MOTM to be sent to a newly authenticated subscriber. The maximum length of an MOTM is 256 characters. Only one MOTM can be active at a time.
Default
None
Usage Guidelines
Use the pppoe motm command to create and enable the sending of a message to the subscriber when logging on. You can use this command to send any information of general use to subscribers; for example, information about system downtime. Note A newly created MOTM overwrites an existing MOTM. Use the no form of this command to delete the MOTM so that the message is no longer sent to the subscriber after logging on.
Examples
The following example establishes an MOTM:
[local]Redback(config-sub)#pppoe motm Network will be down for maintenance from 0100-0400 Saturday.
The following example deletes the active MOTM:

[local]Redback(config-sub)#no pppoe motm
Related Commands
pppoe url
8-32
pppoe service-name accept-all

pppoe service-name accept-all no pppoe service-name accept-all
Purpose
Enables the SmartEdge router to accept any service name tag that is included in a Point-to-Point Protocol over Ethernet (PPPoE) Active Discovery Initiation (PADI) or PPPoE Active Discovery Request (PADR) message and include it among the advertised services in a PPP Active Discovery Offer (PADO) or PPPoE Active Discovery Session (PADS) message, respectively.
Command Mode
Syntax Description
Default
The SmartEdge router accepts and advertises only those services (domains) that have been configured through the SmartEdge OS.
Usage Guidelines
Use the pppoe service-name accept-all command to enable the SmartEdge router to accept any service name tag that is included in a PPPoE PADI message, and include it among the advertised services in PPP PADO messages. It also accepts any service name tag that is included in a PPPoE PADR message and includes it in a PPPoE PADS message. Use the no form of this command to disable the acceptance and advertisement of service name tags that are not configured through the SmartEdge OS.
Examples
The following example enables the acceptance of all service names that might be included in PADI or PADR messages:
[local]Redback(config)#pppoe service-name accept-all
Related Commands
pppoe services
8-33
pppoe services
pppoe services {all-domains | marked-domains} {no | default} pppoe services
Purpose
Specifies which domains (services) are advertised to Point-to-Point Protocol over Ethernet (PPPoE) clients.
Command Mode
Syntax Description
all-domains marked-domains Specifies that all domains are advertised. Specifies that only domains that have the advertise keyword as part of their definition are advertised.
Default
No domains are advertised to PPPoE clients.
Usage Guidelines
Use the pppoe services command to specify which domains (services) are advertised to PPPoE clients and make public the services that the SmartEdge router provides. Note Domain names, not context names, are advertised during the PPPoE discovery protocol. Use the no or default form of this command to disable domain advertisement.
Examples
The following example enables the advertisement of marked domains to PPPoE clients:
[local]Redback(config)#pppoe services marked-domains
Related Commands
None
8-34
pppoe tag
pppoe tag {ac-name string | ac-cookie} {no | default} pppoe tag {ac-name | ac-cookie}
Purpose
Replaces the default access concentrator (AC)-Name PPPoE tag value with the specified string or enables AC-Cookie tag support.
Command Mode
Syntax Description
ac-cookie ac-name string Enables AC-Cookie tag support. Alphanumeric string to replace the default value for the AC-Name PPPoE tag.
Default
The SmartEdge OS uses an automatically generated (and guaranteed to be unique) value for the AC-Name PPPoE tag and AC-cookie tag support is disabled.
Usage Guidelines
RFC 2516, Transmitting PPP Over Ethernet, specifies that the AC-Name PPPoE tag sent in PPPoE Active Discovery Offer (PADO) messages must have a unique value. The SmartEdge OS ensures that this value is unique by creating it from a combination of the backplane serial number and the hostname of the AC device sending the PADO message. When it is preferred to override this default, use this command to establish an alternate value for the AC-Name tag. After you change the default, the SmartEdge OS can no longer guarantee that the value is unique. SmartEdge OS also supports the AC-Cookie tag described in RFC 2516 to allow the AC to uniquely regenerate the tag value based on the PADR source address. Using this feature, the AC can ensure that the PADI source address is indeed reachable and can then limit concurrent sessions for that address. Use the no or default form of this command to return the AC-Name value to the automatically generated default name or to disable AC-Cookie tag support.
Examples
The following example replaces the AC-Name PPPoE tag with fortune-1:
[local]Redback(config)#pppoe tag ac-name fortune-1
Related Commands
None
8-35
pppoe url
pppoe url url no pppoe url
Purpose
Sets the subscribers Point-to-Point Protocol over Ethernet (PPPoE) client to automatically point the web browser to a specified URL as soon as the session is established.
Command Mode
Syntax Description
url URL to which the subscribers browser is pointed after the subscribers PPP session is established. See Table 8-16 for special-character sequences that can be used in the url argument.
Default
None
Usage Guidelines
Use the pppoe url command to set the subscribers PPPoE client to point the subscribers browser to a specific location after the subscribers PPP session is established. This command can be configured in each subscriber record, in a named subscriber profile, or in the subscriber default profile. The url argument is a standard URL that can contain the special-character sequences listed in Table 8-16. Table 8-16 Special-Character Sequences
Character Sequence %U %u Expands to: The entire subscriber name used in PPP authentication. The user portion of the subscriber name used in PPP authentication. This is the portion of the subscriber name that precedes the first @ or other divider character. If there is no divider character, then %u expands to the entire subscriber name. The domain portion of the subscriber name used in PPP authentication. This is the portion of the subscriber name that follows the first @ or other divider character. If there is no divider character, %d expands to a zero length string. The name of the context to which the subscriber was authenticated. This may be different than the domain portion of the subscriber name. Single % character.
%d
%D %%
8-36
These sequences are expanded by the SmartEdge router prior to inclusion in a PPP Active Discovery Message (PADM) and can be used to personalize the URL to the subscriber. Use the no form of this command to remove the URL association from the subscriber record.
Examples
For a subscriber, joe, in the context, local, the following example allows a PADM containing the URL http://www.loe.com/members/joe@local to be sent to the PPPoE client when the PPP session is established:
[local]Redback(config-ctx)#subscriber name joe [local]Redback(config-sub)#pppoe url http://www.loe.com/members/%U
For every subscriber to which the subscriber default value is applied, the following example sends a PADM containing http://www.loe.com/members/name to the PPPoE client when the PPP session is established:
[local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#pppoe url http://www.loe.com/members/%u
Related Commands
pppoe motm
8-37
8-38
Chapter 9
Link Aggregation Configuration
This chapter provides an overview of link aggregation features, describes the tasks used to configure them, provides configuration examples, and detailed descriptions of the commands used to configure link aggregation features through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer link aggregation features, see the Circuits Configuration chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for Ethernet ports are described in Chapter 3, ATM, Ethernet, and POS Port Configuration. Configuration tasks and commands for DS-1 channels and E1 channels or ports are described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration. Configuration tasks and commands for 802.1Q and Frame Relay permanent virtual circuits (PVCs) are described in Chapter 6, Circuit Configuration.
For protocol- or feature-specific commands that appear (in link group configuration mode), see the appropriate chapter in this guide, in the Routing Protocols Configuration Guide for the SmartEdge OS, or the IP Services and Security Configuration Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
9-1
Overview
Overview
Link aggregation provides increased bandwidth and availability because the failure or replacement of a link in the link group does not cause the link to be taken down. Note In this chapter, the term, link group, refers to the link-aggregated Ethernet ports, with either IP over Ethernet (IPoE) or 802.1Q encapsulation; Multilink Point-to-Point Protocol (MP) and Multilink Frame Relay (MFR) bundles refer to link-aggregated Point-to-Point Protocol (PPP)- and Frame Relay-encapsulated DS-1 channels or E1 channels or ports, respectively. The SmartEdge OS supports the following types of link groups: MP bundles that comply with the following RFCs: PPP encapsulationRFC 1661, The Point-to-Point Protocol, and RFC 1377, The PPP OSI Network Layer Control Protocol (OSINLCP) MP featuresRFC 1990, The PPP Multilink Protocol (MP) MFR bundles that comply with FRF.16.1, Multilink Frame Relay UNI/NNI Implementation Agreement. Ethernet link groups that comply with the IEEE 802.3ad 2000 specification. 802.1Q link groups that comply with the IEEE 802.3ad 2000 specification.
MP is implemented on the SmartEdge router in two forms: MP using PPP-encapsulated ATM PVCs Using this form of MP, you do not create an MP bundle; instead, the SmartEdge OS creates it dynamically. The configuration for this form of MP and the constituent ATM PVCs is described in Chapter 8, PPP and PPPoE Configuration. MP using PPP-encapsulated DS-1 channels and E1 channels and ports. Using this form of MP, you create an MP bundle and add DS-1 channels, E1 channels, or E1 ports to it. The configuration for this form of MP is described later in this chapter. All link groups are created using DS-1 channels, E1 channels or ports, or Ethernet ports; link groups for these channels and ports are described in the following sections: PPP-Encapsulated Channels and Ports Frame Relay-Encapsulated Channels and Ports IPoE- and 802.1Q-Encapsulated Ethernet Ports
PPP-Encapsulated Channels and Ports

The SmartEdge OS supports the MP, as described in RFC 1990, for any PPP-encapsulated DS-1 channel, E1 channel, or E1 port. MP is an extension to PPP that allows a router, such as the SmartEdge router, to use more than one physical link for communication. It is often used to provide bandwidth increments between DS-1 channels and DS-3 channels or DS-3 ports, in areas where DS-3 channels or ports are unavailable, or the required bandwidth does not justify the cost of a DS-3 channel or port.
9-2
Overview
For example, four DS-1 channels can be linked together using the MP to provide an aggregate connection of 6 Mbps. When using more than one physical link to connect two routers, MP provides a mechanism to load-balance the connection across all links in the bundle. Both ends of point-to-point links must be capable of supporting MP connections. The two routers configure the data link by swapping Link Control Protocol (LCP) packets during a link establishment phase. If MP is not successfully negotiated, the connection is not established and an error is logged. Note All DS-1 channels, E1 channels, or E1 ports in an MP bundle must be configured on the same traffic card, must have identical configurations, and must have PPP encapsulation. Fragmentation and reassembly are not supported in this release; the maximum received reconstructed unit (MRRU) is set to 1,500 bytes. Fragmentation must be disabled at the remote peer.
Frame Relay-Encapsulated Channels and Ports

The SmartEdge OS supports MFR bundles, which allow Frame Relay-encapsulated DS-1 channels, clear-channel E1 channels, or clear-channel E1 ports to be aggregated. MFR bundles comply with FRF.16.1, Multilink Frame Relay UNI/NNI Implementation Agreement, which defines the connections between data terminal equipment (DTE) and data communications equipment (DCE) endpoints or between DCE endpoints. Note All DS-1 channels, E1 channels, or E1 ports in an MFR bundle must be configured on the same traffic card, must have identical configurations, and must have Frame Relay encapsulation. MFR bundles can include either DS-1 channels, E1 channels, or E1 ports. Fragmentation and reassembly as described in FRF.12, Frame Relay Fragmentation Agreement, are not supported in this release. Fragmentation must be disabled at the remote peer.
IPoE- and 802.1Q-Encapsulated Ethernet Ports

The SmartEdge OS also supports the aggregation of Gigabit or Fast Ethernet ports into a single, larger logical pipe, as specified in Part 3 of the IEEE 802.3ad 2000 specification, Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications. If the Ethernet or Gigabit Ethernet ports are configured with 802.1Q encapsulation, the 802.1Q PVCs and the untagged traffic on each port, referred to as the constituent PVCs, are aggregated in separate logical pipes, referred to as aggregated PVCs. Ports in any Ethernet or 802.1Q link group must be of the same type and have identical configurations, but need not be configured on the same traffic card. Up to eight Gigabit Ethernet ports, or up to eight Ethernet ports, with IPoE encapsulation can be aggregated in a single, Ethernet link group. You can mix Ethernet ports on 10/100 Ethernet cards, if the ports are configured to run at the same speed, or ports on Gigabit, Gigabit Ethernet 3, Gigabit Ethernet 1020, 10 Gigabit Ethernet, and Advanced Gigabit Ethernet cards, but you cannot mix Ethernet ports with Gigabit Ethernet ports in the same link group.
9-3
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. Link aggregation configuration tasks are described in the following sections: Configuring an MP Bundle Configuring an MFR Bundle Configuring an Ethernet Link Group for IPoE-Encapsulated Ports Configuring an 802.1Q Link Group
Configuring an MP Bundle
This section includes the following topics: Configure an MP Bundle Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to an MP Bundle
Configure an MP Bundle
To configure an MP bundle for PPP-encapsulated DS-1 channels, E1 channels, or E1 ports, perform the tasks described in Table 9-1. Table 9-1
# 1. Task Specify the context and access context configuration mode.
Configure an MP Bundle
Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context configuration mode. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in interface configuration mode. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode. Specify the mp keyword. mp endpoint-discriminator bind interface The default value is the system hostname.
2.
Create an interface for the MP bundle and access interface configuration mode.
interface
3.
Assign an IP address to the interface for the MP bundle.
ip address
4.
Create an empty MP bundle for PPP-encapsulated DS-1 channels, E1 channels, or E1 ports, and access link group configuration mode. Specify the type of endpoint discriminator to be used for negotiation with an MP bundle. Bind the MP bundle to the interface.
link-group
5. 6.
9-4
Configuration Tasks
Note An MP bundle is always enabled (operational). The shutdown command is not available in link group configuration mode for MP bundles.
Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to an MP Bundle

You configure the constituent DS-1 channels, E1 channels, or E1 ports for an MP bundle as described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, but with these restrictions: All DS-1 channels must be configured on the same channelized DS-3 or channelized OC-12 to DS-1 card; all E1 channels or ports must be configured on the same channelized STM-1 or E1 card. The configuration of each DS-1 channel, E1 channel, or E1 port to be added to the MP bundle must be identical; the only exception is the description of the channel or port. Each channel or port must be configured with PPP encapsulation. All E1 channels or ports must be clear-channel channels or ports (using unframed mode). You do not attach a QoS policy to the channel or port. You do not bind any DS-1 channel, E1 channel, or E1 port that you are adding to an MP bundle; instead you bind the MP bundle to its interface. You must enable each DS-1 channel, E1 channel, or E1 port with the no shutdown command (in DS-1 or E1 configuration mode).
To configure and add a DS-1 channel, E1 channel, E1 port to an MP bundle, perform the task described in Table 9-2. Enter this command in DS-1 or E1 configuration mode. Table 9-2
Task Add a constituent DS-1 channel, E1 channel, or E1 port to an MP bundle.
Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to an MP Bundle

Root Command link-group Notes
Note There is a limit of 16 DS-1 channels, E1 channels, or E1 ports in each MP bundle.
Configuring an MFR Bundle

This section includes the following topics: Configure an MFR Bundle Configure an Aggregated Frame Relay PVC Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to the MFR Bundle
Configure an MFR Bundle

The number of MFR bundles that you can configure with DS-1 channels or E1 channels or ports on a card and the Frame Relay PVCs in those bundles is restricted in this release. The maximum number of MFR bundles and Frame Relay PVCs must be less than 164 per card according to the following formula: 3 x MFR bundles + MFR PVCs 164
9-5
Configuration Tasks
For Frame Relay to operate, you must configure the Local Management Interface (LMI) type and the Frame Relay LMI. Note The LMI is for the MFR bundle. To configure an MFR bundle, perform the tasks described in Table 9-3. Table 9-3
# 1. Task Create an empty MFR bundle for DS-1 channels or E1 channels or ports with Frame Relay encapsulation, and access link group configuration mode. Specify the interface type.
Configure an MFR Bundle

Root Command link-group Notes Enter this command in global configuration mode. Specify the mfr keyword. frame-relay intf-type Enter this command in link group configuration mode. The default value is DTE.
2.
3. 4. 5.
Specify the Frame Relay LMI type. Enable the automatic detection of the LMI type. Specify attributes for a DCE interface: Specify the interval for the polling verification timer. Specify the error threshold before LMI is considered to have failed. Specify the monitored event count.
frame-relay lmi-type frame-relay auto-detect This is the default condition; use the no form to disable automatic detection.
frame-relay lmi-t392dce frame-relay lmi-n392dce frame-relay lmi-n393dce
6.
Specify attributes for a DTE interface: Specify the number of keepalive messages sent before the status message request is sent. Specify the interval for the polling verification timer. Specify the monitored event count. Enable the keepalive function and specify the interval value. frame-relay lmi-n391dte frame-relay lmi-n392dte frame-relay lmi-n393dte frame-relay keepalive shutdown By default, the keepalive function is enabled, with a 10-second interval. By default, the MFR bundle is enabled (operational).
7.
Disable the MFR bundle.
9-6
Configuration Tasks
Configure an Aggregated Frame Relay PVC

You create an aggregated Frame Relay PVC to represent the PVCs with the same Data Link Connection Identifier (DLCI) on the DS-1 channels, E1 channels, or E1 ports that you intend to add to the MFR bundle. To configure an aggregated Frame Relay PVC, perform the tasks described in Table 9-4. Table 9-4
# 1. Task Specify the context for the aggregated Frame Relay PVC and access context configuration mode.
Configure an Aggregated Frame Relay PVC

Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context configuration mode. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in interface configuration mode. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode. Enter this command in link group configuration mode.
2.
Create an interface for the PVC and access interface configuration mode.
interface
3.
Assign an IP address to the interface for the PVC.
ip address
4. 5. 6. 7. 8.
Select an existing MFR bundle and access link group configuration mode. Create or select a Frame Relay PVC and access Frame Relay PVC configuration mode. Associate the IP address of the remote host on the circuit. Bind the Frame Relay PVC to the interface created in step 2. Disable the PVC (stop operations on it) until you are ready to begin operations on it.
link-group frame-relay pvc ip host bind interface shutdown
By default, all circuits are enabled (operational).
Configure and Add DS-1 Channels, E1 Channels, or E1 Ports to the MFR Bundle
You configure a constituent DS-1 channel, E1 channel, or E1 port with its Frame Relay encapsulation as described in Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, but with these restrictions: All DS-1 channels must be configured on the same channelized OC-12 to DS-1 card; all E1 channels must be configured on the same channelized STM-1 card. All DS-1 channels must be configured on the same channelized DS-3 card; all E1 ports must be configured on the same channelized E1 card. The configuration of each DS-1channel, E1 channel, or E1 port to be added to the MFR bundle must be identical; the only exception is the description of the channel or port. Each channel or port must be configured with Frame Relay encapsulation. All E1 channels or ports must be clear-channel channels or ports (using unframed mode). You do not attach a QoS policy to the channel or port.
9-7
Configuration Tasks
You do not bind any DS-1 channel, E1 channel, or E1 port that you are adding to an MFR bundle. You must enable each DS-1 channel, E1 channel, or E1 port with the no shutdown command in DS-1 or E1 configuration mode.
To configure and add a constituent DS-1 channel, E1 channel, or E1 port to an MFR bundle, perform these additional tasks described in Table 9-5. Table 9-5
# 1. 2. Task Add a DS-1 channel, E1 channel, or E1 port with Frame Relay encapsulation to the MFR bundle. Specify timing values for FRF.16 hello and acknowledgement messages.
Configure and Add DS-1 or E1 Channels or E1 Ports to an MFR Bundle

Root Command link-group frame-relay multilink Notes Enter this command in DS-1 or E1 configuration mode. Enter this command multiple times to specify each parameter.
Note Adding a DS-1 channel, E1 channel, or E1 port to the MFR bundle creates a PVC on that channel or port for each aggregated Frame Relay PVC that you have created. Caution Risk of data loss. Adding a DS-1 channel, E1 channel, or E1 port to an MFR bundle, deletes any Frame Relay PVCs that you have created on it. To reduce the risk, do not create Frame Relay PVCs on any DS-1 channel, E1 channel, or E1 port that you intend to add to an MFR bundle. Note If you remove a constituent DS-1 channel, E1 channel, or E1 port from an MFR bundle, either directly with the no link-group command (in DS-1 or E1 configuration mode), or indirectly by deleting the link group with the no link-group command (in global configuration mode), you cannot use the channel as an single-link channel; you can only add it to another link group. To use the channel as a single-link channel, you must first remove it from the configuration, using the no port ds1 command (in DS-1 configuration mode) or the no port e1 command (in E1 configuration mode), and then reconfigure it.
Configuring an Ethernet Link Group for IPoE-Encapsulated Ports

This section includes the following topics: Configure an Ethernet Link Group for IPoE-Encapsulated Ports Configure and Add an Ethernet Port to an Ethernet Link Group
Configure an Ethernet Link Group for IPoE-Encapsulated Ports

To configure an Ethernet link group for IP over Ethernet (IPoE)-encapsulated Ethernet ports, perform the tasks described in Table 9-6. Table 9-6
Configure an Ethernet Link Group for IPOE-Encapsulated Ports

Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
9-8
Configuration Tasks
Table 9-6
# 2. Task
Configure an Ethernet Link Group for IPOE-Encapsulated Ports (continued)

Root Command interface Notes Enter this command in context configuration mode. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in interface configuration mode. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode. Specify the ether keyword. mac-address minimum-links bind interface
Create an interface for the Ethernet link group and access interface configuration mode.
3.
Assign an IP address to the interface for the Ethernet link group.
ip address
4.
Create an empty Ethernet link group for IPoE-encapsulated Ethernet ports and access link group configuration mode. Specify a MAC address for the Ethernet link group. Specify the minimum number of working links to consider this link group to be in the up state. Bind the Ethernet link group to the interface.
link-group
5. 6. 7.
Note An Ethernet link group is always enabled (operational). The shutdown command is not available in link group configuration mode for Ethernet link groups.
Configure and Add an Ethernet Port to an Ethernet Link Group

You configure the constituent Ethernet ports for a link group as described in Chapter 3, ATM, Ethernet, and POS Port Configuration, but with these restrictions: The configuration of each Ethernet port to be added to the link group must be identical; the only exception is the description of the port. You can attach a quality of service (QoS) metering, policing, or scheduling policy to an Ethernet port. All Ethernet ports must have IPoE encapsulation; this is the default encapsulation. All Ethernet ports must run at the same speed. You do not bind any Ethernet port that you are adding to a link group; instead, you bind the link group to its interface. You must enable each Ethernet port with the no shutdown command (in port configuration mode).
To add a constituent Ethernet port to an Ethernet link group, perform the task in Table 9-7. Enter this command in port configuration mode. Table 9-7
Task Add an Ethernet port to an Ethernet link group.
Add an Ethernet Port to an Ethernet Link Group

Root Command link-group Notes
9-9
Configuration Tasks
There is a limit of eight Gigabit Ethernet ports or eight Ethernet ports in each Ethernet link group. Ethernet ports cannot be mixed with Gigabit Ethernet ports in the same link group; however, you can mix ports on any Gigabit Ethernet cards. You can also mix ports on 10/100 Ethernet cards if the ports on the 10/100 Ethernet cards are configured to run at 100 Mbps.
Configuring an 802.1Q Link Group

This section includes the following topics: Configure an 802.1Q Link Group for 802.1Q-Encapsulated Ethernet Ports Configure an Aggregated 802.1Q PVC in the 802.1Q Link Group Configure and Add an Ethernet Port to the 802.1Q Link Group
Configure an 802.1Q Link Group for 802.1Q-Encapsulated Ethernet Ports

To configure an 802.1Q link group for 802.1Q-encapsulated Ethernet ports, perform the tasks described in Table 9-8. Enter all commands in link group configuration mode, unless otherwise noted. Table 9-8
Configure an 802.1Q Link Group for 802.1Q-Encapsulated Ethernet Ports

Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context configuration mode. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in interface configuration mode. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode. Specify the dot1q keyword. mac-address minimum-links bind interface This command binds the untagged traffic on the Ethernet port.
2.
Create an interface for the 802.1Q link group and access interface configuration mode.
interface
3.
Assign an IP address to the interface for the link group.
ip address
4.
Create an empty 802.1Q link group for IPoE-encapsulated Ethernet ports and access link group configuration mode. Specify a MAC address for the 802.1Q link group. Specify the minimum number of working links to consider this link group to be in the up state. Bind the 802.1Q link group to the interface.
link-group
5. 6. 7.
Note An 802.1Q link group is always enabled (operational). The shutdown command is not available in link group configuration mode for 802.1Q link groups.
9-10
Configuration Tasks
Configure an Aggregated 802.1Q PVC in the 802.1Q Link Group

You create an aggregated 802.1Q PVC to represent the PVCs with the same tag value on the Ethernet ports that you intend to add to the 802.1Q link group. To configure an aggregated 802.1Q PVC in the 802.1Q link group, perform the tasks described in Table 9-9. Table 9-9
# 1. 2. Task Specify the context and access context configuration mode. Create an interface for each aggregated 802.1Q PVC to be created and access interface configuration mode. Assign an IP address to the interface for each aggregated 802.1Q PVC. Select an existing 802.1Q link group and access link group configuration mode. Create an aggregated 802.1Q PVC in the link group and access link PVC configuration mode. Associate a description with the PVC. Bind the aggregated 802.1Q PVC to its interface.
Configure an Aggregated 802.1Q PVC in the 802.1Q Link Group

Root Command context interface Notes Enter this command in global configuration mode. Enter this command in context configuration mode. Enter this command in interface configuration mode. Enter this command in global configuration mode. Enter this command in link group configuration mode.
3. 4. 5. 6. 7.
ip address link-group dot1q pvc description bind interface
Configure and Add an Ethernet Port to the 802.1Q Link Group

You configure the Ethernet ports for a link group as described in Chapter 3, ATM, Ethernet, and POS Port Configuration, but with these restrictions: The configuration of each Ethernet port to be added to the link group must be identical; the only exception is the description of the port. All Ethernet ports must have 802.1Q encapsulation; the default value is IPoE encapsulation. All Ethernet ports must be at the same speed. You can attach a quality of service (QoS) metering, policing, or scheduling policy to an Ethernet port. You do not bind any Ethernet port that you are adding to a link group; instead, you bind the link group and the aggregated PVCs to their interfaces. You must enable each Ethernet port with the no shutdown command (in port configuration mode).
To add a constituent Ethernet port to an 802.1Q link group, perform the task described in Table 9-10. Enter this command in port configuration mode. Table 9-10 Configure and Add an Ethernet Port to the 802.1Q Link Group
Task Add an Ethernet port to an 802.1Q link group. Root Command link-group Notes
9-11
There is a limit of eight Gigabit Ethernet ports or eight Ethernet ports in each 802.1Q link group. Ethernet ports cannot be mixed with Gigabit Ethernet ports in the same link group; however, you can mix ports on any Gigabit Ethernet cards. You can also mix ports on 10/100 Ethernet cards if the ports on the 10/100 Ethernet cards are configured to run at 100 Mbps. Note Adding an Ethernet port to the link group creates an 802.1Q PVC on that port for each aggregated 802.1Q PVC that you created.
This section includes the following examples: MP Bundle MFR Bundle Ethernet Link Group 802.1Q Link Group
MP Bundle
The following example creates an interface, multi, in the local context, assigns an IP address to it, creates an MP bundle, lg-multi, specifies the IP address of the interface as the endpoint discriminator, and binds the bundle to the interface; then, the example configures two DS-1 channels with PPP encapsulation and includes them in the bundle:
!Create the MP bundle interface and assign an IP address to it [local]Redback(config)#context local [local]Redback(config-ctx)#interface multi [local]Redback(config-if)#ip address 172.16.1.1/30 [local]Redback(config-if)#exit [local]Redback(config-ctx)#exit !Create an MP bundle and bind it to an interface [local]Redback(config)#link-group lg-multi mp [local]Redback(config-link-group)#mp endpoint-discriminator ip [local]Redback(config-link-group)#bind interface multi local [local]Redback(config-link-group)#exit !Configure a DS-1 channel on DS-3 port 1 and add it to the bundle [local]Redback(config)#port channelized-ds3 1/1 [local]Redback(config-ds3)#no shutdown [local]Redback(config-ds3)#exit [local]Redback(config)#port ds1 1/1:1 [local]Redback(config-ds1)#encapsulation ppp [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-multi [local]Redback(config-ds1)#exit
9-12
Configuration Examples !Configure a DS-1 channel on DS-3 port 2 and add it to the bundle [local]Redback(config)#port channelized-ds3 1/2 [local]Redback(config-ds3)#no shutdown [local]Redback(config-ds3)#exit [local]Redback(config)#port ds1 1/2:1 [local]Redback(config-ds1)#encapsulation ppp [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-multi [local]Redback(config-ds1)#exit
MFR Bundle
The following example creates an MFR bundle, lg-mfr, with a data terminal equipment (DTE) interface and an ITU Local Management Interface (LMI) type, and disables it until ready to begin operations. It creates the interfaces, frpvc30 and frpvc40, in the local context for the aggregated Frame Relay PVCs, and assigns an IP address to each one. Then it creates two aggregated Frame Relay PVCs and binds them to the frpvc30 and frpvc40 interfaces. Finally, the DS-1 channels are configured and added to the MFR bundle.
!Create the MFR bundle and configure the Frame Relay LMI [local]Redback(config)#link-group lg-mfr mfr [local]Redback(config-link-group)#frame-relay intf-type dte [local]Redback(config-link-group)#frame-relay lmi-type itu [local]Redback(config-link-group)#frame-relay keepalive 6 [local]Redback(config-link-group)#frame-relay lmi-n391dte 10 [local]Redback(config-link-group)#frame-relay lmi-n392dte 4 [local]Redback(config-link-group)#no shutdown [local]Redback(config-link-group)#exit !Create the Frame Relay PVC interfaces; assign an IP address to each one [local]Redback(config)#context local [local]Redback(config-ctx)#interface frpvc30 [local]Redback(config-if)#ip address 172.16.3.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface frpvc40 [local]Redback(config-if)#ip address 172.16.4.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#exit !Create Frame Relay PVC 30 and bind it to its interface [local]Redback(config)#link-group lg-mfr mfr [local]Redback(config-link-group)#frame-relay pvc 30 [local]Redback(config-link-pvc)#bind interface frpvc30 local [local]Redback(config-link-pvc)#exit !Create Frame Relay PVC 40 and bind it to its interface [local]Redback(config-link-group)#frame-relay pvc 40 [local]Redback(config-link-pvc)#bind interface frpvc40 local [local]Redback(config-link-pvc)#exit [local]Redback(config-link-group)#exit [local]Redback(config-config)#
9-13
Configuration Examples !Configure a DS-1 channel on DS-3 port 3 and add it to the bundle [local]Redback(config)#port channelized-ds3 1/3 [local]Redback(config-ds3)#no shutdown [local]Redback(config-ds3)#exit [local]Redback(config)#port ds1 1/3:1 [local]Redback(config-ds1)#encapsulation frame-relay [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-mfr [local]Redback(config-ds1)#frame-relay multilink ack-timer 12 [local]Redback(config-ds1)#frame-relay multilink hello-interval 6 [local]Redback(config-ds1)#frame-relay multilink retries 3 [local]Redback(config-ds1)#exit !Configure a DS-1 channel on DS-3 port 4 and add it to the bundle [local]Redback(config)#port channelized-ds3 1/4 [local]Redback(config-ds3)#no shutdown [local]Redback(config-ds3)#exit [local]Redback(config)#port ds1 1/4:1 [local]Redback(config-ds1)#encapsulation frame-relay [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-mfr [local]Redback(config-ds1)#frame-relay multilink ack-timer 12 [local]Redback(config-ds1)#frame-relay multilink hello-interval 6 [local]Redback(config-ds1)#frame-relay multilink retries 3 [local]Redback(config-ds1)#exit
Ethernet Link Group

The following example creates an interface, etherx, in the local context, assigns an IP address to each one, creates an Ethernet link group, lg-ether, and binds it to the interface, etherx. Then the Ethernet ports are configured and added to the link group.
!Create the link group interface and assign an IP address to it [local]Redback(config)#context local [local]Redback(config-ctx)#interface etherx [local]Redback(config-if)#ip address 172.16.0.1/24 [local]Redback(config-if)#exit !Create the link group and bind it to its interface [local]Redback(config)#link-group lg-ether ether [local]Redback(config-link-group)#bind interface etherx local !Configure an Ethernet port and add it to the link group [local]Redback(config-config)#port ethernet 5/4 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#link-group lg-ether [local]Redback(config-port)#exit
9-14
Configuration Examples !Configure another Ethernet port and add it to the link group [local]Redback(config-config)#port ethernet 5/5 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#link-group lg-ether [local]Redback(config-port)#exit
802.1Q Link Group

The following example creates the interfaces, vlans, vlan10, and vlan20, in the local context, assigns an IP address to each one, creates an 802.1Q link group, lg-vlans, and binds it to the vlans interface. Then, the example configures two 802.1Q PVCs and binds them to the vlan10 and vlan20 interfaces. Finally, the Ethernet ports are configured and added to the link group.
!Create the link group interface and assign an IP address to it [local]Redback(config)#context local [local]Redback(config-ctx)#interface vlans [local]Redback(config-if)#ip address 172.16.0.1/24 [local]Redback(config-if)#exit !Create the link group and bind it to its interface [local]Redback(config)#link-group lg-vlans dot1q [local]Redback(config-link-group)#bind interface vlans local !Create the PVC interfaces and assign an IP address to each one [local]Redback(config)#context local [local]Redback(config-ctx)#interface vlan10 [local]Redback(config-if)#ip address 172.16.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface vlan20 [local]Redback(config-if)#ip address 172.16.2.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#exit !Create PVC 10 and bind it to its interface [local]Redback(config-link-group)#dot1q pvc 10 [local]Redback(config-link-pvc)#bind interface vlan10 local [local]Redback(config-link-pvc)#exit !Create PVC 20 and bind it to its interface [local]Redback(config-link-group)#dot1q pvc 20 [local]Redback(config-link-pvc)#bind interface vlan20 local [local]Redback(config-link-pvc)#exit [local]Redback(config-link-group)#exit [local]Redback(config-config)# !Configure an Ethernet port and add it to the link group [local]Redback(config-config)#port ethernet 5/2 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#no shutdown [local]Redback(config-port)#link-group lg-vlans [local]Redback(config-port)#exit
9-15
Command Descriptions !Configure another Ethernet port and add it to the link group [local]Redback(config-config)#port ethernet 5/3 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#no shutdown [local]Redback(config-port)#link-group lg-vlans [local]Redback(config-port)#exit
This section describes the syntax and usage guidelines for the commands used to configure link aggregation features. The commands are presented in alphabetical order. frame-relay multilink link-group mac-address minimum-links mp endpoint-discriminator
9-16
frame-relay multilink
frame-relay multilink {ack-timer seconds | hello-interval seconds | retries count} {no | default} frame-relay multilink {ack-timer | hello-interval | retries}
Purpose
Specifies the timing for hello and acknowledgement messages for a channel in a Multilink Frame Relay (MFR) bundle.
Command Mode
DS-1 configuration E1 configuration
Syntax Description
ack-timer seconds Interval, in seconds, to wait for an inbound acknowledgement message to an outgoing control message before taking action. The range of values is 1 to 10; the default value is 4.
hello-interval seconds Interval, in seconds, between sending outbound hello messages. The range of values is 1 to 180; the default value is 10. retries count Number of times to resend an hello message before receiving an acknowledgement message. The range of values is 1 to 5; the default value is 2.
Default
Timing for hello and acknowledgement messages is enabled according to the defaults.
Usage Guidelines
Use the frame-relay multilink command to specify the timing for hello and acknowledgement messages for a channel or port in an MFR bundle. You can enter this command multiple times to specify each construct for each channel or port in the MFR bundle. You must add the channel or port to the MFR bundle using the link-group command (in DS-1 or E1 configuration mode) before you can enter the frame-relay multilink command. Hello messages inform the peer at the remote end that the link is up; acknowledgement messages notify the peer that a control message from the peer has been received by the SmartEdge router. Control messages are those that add a link, remove a link, notify the peer that the link is up, or notify the peer that an invalid control message has been received.
9-17
Note If an inbound acknowledgement message to an outgoing control message is not received before the acknowledgement timer expires, the system removes the affected DS-1 channel, E1 channel, or E1 port from the MFR bundle (no user data is sent out and incoming user data is ignored). When the system can successfully exchange control messages with the remote site, the system adds the DS-1 channel, E1 channel, or E1 port to the MFR bundle. Use the no or default form of this command to specify the default values for the timing for hello and acknowledgement messages.
Examples
The following example specifies the timing for hello and acknowledgement messages for a DS-1 channel that is added to an MFR link group, lg-mfr:
[local]Redback(config)#port ds1 2/1:1 [local]Redback(config-ds1)#encapsulation frame-relay [local]Redback(config-ds1)#link-group lg-mfr [local]Redback(config-ds1)#frame-relay multilink ack-timer 5 [local]Redback(config-ds1)#frame-relay multilink hello-interval 5 [local]Redback(config-ds1)#frame-relay multilink retries 3
Related Commands
link-group
9-18
link-group
link-group lg-name [dot1q | ether | mfr | mp] no link-group lg-name [dot1q | ether | mfr | mp]
Purpose
Creates a link group and enters link group configuration mode, or adds a Point-to-Point Protocol (PPP)- or Frame Relay-encapsulated DS-1 channel, clear-channel E1 channel, or clear-channel E1port, or an IP- or 802.1Q-encapsulated Ethernet port, to a link group.
Command Mode
DS-1 configuration E1 configuration global configuration port configuration
Syntax Description
lg-name dot1q Name of the link group to be created. Optional. Specifies a link group for 802.1Q-encapsulated Ethernet ports. Entered only when creating an 802.1Q link group; omitted when adding an Ethernet port with 802.1Q permanent virtual circuit (PVC) encapsulation to an existing link group. Optional. Specifies a link group for IP-encapsulated Ethernet ports. Entered only when creating an Ethernet link group; omitted when adding an Ethernet port with IP encapsulation to an existing link group. Optional. Specifies a link group for DS-1 channels, clear-channel E1 channels, or clear-channel E1 ports with Frame Relay encapsulation. Entered only when creating a Multilink Frame Relay (MFR) bundle; omitted when adding a DS-1 channel or clear-channel E1 channel or clear-channel E1 port with Frame Relay encapsulation to an existing MFR bundle. Optional. Specifies a link group for PPP-encapsulated DS-1 channels, clear-channel E1 channels, or clear-channel E1 ports. Entered only when creating a Multilink PPP (MP) bundle; omitted when adding a PPP-encapsulated DS-1 channel or clear-channel E1 channel or clear-channel E1 port to an existing MP bundle.
ether
mfr
mp
Default
No link groups exist. No channels or ports are included in a newly created link group.
9-19
Usage Guidelines
Use the link-group command to create a link group and enter link group configuration mode, or add a PPPor Frame Relay-encapsulated DS-1 channel, E1 channel, or E1 port, or an IP- or 802.1Q-encapsulated Ethernet port, to a link group. Use the dot1q, ether, mfr, or mp keyword to specify the type of link group when you create it; do not enter the keyword when adding a DS-1 channel, E1 channel, E1 port, or Ethernet port to a link group. Note You do not use this command to add an 802.1Q or Frame Relay PVC to a link group. Instead, you add the Ethernet ports, DS-1 channels, E1 channels, or E1 ports for which the PVCs are aggregated. The following channel and port configuration restrictions apply: All DS-1 channels, E1 channels, or E1 ports in a link group must be configured on the same traffic card and must have identical configurations. All DS-1 channels, E1 channels, or E1 ports to be added to an MP bundle must be configured with PPP encapsulation. All DS-1 channels, E1 channels, or E1 ports to be added to an MFR bundle must be configured with Frame Relay encapsulation. All Ethernet ports in a link group must have identical configurations with the exception of their descriptions. Ethernet ports cannot be mixed with Gigabit Ethernet ports in the same link group, and you cannot mix ports on 10/100 Ethernet cards; you can mix ports on any Gigabit Ethernet cards.
Table 9-11 lists the types and numbers of ports, channels, 802.1Q PVCs, or Frame Relay PVCs that you can add to each type of link group. Table 9-11 Link Group Specifications
Constituent Circuits 802.1Q PVCs Maximum Links 8 Gigabit or Advanced Gigabit Ethernet ports 8 10/100 Ethernet ports Comment Ports are added to the link group, not the PVCs. Untagged traffic on an Ethernet, Gigabit Ethernet, or Gigabit Ethernet 3 port configured with 802.1Q encapsulation is also aggregated.
Link Group Type 802.1Q (dot1q)
Ethernet (ether)
Gigabit Ethernet ports Ethernet ports
8 Gigabit or Advanced Gigabit Ethernet ports 8 10/100 Ethernet ports 16 DS-1 channels or 16 clear-channel E1 channels or ports 16 channels 16 channels or ports Channels are added to the link group, not the PVCs.
Frame Relay (mfr) Multilink bundle (mp)
Frame Relay PVCs DS-1 channels Clear-channel E1 channels or ports
The number of MFR bundles that you can configure with DS-1 channels, E1 channels, or E1 ports on a card and the Frame Relay PVCs in those bundles is restricted in this release. The maximum number of MFR bundles and Frame Relay PVCs must be less than 164 per card according to the following formula: 3 x MFR bundles + MFR PVCs 164
9-20
Use the no form of this command to delete the link group or to delete an Ethernet port, DS-1 channel, E1 channel, or E1 port from a link group.
Examples
The following example creates a link group as an MP bundle, lg-mppp, and binds it to an already existing if-mppp interface in the local context; then, it configures two DS-1 channels with PPP encapsulation and associates them with the MP bundle:
!Create an MP bundle and bind it to an interface [local]Redback(config)#link-group lg-mppp mp [local]Redback(config-link-group)#bind interface if-mppp local !Configure two DS-1 channels on a channelized DS-3 card in slot 1 [local]Redback(config)#port ds1 1/1:1 [local]Redback(config-ds1)#encapsulation ppp [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-mppp [local]Redback(config-ds1)#exit [local]Redback(config)#port ds1 1/2:1 [local]Redback(config-ds1)#encapsulation ppp [local]Redback(config-ds1)#no shutdown [local]Redback(config-ds1)#link-group lg-mppp [local]Redback(config-ds1)#exit
Related Commands
port ds1 port e1 port ethernet
9-21
mac-address
mac-address mac-addr default mac-address mac-addr
Purpose
Specifies a medium access control (MAC) address for the Ethernet or 802.1Q link group.
Command Mode
link group configuration
Syntax Description
mac-addr MAC address to be used for the link group in the form hh:hh:hh:hh:hh:hh.
Default
The MAC address of one of the constituent Ethernet ports in the link group is used as the MAC address for the link group.
Usage Guidelines
Use the mac-address command to specify a MAC address for the Ethernet or 802.1Q link group. Note This command is applicable only to an Ethernet or 802.1Q link group. Use the default form of this command to specify that the MAC address of one of the constituent ports in the link group is be used as the MAC address for the link group. Note This command is also documented in Chapter 3, ATM, Ethernet, and POS Port Configuration, for Asynchronous Transfer Mode (ATM) OC and ATM DS-3 ports (in ATM OC and ATM DS-3 configuration modes).
Examples
The following example specifies 00:00:26:26:26:26 as the MAC address for the Ethernet link group:
[local]Redback(config)#link-group lg-ether ether [local]Redback(config-link-group)#mac-address 00:00:26:26:26:26
Related Commands
None
9-22
minimum-links
minimum-links min-num {no | default} minimum-links [min-num]
Purpose
Specifies the minimum number of working links that a link group must have for the link group to be in an up state. A working link is one whose associated port, PVC, or channel is itself in an up state.
Command Mode
Syntax Description
min-num Number of working links under which the link group will be considered down. Optional in the no and default forms.
Default
One working link is needed to keep the link group in an up state.
Usage Guidelines
Use the minimum-links command to specify when a link group is no longer considered viable after losing member links functionality. Whenever fewer than the specified number of links are working, the link group itself reverts to the down state, and no longer forwards any traffic, even on the links that are working. As a result, the link group no longer appears in the routing table. This command only applies to Ethernet and 802.1Q link groups.
Examples
The following example configures the lg-ether link group with a minimum of 2 working links:
[local]Redback(config)#link-group lg-ether ether [local]Redback(config-link-group)#minimum-links 2
Related Commands
None
9-23
mp endpoint-discriminator
mp endpoint-discriminator {hostname | ip | user-defined text} default mp endpoint-discriminator
Purpose
Specifies the type of endpoint discriminator to be used for negotiation for a Multilink Point-to-Point Protocol (MP) bundle.
Command Mode
Syntax Description
hostname ip user-defined text Specifies the system hostname of the SmartEdge router. Specifies the IP address assigned to the interface to which you will bind the MP bundle. User-defined endpoint discriminator. The text argument is a string of up to 20 characters.
Default
The endpoint discriminator is the system hostname.
Usage Guidelines
Use the mp endpoint-discriminator command to specify the endpoint discriminator to be used for negotiation for an MP bundle. The endpoint discriminator identifies peers to the system and distinguishes peers from one another in the system. This identification ensures that the correct links are bundled together in the same MP bundle. Note This command is applicable only to an MP bundle. Use the default form of this command to return the endpoint discriminator identification to the system hostname.
Examples
The following command specifies the endpoint discriminator as the IP address of the interface to which the MP bundle will be bound:
[local]Redback(config)#link-group lg-multi mp [local]Redback(config-link-group)#mp endpoint-discriminator ip [local]Redback(config-link-group)#exit
9-24
Related Commands
None
9-25
9-26
Part 4
Bridging and Cross-Connecting
This part describes the tasks and commands used to configure basic features for bridges, bridge groups, and cross-connections between circuits. This part consists of the following chapters: Chapter 10, Bridging Configuration Chapter 11, Cross-Connection Configuration
Chapter 10
Bridging Configuration
This chapter provides an overview of bridging, describes the tasks used to configure bridges, provides configuration examples, and provides detailed descriptions of the commands used to configure bridging between circuits through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer bridges, see the Bridge and Cross-Connection Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related tasks and commands include: Configuration tasks and commands for ATM and Ethernet ports are described in Chapter 3, ATM, Ethernet, and POS Port Configuration. Configuration tasks and commands for circuits are described in Chapter 6, Circuit Configuration.
This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
The bridging feature in the SmartEdge OS implements transparent, self-learning bridges as described in IEEE 802.1D. Bridging features specific to the SmartEdge OS include: Bridges are context-specific and a context can support multiple bridges. Circuits that can be bridged include Ethernet ports with 802.1D or 802.1Q encapsulation, 802.1Q permanent virtual circuits (PVCs), and Asynchronous Transfer Mode (ATM) PVCs with RFC 1483 bridged encapsulation. Circuits of different types can be associated with a bridge; you can connect any type of supported tributary circuit to any type on trunk circuit.
10-1
Overview
IP- or Point-to-Point Protocol (PPP)-encapsulated circuits cannot be bridged; however, bridging of IP over Ethernet (IPoE)- and PPP over Ethernet (PPPoE)-encapsulated circuits is supported at the medium access control (MAC) layer. Bridges support both tributary and trunk circuits in any combination: Tributary circuits face subscribers; trunk circuits face service providers. Packets are never forwarded from a tributary circuit to another tributary circuit. Each tributary and all trunk circuits in a bridge form a private broadcast domain. Flood packets from a tributary circuit are sent to trunk circuits only; flood packets from a trunk circuit are sent to all tributary and trunk circuits.
Bridges support restricted (very secure) circuits: Stations cannot move to a restricted circuit; there is no learning allowed. Allowed stations must be explicitly designated as static allowed MAC addresses Either trunk or tributary circuits can be designated restricted.
Attributes for bridged circuits, such as the type of circuit (tributary or trunk), restricted or unrestricted, maximum number of dynamic MAC addresses allowed, are grouped into bridged circuit profiles, which can be assigned to one or more circuits.
Figure 10-1 shows some of the hardware connections that support transparent bridging between subscribers connected to ATM and 802.1Q PVCs to ISPs connected to Ethernet ports in a mixed environment on a SmartEdge router. For some of the commands used to implement this configuration, see the Configuration Examples section. Figure 10-1 Bridging in a Mixed Environment
10-2
Overview
Figure 10-2 shows some of the logical connections between subscribers and ISPs through the SmartEdge router for the configuration shown in Figure 10-1. Figure 10-2 Bridged Subscribers to ISP Connections
Rate Limiting Using a Bridge Profile

