Configuration Guide

Enterasys Networks
XSR-XPEDITION Security Routers
XSR-Series
IP-Function and Advanced Services
May 2005

Table of Contents

page

1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8

IP-Address and Secondary Addresses configuration ......................4
IP-Static-routing .....................................................4
IP-Loopback Interface .................................................4
IP-OSPF-routing .......................................................5
IP-RIPv1,v2-routing ...................................................6
DHCP server, static / dynamic-pool ....................................7
DHCP/Bootp relay agent / ip-helper ....................................7
SNTP Simple Network Time Protocol .....................................8
IP OSPF passive interface, Router-ID ..................................9

2.0
2.1
2.2
2.3

Interface description ................................................10
Duplex configuration on Fast Ethernet full/half ......................10
Speed configuration on Fast Ethernet 10/100MBit/s ....................10
System login banner ..................................................10

3.0
3.1
3.2
3.3

Access
Access
Access
Access

4.0
4.1
4.2
4.3

Virtual Router Redundancy Protocol (RFC 2338) ........................13
VRRP monitor interface function, interface tracking ..................14
NAT static bindings ..................................................15
NAT dynamic with PAT “Port Address Translation” ......................15

control
control
control
control

list
list
list
list

incoming outgoing ................................11
1-99 (standard) ..................................11
100-199 (extended) ...............................11
moving online editing ............................12

5.0 Dialer Interface .....................................................16
5.1 Dialer Backup interface function .....................................17
5.2 PAP for authentication PPP ...........................................18
5.3 CHAP for authentication PPP ..........................................19
5.4.1 VPN via Dialer Interface rtr1 ......................................20
5.4.2 VPN via Dialer Interface rtr2 ......................................21
5.5.1 Dialer Int. PRI to BRI with D-channel-callback central-site ........22
5.5.2 Dialer Int. PRI to BRI with D-channel-callback remote1-site ........23
5.5.3 Dialer Int. PRI to BRI with D-channel-callback remote2-site ........24
6.1
6.2
6.3
6.4

ISDN
ISDN
ISDN
ISDN

switch type changing ............................................25
callback ........................................................26
multilink / ISND channel bundling ...............................27
internet call-by-call ip-negotiated .............................28

7.0
7.1
7.2
7.3

PPPoE on Fast Ethernet interfaces ....................................29
IP-address negotiation for PPPoE .....................................29
PPPoE on ADSL interface with chap authentication .....................29
PPPoA on ADSL interface with chap authentication .....................30

8.0
8.1
8.2
8.3
8.4

AAA Authentication Authorization Accounting Radius ...................31
SSH / Telnet .........................................................32
SYSLOG function, Server local-buffer .................................32
SNMP configuration /contact/location/parameter .......................33
SNMP v1/v2/v3 ........................................................33

9.0r1 VPN IPSEC site-to-site tunnel via pre-shared key ...................34
9.0r2 VPN IPSEC site-to-site tunnel via pre-shared key ...................35
9.1 VPN IPSEC site-to-site tunnel certification PKI ......................36
9.1.1 Certification control / certificates / CRLS / CA identity ..........38
9.3 VPN PPTP User termination ............................................39
9.4r1 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key ...40
9.4r2 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key ...41
9.5r1 GRE native site-to-site tunnel .....................................42

Configuration Guide

Page 2 of 59

9.5r2 GRE native site-to-site tunnel .....................................43
10.1
11.1
12.1
13.1

DIFFSERV DSCP field addressing ......................................44
Firewall configuration ..............................................45
Vlan configuration 802.1q tagged routing ............................46
PIM Multicast routing ...............................................47

Appendix:
Helpful commands for using the XSR platform:
System:
A1.1 show version - Software, Bootrom, RAM, Flash, System Uptime .................... 48
A1.2 ping & traceroute ........................................................................................... 48
A1.3 show interface - IP address, speed, duplex, statistics, errors.......................... 49
A1.4 telnet to other routers..................................................................................... 49
A1.5 flash:/ cflash:/- dir, rename, copy commands ................................................. 50
A1.6 verify the flash file checksum .......................................................................... 50
IP:
B1.0 show ip route................................................................................................. 51
B1.1 show ip arp.................................................................................................... 51
VPN:
C1.0 show tunnels ................................................................................................. 52
C1.1 show crypto isakmp sa .................................................................................. 52
C1.2 show crypto ipsec sa ..................................................................................... 52
C1.3 show crypto map........................................................................................... 52
C1.4 show tunnels / GRE via IPSEC ....................................................................... 53
C1.5 show interface vpn / GRE via IPSEC .............................................................. 53
C1.6 show crypto ipsec sa / GRE via IPSEC........................................................... 53
C1.7 show ip route / GRE via IPSEC ...................................................................... 53
DSL:
D1.1 show ip interface atm 1/0.1............................................................................ 54
D1.2 show controllers atm 1/0 ............................................................................... 54
D1.3 show controllers atm 1/0.1 ............................................................................ 55
D1.4 show interface atm 1/0 .................................................................................. 56
D1.5 show interface atm 1/0.1 ............................................................................... 57
D1.6 show ppp interface atm 1/0.1 ........................................................................ 58

Configuration Guide

Page 3 of 59

1.0 IP-Address and Secondary Addresses configuration
XSR-1805#show running-config
!!
!
Version 4.0.0.0, Built Mar 26 2003, 19:47:17
!
hostname XSR-1805
!
interface FastEthernet1
description "LAN-Interface1"
ip address 10.10.10.1 255.255.255.0
ip address 40.40.40.1 255.255.255.0 secondary
no shutdown
!
interface FastEthernet2
description "LAN-Interface2"
ip address 20.20.20.1 255.255.255.0
ip address 50.50.50.1 255.255.255.0 secondary
no shutdown
!
end
XSR-1805#

1.1 IP-Static-routing
1.2 IP-Loopback Interface
XSR-1805#show running-config
!!
!
Version 4.0.0.0, Built Mar 26 2003, 19:47:17
!
hostname XSR-1805
!
interface FastEthernet1
description "LAN-Interface1"
ip address 10.10.10.1 255.255.255.0
ip address 40.40.40.1 255.255.255.0 secondary
no shutdown
!
interface FastEthernet2
description "LAN-Interface2"
ip address 20.20.20.1 255.255.255.0
ip address 50.50.50.1 255.255.255.0 secondary
no shutdown
!
interface Loopback0
ip address 192.168.222.1 255.255.255.255
no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip route 11.11.11.0 255.255.255.0 10.10.10.254
ip route 21.21.21.0 255.255.255.0 20.20.20.254
ip route 41.41.41.9 255.255.255.255 40.40.40.254
ip route 51.51.51.9 255.255.255.255 50.50.50.254
!
end
XSR-1805#

Configuration Guide

Page 4 of 59

1.3 IP-OSPF-routing
XSR-1805#show running-config
!!
!
Version 4.0.0.0, Built Mar 26 2003, 19:47:17
!
hostname XSR-1805
!
interface FastEthernet1
description "LAN-Interface1"
ip address 10.10.10.1 255.255.255.0
ip address 40.40.40.1 255.255.255.0 secondary
no shutdown
!
interface FastEthernet2
description "LAN-Interface2"
ip address 20.20.20.1 255.255.255.0
ip address 50.50.50.1 255.255.255.0 secondary
no shutdown
!
interface Loopback0
ip address 192.168.222.1 255.255.255.255
no shutdown
!
ip router-id 192.168.222.1
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip route 11.11.11.0 255.255.255.0 10.10.10.254
ip route 21.21.21.0 255.255.255.0 20.20.20.254
ip route 41.41.41.9 255.255.255.255 40.40.40.254
ip route 51.51.51.9 255.255.255.255 50.50.50.254
!
router ospf 1
network 10.10.10.0 0.0.0.255 area 0.0.0.0
network 20.20.20.0 0.0.0.255 area 0.0.0.0
network 40.40.40.0 0.0.0.255 area 0.0.0.0
network 50.50.50.0 0.0.0.255 area 0.0.0.0
redistribute static
!
end
XSR-1805#

Configuration Guide

Page 5 of 59

40.0 network 20.0 0.0.20.20.41.1 255.40.0 10.41.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.255.2 ip route 11.0.0.20.40.10.255 50.50.v2-routing XSR-1805#show running-config !! ! Version 4.1 255.255.50.50.20.0 ip address 50.0 secondary no shutdown ! interface Loopback0 ip address 192.10.21.255 no shutdown ! ip route 0.255 40.50.255.1 255.0.255.168.255.40.0 redistribute static ! end XSR-1805# Configuration Guide Page 6 of 59 .0 network 40.255.1 255.0 255.51.255.11.255.0.40. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.9 255.10.1.20.255.0.255.255.40.0 network 50.9 255.50.1 255.255.255.255.10.255.254 ip route 51.21.0 ip address 40.11. Built Mar 26 2003.10.255.0.0 20.0 10.10.254 ip route 41.10.20.254 ! router rip network 10.51.10.0 255.255.255.4 IP-RIPv1.254 ip route 21.50.222.