By default, all inbound bridge traffic is limited by the rate and burst size imposed by the configuration of the port or circuit to which you assign the bridge profile. However, you can apply rate limiting for certain classes of traffic on the bridge, using the bridge profile: Broadcast traffic Multicast traffic Traffic with unknown frames
For each traffic class you can specify a maximum rate and burst size. The system accepts packets of a bridge traffic class that conform to that traffic class rate and burst size without further action; it drops packets that do not conform; see Figure 10-3.
10-3
Configuration Tasks
Figure 10-3 Bridge Profile Rate Limiting (630-based)
Note If a quality of service (QoS) policy (or policies) is attached to the port or circuit to which the bridge profile is assigned, and that QoS policy includes rate limiting, that QoS rate limiting is applied to the traffic on the port or circuit after the broadcast, multicast, or unknown frame rate limiting. Packets dropped by the broadcast, multicast, or unknown frame rate limiting are not applied against the QoS rate limiting policy.
Configuration Tasks
Note To configure bridging, perform the tasks described in the following sections: Configuration Guidelines Configuring Bridging
Configuration Guidelines
The following guidelines apply when configuring bridging: Bridges are context specific. You can configure multiple bridges in each context, but you cannot forward traffic from a circuit associated with one bridge to another bridge, either within the same context or in a different context.
Note Forwarding can be accomplished through the use of physical cabling.
10-4
Configuration Tasks
When creating a bridge for 802.1Q PVCs, you must explicitly propagate the 802.1Q priority from ingress to egress by using the propagate-qos-from-ethernet and propagate-qos-to-ethernet commands (in dot1q profile configuration mode). For more information about these commands, see the QoS Circuit Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. To associate one or more bridged circuits with a bridge, you must configure a bridged interface and associate with it the name of an existing bridge; bridged circuits are associated with the named bridge by being bound to the same bridged interface.
Caution Risk of data loss. Inbound packets can be dropped without warning if the maximum transmission unit (MTU) of the port with the outbound circuit is not as large as the MTU of the port with the inbound circuit. To reduce the risk, always configure every port with circuits bound to a bridged interface with the same MTU value. A subscriber record can contain either a bridge or an IP address, but not both.
Configuring Bridging
To configure bridging, perform the tasks described in the following sections: Configure a Bridge Configure a Bridged Interface Configure a Bridge Profile Configure a Bridged Ethernet Port Configure a Bridged 802.1Q PVC Configure a Bridged ATM PVC Configure a Bridged Subscriber
10-5
Configuration Tasks
Configure a Bridge
To configure a bridge, perform the tasks described in Table 10-1. Table 10-1 Configure a Bridge
# 1. 2. Task Create a bridge and access bridge configuration mode. Specify bridge attributes: Associate a description with the bridge. Specify the type of bridge. Enable or disable the learning of MAC addresses. Specify one or more MAC addresses for which packets are dropped. Specify the aging time for inactive learned MAC addresses, after which they will be dropped. description bridge-only learning mac-entry aging-time This is the only option for this release and is the default. The default value is learning. Enter this command for each MAC address that is not allowed on this bridge. Root Command bridge Notes Enter this command in context configuration mode.
Configure a Bridged Interface

To configure a bridged interface, perform the tasks described in Table 10-2. Table 10-2 Configure a Bridged Interface
# 1. Task Create a bridged interface and access interface configuration mode. Root Command interface Notes Enter this command in context configuration mode. Specify the bridge keyword. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2.
Associate it with a bridge.
bridge
Note Configuration commands for other interface attributes are not included in Table 10-2. For information about configuring interfaces, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS f.
Configure a Bridge Profile

A bridge profile defines bridge attributes for any circuit to which the profile is assigned. To configure a named or default bridge profile, perform the tasks described in Table 10-3. Enter all commands in bridge profile configuration mode, unless otherwise noted. Note For more information about pseudo-wire circuits, see the VPLS Configuration chapter of the Routing Protocols Configuration Guide for the SmartEdge OS.
10-6
Configuration Tasks
Table 10-3 Configure a Bridge Profile

# 1. 2. Task Create a named or default bridge profile and access bridge profile configuration mode. Specify bridge profile attributes: Specify the type of bridged circuit. Specify whether MAC addresses are restricted for the port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. Specify the maximum number of dynamic MAC addresses for the port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. Set the rate and burst tolerance for broadcast traffic on any port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. Set the rate and burst tolerance for multicast traffic on any port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. Set the rate and burst tolerance for traffic to unknown destinations on any port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. trunk restricted The default type is tributary. The default value is unrestricted. Root Command bridge profile Notes Enter this command in global configuration mode.
mac-limit
The default value is unlimited if the circuit type is trunk; the default value is 4 if the circuit type is tributary.
broadcast rate-limit
multicast rate-limit
unknown-dest rate-limit
Configure a Bridged Ethernet Port

To configure a bridged Ethernet port, perform the tasks described in Table 10-4. Table 10-4 Configure a Bridged Ethernet Port
# 1. 2. 3. 4. 5. 6. Task Select the Ethernet port and enter port configuration mode. Assign a bridge profile. Specify bridge attributes for the port: Specify the MTU. Specify the valid MAC addresses. Bind the port to an existing bridged interface in an existing context. mtu bridge mac-entry bind interface All ports bound to the same bridged interface must have the same MTU. Enter this command for the MAC address of each station known to be on this port. Root Command port ethernet bridge profile Notes Enter this command in global configuration mode. The default bridge profile is assigned automatically if you do not enter this command.
Note Configuration commands for other port attributes are not included in Table 10-4. For information about configuring Ethernet ports, see Chapter 3, ATM, Ethernet, and POS Port Configuration.
Configure a Bridged 802.1Q PVC

To configure a bridged 802.1Q PVC, perform the tasks described in Table 10-5.
10-7
Configuration Tasks
Table 10-5 Configure a Bridged 802.1Q PVC

# 1. 2. 3. Task Select the Ethernet port and access port configuration mode. Specify 802.1Q encapsulation for the Ethernet port. Specify the MTU. Root Command port ethernet encapsulation mtu All circuits bound to the same bridged interface must have the same MTU configured for their parent ports. Enter this command in port configuration mode. Enter these commands in dot1q profile configuration mode. For more information about these commands, see the QoS Circuit Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Enter this command in dot1q PCV configuration mode. Enter this command for the MAC address of each station known to be on this PVC. Notes Enter this command in global configuration mode.
4. 5.
Create an 802.1Q PVC and access dot1q PVC configuration mode. Propagate Ethernet 802.1p user priority bits to IP Differentiated Services Code Point (DSCP) bits. Propagate IP Differentiated Services Code Point (DSCP) bits to Ethernet 802.1p user priority bits.
dot1q pvc propagate qos from ethernet
propagate qos to ethernet
6. 7.
Assign a bridge profile. Specify the valid MAC addresses.
bridge profile bridge mac-entry
8.
Bind the circuit to an existing bridged interface with one of the following tasks: Create a static binding to an interface. Create a static binding through a subscriber record to an interface. bind interface bind subscriber Enter this command in dot1q PCV configuration mode. Enter this command in dot1q PCV configuration mode.
Note Configuration commands for other 802.1Q circuit attributes are not included in Table 10-5. For information about configuring 802.1Q PVCs, see Chapter 6, Circuit Configuration.
Configure a Bridged ATM PVC

To configure a bridged ATM PVC, perform the tasks described in Table 10-6. Table 10-6 Configure a Bridged ATM PVC
# 1. 2. Task Select the ATM port and access ATM OC or ATM DS-3 configuration mode. Specify the MTU. Root Command port atm mtu Notes Enter this command in global configuration mode. All circuits bound to the same bridged interface must have the same MTU configured for their parent ports. Specify the bridge1482 keyword for the encapsulation.
3. 4.
Create the ATM PVC and access ATM PVC configuration mode. Assign a bridge profile.
atm pvc bridge profile
10-8
Table 10-6 Configure a Bridged ATM PVC (continued)

# 5. 6. Task Specify the valid MAC addresses. Root Command bridge mac-entry Notes Enter this command for the MAC address of each station know to be on this PVC.
Bind the ATM PVC to an existing bridged interface with one of the following tasks: Create a static binding to an existing bridged interface. Create a static binding through a subscriber record to an existing bridged interface. bind interface bind subscriber
Note Configuration commands for other ATM PVC attributes are not included in Table 10-6. For information about configuring ATM PVCs, see Chapter 6, Circuit Configuration.
Configure a Bridged Subscriber

To configure a subscriber record, named profile, or default profile for bridging, perform the tasks described in Table 10-7. Table 10-7 Configure a Bridged Subscriber
# 1. Task Create the subscriber record, named profile, or default profile and access subscriber configuration mode. Root Command subscriber Notes Enter this command in context configuration mode.For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2. 3.
Assign a bridge profile to be used by the circuit on which the subscriber session occurs. Associate it with an existing bridge.
bridge profile bridge
Note Configuration commands for other subscriber attributes are not included in Table 10-7. For information about configuring subscribers, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
The examples in this section provide partial command samples to illustrate the configuration of ATM and Ethernet tributary and trunk circuits for ISP1 in Figure 10-1 and Figure 10-2; only the commands specifically needed for bridging are included: Bridge Bridged Interface Bridge Profile Bridged Trunk Circuits
10-9
Bridged Tributary Circuits Bridged Subscriber
Bridge
The following example creates a context and two bridges with default attributes, except for those configured:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#description Bridge for all traffic to ISP1 [local]Redback(config-bridge)#aging-time 18000 [local]Redback(config-ctx)#bridge isp3 [local]Redback(config-bridge)#description Bridge for all traffic to ISP3 [local]Redback(config-bridge)#aging-time 18000
Bridged Interface
The following example creates a bridged interface for each ISP and associates it with the bridge for that ISP:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#interface if-isp1 bridge [local]Redback(config-if)#bridge name isp1 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface if-isp3 bridge [local]Redback(config-if)#bridge name isp3
Bridge Profile
The following example creates a bridge profile for a restricted trunk circuit:
[local]Redback(config-ctx)#bridge profile prof-isp-trunk [local]Redback(config-bridge-profile)#mac-limit 10 [local]Redback(config-bridge-profile)#restricted [local]Redback(config-bridge-profile)#trunk
The following example creates a bridge profile for an unrestricted tributary circuit:
[local]Redback(config-ctx)#bridge profile prof-sub-isp-trib [local]Redback(config-bridge-profile)#mac-limit 10 [local]Redback(config-bridge-profile)#no trunk
10-10
Bridged Trunk Circuits

The following example selects a Gigabit Ethernet port and configures it as a trunk circuit to ISP1:
[local]Redback(config)#port ethernet 5/1 [local]Redback(config-port)#bridge profile prof-isp-trunk [local]Redback(config-port)#mtu 1500 [local]Redback(config-port)#bridge mac-entry 00:d0:ba:04:d8:05 [local]Redback(config-port)#bridge mac-entry 00:0a:0a:04:d8:06 [local]Redback(config-port)#bind interface if-isp1
The following example selects a Gigabit Ethernet port and configures it as a trunk circuit to ISP3:
[local]Redback(config)#port ethernet 5/3 [local]Redback(config-port)#bridge profile prof-isp-trunk [local]Redback(config-port)#mtu 1500 [local]Redback(config-port)#bridge mac-entry 00:d0:ba:04:d8:07 [local]Redback(config-port)#bridge mac-entry 00:0a:0a:04:d8:08 [local]Redback(config-port)#bind interface if-isp3
Bridged Tributary Circuits

The following example selects an ATM OC port, configures it with an ATM PVC, and configures the PVC as a tributary circuit for ISP1 subscribers:
[local]Redback(config)#port atm 3/1 [local]Redback(config-port)#mtu 1500 [local]Redback(config-atm-oc)#atm pvc 1 32 profile ubr encapsulation bridge1483 [local]Redback(config-atm-pvc)#bridge profile prof-sub-isp1-trib [local]Redback(config-atm-pvc)#bridge mac-entry 00:00:00:00:01:33 [local]Redback(config-atm-pvc)#bridge mac-entry 00:0a:0a:04:01:34 [local]Redback(config-atm-pvc)#bind interface if-isp1
The following example selects an Ethernet port, configures it with an 802.1Q PVC, and configures the PVC as a tributary circuit for IPS3 subscribers:
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#mtu 1500 [local]Redback(config-port)#dot1q pvc 100 [local]Redback(config-dot1q-pvc)#bridge profile prof-sub-isp3-trib [local]Redback(config-dot1q-pvc)#bridge mac-entry 00:00:00:00:01:31 [local]Redback(config-dot1q-pvc)#bridge mac-entry 00:0a:0a:04:01:32 [local]Redback(config-dot1q-pvc)#bind interface if-isp3
10-11
Bridged Subscriber
The following example creates a named subscriber profile and associates it with a bridge profile and a bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#subscriber profile isp1 [local]Redback(config-sub)#bridge profile prof-sub-isp1-trib [local]Redback(config-sub)#bridge name isp1 [local]Redback(config-sub)#
The following example creates a subscriber record that has the named subscriber profile, isp1, associated with it; the named subscriber profile associates the subscriber with the bridge profile and the bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#subscriber name 9991112222 [local]Redback(config-sub)#profile isp1
This section describes the syntax and usage guidelines for the commands used to configure bridging features. The commands are presented in alphabetical order. aging-time bridge bridge mac-entry bridge-only bridge profile broadcast rate-limit multicast rate-limit description learning mac-entry mac-limit restricted trunk unknown-dest rate-limit
10-12
aging-time
aging-time aging-time {no | default} aging-time
Purpose
Specifies the time after which inactive learned medium access control (MAC) addresses are deleted for all circuits that are bound to an interface that is associated with this bridge.
Command Mode
bridge configuration
Syntax Description
aging-time Address age time (in seconds). The range is 10 to 1,000,000; the default value is 300 seconds.
Default
The aging time is 300 seconds (5 minutes).
Usage Guidelines
Use the aging-time command to specify the time after which inactive learned MAC addresses are deleted for all circuits that will be bound an interface to an interface that is associated with this bridge. Use the no or default form of this command to specify the default aging time for all circuits.
Examples
The following example specifies an aging time of 18,000 seconds (5 hours):
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#aging-time 18000
Related Commands
None
10-13
bridge
In context configuration mode, the syntax is: bridge bridge-name no bridge bridge-name In interface or subscriber configuration mode, the syntax is: bridge name bridge-name
Purpose
In context configuration mode, creates a traditional bridge or selects one for modification and enters bridge configuration mode; in interface or subscriber configuration mode, associates the bridge with the interface or subscriber.
Command Mode
context configuration interface configuration subscriber configuration
Syntax Description
bridge-name Name of the bridge to be created or selected.
name bridge-name Name of the bridge with which the interface or subscriber is associated.
Default
No bridges are created; no interface or subscriber is associated with any bridge.
Usage Guidelines
In context configuration mode, use the bridge command to create a traditional bridge or select one for modification and enter bridge configuration mode; in interface or subscriber configuration mode, use this command to associate the interface or subscriber with a bridge. You can create a bridge either before or after you associate an interface or subscriber with it. Only bridged interfaces can be associated with a bridge; you must create the interface using the interface command with the bridge keyword (in context configuration mode). Use the no form of this command (in context configuration mode) to delete the bridge. To configure a Virtual Private LAN Service (VPLS) bridge, see the VPLS Configuration chapter of the Routing Protocols Configuration Guide for the SmartEdge OS.
10-14
Examples
The following example creates a bridge, isp1:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#
The following example creates a bridged interface and associates it with a bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#interface if-isp1 bridge [local]Redback(config-if)#bridge name isp1 [local]Redback(config-if)#
The following example creates a subscriber record and associates it with a bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#subscriber name 9991112222@isp1 [local]Redback(config-if)#bridge name isp1 [local]Redback(config-if)#
Related Commands
None
10-15
bridge mac-entry
bridge mac-entry mac-addr no bridge mac-entry mac-addr
Purpose
Specifies a valid static medium access control (MAC) address of a station known to be on this circuit.
Command Mode
Syntax Description
mac-addr Static MAC address of a station that is known to be on this circuit, from which source packets are accepted, in the form hh:hh:hh:hh:hh:hh.
Default
None
Usage Guidelines
Use the bridge mac-entry command to specify a valid static MAC address of a station known to be on this circuit. This MAC address is accepted by the bridge and the interface to which the circuit is bound. Use the no form of this command to delete the specified MAC address for this circuit.
Examples
The following example specifies valid static MAC addresses for an Ethernet port:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#bridge mac-entry 00:d0:ba:04:d8:05 [local]Redback(config-port)#bridge mac-entry 00:0a:0a:04:d8:06
Related Commands
mac-entry
10-16
bridge-only
bridge-only no bridge-only
Purpose
Specifies the type of bridge.
Command Mode
Syntax Description
Default
The bridge type is bridge-only.
Usage Guidelines
Use the bridge-only command to specify the type of bridge. IP packets are bridged, not routed, in this bridge. Note This is the only type of bridge supported in this release. Use the no form of this command to specify the default type of bridge.
Examples
The following example specifies the default bridge type (bridge-only):
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#bridge-only
Related Commands
None
10-17
bridge profile
bridge profile {prof-name | default} no bridge profile prof-name
Purpose
In global configuration mode, creates, or selects for modification, a bridge profile or the default bridge profile, and enters bridge profile configuration mode; in all other modes, assigns an existing bridge profile to this circuit or subscriber.
Command Mode
ATM PVC configuration dot1q PVC configuration global configuration port configuration subscriber configuration
Syntax Description
prof-name default Name of the profile to be created, selected, or assigned. Creates or selects the default bridge profile.
Default
No bridge profiles exist or are assigned.
Usage Guidelines
In global configuration mode, use the bridge profile command to create, or select for modification, a named bridge profile or the default bridge profile, and enter bridge profile configuration mode; in all other modes, use this command to assign an existing named bridge profile to the circuit or the subscriber profile or record. Use the default keyword to create or select the default bridge profile. Each configured attribute in the default profile is included in the configuration for any circuit that is bound to a bridged interface in any context and that does not have a named bridge profile assigned to it. Use the prof-name argument to create a named bridge profile. The configured attributes in the named profile are appended to the configuration for any circuit to which that profile is assigned, and override the attribute values in the default bridge profile. For subscriber circuits, you can assign a named bridge profile to a default or named subscriber profile or to a subscriber record. When the subscriber circuit is bound to a bridged interface, the attribute values in the named bridge profile assigned to the subscriber record override those in the default bridge profile for the circuit, unless the circuit is also assigned a named bridge profile.
10-18
If a named bridge profile is assigned to the circuit, then the attribute values in that named bridge profile override the attribute values in the named bridge profile assigned to the subscriber record. Use the no form of this command to delete the specified bridge profile; you cannot delete the default bridge profile.
Examples
The following example creates a named bridge profile, prof-isp1:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#
The following example creates the default bridge profile:

[local]Redback(config)#bridge profile default [local]Redback(config-bridge-profile)#trunk [local]Redback(config-bridge-profile)#no restricted [local]Redback(config-bridge-profile)#end
Related Commands
mac-limit restricted trunk
10-19
broadcast rate-limit
broadcast rate-limit {kbps [burst-size bytes]} no broadcast rate-limit
Purpose
Set the rate and burst tolerance for broadcast traffic on any port, circuit, or Virtual Private LAN Services (VPLS) pseudo-wire circuit to which you assign this bridge profile.
Command Mode
bridge profile configuration
Syntax Description
kbps burst-size bytes Rate, in kilobits per second. The range of values is from 5 to 1,000,000. Optional. Burst tolerance in bytes. The range of values is 1 to 12,000,000.
Default
No rate limiting is imposed on broadcast traffic on any port, circuit or VPLS pseudo-wire circuit to which you assign this bridge profile.
Usage Guidelines
Use the broadcast rate-limit command to set the rate and burst tolerance for broadcast traffic on any port, circuit, or VPLS pseudo-wire circuit to which this profile is assigned. For more information on VPLS pseudo-wire circuits, see the VPLS Configuration chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. Use the no form of this command to remove any rate limiting for broadcast traffic.
Examples
The following example creates the prof-isp1 bridge profile and rate limits the broadcast traffic to 6000000 kbps and the burst size to 10000 bytes:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#broadcast rate-limit 600000 burst-size 10000
Related Commands
bridge profile multicast rate-limit unknown-dest rate-limit
10-20
description
Purpose
Associates a textual description with a bridge.
Command Mode
Syntax Description
text Text string that identifies the bridge. Can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters.
Default
No description is associated with any bridge.
Usage Guidelines
Use the description command to associate textual information with a bridge. This text displays by the appropriate show command. Use the no or default form of this command to delete the existing description. Because there can be only one description for a bridge, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example associates a description with the bridge, isp1, configured in the bridge context:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#description Bridge for all traffic to ISP1
Related Commands
None
10-21
learning
learning no learning
Purpose
Enables the bridge to learn medium access control (MAC) addresses.
Command Mode
Syntax Description
Default
Learning is enabled.
Usage Guidelines
Use the learning command to enable the bridge to learn MAC addresses. Use the no form of this command to disable learning.
Examples
The following example disables learning for the bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#no learning
Related Commands
None
10-22
mac-entry
mac-entry drop mac-addr no mac-entry drop mac-addr
Purpose
Specifies a medium access control (MAC) address that is not allowed on this bridge.
Command Mode
Syntax Description
drop mac-addr Discards all packets on the specified MAC address. MAC address that is not allowed on this bridge, in the form hh:hh:hh:hh:hh:hh.
Default
Packets with any MAC address are accepted.
Usage Guidelines
Use the mac-entry command to specify a MAC address that is not allowed on this bridge. Packets with this MAC address, either as source or destination, are dropped unconditionally. Use the no form of this command to remove the MAC address from the list of MAC addresses that are not allowed on this bridge.
Examples
The following example specifies the MAC addresses that are not allowed on this bridge:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#mac-entry drop 00:0d:ab:40:8d:50 [local]Redback(config-bridge)#mac-entry drop 00:a0:a0:40:d8:60
Related Commands
bridge mac-entry
10-23
mac-limit
mac-limit {max-num | unlimited} {no | default} mac-limit
Purpose
Specifies the maximum number of medium access control (MAC) addresses that can be learned by the bridge or specified manually for any port, circuit or Virtual Private LAN Service (VPLS) pseudo-wire circuit to which this profile is assigned.
Command Mode
Syntax Description
max-num unlimited Maximum number of learned MAC addresses. The range of values is 1 to 16,000. Does not impose a limit to the number of learned MAC addresses.
Default
The maximum number of learned MAC addresses is four for a tributary circuit to which a profile is assigned. Trunk and VPLS circuits have no MAC limit.
Usage Guidelines
Use the mac-limit command to specify the maximum number of MAC addresses that can be learned by the bridge or specified manually for any port, circuit, or VPLS pseudo-wire circuit to which this profile is assigned. For more information about VPLS pseudo-wire circuits, see the VPLS Configuration chapter of the Routing Protocols Configuration Guide for the SmartEdge OS. MAC addresses are specified manually using the bridge mac-entry command (in ATM PVC, dot1q PVC, or port configuration mode). Use the no or default form of this command to specify the default limitation.
Examples
The following example specifies 10 as the maximum number of MAC addresses for this profile:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#mac-limit 10
Related Commands
bridge mac-entry restricted trunk
10-24
multicast rate-limit
multicast rate-limit {kbps [burst-size bytes]} no multicast rate-limit
Purpose
Set the rate and burst tolerance for multicast traffic on any port, circuit, or Virtual Private LAN Services (VPLS) pseudo-wire circuit to which you assign this bridge profile.
Command Mode
Syntax Description
kbps burst-size bytes Rate in kilobits per second. The range of values is 5 to 1,000,000. Optional. Burst tolerance in bytes. The range of values is 1 to 12,000,000.
Default
No rate limiting is imposed on multicast traffic on any port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile.
Usage Guidelines
Use the multicast rate-limit command to set the rate and burst tolerance for multicast traffic on any port, circuit, or VPLS pseudo-wire circuit to which this profile is assigned. For more information about VPLS pseudo-wire circuits, see the VPLS Configuration chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. Use the no form of this command to remove any rate limiting for multicast traffic.
Examples
The following example creates the prof-isp1 bridge profile and rate limits the multicast traffic to 6000000 kbps and the burst size to 10000 bytes:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(confg-bridge-profile)#multicast rate-limit 600000 burst-size 10000
Related Commands
bridge profile broadcast rate-limit unknown-dest rate-limit
10-25
restricted
restricted {no | default} restricted
Purpose
Specifies that circuits (including Virtual Private LAN Services (VPLS) circuits) to which this profile is assigned are restricted to accepting only source packets from statically allowed medium access control (MAC) addresses.
Command Mode
Syntax Description
Default
Circuits are not restricted.
Usage Guidelines
Use the restricted command to specify that circuits (including VPLS circuits) to which this profile is assigned are restricted to accepting only packets from statically allowed MAC addresses. Learning is not possible on restricted circuits. This command causes all MAC addresses previously learned for a circuit to which this profile is assigned to be erased. It also prevents learning of MAC addresses on the circuit, because packets from unknown MAC addresses are dropped before they are learned. Use the no or default form of this command to remove the restriction from the profile.
Examples
The following example specifies that the MAC addresses be restricted for any circuit to which this profile is assigned:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#restricted
Related Commands
mac-limit trunk
10-26
trunk
trunk {no | default} trunk
Purpose
Specifies that any circuit to which this profile is assigned is a trunk circuit.
Command Mode
Syntax Description
Default
Any circuit to which this profile is assigned is a tributary circuit.
Usage Guidelines
Use the trunk command to specify that any circuit to which this profile is assigned is a trunk circuit. Use the no or default form of this command to specify the default condition.
Examples
The following example specifies that the profile be a trunk profile:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#trunk
Related Commands
mac-limit restricted
10-27
unknown-dest rate-limit
unknown-dest rate-limit {kbps [burst-size bytes]} no unknown-dest rate-limit
Purpose
Sets the rate and burst tolerance for traffic to unknown destinations on any port, circuit, or Virtual Private LAN Services (VPLS) pseudo-wire circuit to which you assign this bridge profile.
Command Mode
Syntax Description
kbps burst-size bytes Rate in kilobits per second. The range of values is 5 to 1,000000. Optional. Burst tolerance in bytes. The range of values is 1 to 12,000,000.
Default
No rate limiting is imposed on traffic to unknown destinations on any port, circuit, or VPLS pseudo-wire circuit to which this profile is assigned.
Usage Guidelines
Use the unknown-dest rate-limit command to set the rate and burst tolerance for traffic to unknown destinations on any port, circuit, or VPLS pseudo-wire circuit to which you assign this bridge profile. For more information about VPLS pseudo-wire circuits, see the VPLS Configuration chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. Note To protect against DOS attacks, you should always configure the rate limit.
Examples
The following example creates the prof-isp1 bridge profile and rate limits the destination traffic to 6000000 kbps and the burst size to 10000:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#unknown-dest rate-limit 600000 burst-size 10000
Related Commands
bridge profile broadcast rate-limit multicast rate-limit
10-28
Chap ter 11
Cross-Connection Configuration
This chapter provides an overview of cross-connecting circuits, describes the tasks used to configure cross-connections between circuits, provides configuration examples, and detailed descriptions of the commands used to configure cross-connections through the SmartEdge OS. Only Asynchronous Transfer Mode (ATM) and 802.1Q permanent virtual circuits (PVCs), including those that you have configured with multiprotocol encapsulation, can be cross-connected. Note An 802.1Q PVC is also referred to as an 802.1Q virtual LAN (VLAN); however, within this chapter, it is the PVC, not the VLAN, that is being configured. A multiprotocol-encapsulated circuit can carry child circuits with any combination of Point-to-Point Protocol over Ethernet (PPPoE) traffic, Internet Protocol over Ethernet (IPoE) or IP Version 6 (IPv6) over Ethernet (IPv6oE) traffic; you can cross-connect the parent circuit as well as the child circuits. Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture. Configuration commands for ATM and 802.1Q PVCs are described in Chapter 6, Circuit Configuration. For information about the tasks and commands used to monitor, troubleshoot, and administer cross-connections, see the Bridge and Cross-Connection Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. For protocol- or feature-specific commands that appear in any of the circuit configuration modes, see the appropriate chapter in this guide, in the Routing Protocols Configuration Guide for the SmartEdge OS, or the IP Services and Security Configuration Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
11-1
Overview
Overview
Cross-connected circuits allow you to connect two circuits of the same or different type to pass traffic transparently through the SmartEdge router. One circuit is designated as the inbound circuit; the other is designated as the outbound circuit. However, both circuits are bidirectional, and traffic flows in both directions but only as allowed by the encapsulation of each circuit. This section describes cross-connections in the following topics: Types of Non-Interworking Cross-Connections Filtering Traffic Using Non-Interworking Cross-Connections Interworking Cross-Connections
Types of Non-Interworking Cross-Connections

The following sections describe the various types of non-interworking cross-connections: ATM PVC to ATM PVC ATM PVC to 802.1Q PVC 802.1Q PVC to 802.1Q PVC
ATM PVC to ATM PVC

When cross-connecting an ATM PVC to another ATM PVC, both PVCs must have the same type of encapsulation. Encapsulation types include RFC 1483 bridged, RFC 1483 routed, multiprotocol (for ATM parent circuits), PPPoE, or raw mode. Traffic is passed through the SmartEdge router without filtering, because the encapsulations always match. Table 11-1 lists the combinations of parent and child circuit encapsulations (the keywords used in the command syntax) for inbound and outbound circuits, the type of traffic that is cross-connected, and the section that describes the configuration tasks for cross-connecting ATM PVCs to ATM PVCs. Note In Table 11-1, Bridge 1483 refers to traffic on circuits with RFC 1483 bridged encapsulation and Route 1483 refers to traffic on circuits with RFC 1483 routed encapsulation. Table 11-1 Supported Encapsulations for ATM PVCs to ATM PVCs
Outbound Circuit Encapsulation Keyword bridge1483 pppoe raw route1483 multi Cross-Connected Circuit Traffic Bridge 1483 PPPoE Raw Route 1483 IPoE-to-IPoE IPV6oE-to-IPV6oE PPPoE-to-PPPoE multi pppoe PPPoE-to-PPPoE Cross-Connecting a Circuit with a Child Circuit Cross-Connecting Parent and Child Circuits Configuration Tasks Described in This Section Cross-Connecting Circuits Without Child Circuits
Inbound Circuit Encapsulation Keyword bridge1483 pppoe raw route1483 multi
11-2
Overview
ATM PVC to 802.1Q PVC

The following combinations of ATM PVCs and 802.1Q PVCs, with and without child circuits, can be cross-connected, and filtering can occur: An ATM PVC with bridge1483 encapsulation can be cross-connected to an 802.1Q PVC with dot1q encapsulation. An ATM PVC with multi encapsulation can be cross-connected to an 802.1Q PVC with dot1q or multi encapsulation. An ATM PVC with pppoe encapsulation can be cross-connected to an 802.1Q PVC with dot1q or pppoe encapsulation, or to the pppoe-encapsulated child circuit of an 802.1Q PVC with multi encapsulation.
Table 11-2 lists the combinations of parent and child circuit encapsulations (the keywords used in the command syntax) for inbound and outbound circuits, the type of traffic that is cross-connected, and the section that describes the configuration tasks for cross-connecting ATM PVCs to 802.1Q PVCs. Note In Table 11-2, Bridge 1483 refers to traffic on circuits with RFC 1483 bridged encapsulation. Table 11-2 Supported Encapsulations for ATM PVCs to 802.1Q PVCs
Outbound Circuit Encapsulation Keyword dot1q dot1q Cross-Connected Circuit Traffic Bridge 1483-to-802.1Q IPoE-to-802.1Q IPV6oE-to-802.1Q PPPoE-to-802.1Q multi multi IPoE-to-IPoE IPV6oE-to-IPV6oE PPPoE-to-PPPoE multi pppoe pppoe dot1q pppoe pppoe multi PPPoE-to-PPPoE PPPoE-to-802.1Q PPPoE-to-PPPoE PPPoE-to-PPPoE Cross-Connecting a Circuit with a Child Circuit Cross-Connecting a Circuit with a Child Circuit Cross-Connecting Circuits Without Child Circuits Cross-Connecting Parent and Child Circuits Configuration Tasks Described in This Section Cross-Connecting Circuits Without Child Circuits Cross-Connecting a Circuit with a Child Circuit
Inbound Circuit Encapsulation Keyword bridge1483 multi
11-3
Overview
802.1Q PVC to 802.1Q PVC

802.1Q PVCs, with and without child circuits, with different encapsulations can be cross-connected, and filtering can occur. Table 11-3 lists the combinations of parent and child circuit encapsulations (the keywords used in the command syntax) for inbound and outbound circuits, the type of traffic that is cross-connected, and the section that describes the configuration tasks for cross-connecting 802.1Q PVCs to 802.1Q PVCs. Table 11-3 Supported Encapsulations for 802.1Q PVCs to 802.1Q PVCs
Outbound Circuit Encapsulation Keyword dot1q dot1q Cross-Connected Circuit Traffic 802.1Q-to-802.1Q IPoE-to-802.1Q IPV6oE-to-802.1Q PPPoE-to-802.1Q multi multi IPoE-to-IPoE IPV6oE-to-IPV6oE PPPoE-to-PPPoE pppoe pppoe pppoe dot1q multi pppoe PPPoE-to-802.1Q PPPoE-to-PPPoE PPPoE-to-PPPoE Cross-Connecting Circuits Without Child Circuits Cross-Connecting a Circuit with a Child Circuit Cross-Connecting Circuits Without Child Circuits Cross-Connecting Parent and Child Circuits Configuration Tasks Described in This Section Cross-Connecting Circuits Without Child Circuits Cross-Connecting a Circuit with a Child Circuit
Inbound Circuit Encapsulation Keyword dot1q multi
Filtering Traffic Using Non-Interworking Cross-Connections

Filtering traffic using non-interworking cross-connections is described in the following sections: Filtering Using Child Circuits Filtering Using Circuits with Unlike Encapsulations
Filtering Using Child Circuits

A multiprotocol-encapsulated circuit (also referred to as the parent circuit) can carry any combination of Point-to-Point Protocol over Ethernet (PPPoE) traffic, Internet Protocol over Ethernet (IPoE), or IP version 6 (IPv6) over Ethernet (IPv6oE) traffic. Note The traffic for a parent circuit is IPoE, but the encapsulation keyword is multi. Filtering of the traffic of a particular type on a parent circuit is provided for by creating a child circuit with that type of encapsulation. Thus, a multiprotocol ATM or 802.1Q PVC can be parent to two child circuits in addition to the parent circuit: one for PPPoE traffic (pppoe encapsulation) and one for IPv6oE traffic (ipv6oe encapsulation). In addition, the parent circuit carries IPoE traffic (ipoe encapsulation). You can cross-connect a child circuit to another child circuit or to a circuit that has no child circuits. When an inbound circuit is cross-connected to an outbound circuit with the same type of encapsulation, the inbound traffic is filtered, with only the packets with the designated encapsulation being passed to the outbound circuit.
11-4
Overview
To support child circuits, an ATM or 802.1Q PVC must be configured with multiprotocol encapsulation, as described in Chapter 6, Circuit Configuration. Figure 11-1 shows the packet flow across a multiprotocol ATM PVC and how the traffic is split between an IPoE, IPv6oE, and PPPoE destinations. In this example, the inbound IPoE parent circuit is terminated and routed to a Gigabit Ethernet port. Figure 11-1 Traffic Paths for a Multiprotocol ATM PVC
Filtering Using Circuits with Unlike Encapsulations

Usually, you configure a cross-connection to pass through traffic of a particular type. In this case, the encapsulation of both the inbound and outbound circuits is the same and no other filtering takes place. For example, an inbound child circuit with PPPoE traffic on an ATM PVC passes only PPPoE traffic to an outbound circuit. If the outbound circuit is a child circuit with PPPoE encapsulation, all the inbound PPPoE packets flow across the connection in both directions. However, when the encapsulations of the circuits that form the cross-connection are different, the cross-connection acts as a filter on the traffic passing from the inbound circuit to the outbound circuit, and conversely. For example, for a cross-connection between an inbound child circuit with PPPoE encapsulation and an outbound 802.1Q PVC with dot1q encapsulation, the following filtering actions occur: In the inbound to outbound direction: Because the inbound child circuit has only PPPoE traffic, all other traffic on the parent circuit is ignored. Because the dot1q encapsulation accepts PPPoE traffic, no packets are discarded; all PPPoE packets are transmitted over the 802.1Q PVC.
11-5
Configuration Tasks
In the outbound to inbound direction: Because the dot1q encapsulation accepts all IP traffic, no packets are discarded. Because the child circuit accepts only PPPoE traffic, any nonPPPoE packets are discarded.
Interworking Cross-Connections
Interworking cross-connections allow you to receive IPv4 frames from an ATM PVC with RFC 1483 routed encapsulation and transmit them on an 802.1Q PVC. Figure 11-2 shows an interworking network. The IPv4 device at each end is configured with ATM PVCs or 802.1Q PVCs. The SmartEdge router provides the interworking cross-connection between the two types of PVCs. Figure 11-2 Interworking Network
Because the IPv4 device on the ATM PVC side is not capable of Address Resolution Protocol (ARP) functions, the SmartEdge OS provides the following functions for the IPv4 device on the 802.1Q PVC side: Responds to its ARP queries Generates periodic ARP requests to learn about its medium access control (MAC) address Generates gratuitous ARP packets if any MAC changes occur
All non-ARP packets are simply cross-connected. Configuration tasks for this type of cross-connection are described in the Cross-Connecting an ATM PVC to an 802.1Q PVC for Interworking section.
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. Cross-connected circuit configuration tasks are described in the following sections: Cross-Connecting Circuits Without Child Circuits Cross-Connecting Parent and Child Circuits Cross-Connecting a Circuit with a Child Circuit Cross-Connecting an ATM PVC to an 802.1Q PVC for Interworking
11-6
Configuration Tasks
Cross-Connecting Circuits Without Child Circuits

You can cross-connect any of the following combinations of inbound and outbound circuits: Inbound ATM PVC to outbound ATM PVC with matching encapsulation types (bridge1483, route1483, pppoe, or raw) Inbound ATM PVC with bridge1483 or pppoe encapsulation to outbound 802.1Q PVC with dot1q or pppoe encapsulation Inbound 802.1Q PVC with dot1q or pppoe encapsulation to outbound 802.1Q PVC with dot1q encapsulation
This section includes the following topics: Cross-Connect ATM PVCs Cross-Connect 802.1Q PVCs Cross-Connect an ATM PVC to an 802.1Q PVC Complete the Configuration of the ATM or 802.1Q PVCs
Cross-Connect ATM PVCs

To configure and cross-connect inbound and outbound ATM PVCs, perform the tasks described in Table 11-4. Table 11-4
# 1. 2. Task Create one or more inbound ATM PVCs and access ATM PVC configuration mode. Create one or more outbound ATM PVCs and access ATM PVC configuration mode.
Configure Cross-Connected ATM PVCs

Root Command atm pvc atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify bridge1483, route1483, pppoe, or raw encapsulation; encapsulation types must match on inbound and outbound circuits. Enter this command in global configuration mode. Do not specify the encapsulation of either circuit. This command effectively binds the inbound circuit to the outbound circuit.
3.
Create the cross-connection between the inbound and outbound circuits.
xc
11-7
Configuration Tasks
Cross-Connect 802.1Q PVCs

To configure and cross-connect inbound and outbound 802.1Q PVCs, perform the tasks described in Table 11-5. Table 11-5
# 1. Task Create an inbound 802.1Q PVC and access dot1q PVC configuration mode. Create an outbound 802.1Q PVC and access dot1q PVC configuration mode. Create the cross-connection between the inbound and outbound 802.1Q PVCs.
Cross-Connect 802.1Q PVCs

Root Command dot1q pvc Notes Enter this command in port configuration mode. Specify dot1q or pppoe encapsulation. dot1q pvc Enter this command in port configuration mode. Specify dot1q encapsulation. xc Enter this command in global configuration mode. Do not specify the encapsulation of either circuit. This command effectively binds the inbound circuit to the outbound circuit.
2.
3.
Cross-Connect an ATM PVC to an 802.1Q PVC

To configure and cross-connect inbound ATM PVCs and outbound 802.1Q PVCs, perform the tasks described in Table 11-6. Table 11-6
# 1. Task Create one or more inbound ATM PVCs and access ATM PVC configuration mode.
Cross-Connect an ATM PVC to an 802.1Q PVC

Root Command atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify bridge1483 or pppoe encapsulation.
2.
Create an outbound 802.1Q PVC and access dot1q PVC configuration mode.
dot1q pvc
Enter this command in port configuration mode. Specify dot1q, multi, or pppoe encapsulation. Only dot1 encapsulation is supported when cross-connecting to ATM PVCs with bridge1483 encapsulation.
3.
Create the cross-connection between the inbound and outbound circuits.
xc
Enter this command in global configuration mode. Do not specify the encapsulation of either circuit. This command effectively binds the inbound circuit to the outbound circuit.
Complete the Configuration of the ATM or 802.1Q PVCs

To complete the configuration of the circuits, either ATM or 802.1Q PVC, perform the tasks described in the appropriate section in Chapter 6, Circuit Configuration, but do not bind the PVC.
11-8
Configuration Tasks
Cross-Connecting Parent and Child Circuits

You can cross-connect any of the following combinations of inbound and outbound parent and child circuits: Inbound ATM PVC to outbound ATM PVC Inbound ATM PVC to outbound 802.1Q PVC Inbound 802.1Q PVC to outbound 802.1Q PVC
This section includes the following topics: Configure Ports and Circuits for Non-Cross-Connected Traffic Cross-Connect ATM or 802.1Q PVC Parent and Child Circuits
Configure Ports and Circuits for Non-Cross-Connected Traffic

To route traffic on inbound circuits that are not cross-connected, you must configure ports and circuits capable of supporting that type of traffic and bind each port and circuit to an interface. For child circuits, ports and circuits can be of any type that support IP packets; for example, in Figure 11-1, one such port is a Gigabit Ethernet port. To configure an ATM or Ethernet port, see Chapter 3, ATM, Ethernet, and POS Port Configuration; to configure an ATM or 802.1Q PVC, see Chapter 6, Circuit Configuration.
Cross-Connect ATM or 802.1Q PVC Parent and Child Circuits

To configure inbound and outbound child circuits on either multiprotocol (parent) ATM PVCs or 802.1Q PVCs, and cross-connect them, perform the tasks described in Table 11-7. Table 11-7
# 1. Task
Cross-Connect ATM or 802.1Q PVC Parent and Child Circuits

Root Command Notes
Create the inbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify multi encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify multi encapsulation. ip host Enter this command in ATM or dot1q PVC configuration mode only if the PVC is to be bound to an interface. Enter this command in ATM or dot1q PVC configuration mode.
2.
Associate the IP address and MAC address of the remote host on the ATM or 802.1Q PVC. Create a child circuit for inbound traffic on a multiprotocol circuit and access ATM or dot1q child protocol configuration mode.
3.
circuit protocol
11-9
Configuration Tasks
Table 11-7
# 4. Task
Cross-Connect ATM or 802.1Q PVC Parent and Child Circuits (continued)

Root Command Notes
Create the outbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify multi encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify multi encapsulation. circuit protocol Enter this command in ATM or dot1q PVC configuration mode.
5.
Create the child circuit for outbound traffic and access ATM or dot1q child protocol configuration mode.
6.
Cross-connect or bind the child circuits with one of the following tasks: (The cross-connection command effectively binds the inbound circuit to the outbound circuit.) Cross-connect the inbound and outbound child circuits. xc Enter this command for each child circuit in global configuration mode. Specify the encapsulation of both circuits. Bind the inbound PPPoE-encapsulated child circuit to terminate its traffic. bind authentication Enter this command in ATM or dot1q child protocol configuration mode. This option is available only for child circuits with PPPoE encapsulation.
7.
Cross-connect or bind the parent circuits with one of the following tasks: Cross-connect the inbound and outbound parent circuits. Bind the inbound parent circuit to an interface for inbound traffic to terminate its IPoE traffic. xc bind interface Enter this command in global configuration mode. Do not specify the encapsulation of either circuit. Enter this command in ATM or dot1q PVC configuration mode.
Note If you neither cross-connect, nor bind an inbound parent or child circuit, its traffic is dropped.
Cross-Connecting a Circuit with a Child Circuit

You can cross-connect any of the following combinations of circuits without child circuits and multi-protocol (parent) circuits with child circuits: Inbound ATM PVC with multi encapsulation to outbound ATM PVC with pppoe encapsulation Inbound ATM PVC with multi encapsulation to outbound 802.1Q PVC with dot1q or pppoe encapsulation Inbound 802.1Q PVC with multi encapsulation to outbound 802.1Q PVC with dot1q encapsulation Inbound ATM PVC with pppoe encapsulation to outbound 802.1Q PVC with multi encapsulation Inbound 802.1Q PVC with pppoe encapsulation to outbound 802.1Q PVC with multi encapsulation
This section includes the following topics: Configure Ports and Circuits for Non-Cross-Connected Traffic Cross-Connect an Inbound Child Circuit with an Outbound Circuit Cross-Connect an Inbound Circuit with an Outbound Child Circuit
11-10
Configuration Tasks
Configure Ports and Circuits for Non-Cross-Connected Traffic

To route traffic on child circuits that are not cross-connected, you must configure ports and circuits capable of supporting that type of traffic and bind each port and circuit to an interface. For child circuits, ports and circuits can be of any type that support IP packets; for example, in Figure 11-1, one such port is a Gigabit Ethernet port. To configure an ATM or Ethernet port, see Chapter 3, ATM, Ethernet, and POS Port Configuration; to configure an ATM or 802.1Q PVC, see Chapter 6, Circuit Configuration.
Cross-Connect an Inbound Child Circuit with an Outbound Circuit

To configure an inbound child circuit on either multiprotocol ATM PVCs or 802.1Q PVCs, and cross-connect it to an ATM or 802.1Q PVC, perform the tasks described in Table 11-8. Table 11-8
# 1. Task
Cross-Connect an Inbound Child Circuit with an Outbound Circuit

Root Command Notes
Create the inbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify multi encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify multi encapsulation. ip host circuit protocol Enter this command in ATM PVC configuration mode only if the ATM PVC is to be bound to an interface. Enter this command in ATM or dot1q PVC configuration mode.
2. 3.
Associate the IP address and MAC address of the remote host on the ATM PVC. Create a child circuit for inbound traffic on a multiprotocol circuit and access ATM or dot1q child protocol configuration mode.
4.
Create the outbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify pppoe encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify dot1q or pppoe encapsulation. xc Enter this command in global configuration mode. Specify the encapsulation of the inbound child circuit.
5.
Cross-connect the inbound child circuit to the outbound circuit
Note You can either cross-connect the inbound parent circuit or bind it to an interface; if you do neither, its traffic is dropped.
11-11
Configuration Tasks
Cross-Connect an Inbound Circuit with an Outbound Child Circuit

To configure an ATM or 802.1Q PVC, and cross-connect it to an outbound child circuit on either a multiprotocol ATM or 802.1Q PVC, perform the tasks described in Table 11-9. Table 11-9
# 1. Task
Cross-Connect an Inbound Circuit with an Outbound Child Circuit

Root Command Notes
Create the inbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify pppoe encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify pppoe encapsulation. ip host Enter this command in ATM PVC configuration mode only if the ATM PVC is to be bound to an interface.
2. 3.
Associate the IP address and MAC address of the remote host on the ATM PVC.
Create the outbound circuit with one of the following tasks: Create one or more ATM PVCs and access ATM PVC configuration mode. atm pvc Enter these commands in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify multi encapsulation. Create an 802.1Q PVC and access dot1q PVC configuration mode. dot1q pvc Enter this command in port configuration mode. Specify multi encapsulation. circuit protocol Enter this command in ATM or dot1q PVC configuration mode. Enter this command in global configuration mode. Specify the encapsulation of the outbound child circuit.
4.
Create a child circuit for outbound traffic on a multiprotocol circuit and access ATM or dot1q child protocol configuration mode. Cross-connect the inbound circuit to the outbound child circuit.
5.
xc
Cross-Connecting an ATM PVC to an 802.1Q PVC for Interworking

This section includes the following topics: Configuration Guidelines for an Interworking Cross-Connection Cross-Connect an ATM PVC to an 802.1Q PVC for Interworking Complete the Configuration of the ATM and 802.1Q PVCs
11-12
Configuration Guidelines for an Interworking Cross-Connection

The following guidelines apply to interworking cross-connections: Caution Risk of data loss. To reduce the risk of data loss when configuring an interworking cross-connection between an ATM PVC with RFC 1483 routed encapsulation and an 802.1Q PVC, observe the following guidelines: To prevent long service interruption, the IPv4 device attached to the 802.1Q PVC must be configured with a low ARP timeout value (we recommend three minutes). If the IP address changes for the IPv4 device attached to the ATM PVC, the administrator must ensure that the ARP cache on the SmartEdge router is cleared, using the clear arp-cache command (in exec mode) with the interworking keyword, for the IP address change to take effect. For information about the using the clear arp-cache command, see the ARP Operations chapter in the IP Services and Security Operations Guide for the SmartEdge OS.
Cross-Connect an ATM PVC to an 802.1Q PVC for Interworking

To configure and cross-connect inbound ATM PVCs and outbound 802.1Q PVCs for interworking, perform the tasks described in Table 11-10. Table 11-10 Cross-Connect an ATM PVC to an 802.1Q PVC for Interworking
# 1. Task Create one or more inbound ATM PVCs and access ATM PVC configuration mode. Root Command atm pvc Notes Enter this command in ATM OC or ATM DS-3 configuration mode. Use the explicit keyword to create a range of PVCs. Specify route1483 encapsulation. 2. Create an outbound 802.1Q PVC and access dot1q PVC configuration mode. Create the interworking connection between the inbound and outbound circuits. dot1q pvc Enter this command in port configuration mode. Specify dot1q or multi encapsulation. xc Enter this command in global configuration mode. Do not specify the encapsulation of either circuit; specify the interworking keyword. This command effectively binds the inbound circuit to the outbound circuit.
3.
Complete the Configuration of the ATM and 802.1Q PVCs

To complete the configuration of the ATM and 802.1Q PVCs, perform the tasks described in the appropriate section in Chapter 6, Circuit Configuration, but do not bind the PVCs.
This section includes the following partial examples; only the commands to configure the cross-connections are included: Cross-Connected ATM PVCs Cross-Connected Child Circuits Cross-Connected Circuit with Child Circuit Cross-Connected Circuits for Interworking
11-13
Cross-Connected ATM PVCs

The following example creates two ATM PVCs on an ATM OC port with an existing profile, ubr, and encapsulated with raw mode, and cross-connects them:
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile ubr encapsulation raw [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)#port atm 4/2 [local]Redback(config-atm-oc)#atm pvc 1 55 profile ubr encapsulation raw [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)#xc 3/1 vpi-vci 0 32 to 4/2 vpi-vci 1 55
Note Fragmentation is not supported; the inbound and outbound IP packets are accepted or transmitted based on the size of the maximum transmission unit (MTU) of the inbound and outbound ports.
Cross-Connected Child Circuits

The following example creates a cross-connection between two PPPoE child circuits on ATM PVCs on ATM OC ports with VPI 33 and VCIs 110 and 111 on the ATM ports 1 and 2 in slot 3. Both PVCs use an ATM profile, pf3. The incoming ATM PVC is assigned an IP address and bound to an already existing interface, ip-out, which is in the local context. Only the commands related to creating the cross-connection are shown.
[local]Redback#configure !Create the ATM PVC for the inbound PPPoE child circuit. [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 33 110 profile pf3 encapsulation multi !Assign an IP address and MAC address to the ATM PVC (IPoE encapsulation) and bind it to an interface. [local]Redback(config-atm-pvc)#ip host 172.16.11.4 00:30:88:01:01:01 [local]Redback(config-atm-pvc)#bind interface ip-out local !Create the inbound PPPoE child circuit on the ATM PVC. [local]Redback(config-atm-pvc)#circuit protocol pppoe [local]Redback(config-atm-child-proto)#exit [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)# !Create the ATM PVC for the outbound PPPoE child circuit. [local]Redback(config)#port atm 3/2 [local]Redback(config-atm-oc)#atm pvc 33 111 profile pf3 encapsulation multi !Create the outbound PPPoE child circuit on the ATM PVC. [local]Redback(config-atm-pvc)#circuit protocol pppoe [local]Redback(config-atm-child-proto)#exit [local]Redback(config-atm-pvc)#exit
11-14
Configuration Examples [local]Redback(config-atm-oc)#exit [local]Redback(config-config)# !Cross-connect the inbound and outbound PPPoE child circuits on the ATM PVCs. [local]Redback(config)#xc 3/1 vpi-vci 33 110 pppoe to 3/2 vpi-vci 33 111 pppoe
Cross-Connected Circuit with Child Circuit

The following example creates an ATM PVC for inbound traffic with PPPoE encapsulation on an ATM OC port, an 802.1Q PVC for outbound traffic, and cross-connects the ATM PVC with the PPPoE child circuit on the 802.1Q PVC:
!Create the ATM PVC [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 2 50 profile test encapsulation pppoe [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit !Create the 802.1Q PVC [local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 1 encapsulation multi [local]Redback(config-dot1q-pvc)# !Create the outbound PPPoE child circuit on the 802.1Q PVC. [local]Redback(config-dot1q-pvc)#circuit protocol pppoe [local]Redback(config-dot1q-child-proto)#exit [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#exit [local]Redback(config)# !Cross-connect the ATM PVC to the PPPoE child circuit on the 802.1Q PVC [local]Redback(config)#xc 3/1 vpi-vci 2 50 to 2/1 vlan-id 1 pppoe
Cross-Connected Circuits for Interworking

The following example creates an ATM PVC with RFC 1483 routed encapsulation on an ATM OC port, an 802.1Q PVC, and an interworking cross-connection between the two circuits. Only inbound IPoE (IPv4) packets are forwarded from the inbound circuit to the outbound circuit:
!Create the ATM PVC and its IPoE circuit [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 3 110 profile test encapsulation route1483 [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit !Create the 802.1Q PVC [local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 5 [local]Redback(config-port)#exit
11-15
!Cross-connect the ATM PVC to the 802.1Q PVC [local]Redback(config)#xc 3/1 vpi-vci 3 110 to 2/1 vlan-id 5 interworking
This section describes the syntax and usage guidelines for the commands used to configure cross-connected circuits. The commands are presented in alphabetical order. circuit protocol ip host xc
11-16
circuit protocol
circuit protocol encaps-type no circuit protocol encaps-type
Purpose
Creates a child circuit on a multiprotocol Asynchronous Transfer Mode (ATM) or 802.1Q permanent virtual circuit (PVC), specifies an encapsulation for it, and enters ATM or dot1q child protocol configuration mode.
Command Mode
ATM PVC configuration dot1Q PVC configuration
Syntax Description
encaps-type Type of encapsulation for the circuit, according to one of the following keywords: ipv6oeSpecifies IP Version 6 (IPv6) over Ethernet (IPv6oE) protocol. pppoeSpecifies Point-to-Point Protocol over Ethernet (PPPoE) protocol.
Default
No child circuit is created for a multiprotocol ATM or 802.1Q PVC.
Usage Guidelines
Use the circuit protocol command to create a child circuit on a multiprotocol ATM or 802.1Q PVC, specify a protocol for it, and then enter ATM or do1tq child protocol configuration mode. You must have specified the multi keyword when you created the ATM PVC using the atm pvc command (in ATM OC or ATM DS-3 configuration mode), or when you created the 802.1Q PVC using the dot1q pvc command (in port configuration mode); otherwise, you cannot create child circuits on the ATM or 802.1Q PVC. This command, together with the xc command (in global configuration mode), acts as a filter on a multiprotocol ATM or 802.1Q PVC to pass only the type of packets specified by the encaps-type argument: If the child circuit functions as an inbound circuit in the cross-connection, only the specified packet types are passed to the outbound child circuit. If the child circuit functions as an outbound circuit in the cross-connection, only the specified packet types are accepted by it.
Use the no form of this command to delete the circuit.
11-17
Examples
The following example creates an ATM PVC encapsulated to support multiple protocols and creates an IPv6oE-encapsulated child circuit on that PVC. If this child circuit functions as an inbound circuit, only IPv6oE-encapsulated packets will be passed to an outbound circuit; if it functions as an outbound circuit, only Iv6PoE-encapsulated packets will be accepted by it.
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 10 10 profile pf3 encapsulation multi [local]Redback(config-atm-pvc)#circuit protocol ipv6oe [local]Redback(config-atm-child-proto)#
The following example creates an 802.1Q PVC encapsulated to support multiple protocols and creates a PPPoE-encapsulated child circuit on that PVC. If this child circuit functions as an inbound circuit, only PPPoE-encapsulated packets will be passed to an outbound circuit; if it functions as an outbound circuit, only PPPoE-encapsulated packets will be accepted by it.
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 10 profile pf2 encapsulation multi [local]Redback(config-dot1q-pvc)#circuit protocol pppoe [local]Redback(config-dot1q-child-proto)#
Related Commands
atm pvcATM DS-3 configuration mode atm pvcATM OC configuration mode dot1q pvc
11-18
ip host
ip host ip-addr[/prefix-length | mac-addr] no ip host ip-addr[/prefix-length | mac-addr]
Purpose
Associates a multiprotocol 802.1Q permanent virtual circuit (PVC) or Asynchronous Transfer Mode (ATM) PVC with the IP address and medium access control (MAC) address of the remote host on the circuit.
Command Mode
ATM PVC configuration dot1q PVC configuration
Syntax Description
ip-addr prefix-length mac-addr IP address of the host on this circuit in the form A.B.C.D. Optional. Prefix length for the associated IP address. The range of values is 0 to 32. Optional. MAC address of the remote host on this circuit in the form hh:hh:hh:hh:hh:hh.
Default
No IP address or MAC address is associated with the IPoE circuit.
Usage Guidelines
Use the ip host command to associate a multiprotocol 802.1Q or ATM PVC with the IP address and MAC address of the remote host on the circuit. Use this command only if the PVC is to be bound to an interface. Use the no form of this command to delete the association. Note This command is also documented in Chapter 6, Circuit Configuration, for 802.1Q, ATM, and Frame Relay PVCs and in Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnel circuits.
Examples
The following example creates a multiprotocol ATM PVC on an ATM OC port and, because it is not to be cross-connected, associates an IP address and MAC address with it, and binds it to an interface:
[local]Redback(config)#port atm 2/1 [local]Redback(config-atm-oc)#atm pvc 4 210 profile cbr1 encapsulation multi [local]Redback(config-atm-pvc)#ip host 1.1.1.4 00:30:88:01:01:01 [local]Redback(config-atm-pvc)#bind interface ip-out local
11-19
Related Commands
None
11-20
xc
For an interworking cross-connection between an Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) with route1483 encapsulation to an 802.1Q PVC, the command syntax is: xc slot-in/port-in {vlan-id vlan-id-in [through end-vlan-in] | vpi-vci vpi-in vci-in [through end-vci-in]} to slot-out/port-out {vlan-id vlan-id-out [through end-vlan-out] | vpi-vci vpi-out vci-out [through end-vci-out]} interworking no xc slot-in/port-in {vlan-id vlan-id-in [through end-vlan-in] | vpi-vci vpi-in vci-in [through end-vci-in]} to slot-out/port-out {vlan-id vlan-id-out [through end-vlan-out] | vpi-vci vpi-out vci-out [through end-vci-out]} interworking For all other cross-connections, the command syntax is: xc slot-in/port-in {vlan-id vlan-id-in [through end-vlan-in] | vpi-vci vpi-in vci-in [through end-vci-in]} [encaps-type] to slot-out/port-out {vlan-id vlan-id-out [through end-vlan-out] | vpi-vci vpi-out vci-out [through end-vci-out]} [encaps-type] no xc slot-in/port-in {vlan-id vlan-id-in [through end-vlan-in] | vpi-vci vpi-in vci-in [through end-vci-in]} [encaps-type] to slot-out/port-out {vlan-id vlan-id-out [through end-vlan-out] | vpi-vci vpi-out vci-out [through end-vci-out]} [encaps-type]
Purpose
Creates a cross-connection between an inbound circuit on an ATM or 802.1Q PVC and an outbound circuit on an ATM or 802.1Q PVC.
Command Mode
Syntax Description
slot-in port-in vlan-id vlan-id-in Chassis slot number of the traffic card with the ATM or 802.1Q PVC with inbound traffic for which a cross-connection is to be specified. Port number with the ATM or 802.1Q PVC with inbound traffic for which a cross-connection is to be specified. Virtual LAN (VLAN) tag value for the 802.1Q PVC with inbound traffic for which a cross-connection is to be specified. The value for the vlan-id-in argument can include one of the following constructs: tunl-in:vlan-inVLAN tag value for the tunnel, followed by the VLAN tag value, for the PVC within the tunnel. tunl-inVLAN tag value for the tunnel. vlan-inVLAN tag value for the PVC, which is not within a tunnel. through end-vlan-in Optional. Final VLAN tag value for a range of 802.1Q PVCs with inbound traffic that are to be cross-connected. The number of 802.1Q PVCs in the input range must match the number in the output range.
11-21
vpi-vci vpi-in vci-in through end-vci-in
Virtual path identifier (VPI) and virtual circuit identifier (VCI) of the ATM PVC with inbound traffic for which a cross-connection is to be specified. Optional. Final VCI for a range of ATM PVCs with inbound traffic that are to be cross-connected. The number of ATM PVCs in the input range must match the number in the output range. Optional. Encapsulation circuit type for which a cross-connection is to be specified, according to one of the following keywords: ipv6oeSpecifies that the circuit is Internet Protocol version 6 over Ethernet (IPv6oE)-encapsulated. pppoeSpecifies that the circuit is Point-to-Point Protocol over Ethernet (PPPoE)-encapsulated. Required only if the specified circuit is an IPv6oE or PPPoE circuit. Not specified when the specified circuit is encapsulated as bridge1483, dot1q, raw, or route1483.
encaps-type
to slot-out port-out vlan-id vlan-id-out
Indicates the start of the outbound circuit specification. Chassis slot number of the traffic card with the ATM or 802.1Q PVC with the circuit with outbound traffic for which a cross-connection is to be specified. Port number of the port with the ATM or 802.1Q PVC with outbound traffic for which a cross-connection is to be specified. VLAN tag value for the 802.1Q PVC with outbound traffic for which a cross-connection is to be specified. The value for the vlan-id-out argument van include one of the following constructs: tunl-out:vlan-outVLAN tag value for the tunnel followed by the VLAN tag value for the PVC within the tunnel. tunl-outVLAN tag for the value of the tunnel. vlan-outVLAN tag value for the PVC, which is not within a tunnel.
through end-vlan-out Optional. Final VLAN tag value for a range of 802.1Q PVCs with outbound traffic that are to be cross-connected. The number of 802.1Q PVCs in the output range must match the number in the input range. vpi-vci vpi-out vci-out VPI and VCI of the ATM PVC with outbound traffic for which a cross-connection is to be specified. through end-vci-out Optional. Final VCI for a range of ATM PVCs with outbound traffic that are to be cross-connected. The number of ATM PVCs in the output range must match the number in the input range. Specifies an interworking cross-connection between an ATM PVC with route1483 encapsulation and an 802.1Q PVC.
interworking
Default
No cross-connections are defined.
11-22
Usage Guidelines
Use the xc command to create a cross-connection between an inbound parent or child circuit on an ATM or 802.1Q PVC, and an outbound parent or child circuit on an ATM or 802.1Q PVC. This command effectively binds the inbound circuit to the outbound circuit. If you specify the through end-vci-in and through end-vci-out constructs, the number of ATM PVCs in the input range must match the number specified by the output range. If you specify the through end-vlan-in and through end-vlan-out constructs, the number of 802.1Q PVCs in the input range must match the number specified by the output range. Table 11-11 lists the supported combinations of parent and child circuit encapsulations (keywords) and the traffic that is cross-connected. You can cross-connect tunnels even if they contain PVCs within them. Table 11-11 Supported Cross-Connections and Their Encapsulations
Parent Circuit Type for Bidirectional Cross-Connection ATM PVC-to-ATM PVC Inbound Parent Circuit Encapsulation bridge1483 pppoe raw route1483 multi Outbound Parent Circuit Encapsulation bridge1483 pppoe raw route1483 multi Cross-Connected Circuit Traffic Parent-to-parent Parent-to-parent Parent-to-parent Parent-to-parent IPoE-to-IPoE parent-to-parent IPv6oE-to-IPv6oE child-to-child PPPoE-to-PPPoE child-to-child multi ATM PVC-to-802.1Q PVC bridge1483 multi pppoe dot1q dot1q PPPoE-to-PPPoE child-to-parent Parent-to-parent (No child circuits) IPoE-to-802.1Q parent-to-parent IPv6oE-to-802.1Q child-to-parent PPPoE-to-802.1Q child-to-parent multi multi IPoE-to-IPoE parent-to-parent IPv6oE-to-IPv6oE child-to-child PPPoE-to-PPPoE child-to-child multi pppoe pppoe pppoe pppoe dot1q pppoe multi PPPoE-to-PPPoE child-to-parent PPPoE-to-802.1Q parent-to-parent PPPoE-to-PPPoE parent-to-parent PPPoE-to-PPPoE parent-to-child
11-23
Table 11-11 Supported Cross-Connections and Their Encapsulations (continued)

Parent Circuit Type for Bidirectional Cross-Connection 802.1Q PVC-to-802.1Q PVC Inbound Parent Circuit Encapsulation dot1q multi Outbound Parent Circuit Encapsulation dot1q dot1q Cross-Connected Circuit Traffic Parent-to-parent IPoE-to-802.1Q parent-to-parent IPv6oE-to-802.1Q child-to-parent PPPoE-to-802.1Q child-to-parent multi multi IPoE-to-IPoE parent-to-parent IPv6oE-to-IPv6oE child-to-child PPPoE-to-PPPoE child-to-child pppoe pppoe pppoe raw Interworking ATM PVC-to-802.1Q PVC route1483 dot1q multi pppoe raw dot1q multi PPPoE-to-802.1Q parent-to-parent PPPoE-to-PPPoE parent-to-child PPPoE-to-PPPoE parent-to-parent Parent-to-parent IPv4-to-802.1Q parent-to-parent
Note Any PPPoE or IPv6oE child circuit on a parent can be cross-connected to a child on another parent with the same type of encapsulation. The inbound IPoE parent circuits are usually terminated and routed to any IP-type port or circuit, such as a Gigabit Ethernet port, but can be cross-connected instead, or the traffic can be dropped. IPv6oE child circuits must be cross-connected. Note Any circuit with raw encapsulation must be cross-connected. Note You cannot bind ATM or 802.1Q circuits with raw encapsulation to either an interface or subscriber. The traffic that flows through the cross-connection between the inbound and outbound circuits depends on the encapsulation specified for the inbound and outbound circuits. For parent circuits, the encapsulation type specified for the circuit filters the type of packets passed through the cross-connection, with only the inbound type of encapsulated packets being passed to the outbound circuit and only the outbound type of encapsulated packets being accepted by the outbound circuit. For child circuits, the circuit protocol command (in protocol configuration mode), acts as the filter, with only the specified type of encapsulated packets being passed from the inbound child circuit to the outbound child circuit and only the outbound type of encapsulated packets being accepted by the outbound child circuit.
Use the interworking keyword only if you are cross-connecting an ATM PVC with RFC 1483-routed encapsulation to a multiprotocol 802.1Q PVC. In this instance, only the IPv4 packets are forwarded to the 802.1Q PVC. Use the show bypass command (in any mode) to display information about one or more cross-connected circuits. Use the no form of this command to delete the cross-connection between two circuits on one or more ATM PVCs or 802.1Q PVCs.
11-24
Examples
The following example specifies cross-connections between the inbound PPPoE circuits on a range of ATM PVCs with VCIs 1 to 10 on port 1 of the ATM card in slot 3 and the outbound PPPoE circuits on a range of ATM PVCs with VCIs 101 to 110 on port 1 of the ATM card in slot 9; both ranges of PVCs use VPI 32. In this example, only PPPoE-encapsulated packets are passed from the inbound circuits and only PPPoE-encapsulated packets are accepted by the outbound circuits.
[local]Redback(config)#xc 3/1 vpi-vci 1 101 through 110 pppoe to 9/1 vpi-vci 2 101 through 110 pppoe
The following example creates two ATM PVCs on ATM OC ports with an existing profile, ubr, and encapsulated with raw mode, and cross-connects them. In this example, any type of packet is passed from the inbound circuit and accepted by the outbound circuit.
[local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile ubr encapsulation raw [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)#port atm 4/2 [local]Redback(config-atm-oc)#atm pvc 1 55 profile ubr encapsulation raw [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)#xc 3/1 vpi-vci 0 32 to 4/2 vpi-vci 1 55
The following example creates a multiprotocol ATM PVC on an ATM OC port, an 802.1Q PVC, and cross-connects the two circuits. In this example, all dot1q-encapsulated packets are passed from the inbound circuit but only IPoE-encapsulated packets are accepted by the outbound circuit.
!Create the ATM PVC and its IPoE circuit [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 2 115 profile test encapsulation multi [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit !Create the 802.1Q PVC [local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 1 [local]Redback(config-port)#exit !Cross-connect the ATM PVC to the 802.1Q PVC [local]Redback(config)#xc 3/1 vpi-vci 2 115 to 2/1 vlan-id 1
The following example creates an ATM PVC with RFC 1483 routed encapsulation on an ATM OC port, a multiprotocol 802.1Q PVC, and an interworking cross-connection between the two circuits. Only inbound IPoE (IPv4) packets are forwarded from the inbound circuit to the outbound circuit.
!Create the ATM PVC and its IPoE circuit [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#atm pvc 3 110 profile test encapsulation route1483 [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit
11-25
Command Descriptions !Create the 802.1Q PVC [local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 3 encapsulation multi [local]Redback(config-port)#exit !Cross-connect the ATM PVC to the 802.1Q PVC [local]Redback(config)#xc 3/1 vpi-vci 3 110 to 2/1 vlan-id 5 12-13-interworking
The following example creates two cross-connected 802.1Q PVC circuits with raw encapsulation:
! Create the first 802.1Q PVC circuits with raw encapsulation [local]Redback(config)#port ethernet 1/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 100 encapsulation raw [local]Redback(config-port)exit !Create the second 802.1Q PVC circuits with raw encapsulation [local]Redback(config)#port ethernet 2/2 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config)#dot1q pvc 200 encapsulation raw [local]Redback(config-port)exit !Cross-connect the two circuits xc 1/1 vlan-id 100 to 2/2 vlan-id 200
Related Commands
circuit protocol
11-26
Part 5
Tunnels
This part describes the tasks and commands used to configure basic features for Generic Routing Encapsulation (GRE) tunnels and tunnel circuits, Layer 2 Tunneling Protocol (L2TP) peers and groups, and overlay tunnel configurations. This part consists of the following chapters: Chapter 12, GRE Tunnel Configuration Chapter 13, L2TP Configuration Chapter 14, Overlay Tunnel Configuration
Chapter 12
GRE Tunnel Configuration
This chapter provides an overview of Generic Routing Encapsulation (GRE) tunnels and tunnel circuits over IP Version 4 (IPv4) and IP Version 6 (IPv6) and GRE Virtual Private Networks (VPNs), describes the tasks used to configure GRE features, provides configuration examples, and detailed descriptions of the commands used to configure GRE features through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer GRE tunnels and tunnel circuits, see the Tunnel Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. For protocol- or feature-specific commands that appear in any of the GRE configuration modes, see the appropriate chapter in this guide, in the Routing Protocols Configuration Guide for the SmartEdge OS, or the IP Services and Security Configuration Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
GRE is a simple, stateless protocol that allows for the tunneling of IP in IP. The SmartEdge OS implementation of GRE over IPv4 is based on these IETF documents: RFC 1702, Generic Routing Encapsulation over IPv4 Networks RFC 2784, Generic Routing Encapsulation RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers
The following topics are included in this section: Using GRE Tunnels and Tunnel Circuits with IPv6 Packets Using GRE Tunnels and Tunnel Circuits with IPv4 Packets Using GRE Tunnels and Tunnel Circuits for VPNs
12-1
Overview
Note When IPv6 addresses are not referenced or explicitly specified, the term, IP address, can refer generally to (IPv4 addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.
Using GRE Tunnels and Tunnel Circuits with IPv6 Packets

GRE allows you to connect remote sites using IPv6 addresses over a public network that uses publicly routable IPv4 addresses. IPv6 packets traveling through the tunnel are encapsulated with a GRE header and then with an IPv4 header using addresses from the public IPv4 address as shown in Figure 12-1. Figure 12-1 GRE Tunnel Packet Encapsulation for IPv6 Packets
GRE tunnel circuits allow you to multiplex traffic from different users through the same tunnel. Each tunnel uses an IPv4 routing infrastructure to transfer IP packets through the tunnel. Each tunnel circuit is assigned a unique key and bound to an interface. Each tunnel circuit then acts as a point-to-point circuit connection for traffic associated with that interface.
Using GRE Tunnels and Tunnel Circuits with IPv4 Packets

GRE allows you to connect remote sites using private IP addresses over a public network that uses publicly routable IP addresses. IP packets traveling through the tunnel are encapsulated with an IP header from the public address space as shown in Figure 12-2. Figure 12-2 GRE Tunnel Packet Encapsulation for IPv4 Packets
GRE tunnel circuits allow you to multiplex traffic from different users through the same tunnel. Each tunnel circuit is assigned a unique key and bound to an interface. Each tunnel circuit then acts as a point-to-point circuit connection for traffic associated with that interface.
12-2
Overview
Using GRE Tunnels and Tunnel Circuits for VPNs