20.10.50.255.40.0.9 255.0.50.255.40.0.0 redistribute static ! ip local pool 10th 10.0 0.9 255.255 area 0.9 no shutdown ! interface Loopback0 ip address 192.255.51.41.1 255.10.51.0 10.20.255.255.20.10.40.50.5 DHCP server.10.254 ip route 21.255.1.0 255.10.255.0.1 255.254 ! router ospf 1 network 10.0.0 10.21.0.0 255.255.0 0.255.20.0 255.10.0 network 20.20.255 area 0.255 40.0 0.255.0.10.0 network 40.0.0.168.10.41.255.11.51.255 50.255.255 no shutdown ! ip route 0.255.0.0.0.10.0 0.cdc2 XSR-1805# Configuration Guide Lease expiration JUN 10 2003 10:54PM Type Automatic Page 7 of 59 .0 ip address 50.255.255.0.10.255 area 0.255.50.20.1 255.40.1 255.10.0 secondary ip dhcp server no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.255.0.0 20.0 ip address 40.255.254 0010.40.0 ! ip dhcp pool 10th domain-name enterasys. static / dynamic-pool 1.0.50.255 area 0.254 ip route 41.0.10.10.0.40.11.0.0.1 ! end XSR-1805# XSR-1805#show ip dhcp binding IP address Hardware address 10.2 ip route 11.51.21.6 DHCP/Bootp relay agent / ip-helper XSR-1805#show running-config !! ! Version 4. Built Mar 26 2003.0.a4ed.com default-router 10.10.222.50.0 secondary ip helper-address 51.0.255.1 255. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0 0.254 ip route 51.255.0 network 50.0.0.

19:47:17 ! hostname XSR-1805 ! sntp-client server 51.0 0.0.255 area 0.255.21.40.10.0 network 20.0 0.0 10.10.9 255.20. Built Mar 26 2003.10.51.40.255.50.0.0.0.1 255.255 area 0.0 ! ip dhcp pool 10th domain-name enterasys.255.7 SNTP Simple Network Time Protocol XSR-1805#show running-config !! ! Version 4.51.0.51.0.10.0.255 no shutdown ! ip route 0.255 40.20.10.0 0.0.0 0.0 0.41.10.0 ip address 50.255.40.255.2 ip route 11.0 network 40.0.10.51.0.10.0 20.0.10.0.10.20.1.com default-router 10.9 no shutdown ! interface Loopback0 ip address 192.255 area 0.0.20.88 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.40.0 redistribute static ! ip local pool 10th 10.40.20.50.50.41.0.0.255.1 255.1 255.1 255.0 255.0.0.255.255.1 ! end XSR-1805# Configuration Guide Page 8 of 59 .255.255 area 0.255.0.255.50.0 10.50.0.0 secondary ip helper-address 51.51.222.1 255.254 ip route 21.0.0.255.255.0 255.255.0.0 network 50.255.50.168.254 ip route 41.11.255 50.9 255.11.0 ip address 40.254 ip route 51.51.255.255.10.20.0 255.255.40.21.254 ! router ospf 1 network 10.0 secondary ip dhcp server no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.255.0.255.

50.1 255.255 40.0.255.0.40.20.50.0 255.255.5.1 255.0 0.0 network 50.0.255.0 0.1 255.255.0.222.255.51.21.255 area 0.10.40.1 ! router ospf 1 network 10.0.0.51.255 area 0.1.0.255.255. Built Jul 28 2004.255.0 network 20.10.255.0.255 no shutdown ! ip route 0.255 area 0.50.0.0 0.255 area 0.10.255.40.255.1 255.20.254 ip route 51.0.9 255.0.0.50.41.20.255.40.0 0.10.0.0 ip address 40.0 10.255.0.168.0 255.222.255.0.255 area 0.0. 17:57:26 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.1 255.20.0 0.255.254 ! ip router-id 192.40.254 ip route 21.11.10.20.0 20.1 255.0.0.255.255.0.50.0.20.255 50.0.168.0 10.0 network 192.0 Secondary ip ospf passive no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.9 255.255.0 redistribute static ! end XSR-1805# Configuration Guide Page 9 of 59 .168.50.255.40.0 network 40.41.8 IP OSPF passive interface.2 ip route 11.0. Router-ID XSR-1805#show running-config !! ! Version 7.10.254 ip route 41.10.21.0 Secondary no shutdown ! interface Loopback0 description "LoopBack-XSR1805" ip address 192.0 ip address 50.0.11.0.10.222.255.

1 255.0.40.0.0.255.1 255.255.0 Interface description 2.0.0.10.10.1 255.1 255.10.20.1 Duplex configuration on Fast Ethernet full/half 2.50.255.3 System login banner XSR-1805#show running-config !! ! Version 4. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" speed 100 duplex full ip address 10.255.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" speed 10 duplex half ip address 20.0.1 255.0 Secondary no shutdown ! end XSR-1805# Configuration Guide Page 10 of 59 .255. Built Mar 26 2003.0 ip address 50.0 ip address 40.255.40.com/products/routing/xsr/ #" banner login "# #" banner login "###########################################" ! interface FastEthernet1 description "LAN-Interface1" speed 100 duplex full ip address 10.2 Speed configuration on Fast Ethernet 10/100MBit/s XSR-1805#show running-config !! ! Version 4.enterasys.255.255.20.255.50.40.40.1 255.255.0 ip address 40.10.255. 19:47:17 ! hostname XSR-1805 ! banner login "###########################################" banner login "# #" banner login "# Welcome on Enterasys Networks #" banner login "# XPedition Security Router #" banner login "# #" banner login "# contact: #" banner login "# www.2. Built Mar 26 2003.0 secondary no shutdown ! end XSR-1805# 2.255.

0.111 0.10.0.0 Access control list incoming outgoing 3.2 Access control list 100-199 (extended) XSR-1805#show running-config !! ! Version 4.255.10.0 0.100 0.0.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip access-group 2 out ip address 20. 19:47:17 ! hostname XSR-1805 ! access-list 2 permit 20.255.20.10.20.255.20.0.0 no shutdown ! end XSR-1805# XSR-1805(config)#access-list ? <1-99> Standard access list <100-199> Extended access list XSR-1805(config)#access-list 2 ? deny Specify packets to reject insert Insert new ACL entry before existing entry move Move sequence of ACL entries before another entry permit Specify packets to forward replace Replace existing entry in Access List XSR-1805(config)#access-list 110 ? deny Specify packets to reject insert Insert new ACL entry before existing entry move Move sequence of ACL entries before another entry permit Specify packets to forward replace Replace existing entry in Access List XSR-1805# Configuration Guide Page 11 of 59 .0.255 ! access-list 110 deny ip 10.1 255.10.0 any access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in ip address 10.0 any access-list 110 deny ip 10.0.10.0.1 Access control list 1-99 (standard) 3.255.3.20.0.10. Built Mar 26 2003.1 255.0.