One of the more common applications of GRE tunneling is the creation of VPNs to connect to remote sites. Multiple SmartEdge OS contexts and GRE tunnel circuits, one for each VPN, demultiplex traffic for each VPN into its own IP address space. Thus each context acts as a dedicated virtual router for a VPN, where the IP address space (for example, private addresses as described in RFC 1918, Address Allocation for Private Internets) and routing databases are maintained separately from other contexts. In this model, a single tunnel is created between the local site and each remote site. Each GRE tunnel is defined in a context, usually local, and connected to the public network. A single public IP address is assigned to each end of each tunnel and is shared by all tunnel circuits using that tunnel. For each VPN, a context and an interface are created; then a GRE tunnel circuit with a unique key identifier is created for the VPN in the tunnel and bound to the VPNs interface in the VPNs context. Figure 12-3 shows the GRE tunnel architecture with multiple contexts. In the figure, each key identifies a tunnel circuit that is bound to an interface in a different context. Figure 12-3 GRE Tunnel Architecture
Traffic from users in Context A travels over the tunnel circuit identified with Key 1 and is kept separated from traffic from users in Context B, which travels over the tunnel circuit identified with Key 2, although both circuits share the same GRE tunnel and physical link, the Gigabit Ethernet port (shown as the heavy line labeled GigE). Using GRE, an arbitrary network topology can be overlaid on the physical topology; that is, each VPN can have a topology independent of the topology to which the physical SmartEdge router is connected. Multiple topologies are supported: full mesh, partial mesh, and hub-and-spoke. To facilitate IP connectivity between VPNs on different SmartEdge routers over GRE tunnels, several options exist: For simple topologies, static routes in each VPN context can be used. For hub-and-spoke and dual hub-and-spoke topologies, a combination of static routing and Routing Information Protocol (RIP) can be used. Each spoke VPN is configured with a static default route to the GRE tunnel attached to the hub site, and is configured using RIP to disseminate downstream prefixes to the hub. Each hub VPN is configured to run RIP in passive mode to listen for prefixes from spoke routers.
12-3
Configuration Tasks
For more complex topologies, each VPN can run its own instance of a routing protocol, such as RIP or Open Shortest Path First (OSPF).
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure GRE tunneling, perform the tasks described in the following sections: Configuration Guidelines for GRE Tunnels and Tunnel Circuits Configure a GRE Tunnel Configure a GRE Tunnel Circuit Configure a GRE Tunnel Circuit Used as a VPN
Configuration Guidelines for GRE Tunnels and Tunnel Circuits

This section includes the following topics: Configuration Guidelines for GRE Tunnels Configuration Guidelines for GRE Tunnel Circuits
Configuration Guidelines for GRE Tunnels

Consider the following guidelines when configuring a GRE tunnel: Usually, a GRE tunnel is created in the local context to make it available to all tunnel circuits, including those configured for VPNs. You can configure multiple tunnels, but usually only one tunnel between sites. A GRE tunnel requires at least one tunnel circuit. If you create a GRE tunnel in the local context, you can create its tunnel circuits and bind them to interfaces created in any context. If you create a GRE tunnel in any other context (not the local context), you must bind all its tunnel circuits to interfaces that have been created in the same context as the GRE tunnel. If you are creating more than one tunnel, they can use the same local interface as long as the remote interfaces are all different. To use an interface and its public IP address for more than one tunnel, use the interface command with the loopback keyword in context configuration mode. The loopback keyword allows you to reuse the public IP address for more than one tunnel. The local IP address specified by the loc-ip-addr argument must match the IP address of an interface that you have configured in the same context that you are entering this command.
12-4
Configuration Tasks
If the local IP address that you assign to the local tunnel interface is not adjacent to the IP address of the tunnel interface at the remote site and the remote site cannot be reached with a routing protocol, you must also enter the ip route command in context configuration mode; for more information, see the IP Routing chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. The remote IP address at one end of the GRE tunnel is the same as the local IP address at the other end of the GRE tunnel and conversely. If the remote IP address is not adjacent to the local IP address, and the remote site cannot be reached with a routing protocol, you must also enter the ip route command in context configuration mode.
Configuration Guidelines for GRE Tunnel Circuits

Consider the following guidelines when configuring any GRE tunnel circuit: To configure keepalive packets for a tunnel circuit, it must be configured in the same context as the tunnel. To allow multiple tunnel circuits through a tunnel, you must assign a unique key to each tunnel circuit associated with the tunnel.
Consider the following guidelines when configuring a GRE tunnel circuit as a VPN: To keep traffic separate from different users, you must create a context for each tunnel circuit (VPN) that will use the tunnel. For this reason, keepalive packets are not supported for tunnel circuits used as VPNs. You must assign a private IP address to the interface you create for the tunnel circuit (or VPN); you can reuse this IP address for each tunnel circuit (or VPN) that you create, because you have defined the interface for each tunnel circuit in a different context.
Configure a GRE Tunnel

To configure a GRE tunnel, perform the tasks described in Table 12-1. Table 12-1 Configure a GRE Tunnel
# 1. Task Create or select the context for the tunnel and access context configuration mode. Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. This is an IPv4 address. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context configuration mode.
2.
Create or select the local interface for the tunnel and access interface configuration mode.
interface
3.
Assign a public IP address to the local interface.
ip address
4.
Create the tunnel, associate the local and remote public IP addresses with it, and access GRE peer configuration mode.
gre-peer
12-5
Configuration Tasks
Table 12-1 Configure a GRE Tunnel

# 5. Task Specify optional tunnel attributes: Associate a description with the GRE tunnel. Enable the logging of state changes. 6. Enable the tunnel (begin operations on it). description log-state-changes shutdown Use the no form to enable the tunnel. Root Command Notes
Configure a GRE Tunnel Circuit

For data to flow through a GRE tunnel, you must configure at least one tunnel circuit. You must decide whether the tunnel circuit is being used as a VPN or not.
Configure a GRE Tunnel Circuit Not Being Used as a VPN

To configure a tunnel circuit that is not being used as a VPN, perform the tasks described in Table 12-2. Table 12-2 Configure a GRE Tunnel Circuit
# 1. Task Select the context for the tunnel circuit and access context configuration mode. Root Command context Notes Enter this command in global configuration mode. The context must be the same context in which the tunnel is configured. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2.
Create or select the interface for the tunnel circuit and access interface configuration mode.
interface
3.
Assign a private IP address to the interface for the tunnel circuit, using one of the following tasks: Assign a private IP address with the IPv4 format. ip address This is an IPv4 address. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. This is an IPv6 address. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode.
Assign a private IPaddress with the IPv6 format.
ipv6 address
4. 5.
Access tunnel map configuration mode. Create the tunnel circuit, associate it with its context, assign a key (create a unique identifier for it), and access GRE tunnel configuration mode. Specify tunnel circuit attributes (all attributes are optional): Associate a description with the GRE tunnel circuit. Specify that the DF flag be cleared in inbound packets. Associate the IP address of the remote host. Enable the sending of keepalive packets.
tunnel map gre-tunnel
6.
description clear-df ip host keepalive
12-6
Configuration Tasks
Table 12-2 Configure a GRE Tunnel Circuit (continued)

# 7. 8. Task Bind the tunnel circuit to its interface. Disable the tunnel circuit (stop operations on it). Root Command bind interface shutdown You can disable the tunnel circuit until you are ready to begin operations on it. Notes
Configure a GRE Tunnel Circuit Used as a VPN

To configure a GRE tunnel circuit used as a VPN, perform the tasks described in Table 12-3; enter this command in global configuration mode. Table 12-3 Configure a GRE Tunnel Circuit Used as a VPN
# 1. Task Select the context for the tunnel circuit and access context configuration mode. Root Command context Notes For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS.
2.
Create or select the interface for the tunnel circuit and access interface configuration mode.
interface
3.
Assign a private IP address to the interface for the tunnel circuit. Assign a private IPaddress with the IPv4 format. ip address This is an IPv4 address. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. This is an IPv6 address. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in global configuration mode.
Assign a private IPaddress with the IPv6 format.
ipv6 address
4. 5.
Access tunnel map configuration mode. Create the tunnel circuit, associate it with its context, assign a key (create a unique identifier for it), and access GRE tunnel configuration mode.
tunnel map gre-tunnel
6.
Specify tunnel circuit attributes (all attributes are optional): Associate a description with the GRE tunnel circuit. Specify that the DF flag be cleared in inbound packets. Associate the IP address of the remote host. description clear-df ip host bind interface shutdown You can disable the tunnel circuit until you are ready to begin operations on it.
7. 8.
Bind the tunnel circuit to its interface. Disable the tunnel circuit (stop operations on it).
12-7
This section includes the following examples: GRE Tunnel with a Single Circuit GRE Tunnels with Multiple Circuits Used as VPNs
GRE Tunnel with a Single Circuit

The following example configures a GRE tunnel, tunnel01, with a single circuit (without a key identifier), all in the local context:
!Create the local interface for the tunnel [local]Redback(config)#context local [local]Redback(config-ctx)#interface upstream !Assign a public IP address to the local tunnel interface [local]Redback(config-if)#ip address 172.16.1.1/30 [local]Redback(config-if)#exit !Configure the tunnel with the local IP address of its interface [local]Redback(config-ctx)#gre-peer name tunnel01 remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-gre-peer)#description tunnel with a single circuit [local]Redback(config-gre-peer)#exit [local]Redback(config-ctx)#exit !Create the interface for the tunnel circuit [local]Redback(config)#context local [local]Redback(config-ctx)#interface link !Assign a private IP address to the tunnel circuit interface [local]Redback(config-if)#ip address 10.1.1.1/24 [local]Redback(config-if)#exit !Create the tunnel circuit with no key identifier (single circuit) [local]Redback(config)#tunnel map [local]Redback(tunnel-map)#gre-tunnel tunnel01 local [local]Redback(config-gre-tunnel)#description single circuit to upstream [local]Redback(config-gre-tunnel)#keepalive !Bind the tunnel circuit to its interface, which is in the local context [local]Redback(config-gre-tunnel)#bind interface link local [local]Redback(config-gre-tunnel)#end
12-8
GRE Tunnels with Multiple Circuits Used as VPNs

Figure 12-4 shows a basic mesh configuration with tunnels between three sites and two tunnel circuits (VPNs) sharing each tunnel. The labels, A VPN and B VPN, represent contexts, vpnA and vpnB, in the example commands; not shown in each context are the interfaces, toHartford, in each context in the example commands. Private IP addresses are also reused in each VPN context. Figure 12-4 GRE Tunneling Example
The following commands configure the tunnel to Hartford on the SmartEdge 800 router in New York:
!Create the local interface for the tunnel [local]NewYork(config)#context local [local]NewYork(config-ctx)#interface toHartford !Assign a public IP address to the local tunnel interface [local]NewYork(config-if)#ip address 172.16.1.1/30 [local]NewYork(config-if)#exit !Configure the tunnel with the local IP address of its interface [local]NewYork(config-ctx)#gre-peer name HartfordTnl remote 172.16.1.2 local 172.16.1.1 [local]NewYork(config-gre-peer)#description tunnel with two circuits [local]NewYork(config-gre-peer)#no shutdown [local]NewYork(config-gre-peer)#exit [local]NewYork(config-ctx)#exit
12-9
Configuration Examples !Create the local interface for a tunnel circuit for VPN A, in its own context [local]NewYork(config)#context vpnA [local]NewYork(config-ctx)#interface toHartford !Assign a private IP address to the tunnel circuit interface [local]NewYork(config-if)#ip address 10.1.1.1/24 [local]NewYork(config-if)#exit [local]NewYork(config-ctx)#exit !Create the local interface for a tunnel circuit for VPN B, in its own context [local]NewYork(config)#context vpnB [local]NewYork(config-ctx)#interface toHartford !Assign a private IP address to the tunnel circuit interface [local]NewYork(config-if)#ip address 10.1.1.1/24 [local]NewYork(config-if)#exit [local]NewYork(config-ctx)#exit !Create the tunnel circuit for VPN A (key 1) [local]NewYork(config)#tunnel map [local]NewYork(tunnel-map)#gre-tunnel HartfordTnl local key 1 [local]NewYork(config-gre-tunnel)#description VPN A to Hartford !Bind the tunnel circuit to its interface, which is in the vpnA context [local]NewYork(config-gre-tunnel)#bind interface toHartford vpnA [local]NewYork(config-gre-tunnel)#exit !Create the tunnel circuit for VPN B (key 2) [local]NewYork(tunnel-map)#gre-tunnel HartfordTnl local key 2 [local]NewYork(config-gre-tunnel)#description VPN B to Hartford !Bind the tunnel circuit to its interface, which is in the vpnB context [local]NewYork(config-gre-tunnel)#bind interface toHartford vpnB [local]NewYork(config-gre-tunnel)#end [local]NewYork#
The following commands create the interfaces, the tunnel to Trenton, and the tunnel circuits for VPNs A and B; only the IP addresses and the names of the interfaces and the remote location are changed from the previous example:
!Create the local interface for the tunnel [local]NewYork(config)#context local [local]NewYork(config-ctx)#interface toTrenton !Assign a public IP address to the local tunnel interface [local]NewYork(config-if)#ip address 173.16.1.1/30 [local]NewYork(config-if)#exit
12-10
Configuration Examples !Configure the tunnel with the local IP address of its interface [local]NewYork(config-ctx)#gre-peer name TrentonTnl remote 173.16.1.2 local 173.16.1.1 [local]NewYork(config-gre-peer)#description tunnel with two circuits [local]NewYork(config-gre-peer)#no shutdown [local]NewYork(config-gre-peer)#exit [local]NewYork(config-ctx)#exit !Create the interface for a tunnel circuit for VPN A, using same context as before [local]NewYork(config)#context vpnA [local]NewYork(config-ctx)#interface toTrenton !Assign a private IP address to the tunnel circuit interface [local]NewYork(config-if)#ip address 10.1.1.2/24 [local]NewYork(config-if)#exit [local]NewYork(config-ctx)#exit !Create the interface for a tunnel circuit for VPN B, using same context as before [local]NewYork(config)#context vpnB [local]NewYork(config-ctx)#interface toTrenton !Assign a private IP address to the tunnel circuit interface [local]NewYork(config-if)#ip address 10.1.1.2/24 [local]NewYork(config-if)#exit [local]NewYork(config-ctx)#exit !Create the tunnel circuit for VPN A (key 1) [local]NewYork(config)#tunnel map [local]NewYork(tunnel-map)#gre-tunnel TrentonTnl local key 1 [local]NewYork(config-gre-tunnel)#description VPN A to Trenton !Bind the tunnel circuit to its interface, which is in the vpnA context [local]NewYork(config-gre-tunnel)#bind interface toTrenton vpnA [local]NewYork(config-gre-tunnel)#exit !Create the tunnel circuit for VPN B (key 2) [local]NewYork(tunnel-map)#gre-tunnel TrentonTnl local key 2 [local]NewYork(config-gre-tunnel)#description VPN B to Trenton !Bind the tunnel circuit to its interface, which is in the vpnB context [local]NewYork(config-gre-tunnel)#bind interface toTrenton vpnB [local]NewYork(config-gre-tunnel)#end
The following commands configure the tunnel to New York on the SmartEdge 800 router in Hartford: Note The commands in the following example are identical to those in the configuration example for the tunnel from New York to Hartford, except that the public IP addresses for the tunnel are reversed (the local IP address is the remote IP address in New York and conversely), and the names have been altered to reflect the location of the remote site.
12-11
Configuration Examples !Create the local interface for the tunnel [local]Hartford(config)#context local [local]Hartford(config-ctx)#interface toNewYork !Assign a public IP address to the local tunnel interface [local]Hartford(config-if)#ip address 172.16.1.1/30 [local]Hartford(config-if)#exit !Configure the tunnel with the local IP address of its interface [local]Hartford(config-ctx)#gre-peer name NewYorkTnl remote 172.16.1.1 local 172.16.1.2 [local]Hartford(config-gre-peer)#description tunnel with two circuits [local]Hartford(config-gre-peer)#no shutdown [local]Hartford(config-gre-peer)#exit [local]Hartford(config-ctx)#exit !Create the interface for a tunnel circuit for VPN A, in its own context [local]Hartford(config)#context vpnA [local]Hartford(config-ctx)#interface toNewYork !Assign a private IP address to the tunnel circuit interface [local]Hartford(config-if)#ip address 10.1.1.1/24 [local]Hartford(config-if)#exit [local]Hartford(config-ctx)#exit !Create the interface for a tunnel circuit for VPN B, in its own context [local]Hartford(config)#context vpnB [local]Hartford(config-ctx)#interface toNewYork !Assign a private IP address to the tunnel circuit interface [local]Hartford(config-if)#ip address 10.1.1.1/24 [local]Hartford(config-if)#exit [local]Hartford(config-ctx)#exit !Create the tunnel circuit for VPN A (key 1) [local]Hartford(config)#tunnel map [local]Hartford(tunnel-map)#gre-tunnel NewYorkTnl local key 1 [local]Hartford(config-gre-tunnel)#description VPN A to New York !Bind the tunnel circuit to its interface, which is in the vpnA context [local]Hartford(config-gre-tunnel)#bind interface toNewYork vpnA [local]Hartford(config-gre-tunnel)#exit !Create the tunnel circuit for VPN B (key 2) [local]Hartford(tunnel-map)#gre-tunnel NewYorkTnl local key 2 [local]Hartford(config-gre-tunnel)#description VPN B to New York !Bind the tunnel circuit to its interface, which is in the vpnB context [local]Hartford(config-gre-tunnel)#bind interface toNewYork vpnB [local]Hartford(config-gre-tunnel)#end [local]Hartford#
12-12
This section describes the syntax and usage guidelines for the commands used to configure GRE features. The commands are presented in alphabetical order. clear-df description gre-peer gre-tunnel ip host keepalive log-state-changes shutdown tunnel map
12-13
clear-df
clear-df {no | default} clear-df
Purpose
Specifies that the IP header Dont Fragment (DF) flag be cleared in all packets to be transmitted on this tunnel circuit.
Command Mode
GRE tunnel configuration
Syntax Description
Default
The IP header DF flag is honored.
Usage Guidelines
Use the clear-df command to specify that the IP header DF flag be cleared in all packets to be transmitted on this tunnel circuit. If the IP packet length exceeds the tunnel interface MTU, the packet is fragmented. If you enter the ip clear-df command in interface configuration mode for the tunnel interface, instead of this command, the DF flag is cleared only in transmitted packets that must be fragmented. If you enter both commands, the clear-df command takes precedence for this GRE tunnel circuit, and clears the DF flag in all packets transmitted on this tunnel circuit. Use the no or default form of this command to honor the DF flag in inbound packets.
Examples
The following example specifies that the DF flag in all transmitted packets be cleared:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#gre-tunnel HartfordTn1 local key 1 [local]Redback(config-gre-tunnel)#clear-df
Related Commands
ip clear-dfBasic System Configuration Guide for the SmartEdge OS
12-14
description
description text no description
Purpose
Associates textual information with a Generic Routing Encapsulation (GRE) tunnel.
Command Mode
GRE peer configuration
Syntax Description
text Textual description for a GRE tunnel. Can be any alphanumeric string, including spaces, that is not longer than 64 ASCII characters.
Default
No description is associated with the tunnel.
Usage Guidelines
Use the description command to associate textual information with the GRE tunnel. The description appears in the output of the show configuration command with the gre keyword in any mode. Use the no form of this command to delete the existing description. Because there can be only one description for a tunnel, when you use the no form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example selects (or creates) a GRE tunnel, and then associates a text description with it:
[local]Redback(config)#context local [local]Redback(config-ctx)#gre-peer name HartfordTn1 remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-gre-peer)#description Corporate offices in Connecticut
The following example changes the description created in the previous example:
[local]Redback(config-gre-peer)#description Corporate offices in Hartford
The following example deletes an existing description:

[local]Redback(config-gre-peer)#no description
Related Commands
gre-peer
12-15
gre-peer
gre-peer name tunl-name [remote rem-ip-addr local loc-ip-addr] no gre-peer name tunl-name remote rem-ip-addr local loc-ip-addr
Purpose
Creates or selects a Generic Routing Encapsulation (GRE) tunnel, assigns a public IP address to each end, and enters GRE peer configuration mode.
Command Mode
Syntax Description
name tunl-name remote rem-ip-addr local loc-ip-addr Text string of up to 39 characters identifying the GRE tunnel. This name must be unique from all other tunnels that exist in the same context. Optional. Public IP address of the remote end of the GRE tunnel. Required when creating or deleting a tunnel; optional when selecting one for modification. Optional. Public IP address of the local end of the GRE tunnel. Required when creating or deleting a tunnel; optional when selecting one for modification.
Default
None
Usage Guidelines
Use the gre-peer command to create or select a GRE tunnel, assign a public IP address to each end, and enter GRE peer configuration mode. If you create a GRE tunnel in the local context, you can create its tunnel circuits and bind them to interfaces created in any context. If you create a GRE tunnel in any other context (not the local context), you must bind all its tunnel circuits to interfaces that have been created in the same context as the GRE tunnel. You can configure multiple tunnels, but usually only one tunnel between sites. The remote IP address at one end of the GRE tunnel is the same as the local IP address at the other end of the GRE tunnel and conversely. If the remote IP address is not adjacent to the local IP address, and the remote site cannot be reached with a routing protocol, you must also enter the ip route command in context configuration mode. Note The local IP address specified by the loc-ip-addr argument must match the IP address of an interface that you have configured in the same context that you are entering this command.
12-16
If you are creating more than one tunnel, they can use the same local interface as long as the remote interfaces are all different. To use an interface and its public IP address for more than one tunnel, you must specify the loopback keyword with the interface command in context configuration mode when you create the interface for the tunnel. The loopback keyword allows you to reuse the public IP address for more than one tunnel. Note You do not need to specify the remote and local IP addresses when using the gre-peer command to enter GRE peer configuration mode for the purpose of modifying an already existing GRE tunnel. Use the no form of this command to delete the specified GRE tunnel and any associated parameters that have been specified in GRE peer configuration mode.
Examples
The following example creates an interface, toHartford, with a public IP address of 172.16.1.1; then it creates a GRE tunnel, HartfordTnl, with a remote IP address of 172.16.1.2 and a local IP address of 172.16.1.1:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface toHartford [local]Redback(config-if)#ip address 172.16.1.1/30 [local]Redback(config-if)#exit [local]Redback(config-ctx)#gre-peer name HartfordTnl remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-gre-peer)#end
The following example creates two tunnels each using an interface, LocalEnd. Both tunnels use the same local IP address; it is assumed that the remote IP address for Tunnel2 can be reached with a routing protocol, so that the ip route command in context configuration mode is not needed:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface LocalEnd loopback [local]Redback(config-if)#ip address 172.16.1.1/32 [local]Redback(config-if)#exit [local]Redback(config-ctx)#gre-peer name Tunnell remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-gre-peer)#no shutdown [local]Redback(config-gre-peer)#exit [local]Redback(config-ctx)#gre-peer name Tunnel2 remote 172.20.1.2 local 172.16.1.1 [local]Redback(config-gre-peer)#no shutdown [local]Redback(config-gre-peer)#end
The following example specifies an existing GRE tunnel without specifying the remote and local IP addresses, and enters GRE peer configuration mode for the existing GRE tunnel:
[local]Redback(config)#context local [local]Redback(config-ctx)#gre-peer name HartfordTunl [local]Redback(config-gre-peer)#
Related Commands
gre-tunnel interface ip address
12-17
gre-tunnel
gre-tunnel tunl-name ctx-name [key key-id] no gre-tunnel tunl-name ctx-name [key key-id]
Purpose
Creates a Generic Routing Encapsulation (GRE) tunnel circuit, associates it with a GRE tunnel created in the specified context, assigns a tunnel circuit ID, and enters GRE tunnel configuration mode.
Command Mode
tunnel map configuration
Syntax Description
tunl-name ctx-name key key-id Name of an existing GRE tunnel that has been created with the gre-peer command in context configuration mode. Name of the context in which the GRE tunnel has been created. Optional. Value, in integer form, that specifies an ID (key) for the tunnel circuit. The range of values is 1 to 4,294,967,295; the default value is 0.
Default
None
Usage Guidelines
Use the gre-tunnel command to create a GRE tunnel circuit, associate it with a GRE tunnel created in the specified context, assign a tunnel circuit identifier, and enter GRE tunnel configuration mode. You can issue this command multiple times, once for each tunnel circuit to be associated with the tunnel. If you create a GRE tunnel in the local context, you can create its tunnel circuits and bind them to interfaces created in any context. If you create a GRE tunnel in any other context (not the local context), you must bind all its tunnel circuits to interfaces that have been created in the same context as the GRE tunnel. Use the key key-id construct to specify a key ID for the tunnel circuit. If you do not specify a key ID, the system uses the key value of 0 and the tunnel has a single tunnel circuit. Use the no form of this command to delete the GRE tunnel circuit.
Examples
The following example creates a GRE tunnel circuit on the tunnel HartfordTn1 in the local context with key ID of 1:
[local]Redback(config)#tunnel map [local]Redback(tunnel-map)#gre-tunnel HartfordTn1 local key 1 [local]Redback(config-gre-tunnel)#
12-18
Related Commands
bind interfaceGRE tunnel configuration mode gre-peer
12-19
ip host
ip host ip-addr[/prefix-length] no ip host ip-addr[/prefix-length]
Purpose
Associates a Generic Routing Encapsulation (GRE) tunnel circuit with the IP address and medium access control (MAC) address of the remote host on the circuit.
Command Mode
Syntax Description
ip-addr prefix-length IP address of the host on this circuit in the form A.B.C.D. Optional. Prefix length for the associated IP address; the range of values is 1 to 32.
Default
No IP host address is associated with a GRE tunnel circuit.
Usage Guidelines
Use the ip host command to associate a GRE tunnel circuit with the IP address of the host on the circuit. Use the no form of this command to delete the association. Note This command is also documented in Chapter 6, Circuit Configuration, for ATM and Frame Relay permanent virtual circuits (PVCs) and in Chapter 11, Cross-Connection Configuration, for IP over Ethernet (IPoE) circuits.
Examples
The following example associates a GRE tunnel circuit with the IP address of the host on the circuit:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#gre-tunnel HartfordTn1 local key 1 [local]Redback(config-gre-tunnel)#ip host 10.10.10.14/24
Related Commands
bind interface
12-20
keepalive
keepalive [seconds [retry-num]] no keepalive default keepalive
Purpose
Enables the sending of keepalive packets on Generic Routing Encapsulation (GRE) tunnel circuits and specifies the interval and the number of retries.
Command Mode
Syntax Description
seconds retry-num Optional. Number of seconds between the sending of a keepalive packet. The range of values is 1 to 32,766; the default value is 10. Optional. Number of times a keepalive packet is sent without response before the tunnel circuit is brought down. The range of values is 2 to 254; the default value is 4.
Default
The sending of keepalive packets is disabled.
Usage Guidelines
Use the keepalive command to enable the sending of keepalive packets on GRE tunnel circuits and specify the interval between keepalive packets and the number of retries. Note This command is not supported if the tunnel circuit and its tunnel are created in different contexts. Use the no form of this command to disable the sending of keepalive packets. Use the default form of this command to specify the default values for the seconds argument and the retry-num argument.
Examples
The following example enables the sending of keepalive packets with the default values for the seconds and retry-num arguments:
[local]Redback(config)#tunnel map [local]Redback(tunnel-map)#gre-tunnel tunnel01 local [local]Redback(config-gre-tunnel)#keepalive
Related Commands
None
12-21
log-state-changes
log-state-changes no log-state-changes
Purpose
Enables the generation of a GRE-INFO message each time the Generic Routing Encapsulation (GRE) tunnel changes state (from up to down or down to up).
Command Mode
GRE peer configuration
Syntax Description
Default
The generation of GRE-INFO messages is disabled.
Usage Guidelines
Use the log-state-changes command to enable the generation of a GRE-INFO message each time the GRE tunnel changes state (from up to down or down to up). Use the no form of this command to disable the generation of GRE-INFO messages. To display the GRE-INFO messages, enter the show log command in any mode. Note You cannot disable the generation of GRE-INFO messages with the no terminal monitor command in exec mode.
Examples
The following example enables the generation of a GRE-INFO message each time the tunnel, HartfordTn1, in the local context changes state:
[local]Redback(config)#context local [local]Redback(config-ctx)#gre-peer HartfordTn1 local [local]Redback(config-gre-peer)#log-state-changes
Related Commands
None
12-22
shutdown
Purpose
Disables a Generic Routing Encapsulation (GRE) tunnel or tunnel circuit.
Command Mode
GRE peer configuration GRE tunnel configuration
Syntax Description
Default
All tunnels are disabled; all tunnel circuits are enabled.
Usage Guidelines
Use the shutdown command to disable a GRE tunnel or tunnel circuit. Note You must enable the tunnel on which the tunnel circuit is configured for the tunnel circuit to function. Use the no form of this command to enable a GRE tunnel or tunnel circuit. This command is also described in the following chapters: Chapter 3, ATM, Ethernet, and POS Port Configuration, for ATM OC, ATM DS-3, Ethernet, and Packet over SONET/SDH (POS) ports. Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized OC-12 and STM-1 ports, DS-3 and E1 channels or ports, E3 ports, DS-1 channels, and DS-0 channel groups. Chapter 6, Circuit Configuration, for cross-connected circuits. Chapter 11, Cross-Connection Configuration, for cross-connected circuits.
For Multicast Source Discovery Protocol (MSDP), see the IP Multicast Configuration chapter in the Routing Protocols Configuration Guide publication for the SmartEdge OS.
Examples
The following example disables a GRE tunnel circuit:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#gre-tunnel HartfordTn1 local key 1 [local]Redback(config-gre-tunnel)#shutdown
12-23
The following example enables a GRE tunnel:

[local]Redback(config)#context local [local]Redback(config-ctx)#gre-peer HartfordTn1 local [local]Redback(config-gre-peer)#no shutdown
Related Commands
None
12-24
tunnel map
tunnel map
Purpose
Enters tunnel map configuration mode in which you create Generic Routing Encapsulation (GRE) tunnel circuits.
Command Mode
Syntax Description
Default
None
Usage Guidelines
Use the tunnel map command to enter tunnel map configuration mode, in which you create GRE tunnel circuits.
Examples
The following example enters tunnel map configuration mode:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#
Related Commands
gre-tunnel
12-25
12-26
Chapter 13
L2TP Configuration
This chapter provides an overview of Layer 2 Tunneling Protocol (L2TP) peers and groups, describes the tasks used to configure them, provides configuration examples, and detailed descriptions of the commands used to configure L2TP features through the SmartEdge OS. Note To configure L2TP functions and features, you must have enabled the software license for L2TP. For more information about enabling software licenses, see the Basic Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer L2TP peers and groups, see the Tunnel Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
The SmartEdge router functions as an L2TP access concentrator (LAC) or as an L2TP network server (LNS). In each context configured on the system, the SmartEdge router can function as an LAC to one or more LNSs, as an LNS to one or more LACs, or as both a LAC and an LNS. Note LNSs and LACs are collectively referred to as L2TP peers. The SmartEdge OS implementation of L2TP conforms to RFC 2661, Layer Two Tunneling Protocol L2TP, RFC 2809, Implementation of L2TP Compulsory Tunneling via RADIUS, RFC 2867, RADIUS Tunnel Accounting Support, RFC 2868, RADIUS Attributes for Tunnel Protocol Support, and RFC 3145, L2TP Disconnect Cause Information, and supports the following features: Context-specific L2TP peers and groups of peers User Datagram Protocol/Internet Protocol (UDP/IP) encapsulation
L2TP Configuration
13-1
Overview
LAC support for connections over any circuit that supports subscriber-based Point-to-Point Protocol (PPP) LNS support for connections over any circuit that supports IP packets Configurable distribution of incoming LAC sessions Configuration of L2TP peers locally, in a SmartEdge OS configuration file, or remotely, on a Remote Authentication Dial-In User Service (RADIUS) server Dynamic or static peer selection for subscriber circuits Configurable default settings for L2TP peers Anonymous (unnamed) peers to allow connections from peers that are not defined locally Support for combined LAC and LNS functions (tunnel switching) for a given subscriber Slot redundancy to allow incoming subscriber sessions to be distributed across multiple cards
For information about all standard and vendor-specific attribute value pairs (AVPs) supported by the SmartEdge OS, see Appendix A, L2TP Attribute-Value Pairs. For information about configuring RADIUS and all standard and vendor-specific RADIUS attributes supported by the SmartEdge OS, see the RADIUS Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. These L2TP features are described in the following sections: L2TP Tunnels and Peers Tunnel Switching L2TP Peer Groups Mapping Subscribers to Peers Slot Redundancy QoS Considerations Avoiding Unwanted Fragmentation and Reassembly
L2TP Tunnels and Peers

L2TP tunnels are UDP/IP-encapsulated circuits that carry subscriber-based PPP sessions to another router. The router is designated as an LNS or an LAC, depending on its relationship with the SmartEdge router: When functioning as an LNS, the SmartEdge router accepts sessions from LACs in the network and can either terminate them or switch them to another LNS. When functioning as an LAC, the SmartEdge router tunnels subscriber PPP sessions to a number of LNSs.
13-2
Overview
Figure 13-1 shows a SmartEdge router, acting as an LAC, with connections to a pair of LNS peers. Figure 13-1 L2TP Tunnels over UDP/IP
Tunnel Switching
The SmartEdge OS can also act as an L2TP tunnel switch (LTS), accepting PPP sessions over one tunnel and relaying them to other LNSs over another tunnel. A tunnel switch has aspects of both LAC and LNS operation. Figure 13-2 shows two LACs (lac1.com and lac2.com) feeding into a tunnel switch (switch.com), which provides upstream connectivity to each indicated LNS (lns1.net and lns2.net). Here, we assume that the two LACs are configured to tunnel appropriate PPP sessions (perhaps all of them) to switch.com. Also, we assume that each LNS is configured to accept an L2TP tunnel from switch.com. Figure 13-2 L2TP Tunnel Switching
L2TP Configuration
13-3
Overview
L2TP Peer Groups

An L2TP peer group is a group of LNS peers among which PPP sessions are distributed by the SmartEdge router when functioning as an LAC. The group members, the group itself, and the LAC are all configured in the same context. Peers must be defined prior to inclusion in a group. This section includes the following topics: Session Distribution RADIUS and Accounting Considerations
Session Distribution
PPP sessions are distributed among the peers in a group according to the algorithm specified in the algorithm command in L2TP group configuration mode. The algorithm options are: Strict priority Each peer is assigned a priority that corresponds to the order in which the peers are created; the highest priority peer is the one that is created first. With strict priority distribution, sessions are directed to the highest priority peer, unless connectivity to that peer is lost (the peer is labeled dead) or the maximum number of tunnels and sessions to the peer has been reached. After that, sessions are directed to the peer with the next highest priority. If two or more peers have the same priority, sessions are load-balanced among them. Load balancing Each session is directed to the peer that has the fewest sessions at the moment so that sessions are distributed across peers in the group equally. If peers have assigned priorities, they are ignored. Weighted-round-robin Each session is directed to a peer that is chosen using a weighted-round-robin algorithm to calculate the priority (weight). The peer with the lowest weight receives the most sessions. Each algorithm is subject to the maximum number of tunnels and the maximum number of sessions configured for the peers that are members of the group. For example, if the strict priority algorithm is specified and the maximum sessions limit is reached on the highest-priority peer, additional sessions are sent to the next highest-priority peer. When an LNS peer is not reachable (regardless of the algorithm being used), it is labeled dead for a period of time. There is no further attempt to reach a dead peer until the deadtime has expired, unless one of the following conditions is true: If a peer is not a member of a group or is the only member of a group, the deadtimer is not enforced unless it is configured to be enforced, using the l2tp strict-deadtime command in context configuration mode. If all peers in a group are dead, there is an immediate attempt to re-establish a connection with at least one of them.
When a session is being brought up, the system attempts to establish a tunnel to any dead peer in the group. A peer is not marked as alive until the system can successfully establish a tunnel to it.
13-4
Overview
RADIUS and Accounting Considerations

The RADIUS Tunnel-Preference attribute determines which peer has the highest priority when using the strict priority algorithm. Lower preference numbers have higher priority. When some peers have a tunnel preference and some do not, the ones without a tunnel preference are considered of lower priority than those with a tunnel preference. A new L2TP tunnel is created by a RADIUS server when one of the three following conditions occurs: All existing tunnels have the maximum number of sessions active. A new peer is created and a session is assigned to it. The l2tp admin test command in exec mode is issued by administrator to create a tunnel.
An L2TP peer is created when one of the following standard RADIUS attributes is received and its value does not match that for any existing peer: Tunnel-Server-Endpoint (RADIUS attribute 66) Tunnel-Client-Endpoint (RADIUS attribute 67) Tunnel-Assignment-Id (RADIUS attribute 82)
Only attribute 66 is required, but the others, if provided, are also used to search for an exact match. These attributes are documented in the RADIUS Attributes appendix in the IP Services and Security Configuration Guide for the SmartEdge OS. L2TP peers that are configured by a RADIUS server can be automatically removed from memory should they be marked as inactive, using the l2tp clear-radius-peer command in context configuration mode. An inactive peer is one for which the session count has been zero (0) for a configurable period of time. If L2TP tunnel or session accounting is enabled, accounting messages are sent to a RADIUS server. Types of messages include Tunnel-Start, Tunnel-Stop, Link Start, Link Stop. For more information about configuring L2TP accounting, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. If an LAC sends AVPs 24 (Tx Connect Speed) and 38 (Rx Connect Speed) or just AVP 24 to the SmartEdge router, the SmartEdge OS inserts the speeds in RADIUS attribute 77 (Connect-Info) and includes it in RADIUS Access-Accept and Accounting-Request messages. The format of attribute 77 in this case is Tx/Rx with the / character separating the two speeds. Speeds are provided in bits per second. If only AVP 24 is present, the format is Tx. The inclusion of only the Rx speed is not supported.
Mapping Subscribers to Peers

In addition to mapping a subscriber to a specific peer (static selection), the SmartEdge OS supports three types of dynamic selection: Dynamic context selectionsub-name@ctx-name Dynamic peer selectionsub-name@l2tp-peer-name Dynamic peer group selectionsub-name@l2tp-group-name
To specify dynamic selection for a subscriber, each peer or peer group must have a name (or domain alias) identical to a SmartEdge OS context name or to an alias name for the context.
L2TP Configuration
13-5
Overview
The SmartEdge OS maps the subscribers PPP session to a peer or peer group with the same name or domain alias as the @domain portion of the structured subscriber name used by that subscriber. Note The separator character between the subscriber name and the context, L2TP peer, or L2TP group name argument is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default value is @, which is used throughout this guide.
Slot Redundancy
Slot redundancy allows you to configure alternate cards for L2TP sessions when the SmartEdge router is acting as an LNS or LTS. With slot redundancy, subscriber sessions from an LAC are automatically switched to another card if the card on which the sessions are running is shut down for any reason (such as a card reload). Slot redundancy also allows sessions from a given LAC peer to be distributed among multiple cards. Various types of redundancy are possible; some choices are: Load balance all sessions between multiple cards Give preference to the card with the route to the LAC and load balance across alternate cards after the first card has exceeded the maximum number of sessions allowed on it Establish 1+1 redundancy with one card having preference over a second card Assign sessions to one or more cards based on preference
Figure 13-3 shows the slot redundancy configured in the SmartEdge router lns.com. The card in slot 3 is the card with the route to the LAC; two slots, 4 and 5, are configured to accept the subscriber sessions from the LAC when the card in slot 3 is running at full capacity. All three cards pass the traffic to the Internet using the card in slot 12. The commands to implement this slot redundancy configuration are provided in the example in the L2TP Slot Redundancy for an LAC Peer section. Slot redundancy is fully configurable, and online changes do not affect current sessions. For example, if card 5 is removed from the configuration for slot redundancy, the sessions on that card are not disrupted; however, no new sessions are assigned to it. Figure 13-3 L2TP Slot Redundancy
13-6
Overview
QoS Considerations
The SmartEdge OS supports the attachment of quality of service (QoS) metering, policing, and queuing policies to LNS subscriber sessions; queuing policies are restricted to priority weighted-fair queuing (PWFQ) policies which are supported only on Gigabit Ethernet 3 (GE3) and Gigabit Ethernet 1020 (GE1020) traffic cards. However, slot redundancy is not supported for queuing policies; if an LNS subscriber session moves to a port on a different slot, it will no longer be governed by the PWFQ policy attached to the LNS subscriber session. For more information about QoS policies and attaching them to LNS subscriber sessions, see the QoS Circuit Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.
Avoiding Unwanted Fragmentation and Reassembly