0.0.0.0.0 any access-list 110 deny ip 10.10.10.10.10.1 255.0.0.10.10.255.111 0.1 255.0 any access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in ip address 10.100 0.255. 19:47:17 ! hostname XSR-1805 ! access-list 110 deny ip 10.0.0. 19:47:17 ! hostname XSR-1805 ! access-list 110 deny ip 10.10.0.255.10. Built Mar 26 2003.0.0 any access-list 110 deny ip 10.0.3.111 0.0 no shutdown ! end XSR-1805# Configuration Guide Page 12 of 59 .0 no shutdown ! end XSR-1805(config)#access-list 110 move 1 2 !! ! Version 4.10.0.10.100 0.0.10.0. Built Mar 26 2003.10.3 Access control list moving online editing XSR-1805#show running-config !! ! Version 4.255.0 any access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in ip address 10.

255.255. 19:47:17 ! hostname XSR-1805_2 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255.10.40. Built Mar 26 2003.40.10.254 vrrp 1 priority 250 vrrp 1 master-respond-ping no shutdown ! end XSR-1805_1# Router-2-Backup XSR-1805_2#show running-config !! ! Version 4.10.0 Secondary vrrp 1 ip 10.0 ip address 40.255.2 255.40.1 255.0 Virtual Router Redundancy Protocol (RFC 2338) Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.254 vrrp 1 ip 40.255.1 255.10.0.10.0.0 ip address 40. Built Mar 26 2003.0.254 vrrp 1 priority 200 vrrp 1 master-respond-ping no shutdown ! end XSR-1805_2# Configuration Guide Page 13 of 59 .10.0.40.4.2 255.255. 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255.10.40.255.0 Secondary vrrp 1 ip 10.10.40.40.254 vrrp 1 ip 40.0.40.

40.10.40. 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255.1 255.255.20.0.255.254 vrrp 1 priority 200 vrrp 1 master-respond-ping vrrp 1 track FastEthernet2 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.0.40.1 vrrp 1 priority 200 vrrp 1 master-respond-ping no shutdown ! end XSR-1805_2# Configuration Guide Page 14 of 59 .10. interface tracking Router-1-Master XSR-1805_1#show running-config !! ! Version 4.254 vrrp 1 priority 250 vrrp 1 master-respond-ping vrrp 1 track FastEthernet2 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.0 vrrp 1 ip 20.0.1 no shutdown ! end XSR-1805_1# Router-2-Backup XSR-1805_2#show running-config !! ! Version 4.2 255.10.0 Secondary vrrp 1 ip 10.254 vrrp 1 ip 40.255.40.255.20.255.0 ip address 40.10.40. 19:47:17 ! hostname XSR-1805_2 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.1 VRRP monitor interface function.20.20.20.2 255. Built Mar 26 2003. Built Mar 26 2003.255.255.255.0.0 ip address 40.255.10.40.255.1 255.20.0.40.2 255.255.0 vrrp 1 ip 20.20.10.10.0 Secondary vrrp 1 ip 10.20.0.40.10.1 255.254 vrrp 1 ip 40.4.

0.1 255.161.0.10.10.2 NAT static bindings XSR-1805#show running-config !! ! Version 4. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0 no shutdown ! ip nat source static 10.255 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 134.101 134.10.0 ip nat source list 10 assigned overload no shutdown ! end XSR-1805# Configuration Guide Page 15 of 59 .10.208.255. 19:47:17 ! hostname XSR-1805 ! access-list 10 permit 10.1 255.10.100 ip nat source static 10.10.0.255.3 NAT dynamic with PAT “Port Address Translation” XSR-1805#show running-config !! ! Version 4.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 134.255.255.10.255.255.4.161.0. Built Mar 26 2003. Built Mar 26 2003.100 134.10.161.10.255.1 255.0.0.0.10.101 ! end XSR-1805# 4.208.0 0.0.208.208.1 255.161.

0 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# Configuration Guide Page 16 of 59 .11.255.255.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 dialer map ip 11.11.2 112233 ip address 11.255.13.0.255.1 255.2 131313 ip address 13.0.0 no shutdown ! interface Dialer1 dialer pool 1 encapsulation ppp dialer idle-timeout 30 dialer-group 1 dialer map ip 13.5.0. Built Mar 26 2003.10.13.13.0 Dialer Interface XSR-1805#show running-config !! ! Version 4.255. 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.11.1 255.13.10.1 255.255.11.

1 Dialer Backup interface function XSR-1805#show running-config !! ! Version 4.11.255.0 no shutdown ! interface Serial 2/0:0 backup interface Dialer0 backup delay 5 45 encapsulation ppp ip address 13. Built Mar 26 2003.0.11.13.1 255.11.255.10.10.255.1 255.0 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# Configuration Guide Page 17 of 59 .255.0.255.13. 19:47:17 ! hostname XSR-1805 ! controller e1 0/2/0 clock source internal no shutdown ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0.5.1 255.11.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 dialer map ip 11.2 112233 ip address 11.255.

Built Mar 26 2003.11.0.5.0 dialer map ip 11.0.2 112233 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# Configuration Guide Page 18 of 59 .0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 ppp authentication pap ppp pap sent-username central "password is not displayed" ip address 11.11.255.10.255.11.11.10.2 PAP for authentication PPP XSR-1805#show running-config !! ! Version 4.255.0.1 255. 19:47:17 ! hostname XSR-1805 username remote privilege 0 "password is not displayed" ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255.1 255.

0 dialer map ip 11.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 ppp authentication chap ppp chap hostname central ppp chap password iamCentral ip address 11. Now a unidirectional CHAP authentication is possible.1 255.0.1 255. Configuration Guide Page 19 of 59 .255.11.5.11.255.0.0. Built Mar 26 2003.2 112233 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# Note: If you want to authenticate via CHAP in “passive mode”.11.3 CHAP for authentication PPP XSR-1805#show running-config !! ! Version 4.255.255.11. you need to delete the line “ppp authentication chap”.10.10. 19:47:17 ! hostname XSR-1805 username remote privilege 0 cleartext iamRemote ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.

9.1.255.20.0.2 255.255 proposal ISDN ! crypto ipsec transform-set isdntr esp-3des esp-md5-hmac set pfs group2 no set security-association lifetime kilobytes ! crypto map myisdn 20 set transform-set isdntr match address 121 set peer 1.1.1 255.20.0 0.255 10.0 no shutdown ! interface Dialer1 crypto map myisdn dialer pool 1 dialer string 120 encapsulation ppp dialer-group 1 ip address 1.255.0.10. Built Dec 12 2003.0.20.10.10.10.0 no shutdown ! ip route 10.2 access-list 121 permit ip 20.255 ! crypto isakmp proposal ISDN authentication pre-share ! crypto isakmp peer 1.255.0 0.0.1.0 0.1 VPN via Dialer Interface rtr1 XSR-1805-1#show running-config !! ! Version 6.2 ! dialer-list 1 protocol ip list 101 ! end XSR-1805-1(config)#aaa user 1.1.1.20.0.0.2 XSR-1805-1(config-aaa)#password XSR XSR-1805-1# Configuration Guide Page 20 of 59 .0 1.0 0.255.255.2 ! interface FastEthernet 1 ip address 20.1.10.1.255.5.1.1.1 255.20.0.0 255.1.0.0.1.255.10.1.20.4.255 10.0.255 access-list 101 permit ip any host 1. 14:56:30 ! hostname XSR-1805-1 ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 101 permit ip 20.255.

10.1 255. Built Dec 12 2003.10.1 255.10.20.1.0.255.1.9.255.0 1.1 XSR-1805-1(config-aaa)#password XSR XSR-1805-2# Configuration Guide Page 21 of 59 .1.0.20.1.255.2 VPN via Dialer Interface rtr2 XSR-1805-2#show running-config !! ! Version 6.0 no shutdown ! ip route 20.255 20. 14:56:30 ! hostname XSR-1805-2 ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip 10.0 0.20.1.1 ! interface FastEthernet 1 ip address 10.20.255 proposal ISDN ! crypto ipsec transform-set isdntr esp-3des esp-md5-hmac set pfs group2 no set security-association lifetime kilobytes ! crypto map myisdn 10 set transform-set isdntr match address 130 set peer 1.4.5.0 0.255.20.0.255 access-list 102 permit ip any host 1.1.1.20.0.0.0.10.255.0 no shutdown ! interface Dialer1 crypto map myisdn dialer pool 1 dialer string 110 encapsulation ppp dialer-group 1 ip address 1.255.255.1.1.1 access-list 130 permit ip 10.0 0.10.2 255.10.0 0.255 ! crypto isakmp proposal ISDN authentication pre-share ! crypto isakmp peer 1.1 ! dialer-list 1 protocol ip list 102 ! end XSR-1805-1(config)#aaa user 1.0.0.255.0.255 20.1.1.0.1.0 255.

2 120 dialer map ip 1. – The username must be configured under the dialer interface using the dialer remote-name command.0 ! dialer-list 1 protocol ip list 120 ! end XSR-central# Note: Incoming calls may be mapped to a dialer interface based on the PPP authenticated username if the following conditions are met: – Interface dialer 0 is needed for the desired PPP authentication (e.255.2 ip route 20.0. Built Dec 12 2003.1.1.255 area 0.1.30.255.30.1.1.10.0 0.1 255.0.1.20.20.1.0. 14:56:30 ! hostname XSR-central ! username remote1 privilege 0 password cleartext xsr1 username remote2 privilege 0 password cleartext xsr2 ! controller e1 0/1/0 pri-group isdn bchan-number-order ascending no shutdown dialer pool-member 1 priority 10 ! access-list 120 permit ip any any ! interface FastEthernet 1 ip address 10.255.0 no shutdown ! interface Dialer0 multi-point dialer pool 1 encapsulation ppp multilink load-threshold 20 dialer caller 120 callback dialer caller 140 callback dialer-group 1 dialer map ip 1.0.0 0.0.0 0.0.20.1 Dialer Int. ppp authentication pap).255 1.10.1.0 ppp authentication pap ppp pap sent-username central password xsr ppp multilink no shutdown ! ip router-id 1.5.0.255.3 140 ip address 1.1.1.255 1.. Configuration Guide Page 22 of 59 .1. PRI to BRI with D-channel-callback central-site XSR-central#show running-config !! ! Version 6.1 ! ip route 10.255 area 0.0.0 0.0.9.3 ! router ospf 1 network 1.5.1 255.0 network 10.g.0.1.0.1.0.1.0.20.0.

1.2 ! ip route 0.0 ppp authentication pap ppp pap sent-username remote1 password xsr1 ppp multilink no shutdown ! ip router-id 1.0.0 0.255.1. PRI to BRI with D-channel-callback remote1-site remote1#show running-config !! ! Version 6.0 1.5.0.0 no shutdown ! interface Dialer1 dialer pool 1 dialer string 210 encapsulation ppp dialer remote-name central dialer-group 1 ip address 1.1.0 0.2 255.255.0.0.10.2 Dialer Int.0.9.255 area 0.10.0.1 ! router ospf 1 network 10.0.0.1.0.255.0.255 area 0.1. Built Dec 12 2003.0.0.1 255.1.0.10.0.0 0.5.0 network 1.1.1.0 ! dialer-list 1 protocol ip list 102 ! end remote1# Configuration Guide Page 23 of 59 .10.255. 14:56:30 ! hostname remote1 ! username central privilege 0 password cleartext xsr ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip any any ! interface FastEthernet 1 ip address 10.

255.0.0 ! dialer-list 1 protocol ip list 130 ! end remote2# Configuration Guide Page 24 of 59 .0.0.1.0 network 1.0.1.0.0.5.1.0 0.0.0.255 area 0.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 210 encapsulation ppp dialer-group 1 ip address 1.20. PRI to BRI with D-channel-callback remote2-site remote1#show running-config !! ! Version 6.0 0.1. Built Dec 12 2003.20.255 area 0.0.1.3 255.20.0 0.0. 14:56:30 ! hostname remote2 ! username central privilege 0 password cleartext xsr ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 10 ! access-list 130 permit ip any any ! interface FastEthernet 1 ip address 20.255.1 255.0.0.0 1.255.5.0.0 ppp authentication pap ppp pap sent-username remote2 password xsr2 ppp multilink no shutdown ! ip router-id 1.3 Dialer Int.1.1.1.0.20.1 ! router ospf 1 network 20.9.255.3 ! ip route 0.

255.255.0.11.0 ISDN config for BRIx/x 6.2 112233 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# XSR-1805(config-if<BRI-1/0>)#isdn switch-type ? basic-dms100 basic-net3 basic-ni1 basic-ntt XSR-1805(config-if<BRI-1/0>)#isdn switch-type basic-net3 Configuration Guide Page 25 of 59 .255.1 ISDN switch type changing XSR-1805#show running-config !! ! Version 4.1 255. Built Mar 26 2003.10.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 ip address 11.255.1 255.6.0 dialer map ip 11.0.11.11. 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.11.10.0.

11.10.2 112233 no shutdown ! dialer-list 1 protocol ip list 110 ! end XSR-1805# Configuration Guide Page 26 of 59 .11. Built Mar 26 2003.255. 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer caller 112233 callback dialer remote-name XSR-Remote dialer idle-timeout 30 dialer-group 1 ip address 11.2 ISDN callback XSR-1805#show running-config !! ! Version 4.11.255.0.1 255.0.0 dialer map ip 11.10.0.6.11.1 255.255.

0.255.1 255.255.1 ! end XSR-1805# Configuration Guide Page 27 of 59 . 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! interface bri 1/1 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 10 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.1 120120 ip address 192.222.222.2 255.255.0 192.1 110110 dialer map ip 192.11.11.0.0 255.222.222.168.10.0.255.10.168.255. Built Mar 26 2003.168.255.0 ppp multilink no shutdown ! dialer-list 1 protocol ip list 110 ! ip route 10.0 no shutdown ! interface Dialer0 dialer pool 1 encapsulation ppp multilink load-threshold 1 multilink max-links 5 dialer-group 1 dialer map ip 192.3 ISDN multilink / ISND channel bundling XSR-1805#show running-config !! ! Version 4.6.168.

253.10.com ! end XSR-1805# Configuration Guide Page 28 of 59 .2.0 ip dhcp server no shutdown ! interface Dialer0 description "ISDN-Call-by-Call" dialer pool 1 dialer string 01920ABCD encapsulation ppp dialer-group 1 ip address negotiated ip nat source assigned overload ppp chap hostname My-User-name ppp chap password My-Password no shutdown ! ip proxy-dns enable ip proxy-dns name-server 145.10.5.10.255.253.0.0 0.10.10.25.0.11 ip proxy-dns name-server 145.0.0.6.75 ip proxy-dns name-server 194. 17:57:26 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! ip local pool 10th 10.255.255.1 255.0 Dialer0 ! dialer-list 1 protocol ip list 110 ! ip dhcp pool 10th dns-server 10.2.0.10.1 default-router 10.4 ISDN internet call-by-call ip-negotiated XSR-1805#show running-config !! ! Version 7.0 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.1 domain-name MY-Internet.0.255.2.10.10. Built Jul 28 2004.129 ip route 0.0 255.