In IP networks, it is generally preferable to avoid fragmentation when possible, because it can exacerbate packet loss and the reassembly of fragments consumes resources on host computers. By its nature, the L2TP protocol makes packets larger because it must add headers to encapsulate the packet, thus making fragmentation situations more likely to occur than with normal Internet traffic. The L2TP software on the SmartEdge router offers administrator the choice of several solutions to manage fragmentation. The options available depend on the role of the SmartEdge router: Increase the minimum transmission unit (MTU) setting (the SmartEdge OS role is an LAC or LNS) You can increase the MTU setting between the SmartEdge router and the L2TP peer so that neither tunnel endpoint is required to fragment packets toward the other. Redback recommends increasing the MTU value to 1,700 bytes. Use the ip mtu command in the interface configuration mode to change the MTU setting. For complete documentation of this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Note For this solution to work, the entire path between the LAC and LNS must support an MTU of 1,700 bytes. Require a smaller maximum receive unit (MRU) in the initial Link Control Protocol (LCP) negotiation (the SmartEdge OS role is an LAC) Use the ppp peer-options command in global configuration mode to attempt to negotiate a smaller MRU between the PPP clients and the SmartEdge router. This can be done at either the LAC or LNS end of the tunnel. See Chapter 8, PPP and PPPoE Configuration, for complete documentation of this command. Force LCP renegotiation on MRU mismatch (the SmartEdge OS role is an LNS) This option causes the SmartEdge router to examine the proxy LCP information sent by the LAC, if available. The SmartEdge router determines if the client and LAC negotiated MRU values would lead to fragmentation, and if so, restarts LCP negotiation to configure lower MRU values. If the MRU values negotiated between client and LAC are acceptable, no renegotiation is forced. Use the l2tp renegotiate lcp command in context configuration mode to specify the conditions under which the SmartEdge router renegotiates the LCP options.
L2TP Configuration
13-7
Configuration Tasks
If fragmentation cannot be avoided, the SmartEdge router, when acting as an LNS, gives the administrator a choice between forcing fragmentation of the user packet (the inner packet) or the encapsulating L2TP packet (the outer packet). If the L2TP packet is fragmented, the LAC performs the reassembly. If the user packet is fragmented, the subscribers computer performs the reassembly. To enable fragmentation of the user packet or L2TP packet, use the l2tp-fragment command in context configuration mode.
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure L2TP peers and groups, and switches, perform the tasks described in the following sections: L2TP Configuration Guidelines Configure a Context for L2TP Peers and Groups Configure an LNS Peer Configure an LNS Peer Group Configure an LAC Peer Configure a Subscriber for L2TP Peer Selection Configure an L2TP Tunnel Switch
L2TP Configuration Guidelines

Consider the following guidelines when configuring an L2TP peer or group: The following guidelines apply to L2TP names: L2TP peer and group names must be unique within a context. An L2TP group name can be used in commands where an L2TP peer name can be used. To enable the use of a shorter service name for an L2TP peer, it is common to specify the fully qualified domain name for the peer or peer group in the l2tp-peer or l2tp-group command, and create the service name as a domain alias, using the domain command in L2TP peer or L2TP group configuration mode. The following guidelines apply to L2TP domain aliases: Because a hostname for a peer or a group can be unwieldyoften in the form of a fully qualified domain namethe SmartEdge OS allows you to create a domain alias for the context for each peer and peer group. For example, a peer can have a fully qualified domain name of hssi_3_0.chi.core.isp.net, but you can refer to this peer as isp.net. You use these aliases for assigning tunnels to subscribers only. You can create multiple domain aliases for a context to allow unique domain aliases for the peers and groups configured in the context. You can assign multiple domain aliases to a peer or group.
13-8
Configuration Tasks
You can specify a domain alias for an L2TP peer or group wherever the fully qualified L2TP peer or group name appears; for example, in the tunnel name command in subscriber configuration mode. The following guidelines apply to L2TP groups: You must create the group in the same context as the LNS peers that will be its members; a group cannot include any LNS peer that is not created in the same context as the group. You must create an LNS peer before you can assign it to a group of peers. The following guidelines apply to subscriber sessions that are tunneled: To allow subscriber sessions to be tunneled, you must have configured PPP for the subscriber circuit. A subscriber session is directed towards one peer in a group of peers if that group has a domain alias that matches the domain of the session. Similarly, a subscriber session is directed towards an individual peer if that peer has a domain alias that matches the domain of the session. The following guidelines apply to slot redundancy: Sessions are load-balanced across traffic cards that are assigned equal preference. Each traffic card can support up to 16,000 active subscriber sessions; to support more sessions from a single LAC, you can specify additional cards using the either priority or route keyword. You must explicitly configure the traffic cards using the card command (in global configuration mode) prior to configuring slot redundancy for them. Sessions are not assigned to unconfigured traffic cards.
Configure a Context for L2TP Peers and Groups

Configuring L2TP peers and groups is context specific. You configure certain attributes that apply to all L2TP peers and groups configured in a context, unless otherwise noted; to configure these attributes, perform the tasks described in Table 13-1. Note The commands listed in task 3 are all optional and are meant only to help solve an operational problem; do not use these commands unless the L2TP is not functioning correctly and the Redback Technical Assistance Center (TAC) directs you to include them in the L2TP configuration. Table 13-1 Configure a Context for L2TP Peers and Groups
# 1. Task Create or select the context for the named, default, or unnamed peer or peer group, and access context configuration mode. Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Optional. You can enter this command multiple times.
2.
Create a domain alias for the context.
domain
L2TP Configuration
13-9
Configuration Tasks
Table 13-1 Configure a Context for L2TP Peers and Groups (continued)
# 3. Task Specify optional attributes for L2TP: Enable any inactive L2TP peer configured by a RADIUS server in this context to be automatically removed from memory. Specify the conditions under which the SmartEdge router, when acting as an LNS, renegotiates with an LAC. Select the type of fragmentation. Enable proxy authentication for LAC peers. 4. Specify optional timers: Set the minimum amount of time for which a peer not within an L2TP group is marked as dead. Enable strict enforcement of the deadtime, even when all peers are marked as dead. l2tp deadtime l2tp strict-deadtime l2tp clear-radius-peer Root Command Notes
l2tp renegotiate lcp l2tp fragment l2tp proxy-auth Enabled by default.
Configure an LNS Peer

The SmartEdge router can provide LAC functions for a number of subscriber circuits, with each subscriber circuit configured to use either dynamic peer selection or a static connection to a specific LNS peer. You can configure either a named or default LNS peer when the SmartEdge router acts as an LAC; a default peer allows you to create a set of defaults for the peer configuration attributes. Then when creating a named peer, all the settings of the default peer apply to the configuration of the named peer except for those that you choose to redefine. To configure a named LNS peer, you must know the hostname that it uses during the establishment of the tunnel to it. To configure either a named or default LNS peer, perform the tasks described in Table 13-2. Table 13-2 Configure an LNS Peer
# 1. 2. 3. 4. 5. 6. Task Configure the context attributes for this peer. Create the named or default peer and access L2TP peer configuration mode. Associate a description with this LNS peer. Specify the role of the SmartEdge router as an LAC for this LNS peer. Assign a domain alias for this LNS peer. Create a local name for the SmartEdge router to use in packets sent to the LNS peer. Root Command Notes
See Table 13-1 for a complete list of commands. l2tp-peer description function domain local-name Specify the lac-only keyword; this is the default value. Assign at least one of the domain aliases created for the context in step 2 in Table 13-1. The default value is system hostname. Enter this command in context configuration mode.
13-10
Configuration Tasks
Table 13-2 Configure an LNS Peer (continued)

Specify one or more operational attributes (all attributes are optional): Limit the number of tunnels allowed for this LNS peer. Limit the number of sessions allowed for this LNS peer. Specify an authorization key used by the LNS peer to encrypt and decrypt information sent on the control channel. Specify the number of unacknowledged control messages that can be sent by this LNS peer 9the value to send in the Receive-Window-Size AVP). max-tunnels max-sessions tunnel-auth key
tunnel-window
8.
Specify one or more timing attributes (all attributes are optional): Specify the interval before sending an L2TP Hello packet to this LNS peer if there has been no control message activity between this peer and the SmartEdge router. Specify the timeout value for an acknowledgment message before a control message is retransmitted to this LNS peer. Specify the number of retries that an unacknowledged control message is retransmitted to this LNS peer before the tunnel is brought down. hello-timer
timeout
retry
Configure an LNS Peer Group

When the SmartEdge router is acting as an LAC, you can configure a group of LNS peers. To configure an LNS peer group, perform the tasks described in Table 13-3. Table 13-3 Configure an LNS Peer Group
# 1. 2. 3. 4. Task Configure the context attributes for this peer group. Configure the LNS peers to be included in this group. Create the L2TP peer group and access L2TP group configuration mode. Specify attributes for the peer group: Assign a domain alias for this L2TP peer group. Specify the algorithm by which sessions are assigned to the LNS peers in the group. Set the minimum amount of time for which a peer within an L2TP group is marked as dead. 5. Add an existing LNS peer to the L2TP group. domain algorithm deadtime peer Assign at least one of the domain aliases created for the context in step 2 in Table 13-1. Root Command Notes
See Table 13-1 for a complete list of commands. See Table 13-2 for a complete list of commands. l2tp-group Enter this command in context configuration mode.
L2TP Configuration
13-11
Configuration Tasks
Configure an LAC Peer

The SmartEdge router can provide LNS functions for a number of LACs. You can configure either a named, default, or unnamed (anonymous) peer when the SmartEdge router acts as an LNS; a default peer allows you to create a set of defaults for the peer attributes. Then when creating a named peer, all the settings of the default peer apply to the configuration of the named peer, except for those that you choose to redefine. Slot redundancy allows you to configure multiple cards to carry L2TP subscriber sessions to an LAC. With slot redundancy, sessions are automatically switched to another card if the card on which the subscriber sessions are running, is shut down for any reason. To configure a named peer, you must know the hostname that the LAC peer uses during the establishment of the tunnel to the SmartEdge router. To configure a named, default, or unnamed (anonymous) LAC peer, perform the tasks described in Table 13-4. Table 13-4 Configure an LAC Peer
# 1. 2. 3. 4. 5. 6. 7. Task Configure the context attributes for this peer. Create the named, default, or unnamed peer, and access L2TP peer configuration mode. Associate a description with this peer. Specify the role of the SmartEdge router as an LNS for this LAC peer. Specify a domain alias for this LAC peer. Create a local name for the SmartEdge router to use in packets sent to the LAC peer. Root Command Notes
See Table 13-1 for a complete list of commands. l2tp-peer description function domain local-name Specify the lns-only keyword. Specify one of the domain aliases created for the context in step 2 in Table 13-1. The system hostname is the default. Enter this command in context configuration mode.
Configure slot redundancy for this LAC peer with both of the following tasks: Select the algorithm for slot redundancy. Specify a card and its preference. lns card lns card Specify the selection keyword. Specify the preference keyword. Enter this command for each card that will carry L2TP subscriber sessions to the LAC.
8.
Specify operational attributes (all attributes are optional): Limit the number of tunnels allowed for this peer. Limit the number of sessions allowed for this peer. Specify an authorization key used by the L2TP peer to encrypt and decrypt information sent on the control channel. Specify the number of unacknowledged control messages that can be sent by this L2TP peer. Specify the method used by the SmartEdge router when acting as an L2TP LNS to authenticate subscriber sessions that arrive from this peer. max-tunnels max-sessions tunnel-auth key Specify at least two tunnels for quick recovery if problems occur.
tunnel-window session-auth
13-12
Configuration Tasks
Table 13-4 Configure an LAC Peer (continued)

# 9. Task Specify timing attributes (all attributes are optional): Specify the interval before sending an L2TP Hello packet to an L2TP peer if there has been no control message activity between the peer and the SmartEdge router. Specify the timeout value for an acknowledgment message before a control message is retransmitted to an L2TP peer. Specify the number of retries that an unacknowledged control message is retransmitted to an L2TP peer before the tunnel is brought down. hello-timer Root Command Notes
timeout
retry
Configure a Subscriber for L2TP Peer Selection

When the SmartEdge router is acting as an LAC, you must specify either dynamic or static peer selection for the subscriber sessions. To specify peer selection, perform the task described in Table 13-5; enter all commands in subscriber configuration mode. Table 13-5 Configure a Subscriber for L2TP Peer Selection
Task Root Command Notes
Select the peer or peer group for a subscriber with one of the following tasks: Enable dynamic peer selection. Enable static peer selection. tunnel domain tunnel name Uses the domain portion of the subscriber name to match a configured peer or group.
Configure an L2TP Tunnel Switch

When the SmartEdge router acts as a tunnel switch, it acts as an LNS to incoming subscriber circuits and as an LAC to the LNS peers to which it switches those subscriber circuits. To configure the SmartEdge router as an L2TP tunnel switch, perform the tasks described in Table 13-6. To allow the subscriber sessions to be switched, each subscriber must have a domain name that matches the domain alias for the LNS to which the subscribers sessions will be switched. Table 13-6 Configure an L2TP Tunnel Switch
# 1. 2. 3. 4. Task Configure the context for the L2TP tunnel switch. Create an LNS peer for each upstream peer. Create an LAC peer for each downstream peer. Configure a subscriber record for each subscriber to be switched. Root Command Notes
See Table 13-1 for a complete list of commands. See Table 13-2 for a complete list of commands. Perform this step for each LNS peer to which the subscriber sessions will be switched. See Table 13-4 for a complete list of commands. Perform this step for each LAC peer from which subscriber sessions will be switched. See Table 13-5 for a complete list of commands. The domain name for each subscriber must match the domain alias for the LNS to which the subscriber session will be switched.
L2TP Configuration
13-13
This section includes functional examples that configure the SmartEdge router to act as a connected LAC and as a connected LNS. SmartEdge Router as a LAC SmartEdge Router as an LNS SmartEdge Router as a Tunnel Switch L2TP Slot Redundancy for an LAC Peer
SmartEdge Router as a LAC

In the examples in this section, the SmartEdge router, with system hostname, telco.com, acts as a LAC to two LNSs of an ISP. With these examples, if a subscriber specifies sub-name@isp1.net, the SmartEdge OS connects the subscribers PPP session to the LNS peer lns1.isp.net; if a subscriber specifies sub-name@isp2.net, the SmartEdge OS connects the subscribers PPP session to either of the LNS peers in the group. The following L2TP tasks show the basic configuration: Context Aliases LNS Peers Group of LNS Peers Subscribers
Context Aliases
The following example enters the local context and configures domain aliases for the context for use with two LNS peers:
[local]telco.com(config)#context local [local]telco.com(config-ctx)#domain isp1.net [local]telco.com(config-ctx)#domain isp2.net [local]telco.com(config-ctx)#end
LNS Peers
This example creates a tunnel to each LNS peer, specifies a domain alias for the peer, the local name for the SmartEdge router, and the key to be used by the peer to authenticate the establishment of the tunnel:
[local]telco.com(config)#context local [local]telco.com(config-ctx)#l2tp-peer name lns1.isp.net media udp-ip remote ip 2.2.2.1 local 1.1.1.1 [local]telco.com(config-l2tp)#function lac-only [local]telco.com(config-l2tp)#domain isp1.net [local]telco.com(config-l2tp)#local-name lac1.isp.net [local]telco.com(config-l2tp)#tunnel-auth key SeCrEt1 [local]telco.com(config-l2tp)#end
13-14
A second LNS peer is configured in a similar fashion as follows:

[local]telco.com(config)#context local [local]telco.com(config-ctx)#l2tp-peer name lns2.isp.net media udp-ip remote ip 2.2.3.1 local 1.1.1.1 [local]telco.com(config-l2tp)#function lac-only [local]telco.com(config-l2tp)#local-name lac2.isp.net [local]telco.com(config-l2tp)#tunnel-auth key SeCrEt2 [local]telco.com(config-l2tp)#end
Group of LNS Peers

The following example creates an L2TP group, group1, assigns a domain alias, ips2.net, sets the session algorithm to load balance, sets the deadtime to 15 minutes, and adds two existing LNS peers to the group:
[local]telco.com(config-ctx)#12tp-group name group1 [local]telco.com(config-l2tp-group)#domain isp2.net [local]telco.com(config-l2tp-group)#algorithm load-balance [local]telco.com(config-l2tp-group)#deadtime 15 [local]telco.com(config-l2tp-group)#peer name lns1.isp.net [local]telco.com(config-l2tp-group)#peer name lns2.isp.net [local]telco.com(config-l2tp-group)#end
Subscribers
The following examples configure subscribers for the LAC: Dynamic Peer Selection Static Peer Selection
Dynamic Peer Selection

The following example enables dynamic peer selection for all subscribers in the local context:
[local]telco.com(config)#context local [local]telco.com(config-ctx)#subscriber default [local]telco.com(config-sub)#tunnel domain [local]telco.com(config-sub)#end
Static Peer Selection

The following example specifies that a PPP session for subscriber fred is always tunneled to the LNS peer, lns1.isp.net:
[local]telco.com(config)#context local [local]telco.com(config-ctx)#subscriber name fred [local]telco.com(config-sub)#tunnel name lns1.isp.net [local]telco.com(config-sub)#end
L2TP Configuration
13-15
SmartEdge Router as an LNS

In the examples in this section, the SmartEdge router, with system hostname, isp.net, acts as an LNS for an ISP. The following L2TP tasks show the basic configuration: Context Alias LAC Peer
Context Alias
The following example enters the local context and configures a domain alias for the context for use with a LAC peer:
[local]isp.net(config)#context local [local]isp.net(config-ctx)#domain isp1.net [local]isp.net(config-ctx)#end
LAC Peer
The following example configures a SmartEdge router to act as an LNS for a LAC peer. It is assumed that subscriber records exist either locally or on a RADIUS server for configuring and authenticating subscriber sessions.
[local]isp.net(config)#context local [local]isp.net(config-ctx)#l2tp-peer name lac1.isp.net media udp-ip remote ip 10.1.1.1 [local]isp.net(config-l2tp)#function lns-only [local]isp.net(config-l2tp)#domain isp1.net [local]isp.net(config-l2tp)#local-name lns1.isp.net [local]isp.net(config-l2tp)#tunnel-auth key SeCrEt1 [local]isp.net(config-l2tp)#session-auth chap pap [local]isp.net(config-l2tp)end
SmartEdge Router as a Tunnel Switch

The following example sets up tunnel switching in which all PPP sessions that arrive at the tunnel switch (the SmartEdge router, switch.com), over the downstream tunnels lac1.com and lac2.com are mapped into an upstream tunnel selected according to the structured subscriber name. For example, if a subscriber specifies joe@lns2.net, the SmartEdge OS places the session into the tunnel to lns2.net; a subscriber, fred, is tunneled to the lns1.net LNS. The following example sets up the tunnel switch, switch.com,. in the local context, with the domain alias names, lnscom1 and lnscom2; the LAC peer, lac.com; and the LNS peers, lns1.net and lns2.net. It also creates two subscribers, joe and fred, and specifies the LNS for each, using the domain alias for each LNS.
!Configure the context for the switch [local]switch.com(config)#context local [local]switch.com(config-ctx)#aaa authentication subscriber none [local]switch.com(config-ctx)#domain lnscom1 [local]switch.com(config-ctx)#domain lnscom2 [local]switch.com(config-if)#exit
13-16
Configuration Examples !Configure the LAC peer (LNS side of the switch) [local]switch.com(config-ctx)#l2tp-peer name lac.com media udp-ip remote-ip 10.1.1.1 [local]switch.com(config-l2tp)#function lns-only [local]switch.com(config-l2tp)#exit !Configure the LNS peers (LAC side of the switch) [local]switch.com(config-ctx)#l2tp-peer name lns1.net media udp-ip remote-ip 10.3.1.1 [local]switch.com(config-l2tp)#function lac-only [local]switch.com(config-ctx)#domain lnscom1 [local]switch.com(config-l2tp)#exit [local]switch.com(config-ctx)#l2tp-peer name lns2.net media udp-ip remote-ip 10.4.1.1 [local]switch.com(config-l2tp)#function lac-only [local]switch.com(config-ctx)#domain lnscom2 [local]switch.com(config-l2tp)#exit !Configure a named subscriber for lns1.net [local]switch.com(config-ctx)#subscriber name joe [local]switch.com(config-sub)#tunnel name lnscom1 [local]switch.com(config-sub)#exit !Configure a named subscriber for lns2.net [local]switch.com(config-ctx)#subscriber name fred [local]switch.com(config-sub)#tunnel name lnscom2 [local]switch.com(config-sub)#exit
L2TP Slot Redundancy for an LAC Peer

The following example configures slot redundancy for an LAC peer, as shown in Figure 13-3. Because slot 3 has the route to the LAC, it is preferred for subscriber sessions up to the maximum allowed for the card; the configuration establishes that additional sessions are to be load-balanced between cards 4 and 5.
!Configure the LAC peer [local]switch.com(config-ctx)#l2tp-peer name lac.com media udp-ip remote-ip 10.1.1.1 [local]switch.com(config-l2tp)#function lns-only !Configure the alternate traffic cards for slot redundancy [local]Redback(config)#card gigaether-4-port 3 [local]Redback(config)#card gigaether-4-port 4 [local]Redback(config)#card gigaether-4-port 5 !Select the algorithm and specify the card preferences [local]Redback(config-l2tp)#lns card selection route [local]Redback(config-l2tp)#lns card 4 preference 20 [local]Redback(config-l2tp)#lns card 5 preference 20
L2TP Configuration
13-17
This section describes the syntax and usage guidelines for the commands used to configure L2TP features. The commands are presented in alphabetical order. algorithm deadtime description domain function hello-timer l2tp calling-number format l2tp clear-radius-peer l2tp deadtime l2tp fragment l2tp-group l2tp-peer l2tp proxy-auth l2tp renegotiate lcp l2tp strict-deadtime lns card local-name max-sessions max-tunnels peer retry session-auth timeout tunnel-auth key tunnel domain tunnel name tunnel-window
13-18
algorithm
algorithm {priority | load-balance | weighted-round-robin} default algorithm
Purpose
Assigns the algorithm used to distribute Point-to-Point Protocol (PPP) sessions among the peers in a Layer 2 Tunneling Protocol (L2TP) group.
Command Mode
L2TP group configuration
Syntax Description
priority load-balance Assigns the next session to the highest priority peer that has not been labeled dead. Assigns the next session to the peer that has the fewest sessions.
weighted-round-robin Assigns the next session based on calculated priority (weight).
Default
The algorithm is set to strict priority.
Usage Guidelines
Use the algorithm command to assign the algorithm used to distribute PPP sessions among the peers in an L2TP group. The three algorithm keywords represent distinctly different strategies for session distribution. Use the priority keyword to assign a strict priority algorithm. Using this algorithm, sessions are directed to the peer with the highest priority until connection with that peer is no longer possible; then sessions are directed to the peer with the next highest priority. With this algorithm, you can assign a preference value to each peer using the peer command in L2TP group configuration mode; a peer with a preference value of 1 has the highest priority. Peers with equal preference values are assigned sessions using load balancing. Use the load-balance keyword to assign a load-balancing algorithm. Using this algorithm, the next session is directed to the peer with the fewest sessions. The result is that the sessions are distributed across the peers equally. The peers may still have priorities assigned, but they are ignored. Use the weighted-round-robin keyword assign a weighted-round-robin algorithm to calculate the priority. Using this algorithm, sessions are directed to the peer with the highest calculated priority until connection with that peer is no longer possible; then sessions are directed to the peer with the highest calculated priority. With this algorithm, you can assign a weight value to each peer using the peer command in L2TP group configuration mode; the weight value is used to calculate the priority. The peer with the lowest priority receives the most sessions.
L2TP Configuration
13-19
Each algorithm is subject to the maximum number of tunnels and the maximum number of sessions (specified with the max-tunnels and max-sessions commands in L2TP peer configuration mode, respectively) configured for the peers that are members of the group. For example, if the strict priority algorithm is specified and the maximum sessions limit is reached on the highest priority peer, additional sessions are sent to the next highest priority peer. Note The SmartEdge OS supports only Remote Authentication Dial-In User Service (RADIUS) servers that support tunnel extensions. If the RADIUS server does not supply the Tunnel-Preference attribute, the SmartEdge OS chooses the preference for the peers arbitrarily. We recommend that you specify either the strict-priority distribution (which sets the priority of peers explicitly), or the weighted-round-robin algorithm. For more information about configuring RADIUS, see the RADIUS Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Use the default form of this command to set the algorithm to strict priority.
Examples
The following example creates an L2TP group, group1, with L2TP peer members, 1peer and 2peer. First, the L2TP group, group1, is created. Two peer members, 1peer and 2peer, are then established as members of the group, and the group is configured to use strict-priority session distribution:
[local]Redback(config-ctx)#12tp-group name group1 [local]Redback(config-l2tp-group)#algorithm priority [local]Redback(config-l2tp-group)#peer name 1peer preference 10 [local]Redback(config-l2tp-group)#peer name 2peer preference 20
With strict-priority distribution, sessions with usernames of the form user@group1 are tunneled to 1peer (because it has a lower preference value), as long as 1peer is reachable and its maximum sessions threshold has not been exceeded. If 1peer becomes unreachable or its maximum sessions threshold is reached, sessions are tunneled to 2peer. If the load-balance keyword was used instead of the priority keyword, the first session of the form user@group1 would be tunneled to 1peer, and the next session for the same group would be tunneled to 2peer, balancing the session count between them, unless one peer becomes unreachable or the maximum sessions threshold is reached.
Related Commands
deadtime domaincontext configuration mode domainL2TP group configuration mode domainL2TP peer configuration mode max-sessions max-tunnels peer
13-20
deadtime
deadtime minutes default deadtime
Purpose
Sets the minimum amount of time during which any dead peer in the group is ignored when computing the Layer 2 Tunneling Protocol (L2TP) group algorithm.
Command Mode
Syntax Description
minutes Minimum number of minutes that a peer is marked as dead. The range of values is 1 to 300; the default value is 2.
Default
The deadtime is set to five minutes.
Usage Guidelines
Use the deadtime command to set the minimum amount of time during which any dead peer in the group is ignored when computing the L2TP group algorithm. A peer is labeled dead after it is determined that a new tunnel cannot be established to the peer. This feature prevents a troubled L2TP peer from being inundated with connection attempts without disconnecting the peer altogether. It also allows you to identify troubled peers. A peer remains labeled as dead until a new session is established to it as follows: After the deadtime is expired and a connection request arrives, the peer is again considered as a destination, according to the group algorithm. If a connection attempt is not made to the peer (the peer is not selected as the destination), the dead label is not removed. If a connection attempt is made and is successful, the dead label is removed from the peer; if the attempt is not successful, the deadtime is again applied to the peer.
Note Current sessions to the peer are not brought down if the peer should be labeled dead. Only attempts to add new tunnels are affected. A dead peer is labeled as dead in the output of the show l2tp peer command in any mode for at least the length of time indicated in the minutes argument. Use the default form of this command to set the deadtime to two minutes.
L2TP Configuration
13-21
Examples
The following example selects (or creates) an L2TP group and sets the number of deadtime minutes to two:
[local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#default deadtime
The following example selects (or creates) an L2TP group and sets the number of deadtime minutes to 10:
[local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#deadtime 10
Related Commands
algorithm domaincontext configuration mode domainL2TP group configuration mode domainL2TP peer configuration mode l2tp deadtime l2tp strict-deadtime
13-22
description
Purpose
Associates textual information with a Layer 2 Tunneling Protocol (L2TP) peer.
Command Mode
L2TP peer configuration
Syntax Description
text Textual description for an L2TP peer. Can be any alphanumeric string, including spaces, up to 255 ASCII characters.
Default
No description is associated with the L2TP peer.
Usage Guidelines
Use the description command to associate textual information with the L2TP peer. The description appears in the output of the show configuration command with the l2tp keyword in any mode. Use the no form of this command to delete the existing description. Because there can be only one description for a peer, when you use the no form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example selects (or creates) an L2TP peer, and then associates a text description with it:
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp-peer name isp1.net remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-l2tp)#description Corporate offices in Connecticut
[local]Redback(config-l2tp)#description Corporate offices in Hartford

[local]Redback(config-l2tp)#no description
Related Commands
None
L2TP Configuration
13-23
domain
domain alias no domain alias
Purpose
Assigns a domain alias to a Layer 2 Tunneling Protocol (L2TP) peer or group.
Command Mode
L2TP peer configuration L2TP group configuration
Syntax Description
alias Unique name to be used as an alias. Must be one of the domain aliases created for the context in which the peer is being configured by the domain command in context configuration mode.
Default
No aliases are specified.
Usage Guidelines
Use the domain command to assign a domain alias for a peer; the domain alias is one previously created for the context in which the L2TP peer or group is configured. Note To create an alias for a context, use the domain command in context configuration mode. For more information, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. A domain alias can be a simpler name (for example, isp.net) than its name (the l2tp-peer-name argument specified by the l2tp-peer command in L2TP peer configuration mode), which is a fully qualified domain name, such as time_0_5.chi_core.isp.net. You can specify multiple aliases for each L2TP peer or group. You can use a domain alias for a peer anywhere that you can use its name (the l2tp-peer-name argument) or for a group anywhere that you can use its name (the l2tp-group-name argument specified by the l2tp-group command in L2TP group configuration mode).You cannot use this command if you entered L2TP peer configuration mode using the l2tp-peer command in context configuration mode with the default keyword. Use the no form of this command to remove the specified domain alias.
13-24
Examples
The following example selects (or creates) an L2TP peer and assigns a domain alias for it:
[local]Redback(config)#context local [local]Redback(config-ctx)#domain corporate [local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#domain corporate
The following example selects (or creates) an L2TP group and assigns a domain alias for it:
[local]Redback(config)#context local [local]Redback(config-ctx)#domain field-sales [local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#domain field-sales
Related Commands
domaincontext configuration mode l2tp-group l2tp-peer timeout
L2TP Configuration
13-25
function
function {lac-only | lns-only} no function
Purpose
Specifies the role that the SmartEdge router assumes with this Layer 2 Tunneling Protocol (L2TP) peer, either as an L2TP access concentrator (LAC) or as an L2TP network server (LNS).
Command Mode
Syntax Description
lac-only lns-only Specifies that the SmartEdge router can send incoming call requests to, but cannot receive them from, this peer. Specifies that the SmartEdge router can receive incoming call requests from, but cannot send them to, this peer.
Default
The SmartEdge router functions as a LAC only for this peer.
Usage Guidelines
Use the function command to specify the role that the SmartEdge router assumes with this L2TP peer, either as an LAC or as an LNS. The LAC-only role prevents the acceptance of Incoming-Call-Request (ICRQ) control messages from a LAC peer. The LNS-only role prevents the generation of ICRQ control messages based on incoming Point-to-Point Protocol (PPP) sessions to an LNS peer. Use the default or all form of this command to disable any specification.
Examples
The following example specifies that the SmartEdge router will function as an LAC with the named L2TP peer:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#function lac-only
Related Commands
l2tp-peer local-name
13-26
hello-timer
hello-timer interval default hello-timer
Purpose
Specifies the amount of time that the SmartEdge OS waits before sending a Hello control message to an Layer 2 Tunneling Protocol (L2TP) peer if there has been no control message activity between the two peers.
Command Mode
Syntax Description
interval Amount of time in seconds that the SmartEdge OS waits before sending an L2TP Hello packet if there has been no exchange of control messages to the remote L2TP peer. The range of values is 0 to 3,600; the default value is 60.
Default
The SmartEdge OS waits 60 seconds before sending an L2TP Hello packet.
Usage Guidelines
Use the hello-timer command to specify the amount of time that the SmartEdge OS waits before sending a Hello control message to an L2TP peer if there has been no control message activity between the two peers. The Hello control message is used as a keepalive mechanism to determine if there has been a link failure between the L2TP access concentrator (LAC) and L2TP network server (LNS). Note We do not recommend that you change the value of the interval argument from the default unless you are specifically requested to do so by a Redback Technical Support representative. Use the default form of this command to set the value of the interval argument to the default of 60 seconds.
Examples
The following example sets the amount of time that the SmartEdge OS waits before sending a Hello control message to an L2TP peer if there has been no control message activity between the two peers to 120 seconds (two minutes):
[local]Redback(config-l2tp)#hello-timer 120
Related Commands
None
L2TP Configuration
13-27
l2tp calling-number format

l2tp calling-number format {all [hostname] [pppoe-id] [slot-port] [virtual-id]} {no | default} l2tp calling-number format
Purpose
Allows you to pass subscriber calling information to a Layer 2 Tunneling Protocol (L2TP) network server (LNS) in a Dialed Number Identification Service (DNIS) attribute-value pair (AVP).
Command Mode
Syntax Description
all hostname pppoe-id slot-port virtual-id Includes all available options for this command; this is the default option. Optional. Includes currently configured hostname of the router. Optional. Includes the session ID of the incoming Point-to-Point Protocol over Ethernet (PPPoE) session. Optional. Includes the slot and port number of the incoming circuit. Optional. Includes the Virtual Path Identifier (VPI), Virtual Channel Identifier (VCI), or Virtual LAN ID (VLAN ID) of the incoming circuit.
Default
All available options are sent to the peer.
Usage Guidelines
Note An L2TP access concentrator (LAC) sends an AVP only if the dnis generate command (in L2TP peer configuration mode) is configured and enabled under the peer. Use the l2tp calling-number format to pass subscriber calling information to an LNS using L2TP in a DNIS AVP. Use the no or default form of this command to send all options to the peer.
Examples
The following example displays all information (hostname, slot and port, PPPoE ID, and virtual ID):
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp calling-number format all [local]Redback(config-ctx)#
13-28
The following example displays only the hostname:

[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp calling-number format hostname
Related Commands
dnis generate
L2TP Configuration
13-29
l2tp clear-radius-peer
l2tp clear-radius-peer time-inactive {no | default} l2tp clear-radius-peer
Purpose
Enables any Layer 2 Tunneling Protocol (L2TP) peer configured by a Remote Authentication Dial-In User Service (RADIUS) server in this context to be automatically removed from memory after it is marked inactive.
Command Mode
Syntax Description
time-inactive Time, in minutes, that a peer can be inactive before being removed from memory. The range of values is 5 to 300.
Default
No time limit is in effect; no inactive RADIUS-configured peers are cleared from memory.
Usage Guidelines
Use the l2tp clear-radius-peer command to enable any L2TP peer configured by a RADIUS server in this context to be automatically removed from memory after it is marked inactive. A RADIUS-configured peer is marked as inactive if: The session count is 0. The peer is not labeled dead; it is alive or its deadtime has expired. The time interval since the last session was terminated or since the peer was initially created, if no sessions have been active, is equal to or greater than the time specified by the time-inactive argument.
If a RADIUS-configured peer is inactive, it is cleared from memory. Use the no or default form of this command to remove the time limit.
Examples
The following example sets the inactive time limit to 10 minutes:
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp clear-radius-peer 10
Related Commands
None
13-30
l2tp deadtime
l2tp deadtime minutes {no | default} l2tp deadtime
Purpose
Sets the minimum amount of time for which any dead Layer 2 Tunneling Protocol (L2TP) peer that is configured in the context and that is not a member of a peer group is ignored.
Command Mode
Syntax Description
minutes Minimum number of minutes that a peer is marked as dead. The range of values is 1 to 100; the default value is 2.
Default
The deadtime is set to five minutes.
Usage Guidelines
Use the l2tp deadtime command to set the minimum amount of time that any dead L2TP peer that is configured in the context and that is not a member of a peer group is ignored. You can use this command to control the deadtime for peers created by the Remote Authentication Dial-In User Service (RADIUS). A peer is labeled dead after it is determined that a new tunnel cannot be established to the peer. This feature prevents a troubled L2TP peer from being inundated with connection attempts without disconnecting the peer altogether. It also allows you to identify troubled peers. A peer remains labeled as dead until a new session is established to it as follows: After the deadtime is expired and a connection request arrives, the peer is again considered as a destination. If a connection attempt is not made to the peer (the peer is not selected as the destination), the dead label is not removed. If a connection attempt is made and is successful, the dead label is removed from the peer; if the attempt is not successful, the deadtime is again applied to the peer.
Note Current sessions to the peer are not brought down if the peer should be labeled dead. Only attempts to add new tunnels are affected. A dead peer is labeled as dead in the output of the show l2tp peer command (in any mode) for at least the length of time indicated in the minutes argument. Use the no or default form of this command to set the deadtime to two minutes.
L2TP Configuration
13-31
Examples
The following example sets the number of deadtime minutes to 10 for any L2TP peer that is not a member of a peer group in the context:
[local]Redback(config-ctx)#l2tp deadtime 10
Related Commands
deadtime l2tp strict-deadtime
13-32
l2tp fragment
l2tp fragment {l2tp-packet | user-packet} {no | default} l2tp fragment
Purpose
Specify the type of fragmentation of Layer 2 Tunneling Protocol (L2TP) packets that are sent downstream and that need fragmentation.
Command Mode
Syntax Description
l2tp-packet user-packet Fragments the encapsulating packet after the L2TP header is added; this is the default. Fragments the user data packet before the L2TP header is added.
Default
Fragmentation occurs after the L2TP header is added.
Usage Guidelines
Use the l2tp fragment command to specify the type of fragmentation for L2TP packets that are sent downstream. It is more efficient to fragment the user data packet, because it is reassembled on the users computer; fragmenting the L2TP packet requires that the L2TP access concentrator (LAC) must reassemble the packet, which takes more processing time. Use the no or default form of this command to specify fragmentation after the L2TP header is added.
Examples
The following example enables fragmentation for user data packets before the L2TP header is added:
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp fragment user-packet
Related Commands
None
L2TP Configuration
13-33
l2tp-group
l2tp-group name l2tp-group-name no l2tp-group name l2tp-group-name
Purpose
Creates a group of Layer 2 Tunneling Protocol (L2TP) tunnels to L2TP network servers (LNSs) among which Point-to-Point Protocol (PPP) sessions are parceled out, and enters L2TP group configuration mode.
Command Mode
Syntax Description
name l2tp-group-name Name of the L2TP group being created. L2TP group names must be unique from other L2TP group names, peer names, and domain aliases in the context.
Default
No L2TP group is created.
Usage Guidelines
Use the l2tp-group command to create a group of L2TP tunnels to LNSs (peers) among which PPP sessions are parceled out, and enter L2TP group configuration mode. All peers in a group must be defined (with the l2tp-peer command in context configuration mode) within the same context as the group itself. It is part of the LAC configuration. PPP sessions are distributed among tunnels in a group according to the algorithm specified for the group with the algorithm command in L2TP group configuration mode. A group name that is created with the l2tp-group command can be entered as the l2tp-peer-name or tunl-name argument value for the tunnel name command in subscriber configuration mode. Peer names, group names, and domain aliases for those names must be unique within the context in which they are created. Use the no form of this command to disband the L2TP group and delete all references to it by the L2TP peers that formed the group.
Examples
The following example creates an L2TP group, group1:
[local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#
13-34
Related Commands
algorithm domaincontext configuration mode domainL2TP group configuration mode domainL2TP peer configuration mode l2tp-group l2tp-peer
L2TP Configuration
13-35
l2tp-peer
l2tp-peer {default | name l2tp-peer-name media udp-ip remote {ip ip-addr | dns dns-name} | unnamed} [local ip-addr] no l2tp-peer {default | name l2tp-peer-name | unnamed}
Purpose
Creates a Layer 2 Tunneling Protocol (L2TP) peer, either an L2TP access concentrator (LAC) or an L2TP network server (LNS), a default peer, or an anonymous (unnamed) peer, or selects one for modification, in the current context, and enters L2TP peer configuration mode.
Command Mode
Syntax Description
default name l2tp-peer-name Creates a default L2TP tunnel. Name of the L2TP peer that is provided by the peer as a hostname in Start-Control-Connection-Request (SCCRQ) packets sent to the SmartEdge router. Specifies that the tunnel is User Datagram Protocol (UDP) IP-encapsulated. IP address of the L2TP peer. Domain Name System (DNS) name of the L2TP peer. Creates an anonymous L2TP peer. Optional. Local IP address. When configuring an LAC, the ip-addr argument is the IP address of the LAC. When configuring an LNS, the ip-addr argument is the IP address of the LNS.
media udp-ip remote ip ip-addr remote dns dns-name unnamed local ip-addr
Default
No L2TP named, default, or anonymous peer is created.
Usage Guidelines
Use the l2tp-peer command to create an L2TP peer, a default peer, or an anonymous peer, or select one for modification, in the current context, and enter L2TP peer configuration mode. Use the default keyword to create a set of defaults that apply to any L2TP peer in the current context. Each configured attribute for the default peer is included in all L2TP peer configurations in the context. However, if you configure a named or anonymous peer, attribute values that you specify for that peer override the values set for the default peer. If you specify the name l2tp-peer-name construct, the L2TP peer name must be unique from other L2TP peer names, group names, and domain aliases within the context.
13-36
When configuring the SmartEdge router as a LAC, the l2tp-peer-name argument is the name or the domain alias for the LNS at the other end of the tunnel; it represents the peer in the hostname attribute of packets exchanged in L2TP. When configuring it as an LNS, the l2tp-peer-name argument is the name of the LAC. The name of the L2TP peer is provided by the peer as a hostname in SCCRQ packets. Use the remote ip ip-addr construct to specify the IP address for the LNS; use the remote dns dns-name construct to specify the DNS name for the LNS. Use the local ip-addr construct to specify the IP address for the LAC. You can assign an alias for the L2TP peer name with the domain command in L2TP peer configuration mode. Peer names, group names, and domain aliases must be unique within the context. For example, if a peer is named isp, no other peer, group, or alias can also be named isp within the context. Note The peer name for the SmartEdge router is frequently the hostname for the SmartEdge router (by default, Redback). If you are configuring a new system, you may want to rename the SmartEdge router. To change the hostname of a SmartEdge router, enter the system hostname command in global configuration mode. For more information about this command, see the Basic System Commands chapter. Be aware that if the SmartEdge router is currently in service and you change its hostname, any authentication based on the previous definition will fail. Instead of using the SmartEdge router hostname as the peer name, you can create another hostname to use as a peer name; to create another hostname, enter the local-name command in L2TP peer configuration mode. Note This command supports multiple L2TP tunnels that are identically named. This is commonly the case when Microsoft Windows clients are the L2TP peers. Use the unnamed keyword to configure how the system responds to anonymous peers. Use the anonymous peer configuration for any incoming SCCRQ packets that contain a hostname not found in the local L2TP peer configurations, or for peers configured by a Remote Authentication Dial-In User Service (RADIUS) server. To configure the parameters for an anonymous L2TP peer, you can use all the L2TP configuration mode commands, except for domain. We recommend that you use the tunnel-auth command in L2TP configuration mode, to accept all incoming peer requests that contain a specific tunnel password. In addition, we recommend that you restrict the use of this peer to the SmartEdge router using the function command in L2TP configuration mode with the lns-only keyword. Otherwise, outgoing calls might be placed on anonymous peers. Use the no form of this command to delete the default peer or an existing L2TP peer in the current context.
Examples
The following example creates an L2TP peer, lac1.net, in the local context:
[local]Redback(config-config)#context local [local]Redback(config-ctx)#l2tp-peer name lac1.net media udp-ip remote ip 10.5.5.5 [local]Redback(config-l2tp)#
L2TP Configuration
13-37
The following example creates a default L2TP tunnel for tunnels in the local context:
[local]Redback(config-config)#context local [local]Redback(config-ctx)#l2tp-peer default [local]Redback(config-l2tp)#
Related Commands
domaincontext configuration mode domainL2TP group configuration mode domainL2TP peer configuration mode local-name system hostname
13-38
l2tp proxy-auth
l2tp proxy-auth {no | default} l2tp proxy-auth
Purpose
Enables proxy authentication for Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) peers.
Command Mode
Syntax Description
Default
Proxy authentication is disabled.
Usage Guidelines
Use the l2tp proxy-auth command to enable proxy authentication for LAC peers. Use the no or default form of this command to disable proxy authentication for LAC peers.
Examples
The following example enables proxy authentication for LAC peers.
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp proxy-auth
Related Commands
None
L2TP Configuration
13-39
l2tp renegotiate lcp