Built Mar 26 2003.0.com "password is not displayed" no shutdown ! end XSR-1805# 7.10.0 ATM 2/0.0. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 10.0 PPPoE on Fast Ethernet interfaces 7. 11:09:28 ! hostname XSR-1805 ! interface FastEthernet1 ip address 10.1 encapsulate ppp ip address negotiated ip mtu 1492 ip nat source assigned overload ppp pap sent-username my_online-AOL@AOL.253.255.0.0 no shutdown ! interface ATM 2/0 no shutdown ! interface ATM 2/0.0.255.10.0.0.0.1 encapsulation snap pppoe ip tcp adjust-mss 1452 pvc 8/35 ip address negotiated ip mtu 1492 ip nat source assigned overload ppp chap hostname ar01149601067 ppp chap password "password is not displayed" no shutdown ! ip proxy-dns enable ip proxy-dns name-server 145. Built Sep 14 2003.10.1 ! end XSR-1805# Configuration Guide Page 29 of 59 .1 255.10.0 0.1 IP-address negotiation for PPPoE XSR-1805#show running-config !! ! Version 4.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2-4-PPPoE" no shutdown ! interface FastEthernet2.7.1 255.2 PPPoE on ADSL interface with chap authentication XSR-1805#show running-config !! ! Version 6.255.0.2.0.0.11 ip route 0.

Built Mar 3 2004.0.0.0.10.0.10.10.0 exclude 10. 19:21:29 ! hostname XSR-1805 ! ip local pool Home 10.255.10.10.0 ATM 2/0.smith@b-broadband.0.0 255.255.3 PPPoA on ADSL interface with chap authentication XSR-1805#show running-config !! ! Version 7.7.0 0.com ppp chap password "password is not displayed" no ppp keepalive no shutdown ! ip proxy-dns enable ip proxy-dns name-server 145.2.2 99 ! interface FastEthernet1 description "Home LAN" ip address 10.255.1 description "B-Broadband ADSL" encapsulation mux pppoa pvc 0/38 oam-pvc ip tcp adjust-mss 1400 ip address negotiated ip mtu 1492 ip nat source assigned overload ppp chap hostname john.0.11 ip route 0.1 255.253.0 no ip directed-broadcast ip firewall disable ip dhcp server no shutdown ! interface ATM 2/0 description "ADSL-via-B-Broadband" no shutdown ! interface ATM 2/0.10.1 ! end XSR-1805# Configuration Guide Page 30 of 59 .0.255.

123 key My-Radius auth-port 1645 acct-port 1646 attempts 4 retransmit 3 timeout 10 qtimeout 0 ! end XSR-1805# Configuration Guide Page 31 of 59 .255.10.0.10. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.8. Built Mar 26 2003.10.255.0.0.0 no shutdown ! aaa method radius logon default enable group DEFAULT address ip-address 10.1 255.0 AAA Authentication Authorization Accounting Radius XSR-1805#show running-config !! ! Version 4.10.

1 SSH / Telnet SSH and Telnet are enabled by default XSR-1805#show running-config !! ! Version 4.10.255.10.2 SYSLOG function.0.10.1 255.10.0.10.8. Server local-buffer XSR-1805#show running-config !! ! Version 4. 19:47:17 ! hostname XSR-1805 ! ip ssh server disable ip telnet server disable ! interface FastEthernet1 description "LAN-Interface1" ip address 10.1 255.0 no shutdown ! end XSR-1805# Configuration Guide Page 32 of 59 .255.255.0.100 logging Console low logging Monitor high logging Buffered debug logging SNMP medium ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0.10. 19:47:17 ! hostname XSR-1805 logging 10. Built Mar 26 2003.0 no shutdown ! end XSR-1805# 8.255.0.0. Built Mar 26 2003.

111 traps public snmp-server location "ENTERASYS_NETWORKS" snmp-server contact "TEST_XSR_FUNCTION" snmp-server enable ! end XSR-1805# 8.111 informs version 3 priv v3Admin snmp-server engineID remote 10.10. Configuration Guide Page 33 of 59 .10.0.111 traps public snmp-server host 10.10. 19:47:17 ! hostname XSR-1805 logging 10.10.1 255. 11:09:28 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10. Built Mar 26 2003.0.3 SNMP configuration /contact/location/parameter XSR-1805#show running-config !! ! Version 4.10.0.255.255.10.10.0.4 SNMP v1/v2/v3 XSR-1805#show running-config !! ! Version 6.0 no shutdown ! snmp-server group v3grp v3 auth read v3v write v3v notify v3v snmp-server user v3Admin v3grp v3 auth md5 v3md5PWD priv des56 v3desPWD snmp-server view v3v internet included snmp-server host 10. Built Sep 14 2003.10.10.111 800015F8030001F48EF82F snmp-server user v3Admin v3grp remote 10.255.8.111 v3 auth md5 v3md5PWD priv des56 v3desPWD snmp-server enable traps snmp-server location "ENTERASYS_NETWORKS" snmp-server contact "XSR_v3_FUNCTION" snmp-server enable ! end XSR-1805# Note: SNMP User and Password will not displayed in config-file.0. Use “show SNMP user” to verify the user config.10.0.10.10.100 logging Console low logging Monitor high logging Buffered debug logging SNMP medium ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0 no shutdown ! snmp-server community private rw snmp-server community public ro snmp-server enable traps snmp-server host 10.10.10.10.10.1 255.255.

255. Built Mar 26 2003.2 255.10.2 ! end XSR-1805_1# XSR-1805_1(config)#aaa user 20.0.255.10.0.2 mode tunnel ! interface FastEthernet1 description "LAN-Interface1" ip address 10.20.255.0 255.20. 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 10.20.80.255.0 20.20.20.0.1 255.2 XSR-1805_1(config-aaa)#password XSR Configuration Guide Page 34 of 59 .255 ! crypto isakmp peer 20.10.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" crypto map c-map1 ip address 20.80.255.20.0.0 0.0 no shutdown ! ip route 80.80.255.10.0.20.0.255.80.20.0.255.255 80.9.0 0.0r1 VPN IPSEC site-to-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 4.20.1 255.255 proposal prop-map1 config-mode gateway ! crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2 set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601 ! crypto map c-map1 75 set transform-set VPN-3des match address 101 set peer 20.20.

20.0 0.1 ! end XSR-1805_2# XSR-1805_2(config)#aaa user 20.1 255.20.255.255.0.0r2 VPN IPSEC site-to-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 4.2 255.80.9. 19:47:17 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 80.80.0.10.20.10.1 XSR-1805_2(config-aaa)#password XSR Configuration Guide Page 35 of 59 .255 ! crypto isakmp peer 20.255.0.255.20.20. Built Mar 26 2003.20.20.20.0.0 0.255.0 255.80.0 no shutdown ! ip route 10.10.255.255.0.0.255 10.255 proposal prop-map1 config-mode gateway ! crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2 set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601 ! crypto map c-map1 75 set transform-set VPN-3des match address 101 set peer 20.1 255.20.255.0 20.20.80.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" crypto map c-map1 ip address 20.0.10.1 mode tunnel ! interface FastEthernet1 description "LAN-Interface1" ip address 80.

80.0 0.80.80.255.254 ! ip host labor-enterasys 192.20.20. Built Mar 26 2003.0.0.224.255 any ! crypto isakmp peer 20.22 ! end XSR-1805_1# Configuration Guide Page 36 of 59 .224.2 255. 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication rsa-sig group 5 lifetime 10800 ! access-list 101 permit ip 10.20.255.255 proposal prop-map1 config-mode gateway ! crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2 set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601 ! crypto map c-map1 75 set transform-set VPN-3des match address 101 set peer 20.9.255.1 255.255.1 ip route 0.0 no shutdown ! ip route 10.168.0 0.0.20.22 ip host Enterasys-Networks-CA 192.0 80.1 VPN IPSEC site-to-site tunnel certification PKI XSR-1805_1#show running-config !! ! Version 4.10.20.1 mode tunnel ! interface FastEthernet1 description "LAN-Interface1" ip address 80.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" crypto map c-map1 ip address 20.0.10.80.255.0.10.0.168.10.0 20.20.0.1 255.20.0.0 255.255.0.255.255.20.

224. XSR-1805_1(config)#crypto ca enroll Enterasys-Networks-CA % % Start certificate enrollment Create a challenge password.168. Use 'show crypto ca certificate' to show the fingerprint. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. XSR-1805_1(config)# <186> 192.1 VPN: [PKI] The certificate is VALID XSR-1805_1(config)# Configuration Guide Page 37 of 59 . the certificate request will be sent to the Certificate Authority. XSR-1805_1(config)#crypto ca crl request Enterasys-Networks-CA <186>Jul 30 11:33:28 192.168. XSR-1805_1(config)#crypto ca identity Enterasys-Networks-CA XSR-1805_1(ca-identity)#enrollment url http://192. XSR-1805_1(config)# 4.22/certsrv/mscep/mscep.200.dll XSR-1805_1(ca-identity)#exit 2.Issue Certificate via SCEP protocol to XSR from Win Windows 2000 CA: CA: 1. Once key generation is complete. Password:**************** Re-enter password:**************** Include the router serial number in the subject name (y/n) ? y The serial number in the certificate will be: 361902300157320D Request certificate from CA (y/n) ? y You may experience a short delay while RSA keys are generated. this may take a while. For security reasons your password will not be saved in the configuration. Please make a note of it.1 PKI: A crl has been requested for Enterasys-Networks-CA.200.132 PKI: A certificate was successfully received from the CA.168.168.224. XSR-1805_1(config)#crypto ca authenticate Enterasys-Networks-CA Certificate has the following attributes: Fingerprint: 6AEBAF4C 51B85B4C 297F12F0 D3442FF6 Do you accept this certificate (y/n) ? y 3. a message will be displayed when the crl has been <191>Jul 30 11:33:28 192.

... 10:21:11 GMT Valid To: 2004 Jul 2nd..com.1. CN=LABOR-ETS-CA Valid From: 2003 Jul 2nd. 03:06:16 GMT Issuing CDP: http://labor-enterasys/CertEnroll/LABOR-ETS. 14:45:40 GMT Valid To: 2013 Feb 11th. . . . .dll Retry Period: 5 minutes Retry Count: 3 Crl Frequency: 60 minutes Configuration Guide Page 38 of 59 . . .168.issued by LABOR-ETS State: VALID Version: V2 Issuer: MAILTO=support@enterasys.com. . 10:31:11 GMT Subject: MAILTO=labor@enterasys. 14:52:38 GMT Subject: MAILTO=labor@enterasys. CN=LABOR-ETS Valid From: 2003 Jul 2nd.com. CN=LABOR-ETS Fingerprint: 6AEBAF4C 51B85B4C 297F12F0 D3442FF6 Certificate Size: 770 bytes RA KeyEncipher Certificate . . . CN=LABOR-ETS Fingerprint: 19952ABA 0F1C6EE1 E9FB4F70 76448739 Certificate Size: 1214 bytes RA Signature Certificate .. . CN=LABOR-ETS Valid From: 2003 Jul 29th. 10:21:10 GMT Valid To: 2004 Jul 2nd.Enterasys-Networks-CA Enrollment Information: URL: http://192.9. . .224. . .1 Certification control / certificates / CRLS / CA identity XSR-1805_1#show crypto ca certificates Certificate ..com. CN=LABOR-ETS Fingerprint: 6255E200 726DED79 AA5462F2 69397A54 Certificate Size: 1214 bytes XSR-1805_1#show crypto ca crls CRL . .22/certsrv/mscep/mscep. 10:31:10 GMT Subject: MAILTO=labor@enterasys.issued by Enterasys-Networks-CA State: ENTITY-ACTIVE Version: V3 Serial Number: 458876448087542442491910 Issuer: MAILTO=support@enterasys.. 10:31:11 GMT Subject: CN=Enterasys Networks X-pedition Series .Enterasys-Networks-CA-rae State: CA-AUTHENTICATED Version: V3 Serial Number: 459107753245879167877125 Issuer: MAILTO=support@enterasys. .CN=LABOR-ETS Valid From: 2003 Feb 11th.. 14:46:16 GMT Valid To: 2003 Aug 6th. .com.Enterasys-Networks-CA State: CA-AUTHENTICATED Version: V3 Serial Number: 116081135157367679818971021752243067231 Issuer: MAILTO=support@enterasys.Enterasys-Networks-CA-ras State: CA-AUTHENTICATED Version: V3 Serial Number: 459107524969673055535108 Issuer: MAILTO=support@enterasys. 10:21:11 GMT Valid To: 2004 Jul 2nd.com. . CN=LABOR-ETS Valid From: 2003 Jul 2nd. .com.com. .crl Crl Size: 378 bytes XSR-1805_1#show crypto ca identity CA Identity ..361902300157320D Fingerprint: 30451AC4 F2626413 841522E3 2DDB98A4 Certificate Size: 1102 bytes CA Certificate .

255.2.0.3 VPN PPTP User termination XSR-1805#show running-config !! ! Version 4.0.2.0.255.1 255.0.0 255.0.141.0.1.255.130.168.0 ! ip local pool VPN 192.1 255.255.0.0.0.0 ! aaa group DEFAULT dns server primary 0.0 ip nat source assigned overload no shutdown ! interface Vpn1 multi-point ip address 192.0.0 no shutdown ! interface FastEthernet2 ip address 192.0.255.0 wins server secondary 0.168.0 dns server secondary 0.0 ip pool VPN pptp encrypt mppe auto ! end XSR-1805# XSR-1805(config)#aaa user marc XSR-1805(aaa-user)#password marc XSR-1805(config)#aaa user phil XSR-1805(aaa-user)#password phil XSR-1805(config)#aaa user bob XSR-1805(aaa-user)#password bob XSR-1805(config)#aaa user peter XSR-1805(aaa-user)#password peter XSR-1805# Configuration Guide Page 39 of 59 . Built Mar 26 2003.168.9.0 wins server primary 0.12 255.255.255.255. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 134.

255.4r1 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 6.0.1.0 0.255.0.20.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.20.2 XSR-1805_1(config-aaa)#password XSR Configuration Guide Page 40 of 59 .0.10.10.168.255.20.2 mode transport ! interface FastEthernet1 description "LAN-Interface1" ip address 10.255 area 0.0.2 set heartbeat 3 3 ip address 192.1 255.0 network 192.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" crypto map gre-map1 ip address 20.2 255.0.168.0.20.0 ip firewall disable ip ospf cost 100 ip ospf dead-interval 4 ip ospf hello-interval 1 ! router ospf 1 network 10.0 0.255.1 255.255.0.168.0 ! end XSR-1805_1(config)#aaa user 20.20.255.20. Built Sep 14 2003.1.20.2 tunnel "VPN+GRE" set protocol gre set active set peer 20.9.0.20.255.0.1.10.255 proposal prop-map1 config-mode gateway ! crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2 set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601 ! crypto map gre-map1 75 set transform-set VPN-3des match address 101 set peer 20.255 area 0.0.20. 11:09:28 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit gre any any ! crypto isakmp peer 20.10.0.1 255.255.20.

80.1 tunnel "VPN+GRE" set protocol gre set active set peer 20.80.255.0 ip firewall disable ip ospf cost 100 ip ospf dead-interval 4 ip ospf hello-interval 1 ! router ospf 1 network 80.20.0.1 255.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.4r2 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 6.20.0.0 ! end XSR-1805_2(config)#aaa user 20.0.0.255.1 XSR-1805_2(config-aaa)#password XSR Configuration Guide Page 41 of 59 .255 area 0.0 0.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" crypto map gre-map1 ip address 20.168.1 mode transport set security-association level per-host ! interface FastEthernet1 description "LAN-Interface1" ip address 80.255 proposal prop-map1 config-mode gateway ! crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2 set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601 ! crypto map gre-map1 75 set transform-set VPN-3des match address 101 set peer 20.2 255.0.0.20.1 set heartbeat 3 3 ip address 192.255.255 area 0.255.0 0.1.20.255.20.0 network 192. Built Sep 14 2003.1.9.20.0.255.255.1 255.2 255.20.0.80. 11:09:28 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit gre any any ! crypto isakmp peer 20.80.1.20.168.0.20.168.0.20.0.