l2tp renegotiate lcp {always | never | on-mismatch} {no | default} l2tp renegotiate lcp
Purpose
Specifies the conditions under which the SmartEdge router, when acting as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) renegotiates the Link Control Protocol (LCP) options with an L2TP access concentrator (LAC).
Command Mode
Syntax Description
always never on-mismatch Renegotiates regardless of any LCP or Authentication packets received. Does not ever renegotiate. Renegotiates if the received proxy LCP options do not match the configured options. This is the default.
Default
Renegotiates if the received proxy LCP options do not match the configured options.
Usage Guidelines
Use the l2tp renegotiate lcp command to specify the conditions under which the SmartEdge router, when acting as an LNS, renegotiates with an LAC. As part of L2TP session establishment, a LAC might send proxy-lcp and proxy-auth options (LCP and Authentication packets it received from its client) in one of its messages to the SmartEdge router. In this case, the SmartEdge router, acting as an LNS, might receive all the necessary LCP information without negotiating directly with the client. However, if a proxy LCP packet is not received, then the SmartEdge router renegotiates the LCP, depending on the conditions specified by this command. Use the always keyword to support those situations for which renegotiation is required, regardless of the information received from the client. Use the never keyword to support those Point-to-Point Protocol (PPP) clients that cannot successfully establish a session if renegotiation occurs. In this case, the SmartEdge router attempts to use proxy-LCP information as much as possible. That is, it accepts non-critical values, even on mismatch. But it does not tolerate authentication problems or a lack of a proxy LCP. Use the no or default form of this command to specify the default condition.
13-40
Examples
The following example specifies that no renegotiation will take place:
[local]Redback(config)#context local [local]Redback(config)#l2tp renegotiate lcp never
Related Commands
None
L2TP Configuration
13-41
l2tp strict-deadtime
l2tp strict-deadtime {no | default} l2tp deadtime
Purpose
Enables the strict enforcement of the deadtime, even if all Layer 2 Tunneling Protocol (L2TP) peers are labeled dead.
Command Mode
Syntax Description
Default
Strict enforcement of the deadtime is disabled.
Usage Guidelines
Use the l2tp strict-deadtime command to enable the strict enforcement of the deadtime, even if all L2TP peers are labeled dead. You can use this command to control connection attempts to dead peers that are created by the Remote Authentication Dial-In User Service (RADIUS). A peer is labeled dead after it is determined that a new tunnel cannot be established to the peer. This feature controls connection requests as follows: If strict deadtime is disabled: When a connection request arrives and all candidate peers for that destination are labeled dead, the SmartEdge router attempts to make a connection to one of the dead peers, even if the deadtime has not expired for any of them. If strict deadtime is enabled: No connection attempt is made until the deadtime for at least one candidate peer has expired. Use the no or default form of this command to disable strict enforcement of the deadtime.
Examples
The following example enables the strict enforcement of the deadtime for all L2TP peers in the context:
[local]Redback(config-ctx)#l2tp strict-deadtime
Related Commands
deadtime l2tp deadtime
13-42
lns card
lns card {selection {route | priority} | slot preference preference} {no | default} lns card {selection | slot}
Purpose
Configures slot redundancy for Layer 2 Tunneling Protocol (L2TP) sessions.
Command Mode
Syntax Description
selection route priority slot preference preference Selects the algorithm by which a card is selected for an L2TP session. Specifies the route algorithm; this is the default. Specifies the priority algorithm. Chassis slot number of a card on which L2TP sessions are to be carried. Relative preference of one card over another as the choice for an L2TP session; the default value is equal preference for all cards.
Default
The default algorithm is route, and if multiple cards are available, sessions are load-balanced between them (equal preference for all cards).
Usage Guidelines
Use the lns card command to configure slot redundancy for L2TP sessions between the SmartEdge router and an L2TP access concentrator (LAC). You enter this command to first select the algorithm by which a card is selected to carry L2TP subscriber sessions; you enter it again one or more times to specify the cards that can carry L2TP subscriber sessions. You must specify the lns-only keyword with the function command in L2TP peer configuration mode for this peer before entering this command. The route algorithm establishes the card with the route to the LAC as the preferred card without explicitly specifying it. This algorithm allows you to establish the preference of one card over all others when its slot is not known. The priority algorithm fixes the card preferences based on an explicit configuration statement. If you specify the priority keyword, you must identify all the cards on which L2TP sessions are to be carried. The values that you specify for the preference argument are relative to each other and can be any integer: a smaller number has a higher preference. Cards with equal preference numbers are load balanced. You must configure the traffic cards using the card command (in global configuration mode) prior to configuring slot redundancy for them. Sessions are not assigned to unconfigured traffic cards. To display the status of slot redundancy, use the show l2tp global command in any mode with the ipc keyword.
L2TP Configuration
13-43
Use the no or default form of this command to specify the default algorithm and card preferences. Note The maximum number of sessions that a card can carry is not configurable and depends on the amount of memory in each card.
Examples
The following example enables slot redundancy by load balancing the sessions between the cards in slots 10 and 11, using the priority algorithm and equal preferences:
[local]Redback(config-l2tp)#lns card selection priority [local]Redback(config-l2tp)#lns card 10 preference 10 [local]Redback(config-l2tp)#lns card 11 preference 10
The following example enables slot redundancy using the route algorithm; the card with the route to an LAC is the preferred card, and then, when that card reaches its maximum number of circuits, sessions are apportioned between the cards in slots 1, 2, and 3, with card 1 having the highest preference and card 3 having the lowest preference. The card with the route, whatever its slot, always has the highest priority.
[local]Redback(config-l2tp)#lns [local]Redback(config-l2tp)#lns [local]Redback(config-l2tp)#lns [local]Redback(config-l2tp)#lns card card card card selection route 1 preference 10 2 preference 20 3 preference 30
Related Commands
function
13-44
local-name
local-name local-name no local-name
Purpose
Creates a local name for the SmartEdge router, to be used in outbound Start-Control-Connection-Request (SCCRQ) or Start-Control-Connection-Reply (SCCRP) control messages to an Layer 2 Tunneling Protocol (L2TP) peer.
Command Mode
Syntax Description
local-name Another name for the SmartEdge router to be used as the value for the Host name attribute value pair (AVP), AVP 7, instead of the system hostname in SCCRQ or SCCRP messages to and from this L2TP peer.
Default
The system hostname, as specified by the system hostname command in global configuration mode, is used as the local name.
Usage Guidelines
Use the local-name command to create a local name for the SmartEdge router. Usually, the system hostname is used as the local name for the SmartEdge router. You can create a different local name for the SmartEdge router for each tunnel that you configure, but the names must be unique. The local-name argument is sent in the SCCRQ message when initializing the tunnel. Use the no form of this command to specify the default local name. To change a local name, create a new one and it overwrites the existing one.
Examples
The following example specifies the local name, cardinal:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#local-name cardinal
Related Commands
system hostname
L2TP Configuration
13-45
max-sessions
max-sessions max-ses-num no max-sessions
Purpose
Specifies the maximum number of sessions allowed for a Layer 2 Tunneling Protocol (L2TP) tunnel to a peer or context.
Command Mode
L2TP peer configuration context configuration
Syntax Description
max-ses-num Maximum number of sessions allowed for a tunnel or context. The range of values is 1 to 65,535; the default value is 65,535.
Default
The maximum number of sessions allowed for each tunnel to a peer, or tunnel to a context, is the maximum number in the valid range (65,535).
Usage Guidelines
Use the max-sessions command to specify the maximum number of sessions allowed for an L2TP tunnel to a peer. For User Datagram Protocol (UDP) tunnels, a new tunnel opens if the max-ses-num argument value has been reached for the current tunnel and the maximum number of tunnels (max-tunl-num argument value for the max-tunnels command in L2TP peer configuration mode) has not been exceeded. You cannot use this command if you entered L2TP peer configuration mode using the l2tp-peer command with the default keyword (in context configuration mode). Use the max-sessions command to configure the maximum number of sessions allowed in a given context. This value will be applied to all peers configured in this context. If you are using the max-sessions command at context level, use this command to enforce the maximum number of L2TP sessions that all the LNS Peers configured in a given context may establish. Use the no form of this command (in any configuration mode) to set the maximum number of sessions to the default.
Examples
The following example sets the maximum number of sessions allowed per tunnel to a peer to 1000:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#max-sessions 1000
13-46
The following example sets the maximum number of sessions allowed per tunnel to a context to 1000:
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp max-sessions 1000
Related Commands
max-tunnels
L2TP Configuration
13-47
max-tunnels
max-tunnels max-tunl-num no max-tunnels
Purpose
Specifies the maximum number of tunnels allowed to a Layer 2 Tunneling Protocol (L2TP) peer.
Command Mode
Syntax Description
max-tunl-num Maximum number of tunnels allowed. The range of values is 1 to 32,767; the default value is 32,767.
Default
The maximum number of tunnels allowed for each peer is the maximum number in the valid range (32,767).
Usage Guidelines
Use the max-tunnels command to specify the maximum number of tunnels allowed to an L2TP peer. Use the no form of this command to set the maximum number of tunnels allowed to the default.
Examples
The following example sets the maximum number of tunnels allowed to 2:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#max-tunnels 2
Related Commands
max-sessions
13-48
peer
peer name l2tp-peer-name {preference priority | weight weight} no peer name l2tp-peer-name
Purpose
Adds an existing peer to the current Layer 2 Tunneling Protocol (L2TP) group.
Command Mode
Syntax Description
name l2tp-peer-name preference priority weight weight Name of the peer to be added to the current L2TP group. Priority for the priority algorithm when assigning sessions to this peer. Weight for the weighted-round-robin algorithm when assigning sessions to this peer.
Default
No peer is added to the current L2TP group.
Usage Guidelines
Use the peer command to add an existing peer to an L2TP group. The l2tp-peer-name argument is the peer name specified in the l2tp-peer command in context configuration mode or its domain alias, specified by the domain command in L2TP peer configuration mode. Use the preference priority construct to override the implicit priority for the peer, if you have specified the priority keyword in the algorithm command (in L2TP group configuration mode). Otherwise, the implicit priority is the order in which the peer commands are run, with the first peer entered having the highest priority. If you have specified the weighted-round-robin keyword in the algorithm command (in L2TP group configuration mode), use the weight weight construct to assign a weight for the peer to be used in the calculation of the priority. This command takes effect immediately, but does not affect Point-to-Point Protocol (PPP) sessions that are already established; only future PPP sessions. Use the no form of this command to remove the named peer from the group.
L2TP Configuration
13-49
Example
The following command selects (or creates) an L2TP group, adds three L2TP peers to the group, sets the algorithm to strict priority, and sets the deadtime to five minutes:
[local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#algorithm priority [local]Redback(config-l2tp-group)#peer name sweet1 preference 10 [local]Redback(config-l2tp-group)#peer name sweet2 preference 20 [local]Redback(config-l2tp-group)#peer name sweet3 preference 30 [local]Redback(config-l2tp-group)#default deadtime
Related Commands
algorithm deadtime domainL2TP group configuration mode domainL2TP peer configuration mode l2tp-peer
13-50
retry
retry count default retry
Purpose
Specify the number of times an unacknowledged control message is retransmitted to a Layer 2 Tunneling Protocol (L2TP) peer before the tunnel is brought down.
Command Mode
Syntax Description
count Number of times an unacknowledged control message is retransmitted to a peer. The range of values is 1 to 100; the default value is 6.
Default
An unacknowledged control message is retransmitted six times.
Usage Guidelines
Use the retry command to specify the number of times an unacknowledged control message is retransmitted to an L2TP peer before the tunnel is brought down. You may want to increase the value from the default of 6 if the L2TP media is not reliable. Use the default form of this command to set the number of retransmissions to the default.
Examples
The following example configures the peer so that unacknowledged control messages are retransmitted five times before the tunnel is brought down:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#retry 5
Related Commands
timeout tunnel-window
L2TP Configuration
13-51
session-auth
session-auth {pap | chap | chap pap} [context ctx-name | service-policy svc-policy-name] {no | default} session-auth
Purpose
Specifies the method used by the SmartEdge router when acting as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) to authenticate subscriber sessions that arrive from this peer.
Command Mode
Syntax Description
pap chap Specifies that the Password Authentication Protocol (PAP) is to be used to obtain the subscriber name and password from the subscriber. Specifies that the Challenge Handshake Authentication Protocol (CHAP) is to be used to obtain the subscriber name and password from the subscriber. Specifies that either PAP or CHAP can be used to obtain the subscriber name and password from the subscriber, but that CHAP is preferred. Optional. Name of a specific context to which subscriber sessions are restricted.
chap pap context ctx-name
service-policy svc-policy-name Optional. Name of a service policy that limits the contexts or domains available to the subscriber sessions.
Default
CHAP or PAP is the authentication method.
Usage Guidelines
Use the session-auth command to specify the method used by the SmartEdge router when acting as an L2TP LNS to authenticate subscriber sessions that arrive from this peer. Use this optional command for the following conditions: To require specific authentication protocol. To limit dynamic service selection to a particular context. To specify a service policy.
Use the optional context ctx-name construct to prevent dynamic context selection, thereby limiting the services available to any Point-to-Point Protocol (PPP) sessions that arrive from this peer. Specifically, these sessions are limited to terminating and routing in the named context and to entering a tunnel defined within that context.
13-52
If the context ctx-name construct is present, the SmartEdge OS attempts to authenticate the session according to the authentication, authorization, and accounting (AAA) configuration for the named context, rather than according to the context portion of the structured subscriber name, if present. If the subscriber passes authentication, the session comes up. If Remote Authentication Dial-In User Service (RADIUS) returns a Context-Name attribute whose value conflicts with the context ctx-name construct (or any of its aliases) in the command line, the binding fails. Authentication also fails if global authentication is configured and the Access-Response packet from the RADIUS server does not contain a Context-Name attribute. Use the optional service-policy svc-policy-name construct to attach a service policy to the subscriber sessions from this peer. This construct allows you to limit the services to more than one context. Changing the configuration of a peer (or peer group) with an established tunnel does not take effect until you delete all tunnels to the peer (using the clear tunnel command in exec mode), or until all the tunnels to the peer come down naturally. The configuration database is queried again to reestablish tunnels to the peer, thereby implementing the new configuration. Use the no or default form of this command to specify the default method to authenticate subscriber sessions.
Examples
The following example establishes that only PAP can be used to authenticate subscriber sessions:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#session-auth pap
Related Commands
function
L2TP Configuration
13-53
timeout
timeout seconds default timeout
Purpose
Specifies the amount of time to wait for an acknowledgment before a control message is retransmitted to a Layer 2 Tunneling Protocol (L2TP) peer.
Command Mode
Syntax Description
seconds Number of seconds to wait for an acknowledgment. The range of values is 1 to 30; the default value is 3.
Default
The timeout period is set to three seconds.
Usage Guidelines
Use the timeout command to specify the amount of time to wait for an acknowledgment before a control message is retransmitted to an L2TP peer. You need only increase the value if many sessions are established or if the media is slow. Use the default form of this command to reset the timeout to the default.
Examples
The following example configures the peer so that retransmission of a control message occurs after 5 seconds without an acknowledgment:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#timeout 5
Related Commands
retry tunnel-window
13-54
tunnel-auth key
tunnel-auth key key no tunnel-auth key [key]
Purpose
Specifies a Layer 2 Tunneling Protocol (L2TP) key to be used by a peer to encrypt and decrypt information sent on the control channel.
Command Mode
Syntax Description
key Key to be used by a peer to encrypt and decrypt information sent on the control channel. The key can be any alphanumeric text string of any length. Optional with the no form of this command.
Default
No password is created.
Usage Guidelines
Use the tunnel-auth key command to specify the key to be used by a peer to encrypt and decrypt information sent on the control channel. The key argument is an alphanumeric string used for the peer password. Use the no form of this command to delete any previously established primary password.
Examples
The following example establishes 6dkq7pv as the password for peer peer1:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#tunnel-auth key 6dkq7pv
Related Commands
l2tp-peer
L2TP Configuration
13-55
tunnel domain
tunnel domain no tunnel domain
Purpose
Enables the dynamic assignment of a subscribers Point-to-Point Protocol (PPP) session to a Layer 2 Tunneling Protocol (L2TP) peer that has the same domain alias as the subscribers domain alias.
Command Mode
Syntax Description
Default
Dynamic assignment is disabled; subscriber PPP sessions are terminated and routed rather than tunneled.
Usage Guidelines
Use the tunnel domain command to enable the dynamic assignment of a subscribers PPP session to an L2TP peer that has the same domain alias as the subscribers domain alias (the @ctx-name portion of the structured subscriber name). This domain alias is also a domain alias for the context in which both are configured. You create domain aliases for a context using the domain command in context configuration mode. To allow the subscriber PPP sessions to be tunneled, you must have configured the PPP for the subscriber circuit. Note You can configure multiple subscribers with dynamic peer assignment if you enter this command for the default or named subscriber profile instead of individual subscriber records. Note This command and the tunnel name command in subscriber configuration mode are mutually exclusive. Note It is in the upstream direction where these PPP sessions are tunneled to the remote peer. Use the no form of this command to disable dynamic assignment for a subscriber.
Examples
The following example configures the default subscriber profile to cause PPP sessions to be mapped to the tunnel that has the same name as the users domain name:
[local]Redback(config)#context local [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#tunnel domain
13-56
Related Commands
context domainL2TP peer configuration mode subscriber tunnel name
L2TP Configuration
13-57
tunnel name
tunnel name tunl-name no tunnel name tunl-name
Purpose
Statically assigns the subscribers Point-to-Point Protocol (PPP) session to a specified Layer 2 Tunneling Protocol (L2TP) peer or group of L2TP peers.
Command Mode
Syntax Description
tunl-name Name of the peer or L2TP group of peers to which the subscriber is mapped.
Default
A PPP session is terminated rather than tunneled.
Usage Guidelines
Use the tunnel name command to statically assign the subscribers PPP session to a specific L2TP peer or group of peers. You can use a peer name or the domain alias for the peer name, a group name, or a domain alias for the group name as the tunl-name argument, which is included in the subscriber record. Note This command and the tunnel domain command in subscriber configuration mode are mutually exclusive. Use the no form of this command to remove the peer or peer group name or alias from the subscriber record.
Examples
The following example forces the subscriber to use the tunnel, freds-corp.com:
[local]Redback(config)#context local [local]Redback(config-ctx)#subscriber name fred [local]Redback(config-sub)#tunnel name freds-corp.com
Related Commands
tunnel domain
13-58
tunnel-window
tunnel-window messages default tunnel-window
Purpose
Specifies the size of the control message window that is advertised to a Layer 2 Tunneling Protocol (L2TP) peer in Start-Control-Connection-Request (SCCRQ) or Start-Control-Connection-Reply (SCCRP) messages.
Command Mode
Syntax Description
messages Number of messages the peer can send before acknowledgment from the SmartEdge router. The range of values is 1 to 2,000; the default value is 8.
Default
Up to eight control messages can be sent by an L2TP peer before acknowledgment from the SmartEdge router.
Usage Guidelines
Use the tunnel-window command to specify the size of control message window that is advertised to an L2TP peer in SCCRQ or SCCRP messages. The size of the window controls how many messages can be sent by a peer before it must wait for acknowledgement from the SmartEdge router. You might need to change the number of messages, depending on the number of control messages a peer can generate at one time. For example, if a peer brings up many sessions all at once, you might need to increase the number of messages. However, changing the size of the control message window does not take effect until a new tunnel to the peer is established. We recommend that you configure the control message window size to match the size configured on the L2TP peer, unless instructed to do otherwise by Redback Technical Support. Use the default form of this command to set the size of the control message window to the default.
Examples
The following example configures the peer to be able to send up to 15 control messages before acknowledgment from the SmartEdge router:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#tunnel-window 15
L2TP Configuration
13-59
Related Commands
retry
13-60
Chapter 14
Overlay Tunnel Configuration
This chapter provides an overview of overlay tunnels, describes the tasks used to configure them, provides configuration examples, and detailed descriptions of the commands used to configure overlay tunnels through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer overlay tunnels, see the Tunnel Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. For protocol- or feature-specific commands that appear in any of the IP Version 6 (IPv6) configuration modes, see the appropriate chapter in this guide, in the Routing Protocols Configuration Guide, or in the IP Services and Security Configuration Guide for the SmartEdge OS. Note When IPv6 addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture. This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
Overview
Overlay tunnels encapsulate IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the Internet). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them.
14-1
Configuration Tasks
Note Overlay tunnels reduce the maximum transmission unit (MTU) by 20 octets (assuming the basic IPv4 packet header does not contain optional fields). A network using overlay tunnels is difficult to troubleshoot. Therefore, overlay tunnels connecting isolated IPv6 networks should not be considered as a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack. An overlay tunnel is used within a site or between sites; it is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. You can configure overlay tunnels between border routers or between a border router and a host. The host or router at each end of a tunnel must support both the IPv4 and IPv6 protocol stacks. The SmartEdge OS implementation of overlay tunnels is based on the RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers.
Figure 14-1 displays encapsulated IPv6 packets traveling through the tunnel. Figure 14-1 IPv6 Tunnel Packet Encapsulation
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure overlay tunnels and their circuits, perform the tasks described in the following sections: Configure an Overlay Tunnel Configure an Overlay Tunnel Circuit
14-2
Configuration Tasks
Configure an Overlay Tunnel

To configure an overlay tunnel, perform the tasks described in Table 14-1. Table 14-1 Configure an Overlay Tunnel
# 1. Task Create or select the context for the tunnel and access context configuration mode. Root Command context Notes Enter this command in global configuration mode. For more information about this command, see the Context Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context mode. For more information about this command, see the Interface Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in interface mode. For more information about this command, see the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Enter this command in context configuration mode. You must assign both a local and a remote IP address. Enter the following commands in tunnel-peer configuration mode. description log-state-changes mtu shutdown Use the no form to enable the tunnel.
2.
Create or select the local interface for the tunnel and access interface configuration mode.
interface
3.
Assign a public IPv4 address to the local interface.
ip address
4.
Create the tunnel, assign the local and remote public IP addresses to it, and access tunnel peer configuration mode. Specify optional tunnel attributes: Associate a description with the tunnel. Enable the logging of state changes. Set the MTU for the tunnel.
ipv6 v4tunnel-peer
5.
6.
Enable the tunnel (begin operations on it).
Configure an Overlay Tunnel Circuit

For data to flow through an overlay tunnel, you must configure an overlay tunnel circuit for the tunnel. Perform the tasks described in Table 14-2. Table 14-2 Configure an Overlay Tunnel Circuit
# 1. Task Select the context for the tunnel circuit, and access context configuration mode. Create or select the interface for the tunnel circuit and access interface configuration mode. Assign a private IPv6 address to the interface for the tunnel circuit. Access tunnel map configuration mode. Create the tunnel circuit, associate it with its tunnel and and access IPv6 tunnel configuration mode. Root Command context Notes Enter this command in global configuration mode. The context must be the same context in which the tunnel is configured. Enter this command in context mode. Enter this command in interface mode. Enter this command in global configuration mode. Enter this command in tunnel-map configuration mode.
2. 3. 4. 5.
interface ipv6 address tunnel map ipv6-tunnel
14-3
Table 14-2 Configure an Overlay Tunnel Circuit

# 6. 7. Task Bind the tunnel circuit to its interface. Disable the tunnel circuit (stop operations on it). Root Command bind interface shutdown Notes Enter this command in IPv6 tunnel mode. You can disable the tunnel circuit until you are ready to begin operations on it.
The following example configures an IPv4 overlay tunnel, DenverTnl, and its IPv6 tunnel circuit in the local context:
!Create the local IPv4 interface for the tunnel [local]Redback(config)#context local [local]Redback(config-ctx)#interface toDenver !Assign an IPv4 public IP address to the local tunnel interface [local]Redback(config-if)#ip address 172.16.1.1/30 [local]Redback(config-if)#exit !Configure the tunnel with IPv4 addresses for its local and remote ends !The local end uses the IPv4 address of the tunnels interface. [local]Redback(config-ctx)#ipv6 v4tunnel-peer DenverTnl local 172.16.1.1 remote 172.16.1.2 [local]Redback(config-tunnel-peer)#log-state-changes [local]Redback(config-tunnel-peer)#description tunnel with a single circuit [local]Redback(config-tunnel-peer)#mtu 1024 [local]Redback(config-tunnel-peer)#no shutdown [local]Redback(config-tunnel-peer)#exit !Create the interface for the tunnel circuit [local]Redback(config-ctx)#interface ipv6-tunnel [local]Redback(config-ctx)#exit !Assign an ipv6 public address to the interface for the tunnel circuit [local]Redback(config-if)#ivp6 7001::1/64 local]Redback(config-if)#exit !Create the tunnel circuit and associate it with its tunnel [[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#ipv6-tunnel DenverTnl manual local !Bind the tunnel circuit to its interface, which is in the local context [local]Redback(config-ipv6-tunnel)#bind interface ivp6-tunnel local [local]Redback(config-ipv6-tunnel)#end
14-4
This section describes the syntax and usage guidelines for the commands used to configure GRE features. The commands are presented in alphabetical order. description ipv6 v4tunnel-peer ipv6-tunnel log-state-changes mtu shutdown tunnel map
14-5
description
Purpose
Associates textual information with an overlay tunnel.
Command Mode
tunnel peer configuration
Syntax Description
text Textual description for an overlay tunnel. Can be any alphanumeric string, including spaces, that is not longer than 64 ASCII characters.
Default
No description is associated with the tunnel.
Usage Guidelines
Use the description command to associate textual information with the overlay tunnel. The description appears in the output of the show configuration command with the tunnel keyword (in any mode). Use the no form of this command to delete the existing description. Because there can be only one description for a tunnel, when you use the no form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
Examples
The following example selects (or creates) an overlay tunnel, and then associates a text description with it:
[local]Redback(config)#context local [local]Redback(config-ctx)#ipv6 v4tunnel-peer name DenverTn1 local 172.16.1.1 remote 172.16.1.2 [local]Redback(config-tunnel-peer)#description Corporate offices in Colorado
[local]Redback(config-tunnel-peer)#description Corporate offices in Denver

[local]Redback(config-tunnel-peer)#no description
14-6
Related Commands
ipv6 v4tunnel-peer
14-7
ipv6-tunnel
ipv6-tunnel tunl-name manual ctx-name no ipv6-tunnel tunl-name manual ctx-name
Purpose
Creates an overlay tunnel circuit, associates it with an overlay tunnel created in the specified context, and accesses IPv6 tunnel configuration mode.
Command Mode
tunnel map configuration
Syntax Description
tunl-name manual ctx-name Name of an existing overlay tunnel that has been created with the ipv6 v4tunnel-peer command in context configuration mode. Specifies a manual tunnel circuit; the specified tunnel must have a remote IP address assigned. Name of the context in which the overlay tunnel has been created.
Default
None
Usage Guidelines
Use the ipv6-tunnel command to create an overlay tunnel circuit, associate it with an overlay tunnel created in the specified context, and access IPv6 tunnel configuration mode. Note You must have assigned a remote IP address to the tunnel before you can create the tunnel circuit. If you create an overlay tunnel in the local context, you can create its tunnel circuit and bind it to an interface created in any context. If you create an overlay tunnel in any other context (not the local context), you must bind its tunnel circuit to an interface that has been created in the same context as the overlay tunnel. Use the no form of this command to delete the overlay tunnel circuit.
Examples
The following example creates an overlay tunnel circuit for the tunnel, DenverTn1, in the local context:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#ipv6-tunnel DenverTn1 manual local [local]Redback(config-ipv6-tunnel)#
14-8
Related Commands
bind interfaceIPv6 tunnel configuration mode ipv6 v4tunnel-peer
14-9
ipv6 v4tunnel-peer
ipv6 v4tunnel-peer tunl-name [local loc-ip-addr remote rem-ip-addr] no ipv6 v4tunnel-peer
Purpose
Creates or selects an overlay tunnel, assigns a public IPv4 address to each end, and accesses tunnel peer configuration mode.
Command Mode
context configuration tunnel peer configuration
Syntax Description
tunl-name local loc-ip-addr Text string of up to 39 characters identifying the overlay tunnel. This name must be unique from all other tunnels that exist in the same context. Optional. Public IP address of the local end of the overlay tunnel. Required when creating or deleting a tunnel; optional when selecting one for modification. The format is A.B.C.D. Optional. Public IP address of the remote end of the overlay tunnel. Required when creating or deleting a tunnel; optional when selecting one for modification. The format is A.B.C.D.
remote rem-ip-addr
Default
None
Usage Guidelines
Use the ipv6 v4tunnel-peer command to create or select an overlay tunnel, assign a public IP address to each end, and enter tunnel peer configuration mode. If you create an overlay tunnel in the local context, you can create its tunnel circuit and bind it to an interface created in any context. If you create an overlay tunnel in any other context (not the local context), you must bind its tunnel circuit to an interface that has been created in the same context as the tunnel. You can configure multiple tunnels, but usually only one tunnel between sites. The remote IP address at one end of the tunnel is the same as the local IP address at the other end of the tunnel and conversely. If the remote IP address is not adjacent to the local IP address, and the remote site cannot be reached with a routing protocol, you must also enter the ip route command in context configuration mode. The local IP address must match the IP address of an interface in the same context in which the ipv6 v4tunnel-peer command is run in context configuration mode.
14-10
If you are creating more than one tunnel, they can use the same local interface as long as the remote interfaces are all different. To use an interface and its public IP address for more than one tunnel, you must specify the loopback keyword with the interface command in context configuration mode when you create the interface for the tunnel. The loopback keyword allows you to reuse the public IP address for more than one tunnel. Note You do not need to specify the remote and local IP addresses when using the ipv6 v4tunnel-peer command to enter tunnel peer configuration mode for the purpose of modifying an already existing tunnel. Use the no form of this command to delete the specified tunnel and any associated parameters that have been specified in tunnel peer configuration mode. The keywords are not available for the no form of this command.
Examples
The following example creates an interface, toDenver, with a public IP address of 172.16.1.1; then it creates an overlay tunnel, DenverTnl, with a remote IP address of 172.16.1.2 and a local IP address of 172.16.1.1:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface toDenver [local]Redback(config-if)#ip address 172.16.1.1/30 [local]Redback(config-if)#exit [local]Redback(config-ctx)#ipv6 v4tunnel-peer DenverTnl local 172.16.1.1 remote 172.16.1.2 [local]Redback(config-tunnel-peer)#
The following example creates two tunnels each using an interface, LocalEnd. Both tunnels use the same local IP address; it is assumed that the remote IP address for Tun2 can be reached with a routing protocol, so that the ip route command in context configuration mode is not needed.
[local]Redback(config)#context local [local]Redback(config-ctx)#interface LocalEnd loopback [local]Redback(config-if)#ip address 172.16.1.1/32 [local]Redback(config-if)#exit [local]Redback(config-ctx)#ipv6 v4tunnel-peer Tunl local 172.16.1.1 remote 172.16.1.2 [local]Redback(config-tunnel-peer)#no shutdown [local]Redback(config-tunnel-peer)#exit [local]Redback(config-ctx)#ipv6 v4tunnel-peer Tun2 local 172.16.1.1 remote 172.20.1.2 [local]Redback(config-tunnel-peer)#no shutdown [local]Redback(config-tunnel-peer)#end
Related Commands
interface ip address ipv6-tunnel
14-11
log-state-changes
log-state-changes no log-state-changes
Purpose
Enables the generation of a TUNNEL-INFO message each time the overlay tunnel changes state (from up to down or down to up).
Command Mode
Syntax Description
Default
The generation of TUNNEL-INFO messages is disabled.
Usage Guidelines
Use the log-state-changes command to enable the generation of a TUNNEL-INFO message each time the tunnel changes state (from up to down or down to up). To display the TUNNEL-INFO messages, enter the show log command (in any mode). Note You cannot disable the generation of TUNNEL-INFO messages with the no terminal monitor command in exec mode. Use the no form of this command to disable the generation of TUNNEL-INFO messages.
Examples
The following example enables the generation of a TUNNEL-INFO message each time the tunnel, DenverTn1, in the local context changes state:
[local]Redback(config)#context local [local]Redback(config-ctx)#ipv6 v4tunnel-peer DenverTn1 [local]Redback(config-tunnel-peer)#log-state-changes
Related Commands
None
14-12
mtu
mtu bytes no mtu
Purpose
Sets the maximum transmission unit (MTU) size for IPv6 packets sent in an overlay tunnel.
Command Mode
Syntax Description
bytes MTU size in bytes. The range of values is 256 to 16,384.
Default
MTU for the interface to which the tunnel circuit is bound.
Usage Guidelines
Use the mtu command to set the MTU size for IPv6 packets sent in an overlay tunnel. If an IP packet exceeds the MTU, the system fragments that packet. An overlay tunnel does not have an MTU size until either one is explicitly configured using the mtu command. If no MTU size is configured, the MTU size is the same as that of interface for the tunnel. If an MTU is explicitly configured, the resulting MTU is calculated. It is the lesser of the configured MTU and the interface MTU. Use the no form of this command to remove the MTU and use the MTU of the interface.
Examples
The following example sets the maximum IP packet size for the DenverTnl to 1024 bytes:
[local]Redback(config-ctx)#ipv6 v4tunnel-peer DenverTnl [local]Redback(config-tunnel-peer)#mtu 1024
Related Commands
None
14-13
shutdown
Purpose
Disables an overlay tunnel or tunnel circuit.
Command Mode
IPv6 tunnel configuration tunnel peer configuration
Syntax Description
Default
All tunnels are disabled; all tunnel circuits are enabled.
Usage Guidelines
Use the shutdown command to disable an overlay tunnel or tunnel circuit. Note You must enable the tunnel on which the tunnel circuit is configured for the tunnel circuit to function. Use the no form of this command to enable an overlay tunnel or tunnel circuit. This command is also described in the following chapters: Chapter 3, ATM, Ethernet, and POS Port Configuration, for ATM OC, ATM DS-3, Ethernet, and Packet over SONET/SDH (POS) ports. Chapter 4, Clear-Channel and Channelized Port and Channel Configuration, for channelized OC-12 and STM-1 ports, DS-3 and E1 channels or ports, E3 ports, DS-1 channels, and DS-0 channel groups. Chapter 6, Circuit Configuration, for cross-connected circuits. Chapter 11, Cross-Connection Configuration, for cross-connected circuits. Chapter 12, GRE Tunnel Configuration, for Generic Routing Encapsulation (GRE) tunnels and tunnel circuits.
For Multicast Source Discovery Protocol (MSDP) peers, see the IP Multicast Configuration chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.
14-14
Examples
The following example enables an overlay tunnel:
[local]Redback(config)#context local [local]Redback(config-ctx)#ipv6 v4tunnel-tunnel DenverTn1 [local]Redback(config-tunnel-peer)#no shutdown
The following example disables an overlay tunnel circuit:

[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#ipv6 v4tunnel-peer DenverTn1 manual local [local]Redback(config-ipv6-tunnel)#shutdown
Related Commands
None
14-15
tunnel map
tunnel map
Purpose
Accesses tunnel map configuration mode in which you create an overlay tunnel circuit.
Command Mode
Syntax Description
Default
None
Usage Guidelines
Use the tunnel map command to enter tunnel map configuration mode, in which you create an overlay tunnel circuit.
Examples
The following example accesses tunnel map configuration mode:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#
Related Commands
ipv6 v4tunnel-peer
14-16
Part 6
Bindings
This part describes the tasks and commands used to bind ports, channels, and circuits to interfaces, and consists of Chapter 15, Bindings Configuration.
Chapter 15
Bindings Configuration
This chapter provides an overview of bindings, describes the tasks used to bind a port, channel, or circuit, provides configuration examples, and provides detailed descriptions of the commands used to configure bindings for ports, channels, and circuits through the SmartEdge OS. Circuits include permanent virtual circuits (PVCs), child circuits, link groups, clientless IP service selection (CLIPS) PVCs, and Generic Routing Encapsulation (GRE) tunnel circuits. Note You do not bind Layer 2 Tunneling Protocol (L2TP) peers or groups. For information about the tasks and commands used to monitor, troubleshoot, and administer bindings, see the Bind Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Other chapters with related commands include: Configuration tasks and commands for subscribers are described in the Subscriber Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Configuration tasks and commands for ports and channels are described in Chapter 3, ATM, Ethernet, and POS Port Configuration, and Chapter 4, Clear-Channel and Channelized Port and Channel Configuration. Configuration tasks and commands for circuits are described in Chapter 6, Circuit Configuration. Configuration tasks and commands for cross-connected circuits, including ATM and 802.1Q PVCs and child circuits, are described in Chapter 11, Cross-Connection Configuration. Configuration tasks and commands for aggregated Ethernet ports, 802.1Q PVCs, DS-1 channels, and E1 channels or ports (link groups) are described in Chapter 9, Link Aggregation Configuration.
This chapter includes the following sections: Overview Configuration Tasks Configuration Examples Command Descriptions
15-1
Overview
Overview
A binding forms the association in the SmartEdge OS between a port, channel, or circuit and the higher-layer interface over which routing protocols are configured for a given context. No subscriber data can flow on a port, channel, or circuit until some higher-layer service is configured and associated with it. After you bind a port, channel, or circuit to an interface, traffic flows through the port, channel, or circuit as it would through any IP router. Bindings are described in the following topics: Types of Bindings Binding Guidelines Binding Summary Tables
Note Throughout this chapter, the term, circuit, refers to Asynchronous Transfer Mode (ATM), Frame Relay, 802.1Q, and CLIPS PVCs, and Point-to-Point Protocol over Ethernet (PPPoE)-encapsulated child circuits on ATM and 802.1Q PVCs. Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.
Types of Bindings
Bindings are either static, to a fixed interface, or dynamic, based on subscriber characteristics as defined in the local database or on a Remote Authentication Dial-In User Service (RADIUS) server. Static binding occurs when you bind the port, channel, or circuit directly to an interface. In this case, the port, channel, or circuit is hard-wired to the higher-layer protocols defined for the interface. This is the simplest form of binding available in the SmartEdge OS, and provides functions similar to those provided by traditional network devices, such as routers. You can create a static binding for any port, channel, or circuit with any encapsulation type. Dynamic binding occurs when you bind a port, channel, or circuit to the higher-layer protocols based on session information. Dynamic binding enables SmartEdge OS advanced features, such as dynamic service and provider selection. Dynamic bindings can be restricted or unrestricted: Unrestricted dynamic binding allows binding to any context; it provides the subscriber with simultaneous access to multiple services that are provided in different contexts on a single circuit. Restricted dynamic binding restricts the subscriber to a specified context; the subscriber has access to only the services provided in that context.
15-2
Overview
Binding Guidelines
Follow these guidelines to determine whether the port, channel, PVC, child circuit, link group, or GRE tunnel circuit is to be bound: Ports You do not bind an ATM port; you bind the PVCs configured on it, as described later. You do not bind a channelized OC-12 or STM-1 port; you bind the channels configured on it, as described later. If an Ethernet port has no 802.1Q PVCs or tunnels, child circuits, or CLIPS static circuits configured on it, or is not a member of a link group, you bind the port; otherwise, you bind the port and each 802.1Q PVC and tunnel, child circuit, and CLIPs PVC, as described later. If an Ethernet port is a member of an Ethernet or 802.1Q PVC link group, you do not bind the port; instead, you bind the link group. If a Packet over a channelized SONET/SDH (POS) port is the working port in an Automatic Protection Switching (APS) group, you bind it only after it has been added to the group; you do not bind the port if it is a protect port. If a POS port has no Frame Relay PVCs configured on it, you bind the port; otherwise you bind the PVCs configured on it. (Only Frame Relay PVCs are supported.) If a clear-channel DS-3 or E3 port has no Frame Relay PVCs configured on it, you bind the DS-3 or E3 port; otherwise, you bind each PVC. You do not bind a channelized DS-3 port; you bind the DS-1 channels or Frame Relay PVCs configured on it. If an E1 port is a member of a Multilink Frame Relay (MFR) bundle, you do not bind the port, instead you bind the Frame Relay PVCs as members of the link group, as described later. If an E1 port has no DS-0 channel groups or Frame Relay PVCs configured on it or is not a member of a link group, you bind the E1 port; otherwise, you bind each DS-0 channel group and PVC, as described later. Channels If a clear-channel DS-3 channel has no Frame Relay PVCs configured on it, you bind the DS-3 channel; otherwise, you bind each PVC. You do not bind a channelized DS-3 channel; you bind the DS-1 channels or Frame Relay PVCs configured on it. If a DS-1 channel has no Frame Relay PVCs configured on it or is not a member of a link group, you bind the DS-1 channel (regardless of whether you have configured DS-0 channels on it); otherwise, you bind each PVC, as described later. If a DS-1 or E1 channel is a member of a Multilink Point-to-Point Protocol (MP) bundle, you do not bind the channel; instead, you bind the link group. If a DS-1 or E1 channel is a member of an MFR bundle, you do not bind the channel, instead you bind the Frame Relay PVCs as members of the link group, as described later.
15-3
Overview
If an E1 channel has no DS-0 channel groups or Frame Relay PVCs configured on it or is not a member of a link group, you bind the E1 channel; otherwise, you bind each DS-0 channel group and PVC, as described later. If a DS-0 channel group has no Frame Relay PVCs configured on it, you bind the DS-0 channel group; otherwise, you bind each PVC, as described later. GRE tunnels and tunnel circuits You do not bind a GRE tunnel; instead, you associate it with its local interface when you specify the IP address of the interface in the gre-peer command in context configuration mode. You bind every GRE tunnel circuit. Overlay tunnels and tunnel circuits You don not bind an overlay tunnel; instead, you associate it with its local interface when you specify the IP address of the interface in the ipv6 v4tunnel-peer command in context configuration mode. You bind every overlay tunnel circuit. L2TP tunnelsYou do not bind L2TP tunnels. Link groups If the link group is an Ethernet or 802.1Q PVC link group, you bind the link group. This effectively binds the constituent Ethernet ports that are members of the link group. If the link group is an MP bundle, you bind the link group. This effectively binds the constituent DS-1 channels, or E1 channels or ports, that are members of the MP bundle. If the link group is an MFR bundle, you do not bind it; instead, you bind the aggregated Frame Relay PVCs that are members of the link group. This effectively binds the constituent DS-1 channels or E1 channels or ports that are members of the link group. You bind each aggregated Frame Relay PVC that is a member of an MFR bundle. You bind each aggregated 802.1Q PVC that is a member of an 802.1Q PVC link group. 802.1Q PVCs and tunnels, ATM PVCs, Frame Relay PVCs, child circuits, and CLIPS PVCs You can bind the untagged traffic on an Ethernet port; otherwise it is dropped. You bind each 802.1Q tunnel. If an 802.1Q PVC has no CLIPS PVCs or child circuits configured on it, is not cross-connected, or is not a member of a link group, you bind the PVC; otherwise, you bind the CLIPS PVCs, bind or cross-connect its child circuits, cross-connect it, or as a member of a link group, you bind the link group, as described earlier. An 802.1Q PVC within an 802.1Q tunnel is bound according to the same criteria as an 802.1Q PVC that is not within an 802.1Q tunnel. If an ATM PVC is not cross-connected, you bind the PVC. If a Frame Relay PVC is not a member of an MFR bundle, you bind the PVC.
15-4
Overview
You bind any child circuit that is not cross-connected; cross-connected circuits are effectively bound by the cross-connection. You bind any static CLIPS PVC; dynamic CLIPS PVCs are effectively bound by the service command in port configuration mode.
Binding Summary Tables

The following tables list binding options for each type of port, channel, and circuit: Bindings for POS Ports with and Without Frame Relay PVCs Bindings for PDH Channels and Ports with and Without Frame Relay PVCs Bindings for Ethernet Ports and 802.1Q PVCs Bindings for ATM PVCs Bindings for CLIPS PVCs Bindings for Child Circuits
Note The following types of ports and channels are not bound; the channels and circuits configured on them are bound instead: ATM OC and ATM DS-3 ports Channelized OC-12 and channelized STM-1 ports Channelized DS-3 channels and ports Channelized E1 channels and ports
Bindings for POS Ports with and Without Frame Relay PVCs
Table 15-1 lists the binding options for POS ports on OC-3c/STM-1c, OC-12c/STM-4c, and OC-48c/STM-16c cards. Note POS ports configured with Frame Relay encapsulation are not bound; the Frame Relay PVCs are bound instead. Entering the bind command in port configuration mode displays an error message. Table 15-1 Binding Options for POS Ports with and Without Frame Relay PVCs
Port Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber PPP No Yes No No Cisco HDLC No Yes No No Frame Relay No No No No PVC Encapsulation Frame Relay No Yes No No
Note A POS port in an APS group is bound only if it is a working port; you do not bind the protect port.
15-5
Overview
Bindings for PDH Channels and Ports with and Without Frame Relay PVCs
Table 15-2 lists the binding options for the following types of channels and ports: Clear-channel DS-3 channels on channelized OC-12 ports Clear-channel E1 channels on channelized STM-1 ports Clear-channel DS-3 or E3 ports DS-1 channels on channelized DS-3 channels or ports DS-0 channel groups on DS-1 channels or channelized E1 channels or ports
Table 15-2 Binding Options for Channels and Ports with and Without Frame Relay PVCs
Channel or Port Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber PPP No Yes No No Cisco HDLC No Yes No No Frame Relay No No No No PVC Encapsulation Frame Relay No Yes No No
Note Channels and ports configured with Frame Relay encapsulation are not bound; the Frame Relay PVCs are bound instead. Entering the bind command for the channel or port in the appropriate configuration mode displays an error message.
Bindings for Ethernet Ports and 802.1Q PVCs

Table 15-3 lists the binding options for Ethernet ports. Table 15-3 Binding Options for Ethernet Ports
Port Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber IPoE No Yes No No PPPoE Yes No No No 802.1Q (dot1q) No Yes No No
15-6
Overview
Table 15-4 lists the binding options for static and on-demand 802.1Q PVCs. Table 15-4 Binding Options for Static and On-Demand 802.1Q PVCs
802.1Q PVC Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber Type of PVC Static or on-demand Static only Static or on-demand On-demand only IPoE No Yes Yes No Multi No Yes Yes No PPPoE Yes No No No
Note When an 802.1Q PVC is configured with multi encapsulation, the parent circuit is encapsulated with IP over Ethernet (IPoE) encapsulation. Table 15-9 on page 15-9 lists binding options for the child circuits.
Bindings for ATM PVCs

Table 15-5 lists the binding options for static and on-demand ATM PVCs configured on ATM OC or ATM DS-3 ports. Table 15-5 Binding Options for Static and On-Demand ATM PVCs
Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber Type of ATM PVC Static or on-demand Static only See Note Static or on-demand Bridge1483 No Yes Yes Yes Multi No Yes Yes Yes Route1483 No Yes Yes Yes Raw No No No No PPP Yes No Yes Yes PPPoE Yes No No No
Note You can use the bind subscriber command in ATM PVC configuration mode for a single on-demand ATM PVC if you have configured the PVC with the aaa keyword to use the Remote Authentication Dial-In User Service (RADIUS) to supply the binding, or for a single static ATM PVC. The following guidelines apply to the encapsulations in Table 15-5: The parent circuit with multi encapsulation carries IPoE traffic. Table 15-9 lists binding options for the child circuits. ATM PVCs configured with raw mode encapsulation are not bound, but are cross-connected instead.
The following guidelines apply to the subscriber and auto-subscriber commands in Table 15-5: Subscriber binding is available only for ATM PVCs created with the atm pvc command in ATM OC or ATM DS-3 configuration mode. Auto-subscriber binding is available only for ATM PVCs created with the atm pvc explicit or atm pvc on-demand command in ATM OC or ATM DS-3 configuration mode.
15-7
Overview
Bindings for CLIPS PVCs

The following guidelines apply to binding CLIPS PVCs: You do not bind dynamic CLIPS PVCs, only the Ethernet port, ATM PVC, or 802.1Q PVC on which they are configured. CLIPS PVCs, either dynamic or static, are not supported on on-demand ATM or 802.1Q PVCs.
Table 15-6 lists the binding options for Ethernet ports with static CLIPS PVCs configured on them. Table 15-6 Binding Options for Static CLIPs PVCs on Ethernet Ports
Port Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber IPoE No Yes No No PPPoE Yes No No No 802.1Q (dot1q) No Yes No No Static CLIPS PVC Encapsulation IPoE No No Yes Yes
Table 15-7 lists the binding options for static 802.1Q PVCs with static CLIPS PVCs configured on them. Table 15-7 Binding Options for Static CLIPS PVCs on Static 802.1Q PVCs
802.1Q PVC Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber IPoE No Yes Yes No Multi No Yes Yes No PPPoE Yes No No No Static CLIPS PVC Encapsulation IPoE No No Yes Yes
Table 15-8 lists the binding options for static ATM PVCs with static CLIPS PVCs configured on them. Table 15-8 Binding Options for Static ATM PVCs with Static CLIPS PVCs
ATM PVC Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber Bridge1483 No Yes Yes Yes Static CLIPS PVC Encapsulation IPoE No No Yes Yes
The following guidelines apply to the subscriber and auto-subscriber commands in Table 15-8: Subscriber binding is available only for static ATM PVCs created with the atm pvc command in ATM OC or ATM DS-3 configuration mode.
15-8
Configuration Tasks
Auto-subscriber binding is available only for static ATM PVCs created with the atm pvc explicit command in ATM OC or ATM DS-3 configuration mode.
Bindings for Child Circuits

Table 15-9 lists the binding options for the child circuits on ATM PVCs and 802.1Q PVCs with multi encapsulation. Table 15-9 Binding Options for Child Circuits
Encapsulation Type of Binding Dynamic Static Bind Command authentication interface subscriber auto-subscriber IPv6oE No No No No PPPoE Yes No No No
Note Child circuits configured with IP Version 6 over Ethernet (IPv6oE) encapsulation are not bound, but are cross-connected instead.
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure a binding, perform the tasks described in one of the following sections: Create a Static Binding Create a Dynamic Binding
Create a Static Binding

To create a static binding, perform one of the task options described in Table 15-10. Table 15-10 Create a Static Binding
Create a static binding with one of the following tasks: Statically bind a port, channel, or circuit to a previously created interface in the specified context. Statically bind a circuit to an interface using the IP address in a subscriber record. bind interface Enter this command in ATM PVC, dot1q PVC, DS-0, DS-1, DS-3, E1, Frame Relay PVC, GRE tunnel, IPv6 tunnel, link group, link PVC, or port configuration mode. Enter this command in ATM PVC, CLIPS PVC, or dot1q PVC configuration mode.
bind subscriber
15-9
Table 15-10 Create a Static Binding (continued)

Task Statically bind multiple circuits to an interface and automatically generate subscriber names and optional passwords. Root Command bind auto-subscriber Notes Enter this command in ATM or CLIPS PVC configuration mode.
Create a Dynamic Binding

To create a dynamic binding, perform one of the task options described in Table 15-11; enter this command in ATM PVC, dot1q PVC, port, ATM child protocol, or dot1q child protocol configuration mode. Table 15-11 Create a Dynamic Binding
Create a dynamic binding with one of the following tasks: Dynamically bind a port or circuit through a subscriber record or remotely through a RADIUS record without restrictions. Dynamically bind a circuit to an interface using the IP address in a subscriber record and restrict the binding to a specific context. bind authentication . You must specify the context to restrict the binding. bind authentication
This section includes examples for the following types of bindings: Static Binding for a Single Circuit to an Interface Static Binding for Multiple Circuits Restricted Dynamic Binding for a Circuit
Static Binding for a Single Circuit to an Interface

The following example creates a static binding between the Ethernet management port and an interface configured in the local context:
[local]Redback#configure [local]Redback(config)#context local [local]Redback(config-ctx)#interface mgmt [local]Redback(config-if)#ip address 1.2.3.4/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#exit [local]Redback(config)#port ethernet 7/1 [local]Redback(config-port)#bind interface mgmt local
15-10
Static Binding for Multiple Circuits

The following example creates 10 ATM PVCs with a virtual path identifier (VPI) value of 100, and virtual circuit identifier (VCI) values ranging from 100 to 109, then uses the bind auto-subscriber command to statically bind each PVC to an automatically generated subscriber record beginning with the string DSL:
[local]Redback(config)#port atm 3/1 [local]Redback(config-port)#atm pvc explicit 100:100 through 100:109 profile encapsulation route1483 [local]Redback(config-pvc)#bind auto-subscriber DSL local
Restricted Dynamic Binding for a Circuit

In the following example, the subscriber sessions on the PPP-encapsulated ATM PVC are limited to the isp.net context:
[local]Redback(config)#port atm 3/1 [local]Redback(config-port)#atm pvc 100 101 profile ubr encapsulation ppp [local]Redback(config-pvc)#bind authentication pap context isp.net
This section describes the syntax and usage guidelines for the commands used to configure bindings for ports, channels, and circuits. The commands are presented in alphabetical order. bind authentication bind auto-subscriber bind interface bind subscriber
15-11
bind authentication
bind authentication {pap | pap chap | chap | chap pap} [maximum max-ses] [context ctx-name | service-policy svc-policy-name] no bind
Purpose
Creates a dynamic binding between a Point-to-Point Protocol (PPP)-encapsulated Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC), or a PPP over Ethernet (PPPoE)-encapsulated Ethernet port, 802.1Q PVC, ATM PVC, or child circuit on an ATM or 802.1Q PVC with PPPoE encapsulation, and an interface, using the specified PPP authentication protocol.
Command Mode
ATM child protocol configuration ATM PVC configuration dot1q child protocol configuration dot1q PVC configuration port configuration
Syntax Description
pap pap chap chap chap pap maximum max-ses Specifies that the PPP authentication protocol to be used is Password Authentication Protocol (PAP). Specifies that either PAP or Challenge Handshake Authentication Protocol (CHAP) can be used, with PAP negotiated first. Specifies that the PPP authentication protocol to be used is CHAP. Specifies that either CHAP or PAP can be used, with CHAP negotiated first. Optional. Maximum number of concurrent sessions allowed on a circuit or port. The range of values is 1 to 8,000. This construct applies only to circuits and ports using PPPoE. Optional. Name of the context to which PPP or PPPoE sessions on the circuit or port being bound are restricted.
context ctx-name
service-policy svc-policy-name Optional. Name of the service access control list (ACL) that defines the services available to the PPP-encapsulated circuit or port.
Default
None
15-12
Usage Guidelines
Use the bind authentication command to create a dynamic binding between a PPP-encapsulated ATM PVC, or a PPPoE-encapsulated Ethernet port, 802.1Q PVC, ATM PVC, or child circuit on an ATM or 802.1Q PVC, and an interface, using the specified PPP authentication protocol. This command is available only for a port, ATM PVC, 802.1Q PVC, or child circuit that has been previously configured with PPPoE or one of the PPP encapsulation types. The ATM or 802.1Q PVC can be a static or on-demand circuit. Note You do not bind dynamic clientless IP service selection (CLIPS) PVCs; they are effectively bound by the service clips command (in port configuration mode). The string configured with the password command (in port configuration mode) must match the password string sent by the remote PPP subscriber to the SmartEdge router. Use the chap keyword to provide authentication without sending clear text passwords over the network. In the case of CHAP, the passwords referred to are actually shared secret keys used by the various systems to compute and verify cryptographic checksums in response to their peers challenge. To the command-line interface (CLI), however, these values are run identically to the way PAP passwords are typed. The password command is used in all cases. The pap chap construct specifies that PAP is negotiated first, with CHAP as a secondary choice. This configuration contradicts RFC 1334, PPP Authentication Protocols, but can potentially cause reduced security because CHAP-only clients use an encrypted exchange for authorization, but passwords are sent unencrypted with PAP. If a client is configured to accept both PAP and CHAP, only PAP is negotiated because with this bind configuration, PAP is offered first. You cannot bring up a PPP link until the subscriber name and password negotiations have been completed and authorization has been granted. If you are using the CHAP, PAP, or both authentication protocols, the response from the RADIUS server (in attribute 18) is forwarded to the PPP client with the reason for the acceptance or rejection of the subscriber. The optional maximum max-ses construct is relevant only to circuits and ports with PPPoE encapsulation. If you specify restricted dynamic binding (with the context ctx-name construct), the subscriber is authenticated based on the authentication, authorization, and accounting (AAA) configuration defined within that context. For information about configuring AAA features, see the AAA Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Note If authentication is being done remotely using Remote Authentication Dial-In User Service (RADIUS), the local subscriber record is replaced by the corresponding subscriber record in the RADIUS database. For further information about RADIUS, see the RADIUS Configuration chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. Note When using global authentication, the Context-Name attribute returned by RADIUS must be identical to the context specified on the bind authentication command line; otherwise, the binding fails. If you specify the optional service-policy svc-policy-name construct, all attempts to authenticate to contexts or domains not permitted by the named service policy fail.
15-13
If you modify a subscriber record for a subscriber that is already bound, you must use the clear subscriber command in exec mode for the changes to take effect. The subscriber session is ended and restarted with the new parameters. This is true regardless of whether subscriber records are configured locally or in RADIUS. Note The IP address configured for a subscriber, either in a local subscriber record or that obtained from a RADIUS server, must fall within the range (address and network mask) of an interface that is defined within the context and to which that subscriber is to be bound. Otherwise, the bind fails and the PPP-encapsulated circuit does not come up. Note The system hostname is used by the SmartEdge OS as the subscriber name string for all outbound PPP authentication. Use the no form of this command to remove the binding. Note If you enter a new bind authentication command for a child circuit created on an ATM PVC, the existing binding is not removed and no error message displays. To replace the existing binding, you must enter the no form of this command, and then enter the bind authentication command with the new keywords and arguments. If you enter a new bind authentication command for a port, channel, ATM PVC, or 802.1Q PVC, the existing binding is removed and any active sessions are dropped. If an existing binding is exactly the same as that specified in the new bind authentication command, the existing binding is not removed.
Examples
The following example sets the encapsulation to PPP on an ATM PVC on an ATM OC port, and then binds the PVC using CHAP or PAP, with CHAP offered first:
[local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#atm pvc 100 4 profile oam encapsulation ppp [local]Redback(config-atm-pvc)#bind authentication chap pap
Related Commands
None
15-14
In ATM PVC or dot1q PVC configuration mode, the command syntax is: bind auto-subscriber prefix1 ctx-name [password prefix2] no bind In CLIPS PVC configuration mode, the command syntax is: bind auto-subscriber prefix1 ctx-name [password password] no bind
Purpose
Automatically generates a bind subscriber command with a unique subscriber name for each Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) in a range of static or on-demand PVCs, for each 802.1Q PVC in a range of on-demand PVCs, or for each clientless IP service selection (CLIPS) static circuit in a range of CLIPS static circuits.
Command Mode
ATM PVC configuration CLIPS PVC configuration dot1q PVC configuration
Syntax Description
prefix1 ctx-name password prefix2 password password Leading text string for each subscriber name. Name of the context to locate the subscriber information. Optional. Leading text string for each subscriber password on an ATM PVC. Optional. Password for each subscriber on a CLIPS PVC.
Default
None
Usage Guidelines
Use the bind auto-subscriber command to automatically generate bind subscriber commands with unique subscriber names and optional passwords for each static or on-demand ATM PVC, on-demand 802.1Q PVC, or CLIPS static circuit in the range. For ATM PVCs, you use this command in conjunction with the atm pvc explicit or atm pvc on-demand form of the atm pvc command in ATM OC or ATM DS-3 configuration mode to create a range of PVCs. This command is not available if the ATM PVCs are encapsulated using the raw or pppoe keywords. The generated subscriber names and passwords are of the following forms: subscriber name: prefix1vpi.vci@ctx-name password: prefix2vpi.vci
15-15
Note The virtual path identifier (VPI) and virtual circuit identifier (VCI) are not assigned to an on-demand ATM PVC until the PVC is made active. For 802.1Q PVCs, you use this command in conjunction with the dot1q pvc on-demand form of the dot1q pvc command in port configuration mode; it is not available for a range of static 802.1Q PVCs. The generated subscriber names and passwords are of the following formats: subscriber name: prefix1vlan-id@ctx-name password: prefix2vlan-id
Note The virtual LAN (VLAN) tag value is not assigned to an on-demand 802.1Q PVC until the PVC is made active. Note The @ separator character in the ATM and 802.1Q formats is not configurable. For CLIPS static circuits, you use this command in conjunction with the clips pvc command in port, dot1q PVC, or ATM PVC configuration mode. The generated subscriber names are of the following forms for the CLIPS static circuits: subscriber name: prefix1sess-num@ctx-name password: password
In this case, the same password is assigned to each subscriber. Note The IP address configured for a subscriber, either in a local subscriber record or that obtained from a Remote Authentication Dial-In User Service (RADIUS) server, must fall within the range (address and network mask) of an interface that is defined within the context and to which that subscriber is to be bound. Otherwise, the bind fails and the PPP-encapsulated circuit does not come up. Note If you enter a new bind command for an ATM or CLIPS static PVC, the previous binding is removed and any active sessions are dropped. If an existing binding on the ATM or CLIPS static PVC is exactly the same as that specified in the new bind command, the existing binding is not removed. Use the no form of this command to remove the automatically generated subscriber bindings.
Examples
The following example creates 10 ATM PVCs with a virtual path identifier (VPI) value of 100, and virtual channel identifier (VCI) values ranging from 100 to 109, then uses the bind auto-subscriber command to bind each PVC to an automatically generated subscriber name beginning with the string DSL:
[local]Redback(config)#port atm 3/1 [local]Redback(config-port)#atm pvc explicit 100:100 through 109 profile encapsulation route1483 [local]Redback(config-pvc)#bind auto-subscriber DSL local
15-16
The following example creates 10 CLIPS static circuits with session numbers ranging from 1 to 10 on Ethernet port 1, then uses the bind auto-subscriber command to bind each CLIPS static circuit to an automatically generated subscriber name beginning with the string 10-1-1-:
[local]Redback(config)#port ether 4/1 [local]Redback(config)#service clips [local]Redback(config-port)#clips pvc 1 through 10 [local]Redback(config-clips-pvc)#bind auto-subscriber 10-1-1- local
Related Commands
atm pvc bind subscriber clips pvc
15-17
bind interface
bind interface if-name ctx-name no bind
Purpose
Statically binds a port, channel, permanent virtual circuit (PVC), 802.1Q tunnel, link group, Generic Routing Encapsulation (GRE) tunnel circuit, or overlay tunnel circuit, to a previously created interface in the specified context.
Command Mode
ATM PVC configuration dot1q PVC configuration DS-0 group configuration DS-1 configuration DS-3 configuration E1 configuration E3 configuration Frame Relay PVC configuration GRE tunnel configuration IPv6 tunnel configuration link group configuration link PVC configuration port configuration
Syntax Description
if-name ctx-name Name of a previously created interface. Name of the context in which the specified interface exists.
Default
No ports, channels, PVCs, link groups, GRE tunnel circuits, or overlay tunnel circuits are bound.
Usage Guidelines
Use the bind interface command to statically bind a port, channel, PVC, 802.1Q tunnel, link group, GRE tunnel circuit, or overlay tunnel circuit to a previously created interface in the specified context. No data can flow through a port, channel, PVC, 802.1Q tunnel, child circuit, link group, or tunnel circuit until it is bound to an interface. Note This command is not available for on-demand ATM or 802.1Q PVCs. Both the interface and the specified context must exist before you enter the bind interface command. If either is missing, an error message displays.
15-18
To bind multiple circuits to a single interface, the specified interface must have been created using the interface command with the multibind keyword specified. To display the state of the bindings for the interfaces in a context, enter the show ip interface command in any mode. Use the no form of this command to remove the binding. You must remove any existing binding before you can create a new binding for the port, channel, PVC, link group or GRE tunnel circuit.
Examples
The following example binds a POS port to the interface, SoHo1, in the local context:
[local]Redback(config)#port pos 3/1 [local]Redback(config-port)#bind interface SoHo1 local
The following example binds a GRE tunnel circuit to the existing interface, toHartford, in the existing context, vpnA:
[local]Redback(config)#tunnel map [local]Redback(config-tunnel-map)#gre-tunnel HartfordTn1 local key 1 [local]Redback(config-gre-tunnel)#bind interface toHartford vpnA
Related Commands
None
15-19
bind subscriber
bind subscriber sub-name@ctx-name [password password] no bind subscriber sub-name@ctx-name [password password]
Purpose
Statically binds a single static or on-demand Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC), a single static or on-demand 802.1Q PVC, or a single clientless IP service selection (CLIPS) static circuit indirectly to an interface by using the IP address within the local or Remote Authentication Dial-In User Service (RADIUS) subscriber record for the specified subscriber.
Command Mode
ATM PVC configuration dot1q PVC configuration CLIPS PVC configuration
Syntax Description
sub-name@ctx-name Subscriber name and context name that define the subscriber record to be used. The combination of subscriber name and context name can be up to 253 characters, including the separator character. Optional. Password string to be associated with the subscriber name. Required if the associated subscriber record or RADIUS record requires a password.
password password
Default
None
Usage Guidelines
Use the bind subscriber command to statically bind a single static or on-demand ATM PVC, a single static or on-demand 802.1Q PVC, or a single CLIPS static circuit indirectly to an interface by using the IP address within the local or RADIUS subscriber record for the specified subscriber. This command is not available for a single on-demand ATM PVC unless you have configured the PVC with the aaa keyword to use RADIUS to supply the binding. It is not available for ATM PVCs encapsulated using the raw or pppoe keywords or for 802.1Q PVCs encapsulated using the pppoe keyword. The subscriber password string, if supplied, is not encrypted in the configuration file. A password with embedded spaces can be entered by enclosing the entire password in double quotes; for example, This is a password. You can configure a custom structured format for the sub-name@ctx-name construct; see the AAA Configuration chapter in IP Services and Security Configuration Guide for the SmartEdge OS.
15-20
Note If you enter a new bind command for a port, circuit, or channel, the previous binding is removed and any active sessions are dropped. If an existing binding on the port, circuit, or channel is exactly the same as specified in the new bind command, the existing binding is not removed. Use the no form of this command to remove the binding.
Examples
The following example sets the encapsulation on an ATM PVC to PPP on an ATM OC port, and then binds the PVC using the subscriber record, george, in the local context:
[local]Redback(config)#port atm 4/1 [local]Redback(config-atm-oc)#atm pvc 100 110 profile ubr1 encapsulation ppp [local]Redback(config-atm-pvc)#bind subscriber george@local
The following example creates a single static circuit on an Ethernet port and then binds the circuit using the subscriber record, greg, in the local context:
[local]Redback(config)#port ether 5/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 100 [local]Redback(config-clips-pvc)#bind subscriber greg@local
Related Commands
15-21
15-22
Part 7
Hardware Management
This part provides an overview of hardware management features, describes the tasks and commands used to configure these features, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. This part consists of Chapter 16, Hardware Management Configuration.
Chapter 16
Hardware Management Configuration
This chapter provides an overview of hardware management features, describes the tasks used to configure these features, provides configuration examples, and detailed descriptions of the commands used to configure them through the SmartEdge OS. For information about the tasks and commands used to monitor, troubleshoot, and administer general system-wide management features, see the System-Wide Management Configuration chapter in the Basic System Configuration Guide for the SmartEdge OS. Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted. The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis. This chapter includes the following sections: Overview Configuration Tasks Command Descriptions
Overview
Typically, the SmartEdge OS show and debug commands are used to provide information to verify correct system operation and to troubleshoot feature-specific problems. Those commands are described in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. The configuration tasks and commands described in this chapter allow you to perform other types of general system-wide monitoring and testing tasks, such as enabling power-on diagnostics and alarms.
16-1
Configuration Tasks
Configuration Tasks
Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the Command Descriptions section. To configure system-wide management features, perform the tasks described in Table 16-1; enter all commands in global configuration mode. Table 16-1 Configure System-Wide Management Features
Task Enable power-on diagnostics. Enable the alarm for the air filter in a SmartEdge chassis. Root Command diag pod system alarm Notes This is the default condition.
This section describes the syntax and usage guidelines for the commands used to configure system-wide management features. The commands are presented in alphabetical order.
diag pod
system alarm
16-2
diag pod
diag pod no diag pod default diag pod
Purpose
Enables power-on diagnostics (POD).
Command Mode
Syntax Description
Default
POD tests are enabled.
Usage Guidelines
Use the diag pod command to enable power-on diagnostics. Enabling POD takes effect during the next system reload. Note To run on-demand diagnostics (ODD), enter the diag on-demand command in exec mode. For information and commands for ODD, see the Hardware Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. The POD tests verify the correct operation of the controller cards, the backplane, fan and alarm unit (referred to as the fantray in command syntax) in the SmartEdge 800 chassis, the alarm card in the SmartEdge 400 chassis, and each installed traffic card during a power-on or reload sequence of the SmartEdge router. The tests also run when a controller or traffic card is installed in a running system. The maximum test time is 130 seconds: 60 seconds for a controller card, 10 seconds for the backplane and fan and alarm unit, or alarm card, and 5 seconds for each installed traffic card. If the system has two controller cards, the controller tests run in parallel. During the test duration, the POD tests display results and status; if an error occurs during the testing of a card, the test lights the FAIL LED on the failing card, but does not stop the loading of the OS. A failure on the backplane, alarm card, or fan and alarm unit causes the FAN (or FAIL) LED on the fan and alarm unit or alarm card to light. To display the results of POD tests, enter the show diag command in any mode. For more information about this command, see the Hardware Operations chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS. Use the no form of this command to disable POD tests. Disabling POD tests takes effect during the next system reload. Use the default form to enable power-on diagnostic tests.
16-3
Examples
The following example enables POD tests:
[local]Redback(config)#diag pod
The following example disables the POD tests:

[local]Redback(config)#no diag pod
Related Commands
None
16-4
system alarm
system alarm {air-filter months | redundancy suppress} no system alarm {air-filter months | redundancy suppress}
Purpose
Enables the alarm for the air filter or suppresses redundancy alarms for the SmartEdge 400 or SmartEdge 800 chassis.
Command Mode
Syntax Description
air-filter months redundancy suppress Number of months in the service interval. The range of values is 1 to 12; the default value is 6. Disables the alarms related to redundant controller cards.
Default
The alarm for the air filter is disabled and all alarms are enabled.
Usage Guidelines
Use the system alarm command to enable the alarm for the air filter or suppress redundancy alarms for a SmartEdge 400 or SmartEdge 800 chassis. The air filter alarm is generated at the end of the service interval based on the service date stored in the EEPROM of the fan tray unit. Use the air-filter months construct to update the EEPROM with the service interval. To display the current service date, enter the show hardware fantray detail command in any mode. To update the current service date after the air filter or fan tray unit has been replaced, enter the service air-filter command in exec mode. Use the redundancy suppress construct to suppress alarms related to redundant controller cards for SmartEdge routers that are configured with a single controller card. The following bulleted list displays the suppressed alarms. Backup fail: peer dead Controller missing Controller manual switch requested Controller auto switch completed Controller forced switch requested Controller switch completed Controller exerciser switch failed
16-5
Controller switch failed Peer inventory fail Peer shared format mismatch Peer controller card type incompatible Peer SONET/SDH mode incompatible
Use the no form of this command to disable alarms for the air filter. Additionally, you can use the no form of this command to enable alarms for redundant controller cards.
Examples
The following example enables the air filter alarm and specifies a three-month service interval:
[local]Redback(config)#system alarm air-filter 3
Related Commands
None
16-6
Part 8
Appendixes
This part lists the standard Layer 2 Tunneling Protocol (L2TP) attribute-value pairs (AVPs) supported by the SmartEdge OS, in order by AVP number.
DraftNovember 16 2005
Appendix A
L2TP Attribute-Value Pairs
Table A-1 lists the standard Layer 2 Tunneling Protocol (L2TP) attribute-value pairs (AVPs) supported by the SmartEdge OS, in order by AVP number. Table A-1
Num 0
Standard L2TP AVPs Supported by the SmartEdge OS

Mandatory Yes (see Notes) May be Hidden Yes Message Types Used In All Notes 2-octet unsigned integer. Must be the first AVP in a message. When Mandatory (M)-bit=1, tunnel must be cleared if message type is unknown to the implementation. If M-bit=0, unknown message type can be ignored. 2-octet unsigned integer plus an optional error code and optional error message. 1-octet unsigned integer for the version and 1-octet unsigned integer for the revision. 32-bit mask with 2 bits defined. The A-bit indicates whether asynchronous framing is supported. The S-bit indicates whether synchronous framing is supported. 32-bit mask with 2 bits defined. The A-bit indicates whether analog access is supported. The D-bit indicates whether digital access is supported. 8-octet value used to select a single tunnel when both LAC and LNS simultaneously request a tunnel. Lower value equals higher priority. 2-octet unsigned integer encoded in a vendor-specific format. String. Arbitrary number of octets, with a minimum length of 1 octet. Vendor-specific string. 2-octet, nonzero unsigned integer.
AVP Name Message Type
1 2 3
Result Code Protocol Version Framing Capabilities
Yes Yes Yes
No No Yes
CDN StopCCN SCCRP SCCRQ SCCRP SCCRQ
Bearer Capabilities
Yes
Yes
SCCRP SCCRQ SCCRQ
Tie Breaker
No
No
6 7 8 9
Firmware Revision Host Name Vendor Name Assigned Tunnel ID
No Yes No Yes
Yes No Yes Yes
SCCRP SCCRQ SCCRP SCCRQ SCCRP SCCRQ SCCRP SCCRQ StopCCN SCCRP SCCRQ SCCRP SCCRQ
10 11
Receive Window Size Challenge
Yes Yes
No Yes
2-octet unsigned integer. 1 or more octets of random data.
A-1
Table A-1
Num 12
Standard L2TP AVPs Supported by the SmartEdge OS (continued)

Mandatory Yes May be Hidden No Message Types Used In CDN Notes Returned Q.931 cause code and returned Q.931 message code in their native ITU encodings. Optional ASCII text advisory message can also be included. 16-octet value. 2-octet, non-zero unsigned integer.
AVP Name Q.931 Cause Code
13 14
Challenge Response Assigned Session ID
Yes Yes
Yes Yes
SCCCN SCCRP CDN ICRP ICRQ OCRP OCRQ ICRQ OCRQ OCRQ OCRQ ICRQ OCRQ
15 16 17 18
Call Serial Number Minimum BPS Maximum BPS Bearer Type
Yes Yes Yes Yes
Yes Yes Yes Yes
32-bit value. 32-bit value indicating minimum speed in bits per second. 32-bit value indicating maximum speed in bits per second. 32-bit mask with 2 bits defined. The A-bit indicates if the call refers to an analog channel. The D-bit indicates if the call refers to a digital channel. Both bits can be set. For ICRQ messages, it is also valid to set neither. 32-bit mask with 2 bits defined. The A-bit indicates asynchronous framing. The S-bit indicates synchronous framing. ASCII string. ASCII string. ASCII string. 4-octet value indicating the speed in bits per second. Used to inform the LNS of rate-limited speed, as required by carriers supporting PPPoE, PPPoA, and PPPoEoA. 4-octet value for logging purposes only. Sent to RADIUS from the LNS side. Encodes the vendor specific physical channel number used for a call. Arbitrary number of octets. A copy of the body of the initial CONFREQ received, starting at the first option within the body of the LCP message. Arbitrary number of octets. A copy of the body of the final CONFREQ sent to the client to complete LCP negotiation, starting at the first option within the body of the LCP message. Arbitrary number of octets. A copy of the body of the final CONFREQ received from the client to complete LCP negotiation, starting at the first option within the body of the LCP message. 2-octet unsigned integer.
19
Framing Type
Yes
Yes
ICCN OCCN OCRQ ICRQ OCRQ ICRQ ICRQ OCRQ ICCN OCCN
21 22 23 24
Called Number Calling Number Sub-Address Tx Connect Speed
Yes Yes Yes Yes
Yes Yes Yes Yes
25
Physical Channel ID
No
Yes
ICRQ OCRP ICCN
26
Initial Received LCP CONFREQ Last Sent LCP CONFREQ
No
Yes
27
No
Yes
ICCN
28
Last Received LCP CONFREQ
No
Yes
ICCN
29
Proxy Authen Type
No
Yes
ICCN
A-2
Table A-1
Num 30 31 32 33 34
Standard L2TP AVPs Supported by the SmartEdge OS (continued)

Mandatory No No No No Yes May be Hidden Yes Yes Yes Yes Yes Message Types Used In ICCN ICCN ICCN ICCN WEN Notes String. Arbitrary number of octets. String. 1 or more octets. 2-octet unsigned integer. String. Arbitrary number of octets. Includes the following fields: Reserved, CRC Errors, Framing Errors, Hardware Overruns, Buffer Overruns, Time-out Errors, and Alignment Errors. Send and Receive ACCM are each 4-octet values preceded by a 2-octet reserved quantity. String of arbitrary length. Must precede the first AVP with the Hidden (H) bit set. More than one can be used per message. Hidden AVP uses the Random Vector AVP most closely preceding it. Arbitrary number of octets. 4-octet value indicating the speed in bits per second. This AVP has no value field. Indicates that sequence numbers must be present on the data channel. The Redback implementation of L2TP prefers not to require sequencing. Therefore, if the SmartEdge router is functioning as a LAC, it never requests this attribute. However, if the LNS uses it, the LAC honors it. If the SmartEdge router is functioning as an LNS, it honors a LACs request for this attribute, but never volunteers it. 2-octet value in network byte order and a string of arbitrary length.
AVP Name Proxy Authen Name Proxy Authen Challenge Proxy Authen ID Proxy Authen Response Call Errors
35 36
ACCM Random Vector
Yes Yes
Yes No
SLI All
37 38 39
Private Group Rx Connect Speed Sequencing Required
No No Yes
Yes Yes No
ICCN ICCN OCCN ICCN OCCN
46
PPP Disconnect Cause
No
Yes
CDN
Redback vendor-specific AVPs are embedded according to the procedure recommended in RFC 2661, Layer 2 Tunneling Protocol L2TP. Table A-2 lists the Redback vendor-specific L2TP AVPs supported by the SmartEdge OS, in order by AVP number. Table A-2
Num 1 2
Redback Vendor-Specific L2TP AVPs Supported by the SmartEdge OS