255.10.20.20.2 set heartbeat 3 3 ip address 192.1.168.255 area 0.1.1 255.0 0.20.0.10.1 255.0 ip firewall disable ip ospf cost 100 ip ospf dead-interval 4 ip ospf hello-interval 1 ! router ospf 1 network 10.0. Built Sep 14 2003.255.0.255 area 0.255.168.0 no shutdown ! interface FastEthernet 2 description "LAN-Interface2" ip access-group 101 out ip address 20. 11:09:28 ! hostname XSR-1805_1 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 10.0.20.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.0 network 192.2 tunnel "VPN+GRE" set protocol gre set active set peer 20.255.255.10.168.0 0.0.1 255.0.255.0 ! end XSR-1805_1# Configuration Guide Page 42 of 59 .0.0.5r1 GRE native site-to-site tunnel Router-1 XSR-1805_1#show running-config !! ! Version 6.9.0.1.0.10.0.

0.0 ! end XSR-1805_2# Configuration Guide Page 43 of 59 .1.255 area 0.0 0.20.20.1 255.1 set heartbeat 3 3 ip address 192.0.255.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.168.80.1.0. 11:09:28 ! hostname XSR-1805_2 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 80.0.0.0.255.0 0.255.255.0.80.168.255 area 0.255.0 no shutdown ! interface FastEthernet 2 description "LAN-Interface2" ip access-group 101 out ip address 20.5r2 GRE native site-to-site tunnel Router-2 XSR-1805_2#show running-config !! ! Version 6.80.2 255. Built Sep 14 2003.0.2 255.1.0 network 192.255.80.0.0 ip firewall disable ip ospf cost 100 ip ospf dead-interval 4 ip ospf hello-interval 1 ! router ospf 1 network 80.9.0.20.0.168.1 tunnel "VPN+GRE" set protocol gre set active set peer 20.20.

10.255.20.0. Built Mar 26 2003.1 255. 19:47:17 ! hostname XSR-1805 ! class-map DSCP_EF match access-group 2 match ip dscp EF ! policy-map DSCP_EF class DSCP_EF priority high 12000 ! access-list 2 permit 10.0 service-policy output DSCP_EF no shutdown ! end XSR-1805# DSCP default values: af11 Match packets with AF11 DSCP (001010) af12 Match packets with AF12 DSCP (001100) af13 Match packets with AF13 DSCP (001110) af21 Match packets with AF21 DSCP (010010) af22 Match packets with AF22 DSCP (010100) af23 Match packets with AF23 DSCP (010110) af31 Match packets with AF31 DSCP (011010) af32 Match packets with AF32 DSCP (011100) af33 Match packets with AF33 DSCP (011110) af41 Match packets with AF41 DSCP (100010) af42 Match packets with AF42 DSCP (100100) af43 Match packets with AF43 DSCP (001010) cs1 Match packets with CS1 DSCP (001000) cs2 Match packets with CS2 DSCP (010000) cs3 Match packets with CS3 DSCP (011000) cs4 Match packets with CS4 DSCP (100000) cs5 Match packets with CS5 DSCP (101000) cs6 Match packets with CS6 DSCP (110000) cs7 Match packets with CS7 DSCP (111000) default Match packets with default DSCP (000000) ef Match packets with Expedited Forwarding (EF) DSCP (101110) Configuration Guide Page 44 of 59 .0.255.20.10.10.255.0 0.255.10.255 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.0.1 255.0.1 DIFFSERV DSCP field addressing XSR-1805#show running-config !! ! Version 4.10.0.

10.13.10.1 Firewall configuration XSR-1805#show running-config !! ! Version 4.1 10.168.13.224.13.13.0.0.1 192.255.1 255.255.255 internal ip firewall network 10 10.255.168.1 13.11.0 no shutdown ! interface Loopback0 description "internal_loopback_Private" ip address 13.10.133 255.10.255 internal ! ip firewall network-group g192 192 ip firewall network-group g13 13 ip firewall network-group g10 10 ip firewall network-group g10+g13 13 10 ! ip firewall policy inSSH g192 g13 SSH allow-log bidirectional ip firewall policy inTelnet g10+g13 g10+g13 Telnet allow-log bidirectional ip firewall policy FTP_okay g10 g192 FTP allow bidirectional ip firewall policy HTTP_okay g10 g192 HTTP allow bidirectional ! ip firewall load ! end XSR-1805# Configuration Guide Page 45 of 59 .1 255.224.0. 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "Interal_network_Private" ip address 10.255.0.10.0 no shutdown ! interface FastEthernet2 description "External_network_Intranet" ip address 192.255.224.255 external ip firewall network 13 13.255.13.13. Built Mar 26 2003.168.0 no shutdown ! ip firewall network 192 192.

1 Vlan configuration 802.255.30. Built Sep 14 2003.1 255.11. 11:09:28 ! hostname XSR-1805 ! interface FastEthernet 1 description "UnTagged-Native-Interface" ip address 11.255.20.20.255.1 255.0 no ip proxy-arp no shutdown ! interface FastEthernet 1.255.10 description "vlan 10 tagged" vlan 10 ip address 10.255.10.12.20 description "vlan 20 tagged" vlan 20 ip address 20.0 no ip proxy-arp no shutdown ! end XSR-1805# Configuration Guide Page 46 of 59 .255.255.1 255.10.30 description "vlan 30 tagged" vlan 30 ip address 30.0.0 no ip proxy-arp no shutdown interface FastEthernet 1.255.1 255.0.0.30.11.0 no ip proxy-arp no shutdown ! interface FastEthernet 1.1q tagged routing XSR-1805#show running-config !! ! Version 6.

0.0.0 ip pim sparse-mode no shutdown ! interface FastEthernet2 ip address 192.255.0.0 ! !MULTICAST ip multicast-routing ip pim bsr-candidate Loopback0 32 210 ip pim rp-candidate Loopback0 group-list 1 priority 10 ! end XSR-1805# Configuration Guide Page 47 of 59 .255.0.1 255.255.1 255.0. Built Jul 28 2004.0.255.0.11.0 15.10.0.5.255.11.0.5 ! XSR-1850 ! Software: ! Version 7.0 0.11.0 ip pim sparse-mode no shutdown ! interface Loopback0 ip address 11.0 network 11.10.0 0.224.0.255.0.255.1 ! !OSPF router ospf 1 network 10.13.168.1 0.131 255.10.224.168.11.255 ! !INTERFACE AND SUB-INTERFACE interface FastEthernet1 ip address 10. 17:57:26 ! hostname XSR-1805 ! access-list 1 permit 224.0.0 network 192.0.10.255 ip pim sparse-mode no shutdown ! !IP ip router-id 11.11.255 area 0.0.0.0.0 area 0.255 area 0.1 PIM Multicast routing XSR-1805#show running-config !PLATFORM ! CLI version 1.11.255.