Mandatory No No May be Hidden No No Message Types Used In L2TP-HURL L2TP-HURL Notes String containing the URL from the pppoe url command in the subscriber record. String containing the MOTM defined on the LNS side of the tunnel.
AVP Name Rbak HURL Rbak MOTM
A-3
A-4
Index
Numerics
802.1Q link groups binding, guidelines, 15-4 configuring, 9-10 configuring 802.1Q PVCs, 9-11 constituent ports adding, 9-11 configuration restrictions, 9-11 default state, 9-10 described, 9-3 examples, 9-15 802.1Q profiles configuring attributes applying bulkstats schema profile, 6-6 described, 6-6 creating or selecting, 6-6 802.1Q PVCs aggregated binding, creating, 9-11 binding guidelines, 15-4 configuring, 9-11 creating, 9-11 selecting link group, 9-11 assigning MAC address, 6-7 binding creating, 6-7 guidelines, 15-4 options, without static CLIPS PVCs, 15-7 options, with static CLIPS PVCs, 15-8 binding port, 6-7 child circuits binding, guidelines, 15-5 binding, options, 15-9 configuring PPPoE, 8-11 cross-connecting to other child circuits, 11-9 configuring attributes described, 6-7 IP address of remote host, 6-7 watchdog timer, 6-7
configuring for bridging, 10-8 PPPoE, 8-11 creating, 6-7 cross-connecting to ATM PVCs, 11-8 cross-connecting to inbound child circuits, 11-11 cross-connecting to inbound circuits, 11-12 cross-connecting to other 802.1Q PVCs, 11-8 cross-connecting to outbound child circuits, 11-12 disabling operations, 6-7 encapsulating port, 6-7 interworking to ATM PVCs, 11-13 parent circuits, cross-connecting to other parent circuits, 11-9 802.1Q PVC tunnels binding inner PVCs, 6-8 tunnel, 6-8 configuring port for binding, 6-8 encapsulating, 6-8 creating inner PVCs, 6-8 tunnel, 6-8 described, 6-8 disabling operations, 6-8 inner PVCs, described, 6-8 specifying type, 6-8
A
ACCM AVP, A-3 administrator configuration mode, described, 1-14 APS (Automatic Protection Switching) groups assigning ports, 5-4 configuring attributes described, 5-3 switching algorithm, 5-3 creating or selecting, 5-3 deleting, 5-4
Index
features, 5-2 removing port from, 5-4 replacing port in, 5-4 APS (Automatic Protection Switching) ports changing configuration, 5-5 configuration requirements, 5-3 delete procedures, 5-5 features, 5-2 removing posted request, 5-4 replacement procedures, 5-5 requesting high-priority switch, 5-4 lockout of protect port, 5-4 low-priority switch, 5-4 APS configuration mode, described, 1-14 architecture, SmartEdge OS, 1-2 Assigned Session ID AVP, A-2 Assigned Tunnel ID AVP, A-1 ATM (Asynchronous Transfer Mode) cards, specifying clock source, 2-3 configurable ports, 2-3 mode, 2-3 ATM (Asynchronous Transfer Mode) child circuits binding guidelines, 15-5 options, 15-9 configuring PPPoE, 8-11 cross-connecting to inbound circuits, 11-12 cross-connecting to other child circuits, 11-9 cross-connecting to outbound circuits, 11-11 ATM (Asynchronous Transfer Mode) HSVCs, loading the SAR image, 6-18 ATM (Asynchronous Transfer Mode) parent circuits binding, guidelines, 15-4 cross-connecting to inbound child circuits, 11-11 cross-connecting to other parent circuits, 11-9 ATM (Asynchronous Transfer Mode) ports binding, guidelines, 15-3 changing to loopback state, 3-4 configuring attributes bulkstats schema profile, 3-3 cable length, 3-4 clock source, 3-4 described, 3-3 error conditions, 3-4 for bridging, 10-8 framing, 3-3 ignore alarms, 3-4 link-dampening, 3-4 loopback request responses, 3-4 MAC address, 3-3 MTU, 3-3 over-subscription, 3-3 path trace message, 3-4 scrambling, 3-3 enabling operations, 3-4 port listening mode, 3-4 selecting, 3-3 ATM (Asynchronous Transfer Mode) profiles configuring attributes applying bulkstats schema profile, 6-19 CLP bit, 6-19 congestion avoidance, 6-19 described, 6-19 OAM fault monitoring for non-cross-connected PVCs, 6-19 OAM management for cross-connected PVCs, 6-19 OAM management for non-cross-connected PVCs, 6-19 PVC speed reporting, 6-19 statistics collection, 6-19 traffic class, 6-19 watchdog timer, 6-20 creating or selecting, 6-19 ATM (Asynchronous Transfer Mode) PVCs binding creating, 6-21 guidelines, 15-4 options, without static CLIPS PVCs, 15-7 options, with static CLIPS PVCs, 15-8 bridging, configuring, 10-8 changing profile, 6-20 configuring attributes described, 6-20 IP address of remote host, 6-20 PPPoE encapsulation, 8-10 creating or modifying, 6-20 cross-connecting to other ATM PVCs, 11-7 cross-connecting to 802.1Q PVCs, 11-8 cross-connecting to outbound child circuits, 11-12 disabling operations, 6-21 interworking to 802.1Q PVCs, 11-13 ATM (Asynchronous Transfer Mode) shaped VPs, creating or modifying, 6-20 ATM child protocol configuration mode, described, 1-14 ATM DS-3 configuration mode, described, 1-14 ATM OC configuration mode, described, 1-14 ATM profile configuration mode, described, 1-14 ATM PVC configuration mode, described, 1-14 AU-3 configuration mode, described, 1-14
B
Bearer Capabilities AVP, A-1 Bearer Type AVP, A-2 bindings dynamic
creating, 15-10 described, 15-2 static creating, 15-9 described, 15-2 bridge configuration mode, described, 1-14 bridge profile configuration mode, described, 1-14 bridging 802.1Q PVCs binding to bridged interface, 10-8 configuring attributes, 10-8 configuring port, 10-8 creating, 10-8 propagating priority, 10-8 selecting port, 10-8 ATM PVCs binding to bridged interface, 10-9 configuring attributes, 10-8 configuring port, 10-8 creating, 10-8 selecting port, 10-8 bridge, configuring attributes aging time, 10-6 described, 10-6 MAC address learning, 10-6 type, 10-6 undesired MAC addresses, 10-6 bridge profile, configuring attributes MAC address restriction, 10-7 maximum static MAC addresses, 10-7 type, 10-7 creating bridge profiles, 10-7 bridges, 10-6 interfaces for a bridge, 10-6 Ethernet ports binding to bridged interface, 10-7 configuring attributes, 10-7 selecting, 10-7 interface, creating for bridges, 10-6 subscriber records associating with a bridge, 10-9 configuring attributes, 10-9 selecting for bridging, 10-9 bulkstats configuration mode, described, 1-14 Challenge AVP, A-1 Challenge Response AVP, A-2 channelized OC-12 ports binding, guidelines, 15-3 changing to loopback state, 4-4 configuring attributes bulkstats schema profile, 4-3 described, 4-3 creating or selecting, 4-3 enabling operations, 4-3 channelized STM-1 ports binding, guidelines, 15-3 changing to loopback state, 4-10 configuring attributes AU-3 group, 4-10 AUG mapping, 4-10 bulkstats schema profile, 4-10 channel mapping, 4-10 described, 4-10 path trace message, 4-10 creating or selecting, 4-10 enabling operations, 4-10 channels, in the SmartEdge OS, 1-7 CHAP (Challenge Handshake Authentication Protocol), for PPP-encapsulated circuits, 8-3 circuits, in the SmartEdge OS, 1-7 CLIPS (clientless IP service selection) dynamic assigning port or PVC to a group, 7-4 creating group, 7-4 DHCP proxy interfaces, configuring, 7-3 DHCP server address, configuring, 7-3 DHCP subscribers, configuring, 7-3 password, subscriber, 7-4 examples dynamic CLIPS, local authentication, 7-7 dynamic CLIPS, RADIUS authentication, 7-8 dynamic CLIPS group, 7-9 static CLIPS for a range of PVCs, 7-6 static CLIPS for a single PVC, 7-6 CLIPS (clientless IP service selection) static PVCs binding, 7-3 binding, guidelines, 15-5 creating, 7-3 disabling operations, 7-3 enabling CLIPS, 7-3 CLIPS PVC configuration mode, described, 1-14 command modes, access commands and prompts, 1-14 configuration modes, organization, 1-12 context configuration mode, described, 1-14 cross-connected circuits, configuring 802.1Q PVC child circuits, 11-9 802.1Q PVC parent circuits, 11-9 802.1Q PVCs, 11-8
C
Called Number AVP, A-2 Call Errors AVP, A-3 Calling Number AVP, A-2 Call Serial Number AVP, A-2 card configuration mode, described, 1-14 CBR (constant bit rate), 6-91
Index
ATM PVC child circuits, 11-9 ATM PVC parent circuits, 11-9 ATM PVCs, 11-7 ATM PVCs to 802.1Q PVCs, 11-8 inbound child circuits, 11-11 inbound circuits, 11-12 interworking, 11-13 outbound child circuits, 11-12 outbound circuits, 11-11 framing, 4-7 idle character, 4-7 MTU, 4-7 PPP, 8-8 remote loopback request responses, 4-7 speed, 4-7 timeslots for DS-0 channels, 4-7 yellow alarm detection or generation, 4-7 creating or selecting, 4-7 enabling operations, 4-7 DS-1 configuration mode, described, 1-14 DS-3 channels or ports, channelized binding, guidelines, 15-3 changing to loopback state, 4-6 configuring attributes bulkstats schema profile, 4-6 cable length, 4-6 clock source, 4-6 described, 4-6 framing, 4-6 PPP, 8-8 remote loopback request responses, 4-6 creating or selecting, 4-6 enabling operations, 4-6 DS-3 channels or ports, clear-channel binding creating, 4-5 guidelines, 15-3 options, 15-6 changing to loopback state, 4-6 configuring attributes bulkstats schema profile, 4-5 cable length, 4-5 CHDLC parameters, 4-5 clock source, 4-5 CRC length, 4-5 described, 4-5 DSU bandwidth, 4-5 DSU vendor, 4-5 encapsulation, 4-5 framing, 4-5 idle character, 4-5 MTU, 4-5 payload scrambling, 4-5 PPP, 8-8 remote loopback request responses, 4-5 creating or selecting, 4-5 enabling operations, 4-5 DS-3 configuration mode, described, 1-14 dynamic bindings, described, 15-2
D
default, form of a command, described, 1-16 domain alias L2TP peer name, configuring tunnel switching, 13-16 dot1q child protocol configuration mode, described, 1-14 dot1q profile configuration mode, described, 1-14 dot1q PVC configuration mode, described, 1-14 DS-0 channel groups binding creating, 4-13 guidelines, 15-4 options, 15-6 changing to loopback state, 4-14 configuring attributes bulkstats schema profile, 4-13 CHDLC parameters, 4-13 CRC length, 4-13 data stream inversion, 4-13 described, 4-13 encapsulation, 4-13 idle character, 4-13 MTU, 4-13 notifications of up and down conditions, 4-13 PPP, 8-8 time slots, 4-13 creating or selecting, 4-13 enabling operations, 4-13 DS-0 group configuration mode, described, 1-14 DS-1 channels adding to MP or MFR bundle, 4-7 binding creating, 4-7 guidelines, 15-3 options, 15-6 changing to loopback state, 4-8 configuring attributes bulkstats schema profile, 4-7 CHDLC parameters, 4-7 clock source, 4-7 CRC length, 4-7 data stream inversion, 4-7 described, 4-7 encapsulation, 4-7
E
E1 channels or ports, channelized
binding, guidelines, 15-3 changing to loopback state, 4-12 configuring attributes bulkstats schema profile, 4-12 clock source, 4-12 described, 4-12 framing, 4-12 PPP, 8-8 creating or selecting, 4-12 enabling operations, 4-12 E1 channels or ports, clear-channel adding to MP or MFR bundle, 4-11 binding creating, 4-12 guidelines, 15-3 options, 15-6 changing to loopback state, 4-12 configuring attributes bulkstats schema profile, 4-11 CHDLC parameters, 4-11 clock source, 4-11 CRC length, 4-11 data stream inversion, 4-11 described, 4-11 encapsulation, 4-11 framing, 4-11 idle character, 4-11 MTU, 4-11 PPP, 8-8 creating or selecting, 4-11 enabling operations, 4-12 E1 configuration mode, described, 1-14 E3 configuration mode, described, 1-14 E3 ports, clear-channel binding, 4-9 changing to loopback state, 4-9 configuring attributes bulkstats schema profile, 4-9 CHDLC parameters, 4-9 clock source, 4-9 CRC length, 4-9 described, 4-9 encapsulation, 4-9 framing, 4-9 idle character, 4-9 MTU, 4-9 national bit, 4-9 enabling operations, 4-9 selecting, 4-9 Ethernet link groups binding, guidelines, 15-4 configuring, 9-8 constituent ports adding, 9-9 configuration restrictions, 9-9 default state, 9-9 described, 9-3 Ethernet ports adding to link group, 3-5 binding creating, 3-5 guidelines, 15-3 options, without static CLIPS PVCs, 15-6, 15-7 options, with static CLIPS PVCs, 15-8 changing to loopback state, 3-6 configuring attributes bulkstats schema profile, 3-5 described, 3-5 flow control, 3-5 for bridging, 10-7 MTU, 3-5 speed and mode, 3-5 configuring attributes for PPPOE, 8-10 configuring bridging, 10-7 enabling operations, 3-5 selecting, 3-5 transport packets with unmapped encapsulation, 3-5 examples L2TP tunnel switching, 13-16 tunnel switching, with diagram, 13-3 exec mode described, 1-14 functions, 1-12
F
Firmware Revision AVP, A-1 Frame Relay LMI, configuring attributes automatic detection of LMI type, 6-22 error threshold, 6-22 interface type, 6-22 keepalive function, 6-22 keepalive messages, 6-22 LMI type, 6-22 monitored event count, 6-22 polling verification timer, 6-22 Frame Relay profile configuration mode, described, 1-14 Frame Relay profiles applying bulkstats schema profile, 6-22 creating or selecting, 6-22 Frame Relay PVC configuration mode, described, 1-14 Frame Relay PVCs aggregated binding, creating, 9-7 binding, guidelines, 15-4 configuring attributes, 9-7 creating or selecting, 9-7
Index
default state, 9-7 disabling operations, 9-7 selecting MFR bundle for, 9-7 unaggregated binding, creating, 6-23 binding, guidelines, 15-4 configuring attributes, 6-23 creating or selecting, 6-23 disabling operations, 6-23 Framing Capabilities AVP, A-1 Framing Type AVP, A-2
I
Initial Received LCP CONFREQ AVP, A-2 interface configuration mode, described, 1-14 IPv6-over-IPv4 tunnel circuits assigning private IP address, 14-3 nonVPN assigning key, 14-3 binding, 14-4 configuring interface, 14-3 creating, 14-3 disabling operations, 14-4 selecting context, 14-3 IPv6-over-IPv4 tunnels configuring attributes context, 14-3 described, 14-3 interface, 14-3 logging of state changes, 14-3 public IP address, 14-3 setting the MTU, 14-3 creating, 14-3 enabling operations, 14-3
G
global configuration mode, described, 1-14 GRE (Generic Routing Encapsulation) tunnel circuits binding guidelines, 15-4 configuration guidelines, 12-5 nonVPN assigning key, 12-6 assigning private IP address, 12-6 binding, 12-7 configuring attributes, 12-6 configuring interface, 12-6 creating, 12-6 disabling operations, 12-7 selecting context, 12-6 VPN assigning key, 12-7 assigning private IP address, 12-7 binding, 12-7 configuring attributes, 12-7 configuring interface, 12-7 creating, 12-7 disabling operations, 12-7 selecting context, 12-7 GRE (Generic Routing Encapsulation) tunnels binding, guidelines, 15-4 configuration guidelines, 12-4 configuring attributes context, 12-5 described, 12-6 interface, 12-5 logging of state changes, 12-6 public IP address, 12-5 creating, 12-5 enabling operations, 12-6 GRE peer configuration mode, described, 1-14 GRE tunnel configuration mode, described, 1-14
K
keepalive GRE tunnels, 12-21 keepalive messages, PPP and PPPoE, 8-5
L
L2TP (Layer 2 Tunneling Protocol) attribute value pairs Redback vendor-specific, A-3 table of supported AVPs, A-1 examples, tunnel switching, 13-16 tunnel switching described, 13-3 example, 13-3 L2TP (Layer 2 Tunneling Protocol) groups adding peers, 13-11 configuration guidelines, 13-8 configuring attributes domain alias, 13-11 session assignment algorithm, 13-11 timer for "dead" peer, 13-11 creating, 13-11 features, 13-1 L2TP (Layer 2 Tunneling Protocol) peers anonymous peer configuration guideline, 13-37 described, 13-37 assigning to subscriber, 13-13 configuration guidelines, 13-8 configuring LAC attributes
H
Host Name AVP, A-1
authorization key, 13-12 control messages, retransmission, 13-12, 13-13 control messages, timeout value, 13-13 control message timer interval, 13-13 described, 13-12 domain alias, 13-12 local name, 13-12 maximum number of sessions, 13-12 maximum number of tunnels, 13-12 peer function, 13-12 slot redundancy, 13-12 unacknowledged control messages, 13-12 configuring LNS attributes authorization key, 13-11 control messages, retransmission, 13-11 control messages, timeout value, 13-11 control message timer interval, 13-11 described, 13-10 domain alias, 13-10 local name, 13-10 maximum number of sessions, 13-11 maximum number of tunnels, 13-11 peer function, 13-10 unacknowledged control messages, 13-11 context for automatic removal of inactive peers, 13-10 creating or selecting, 13-9 domain alias, creating, 13-9 enabling proxy authentication for LAC peers, 13-10 enabling strict enforcement for deadtime, 13-10 renegotiating with LAC, 13-10 selecting type of fragmentation, 13-10 setting deadtime, 13-10 creating or selecting default LNS peer, 13-12 default peer for LNS peers, 13-10 named LAC peer, 13-12 named LNS peer, 13-10 default peer, described, 13-36 features, 13-1 L2TP (Layer 2 Tunneling Protocol) tunnel switches configuring subscriber records, 13-13 creating context, 13-13 LAC peers, 13-13 LNS peers, 13-13 L2TP group configuration mode, described, 1-14 L2TP peer configuration mode, described, 1-14 Last Received LCP CONFREQ AVP, A-2 Last Sent LCP CONFREQ AVP, A-2 link group configuration mode, described, 1-15 link PVC configuration mode, described, 1-15 load balancing, L2TP groups, 13-4
M
macro configuration mode, described, 1-15 Maximum BPS AVP, A-2 maximum ports, 2-14 Message Type AVP, A-1 MFR (Multilink Frame Relay) bundles binding, guidelines, 15-4 configuring attributes automatic detection of LMI type, 9-6 DCE interface type, 9-6 DTE interface type, 9-6 interface type, 9-6 LMI type, 9-6 configuring Frame Relay PVC, 9-7 constituent channels adding, 9-8 configuration restrictions, 9-7 configuring timing attributes, 9-8 creating, 9-6 default state, 9-6 described, 9-3 disabling operations, 9-6 Minimum BPS AVP, A-2 mode access commands and prompts, 1-14 MP (Multilink PPP) bundles binding, 9-4 binding, guidelines, 15-4 configuring attributes context, 9-4 endpoint discriminator, 9-4 interface, 9-4 IP address, 9-4 constituent channels adding, 9-5 configuration restrictions, 9-5 creating, 9-4 default state, 9-5 described, 8-4 uses, 9-2
N
NetOp configuration mode, described, 1-15 no, form of a command, described, 1-16
P
PAP (Password Authentication Protocol), for PPP-encapsulated circuits, 8-3 Physical Channel ID AVP, A-2 port configuration mode, described, 1-15 ports, in the SmartEdge OS, 1-7 POS (Packet over SONET/SDH) ports and APS assigning, 3-8
Index
binding for APS, 3-8 enabling for APS, 3-8 applying bulkstats schema profile, 3-7 binding creating, 3-7 guidelines, 15-3 options, 15-5 changing to loopback state, 3-8 configuring attributes C2byte, 3-7 CHDLC parameters, 3-7 CRC length, 3-7 described, 3-7 encapsulation, 3-7 error conditions, 3-7 framing, 3-7 MTU, 3-7 path trace message, 3-8 PPP, 8-8 scrambling, 3-7 enabling operations, 3-7 selecting, 3-7 PPP (Point-to-Point Protocol) CHAP, described, 8-3 configuring attributes keepalive checks, 8-7 keepalive timing attributes, 8-7 LCP option values for MRU, 8-7 configuring for ATM PVC, 8-8 DS-0 channel groups, 8-8 DS-1 channels, 8-8 DS-3 channels, 8-8 E1 channels, 8-8 MP on ATM PVCs, 8-9 POS port, 8-8 subscriber, 8-9 enabling PPP multilink for ATM PVCs, 8-9 oversubscription, 8-4 oversubscription, described, 8-4 PAP, described, 8-3 specifying endpoint discriminator for PPP multilink, 8-9 PPP Disconnect Cause AVP, A-3 PPPoE (PPP over Ethernet) configuring attributes accept and advertise any service name tag, 8-10 advertised domains, 8-10 configures option inside PPPoE daemon that terminates the PPPoE session, 8-10 default AC tag value, 8-10 configuring for 802.1Q PVC child circuit, 8-11 802.1Q PVCs, 8-11 ATM PVC, 8-10 ATM PVC child circuit, 8-11 Ethernet port, 8-10 subscriber, 8-12 features, 8-6 Private Group AVP, A-3 Protocol Version AVP, A-1 Proxy Authen Challenge AVP, A-3 Proxy Authen ID AVP, A-3 Proxy Authen Name AVP, A-3 Proxy Authen Response AVP, A-3 Proxy Authen Type AVP, A-2
Q
Q.931 Cause Code AVP, A-2
R
Random Vector AVP, A-3 Rbak HURL vendor-specific AVP, A-3 Rbak MOTM vendor-specific AVP, A-3 Receive Window Size AVP, A-1 Result Code AVP, A-1 Rx Connect Speed AVP, A-3
S
Sequencing Required AVP, A-3 SmartEdge OS applications, 1-4 architecture, described, 1-2 concepts, 1-5 performance, 1-1 SNMP server configuration mode, described, 1-15 software license configuration mode, described, 1-15 static bindings, described, 15-2 STM-1 configuration mode, described, 1-15 strict-priority algorithm, 13-4 Sub-Address AVP, A-2 subscriber configuration mode, described, 1-15 subscribers bridges, 10-5 configuring attributes, L2TP peer assignment, 13-13 configuring for bridging, 10-9 system monitoring enabling diagnostics, 16-2 SmartEdge 400 air filter alarm, 16-2
T
Tie Breaker AVP, A-1 traffic cards configuring attributes, maintenance features, 2-3 listed, 2-2 provisioning, 2-3
traffic shaping CBR, 6-91 UBR, 6-91 UBRe, 6-91 VBR-nrt, 6-91 VBR-rt, 6-91 tunnel map configuration mode, described, 1-15 Tx Connect Speed AVP, A-2
U
UBR (unspecified bit rate), 6-91 UBRe (unspecified bit-rate, extended), 6-91
V
VBR-nrt (variable bit-rate, nonrealtime), 6-91 VBR-rt (variable bit rate, realtime), 6-91 Vendor Name AVP, A-1
W
weighted-round-robin, L2TP groups, 13-4
Index
10
Commands
A
aaa provision route, 7-12 aging-time, 10-13 alarm-report-only, 3-10 algorithm, 13-19 aps, 5-8 aps group, 5-10 aps switch, 5-11 atm mode, 2-5 atm profile, 6-29 atm pvc, 6-31 atm pvc explicit, 6-31 atm scramble, 3-11 atm scramble-ds3, 3-11 atm vp, 6-39 au3, 4-18 aug-mapping, 4-19
clear-df, 12-14 clips-group, 7-12 clips pvc, 7-14 clock-source ATM ports, 3-18 cards, 2-12 channelized ports, 4-23 clpbit, 6-41 congestion, 6-42 counters, 6-45 crc16, 3-21 crc32, 4-25
D
deadtime, 13-21 description APS groups, 5-14 ATM and dot1q PVCs, 6-46 bridge groups, 10-21 channels and channelized ports, 4-26 clear-channel ports, 3-22 GRE tunnels and tunnel circuits, 12-15 IPv6-over-Pv4 tunnels, 14-6 L2TP peers, 13-23 diag pod, 16-3 domain, 13-24 dot1q profile, 6-47 dot1q pvc, 6-48 dot1q tunnel, 6-52 dsu bandwidth, 4-28 dsu mode, 4-29 dsu scramble, 4-30
B
bind authentication, 15-12 bind auto-subscriber, 15-15 bind interface, 15-18 bind subscriber, 15-20 bridge, 10-14 bridge mac-entry, 10-16 bridge-only, 10-17 bridge profile, 10-18 bridge profile broadcast rate-limit, 10-20 broadcast rate-limit, 10-20
C
c2byte, 3-13 cablelength channelized ports, 4-20 clear-channel ports, 3-15 card, 2-9 ccod-mode port-listen, 3-16 channel-mapping itu, 4-21 circuit protocol, 11-17
E
encapsulation channels and channel groups, 4-31 Ethernet ports with 802.1Q VLANs, 6-53 Ethernet ports without 802.1Q PVCs, 3-23 POS ports, 3-23
Commands
equipment-loopback channelized ports, 4-33 clear-channel ports, 3-25 l2tp fragment, 13-33 l2tp-group, 13-34 l2tp-peer, 13-36 l2tp proxy-auth, 13-39 l2tp renegotiate lcp, 13-40 l2tp strict-deadtime, 13-42 learning, 10-22 link-dampening ATM ports, 3-31 Ethernet ports, 3-31 link-group, 9-19 lns card, 13-43 local-name, 13-45 log-state-changes IPv6-over-IPv4 tunnels, 14-12 log-state-changes, command, 12-22 loopback channels and channelized ports, 4-43 clear-channel ports, 3-33
F
flow-control, 3-26 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay multilink, 9-17 frame-relay profile, 6-74 frame-relay pvc, 6-75 framing channels, 4-35 clear-channel ports, 3-27 function, 13-26
M
mac-address ATM ports, 3-35 Gigabit or Fast Ethernet cards, 6-81 link groups, 9-22 mac-entry, 10-23 mac-limit, 10-24 max-sessions, 13-46 max-tunnels, 13-48 medium, 3-36 minimum-links, 9-23 mp endpoint-discriminator, 9-24 mtu channels and channel groups, 4-47 clear-channel ports, 3-37 IPv6-over-IPv4 tunnels, 14-13 multicast rate limit, 10-25
G
gre-peer, 12-16 gre-tunnel, 12-18
H
hello-timer, 13-27
I
idle-character, 4-38 idle-down, 6-77 invert-data, 4-40 ip host 802.1Q, ATM, and Frame Relay PVCs, 6-79 802.1Q multiprotocol PVCs, 11-19 ATM multiprotocol PVCs, 11-19 GRE tunnels, 12-20 ipv6-tunnel, 14-8 ipv6 v4tunnel-peer, 14-10
N
national, 4-49
O
oam fault-monitor, 6-83 oam manage, 6-84 oam xc, 6-86 over-subscription-rate, 3-39
K
keepalive channels and channel groups, 4-41 POS ports, 3-29
P
path-trace 4-port ATM OC-3c/STM-1c and POS ports, 3-40 channelized STM-1 ports, 4-50 peer, 13-49
L
l2tp calling-number format, 13-28 l2tp clear-radius-peer, 13-30 l2tp deadtime, 13-31
port atm, 3-42 port channelized-ds3, 4-52 port channelized-oc12, 4-54 port channelized-stm1, 4-56 port ds0s, 4-58 port ds1, 4-61 port ds3, 4-63 port e1, 4-65 port e3, 4-67 port ethernet, 3-44 port pos, 3-46 ppp keepalive, 8-16 ppp mtu, 8-19 ppp multilink, 8-20 ppp multilink lfi, 8-21 pppoe always send padt, 8-30 pppoe client route, 8-31 pppoe motm, 8-32 pppoe service-name accept-all, 8-33 pppoe services, 8-34 pppoe tag, 8-35 pppoe url, 8-36 ppp our-options mru, 8-23 ppp our-options multilink, 8-25 ppp peer-options mru, 8-27 ppp ppoe-large-mru, 8-29 L2TP peers, 13-54 timeslot, 4-72 transport unmatched-encap, 3-52 traps DS-0 channel groups, 4-74 trunk, 10-27 tunnel-auth key, 13-55 tunnel domain, 13-56 tunnel map, 12-25, 14-16 tunnel name, 13-58 tunnel-window, 13-59
U
unknown-dest, 10-28
X
xc, 11-21
Y
yellow-alarm, 4-76
R
report, 6-88 restricted, 10-26 retry, 13-51 revert, 5-15
S
scramble, 3-48 service clips, 7-16 service clips exclude, 7-18 service clips-group, 7-20 session-auth, 13-52 shaping, 6-90 shutdown channelized ports, channels, and channel groups, 4-69 clear-channel ports, 3-49 GRE tunnels and tunnel circuits, 12-23 IPv6-over-IPv4 tunnels and tunnel circuits, 14-14 PVCs and link groups, 6-93 sonet-eu, 2-16 speed, 4-71 system alarm, 16-5
T
threshold, 3-51 timeout
Commands
Modes
A
APS configuration mode description, 5-14 revert, 5-15 ATM child protocol configuration mode bind authentication, 15-12 ATM DS-3 configuration mode atm pvc, 6-31 atm pvc explicit, 6-31 atm scramble-ds3, 3-11 atm vp, 6-39 cablelength, 3-15 ccod-mode port-listen, 3-16 clock-source, 3-18 description, 3-22 equipment-loopback, 3-25 framing, 3-27 loopback, 3-33 mac-address, 3-35 mtu, 3-37 over-subscription-rate, 3-39 shutdown, 3-49 ATM OC configuration mode alarm-report-only, 3-10 atm pvc, 6-31 atm pvc explicit, 6-31 atm scramble, 3-11 atm vp, 6-39 ccod-mode port-listen, 3-16 clock-source, 3-18 description, 3-22 framing, 3-27 loopback, 3-33 mac-address, 3-35 mtu, 3-37 over-subscription-rate, 3-39 path-trace, 3-40 shutdown, 3-49 threshold, 3-51
ATM profile configuration mode clpbit, 6-41 congestion, 6-42 counters, 6-45 description, 6-46 oam fault-monitor, 6-83 oam manage, 6-84 oam xc, 6-86 report, 6-88 shaping, 6-90 ATM PVC configuration mode bind authentication, 15-12 bind auto-subscriber, 15-15 bind interface, 15-18 bind subscriber, 15-20 bridge mac-entry, 10-16 bridge profile, 10-18 circuit protocol, 11-17 clips pvc, 7-14 idle-down, 6-77 ip host cross-connected PVCs, 11-19 non-cross-connected PVCs, 6-79 service clips, 7-16 service clips-exclude, 7-18 shutdown, 6-93 ATM PVC configuration mode, description, 6-46 ATM PVC protocol configuration mode bind interface, 15-18 AU3 configuration mode, path-trace, 4-50
B
bridge configuration mode aging-time, 10-13 bridge-only, 10-17 description, 10-21 learning, 10-22 mac-entry, 10-23 bridge profile configuration
Modes
bridge profile broadcast rate-limit, 10-20 bridge profile configuration mode mac-limit, 10-24 multicast rate-limit, 10-25 restricted, 10-26 trunk, 10-27 unknown-dest, 10-28 bridge profile configuration mode, broadcast rate-limit, 10-20
C
card configuration mode atm mode, 2-5 clock-source, 2-12 maximum ports, 2-14 sonet-eu, 2-16 CLIPS PVC configuration mode bind auto-subscriber, 15-15 bind subscriber, 15-20 context configuration mode gre-peer, 12-16 ipv6 v4tunnel-peer, 14-10 l2tp clear-radius-peer, 13-30 l2tp deadtime, 13-31 l2tp fragment, 13-33 l2tp-group, 13-34 l2tp-peer, 13-36 l2tp proxy-auth, 13-39 l2tp renegotiate lcp, 13-40 l2tp strict-deadtime, 13-42 ppp keepalive, 8-16 context configuration mode, bridge, 10-14
D
dot1q child protocol configuration mode bind authentication, 15-12 dot1q profile configuration mode description, 6-46 dot1q PVC configuration mode bind authentication, 15-12 bind auto-subscriber, 15-15 bind subscriber, 15-20 bridge mac-entry, 10-16 bridge profile, 10-18 circuit protocol, 11-17 clips pvc, 7-14 ip host cross-connected PVCs, 11-19 non-cross-connected PVCs, 6-79 mac-address, 6-81 service clips, 7-16 service clips-exclude, 7-18 service clips-group, 7-20
shutdown, 6-93 dot1q PVC configuration mode, bind interface, 15-18 dot1q PVC configuration mode, description, 6-46 dot1q PVC protocol configuration mode bind interface, 15-18 DS-0 group configuration mode bind interface, 15-18 crc32, 4-25 description, 4-26 encapsulation, 4-31 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay pvc, 6-75 idle-character, 4-38 invert-data, 4-40 keepalive, 4-41 mtu, 4-47 shutdown, 4-69 timeslot, 4-72 traps, 4-74 DS-1 configuration mode bind interface, 15-18 clock-source, 4-23 crc32, 4-25 description, 4-26 encapsulation, 4-31 equipment-loopback, 4-33 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay multilink, 9-17 frame-relay pvc, 6-75 framing, 4-35 idle-character, 4-38 invert-data, 4-40 keepalive, 4-41 link-group, 9-19 loopback, 4-43 mtu, 4-47
shutdown, 4-69 speed, 4-71 timeslot, 4-72 yellow-alarm, 4-76 DS-3 configuration mode bind interface, 15-18 cablelength, 4-20 clock-source, 4-23 crc32, 4-25 description, 4-26 dsu bandwidth, 4-28 dsu mode, 4-29 dsu scramble, 4-30 encapsulation, 4-31 equipment-loopback, 4-33 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay pvc, 6-75 framing, 4-35 idle-character, 4-38 keepalive, 4-41 loopback, 4-43 mtu, 4-47 shutdown, 4-69
idle-character, 4-38 invert-data, 4-40 keepalive, 4-41 link-group, 9-19 loopback, 4-43 mtu, 4-47 shutdown, 4-69 timeslot, 4-72 E3 configuration mode bind interface, 15-18 clock-source, 4-23 crc, 4-25 description, 4-26 encapsulation, 4-31 framing, 4-35 idle-character, 4-38 keepalive, 4-41 loopback, 4-43 mtu, 4-47 national, 4-49 shutdown, 4-69
F
Frame Relay profile configuration mode description, 6-46 Frame Relay PVC configuration mode bind interface, 15-18 ip host, 6-79 shutdown, 6-93 Frame Relay PVC configuration mode, description, 6-46
G
global configuration mode aps group, 5-10 atm profile, 6-29 bridge profile, 10-18 card, 2-9 clips-group, 7-12 diag pod, 16-3 dot1q profile, 6-47 frame-relay profile, 6-74 link-group, 9-19 port atm, 3-42 port channelized-ds3, 4-52 port channelized-oc12, 4-54 port channelized-stm1, 4-56 port ds0s, 4-58 port ds1, 4-61 port ds3, 4-63 port e1, 4-65 port e3, 4-67 port ethernet, 3-44 port pos, 3-46
E
E1 configuration mode bind interface, 15-18 clock-source, 4-23 crc32, 4-25 description, 4-26 encapsulation, 4-31 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay multilink, 9-17 frame-relay pvc, 6-75 framing, 4-35
Modes
ppp multilink, 8-20 ppp multilink lfi, 8-21 pppoe service-name accept-all, 8-33 pppoe services, 8-34 pppoe tag, 8-35 ppp our-options mru, 8-23 ppp our-options multilink, 8-25 ppp peer-options mru, 8-27 ppp ppoe-large-mru, 8-29 system alarm, 16-5 tunnel map, 12-25 xc, 11-21 GRE peer configuration mode description, 12-15 log-state-changes, 12-22 shutdown, 12-23 GRE tunnel configuration mode bind interface, 15-18 clear-df, 12-14 description, 12-15 ip host, 12-20 keepalive, 12-21 shutdown, 12-23
frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay pvc, 6-75 mac-address, 9-22 minimum-links, 9-23 mp endpoint-discriminator, 9-24 shutdown, 6-93 link PVC configuration mode bind interface, 15-18 ip host, 6-79 shutdown, 6-93
P
port configuration mode aps, 5-8 aps switch, 5-11 bind authentication, 15-12 bind interface, 15-18 bridge mac-entry, 10-16 bridge profile, 10-18 c2byte, 3-13 clips pvc, 7-14 clock-source, 3-18 crc16, 3-21 description channelized ports, 4-26 clear-channel ports, 3-22 dot1q pvc, 6-48 dot1q tunnel, 6-52 encapsulation Ethernet ports with 802.1Q VLANs, 6-53 Ethernet ports without 802.1Q PVCs, 3-23 POS ports, 3-23 flow-control, 3-26 frame-relay auto-detect, 6-54 frame-relay intf-type, 6-56 frame-relay keepalive, 6-58 frame-relay lmi-n391dte, 6-60 frame-relay lmi-n392dce, 6-62 frame-relay lmi-n392dte, 6-64 frame-relay lmi-n393dce, 6-66 frame-relay lmi-n393dte, 6-68 frame-relay lmi-t392dce, 6-70 frame-relay lmi-type, 6-72 frame-relay pvc, 6-75
I
interface configuration mode bridge, 10-14 IPv6 tunnel configuration mode bind interface, 15-18 shutdown, 14-14
L
L2TP group configuration mode algorithm, 13-19 deadtime, 13-21 peer, 13-49 L2TP peer configuration mode description, 13-23 domain, 13-24 function, 13-26 hello-timer, 13-27 lns card, 13-43 local-name, 13-45 max-sessions, 13-46 max-tunnels, 13-48 retry, 13-51 session-auth, 13-52 timeout, 13-54 tunnel-auth key, 13-55 tunnel-window, 13-59 link group configuration mode bind interface, 15-18 dot1q pvc, 6-48
framing, 3-27 keepalive, 3-29 link-dampening, 3-31 link-group, 9-19 loopback channelized OC-12 ports, 4-43 Ethernet ports, 3-33 medium, 3-36 mtu, 3-37 path-trace, 3-40 port ds3, 4-63 scramble, 3-48 service clips, 7-16 service clips-exclude, 7-18 service clips-group, 7-20 shutdown channelized ports, 4-69 clear-channel ports, 3-49 threshold, 3-51 transport unmatched-encap, 3-52
S
STM-1 configuration, channel-mapping itu, 4-21 STM-1 configuration mode au3, 4-18 aug-mapping, 4-19 description, 4-26 loopback, 4-43 path-trace, 4-50 shutdown, 4-69 subscriber configuration mode bridge, 10-14 bridge profile, 10-18 ppp mtu, 8-19 pppoe client route, 8-31 pppoe motm, 8-32 pppoe url, 8-36 tunnel domain, L2TP peers, 13-56 tunnel name, L2TP peers, 13-58
T
tunnel map configuration mode gre-tunnel, 12-18 ipv6-tunnel, 14-8 tunnel peer configuration mode description, 14-6 log-state-changes, 14-12 mtu, 14-13 shutdown, 14-14
Modes

Ports Circuits and Tunnels Configuration Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ports Circuits and Tunnels Configuration Guide

Uploaded by

Copyright:

Available Formats

Ports, Circuits, and Tunnels Configuration Guide

Rights and Restrictions

Third Party Software

VCCI Class A Statement

European Community Mark