10 Traceroute to 10.10.10.1.10.Appendix: Appendix: Important commands for using the XSR platform: A1.10.10.10. 19:47:17 CLI revision 1. 23 minutes. Flash.10. 40 byte packets 1 10.2 Software file is "xsr1800. Bootrom. System Uptime XSR-1805#show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc.fls" without VPN.10: time=1ms Reply from 10. RAM.02. Received = 5.10.10. 30 hops max.10. 14:03:08 Software: Version 4.10.10 from 10.10. Built Mar 26 2003.0.10.00 ms XSR-1805# Configuration Guide Page 48 of 59 .10.0.10: Packets: Sent = 5. Hardware: Processor board ID: 9002854-02 REV0A Serial Number: 361903091537210L Processor: IBM PowerPC 405GP Rev. D at 200MHz RAM installed: 32MB Flash installed: 8MB on processor board CompactFlash not present Real Time Clock FastEthernet 1 FastEthernet 2 Rev 0 H/W Encryption Accelerator Rev 1 Empty NIM slot 1 Empty NIM slot 2 Empty internal NIM slot 3 Bootrom: Version 2.10. XSR-1805# XSR-1805# A1.10: time=1ms Ping statistics for 10.10: time=1ms Reply from 10.10 2.10 Reply from 10.10: time=1ms Reply from 10.1 show version . Lost = 0 XSR-1805# XSR-1805#traceroute 10.10.10: time=1ms Reply from 10.Software.10. 2 hours.10.0.10.10.00 ms 2. Built Feb 24 2003.10.2 ping & traceroute XSR-1805#ping 10. without Firewall XSR-1805 uptime is 0 days.10.00 ms 2.

3 show interface .10. and is active.4 telnet to other routers XSR-1805#telnet ? A. The device is in polling mode.10.10.99 .10.10.99 Trying 10. The bandwidth is 100 Mb/s. The physical link is currently up. subnet mask is 255.C.255.D IP address of telnet server XSR-1805#telnet 10.. Other Interface Statistics: ifindex 0 ifType 6 ifAdminStatus 1 ifOperStatus 1 ifLastChange 01:10:36 ifInOctets 155686754 ifInUcastPkts 751980 ifInNUcastPkts 5288 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutOctets 147786961 ifOutUcastPkts 734848 ifOutNUcastPkts 1358 ifOutDiscards 0 ifOutErrors 0 ifOutQLen 256 XSR-1805# A1. The current operational duplex mode is negotiated to full. The last driver error is '(null)'..1.0 The name of this device is Eth1.A1.10. The duplex mode is set to auto-negotiated. XSR-1805# Configuration Guide Page 49 of 59 .IP address. The MTU is 1500. duplex. The primary MAC address is (in hex) 00:01:f4:a3:5d:92. The speed is set to auto-negotiated. statistics. speed. The current operational speed is negotiated to 100 Mb/s. errors XSR-1805#show interface FastEthernet1 is Admin Up Description: LAN-Interface1 Internet address is 10.B.255.

A1.5 flash:/ cflash:/ .568 bytes total XSR-1805# XSR-1805# cd copy delete dir help more pwd rename Change current directory Copy from one file to another Delete a file List files on a filesystem Description of the interactive help system Display the contents of a file Display current working directory Rename a file within a file system XSR-1805# XSR-1805#copy ? cflash: flash: running-config startup-config tftp: Copy Copy Copy Copy Copy from from from from from cflash: file system flash: file system current system configuration startup configuration tftp: file system XSR-1805# A1.dir.369.fls persistent-data startup-config private-config 2.fls Verifying flash:xsr1800.381...536 bytes free 6. copy commands XSR-1805#dir Listing Directory flash:/ size -------4000669 1777 308 21 date -----JUN-26-2003 OCT-01-2003 OCT-01-2003 OCT-01-2003 time -----11:00:12 12:46:40 12:46:40 12:46:40 name -------xsr1800. File chksum=0xba45 Router size=11769944 sum=0x2b10 compressed_size=3713722 entry=0x10000 Diagnostics size=894636 sum=0xa0db compressed_size=286907 entry=0x10000 OK XSR-1805# Configuration Guide Page 50 of 59 . rename.fls file .6 verify the flash file checksum XSR-1805#verify flash:xsr1800.

0 errors.255. Inbound access list is not set. 0 discards.1. 5900 unicast packets.224.OSPF NSSA external type 2 E1 . D .224. FastEthernet2 [0001] via 192. IA-OSPF interarea N1 . 0 errors. 3272 unicast packets.default route originated from default net C * S 192.B1.0.1.OSPF NSSA external type 1. N2 .168.168.f425. Inbound access list is not set.255. show ip interface XSR-1805#show ip interface FastEthernet1 is Admin Up Internet address is 10.132 - Hardware Address Type Interface 00a0. 0 unicast packets.0.168.224.224. FastEthernet2 is Admin Up Internet address is 192.0 Rcvd: 0 octets.255. 0 unicast packets. 0 discards.255.10. Proxy ARP is enabled. O-OSPF. Sent: 177264 octets.candidate default.224. Proxy ARP is disabled.132.0/24 0. R-RIP. Router discovery is disabled. Sent: 0 octets. subnet mask is 255.168. MTU is 1500 bytes. 0 discards.10. XSR-1805# Configuration Guide Page 51 of 59 .1 show ip arp XSR-1805#show ip arp Protocol Internet Internet Address Age(min) 192. Outgoing access list is not set.c9c8.168. 5472 unknown protocol. E2 .0SPF external type 1. Router discovery is disabled.0/0 [0001] directly connected. S-static. Outgoing access list is not set. subnet mask is 255.0 show ip route XSR-1805#show ip route Codes: C-connected. 0 errors. MTU is 1500 bytes.c2b2 ARPA FastEthernet2 XSR-1805# B1. FastEthernet2 XSR-1805# B1. 0 errors. Directed broadcast is enabled. 0 unknown protocol.004f ARPA FastEthernet2 0001.0SPF external type 2 * . Helper address is not set. Directed broadcast is enabled. 0 discards. Helper address is not set.11 192.0 Rcvd: 8932656 octets.

1 Proposals --------VPN-3des Page 52 of 59 .0 0000003976/0000003949 XSR-1805_2# C1. 0 ==> 80.75 IPSec Policy Rule Table Name ---c-map1. ANY.2 XSR-1805_2# Destination ----------20.20. Life=3015S/999623KB XSR-1805_2# C1.1 Lifetime ------10268 C1.2 show crypto ipsec sa XSR-1805_2#show crypto ipsec sa 10. Life=3015S/999571KB 80.80. Transform=3DES/HMAC-SHA. ANY. 0 : 6663 packets ESP: SPI=cb2df6f0.0/24.20.75 XSR-1805_2# ACL --101 Configuration Guide Disp Mode Bundle Gateway -----------.80. 13:21 IPSEC (Unknown) 0.10.10.20. ANY. 0 ==> 10.80.0 show tunnels XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Peer IP Proto Username Packets In/Out 40000001 12/02/03.0/24. 0 : 6651 packets ESP: SPI=637d49f.20.10.0.3 show crypto map XSR-1805_2#show crypto map Crypto Map Table Name -------c-map1 Policy rule list ------------------------------c-map1.20.0/24.C1.0/24.20.10.80.------Process Tunnel SPD 20. Transform=3DES/HMAC-SHA.0. ANY.1 show crypto isakmp sa XSR-1805_2#show crypto isakmp sa Connection-ID State Source ------------------------------1 QM_IDLE 20.

20.0/24 [ 0/0001] directly connected.C1.1 0000003528/0000002552 XSR-1805_2# C1.20.168. O-OSPF. FastEthernet 1 C 20.20. R-RIP. 16:14 GRE 20. 0 : 3813 packets ESP: SPI=f56d8f4. Transform=3DES/HMAC-SHA.7 show ip route / GRE via IPSEC XSR-1805_2#show ip route Codes: C-connected.5 show interface vpn / GRE via IPSEC XSR-1805_2#show interface vpn Vpn1 is Admin Up Internet address is 192. GRE.20.20.20.2/32.1.168.0/24 [ 0/0001] directly connected. This interface includes the VPN tunnel 'VPN+GRE'.80.0SPF external type 2 * .1. GRE. N2 .0/24 [ 0/0001] directly connected.20.1.OSPF NSSA external type 1. subnet mask is 255. The identity used to initiate the tunnel is 'n/a' The tunnel's current state is Connected.default route originated from default net C 192.20. Vpn1 XSR-1805_2# Configuration Guide Page 53 of 59 .10. 0 ==> 20.80.255. GRE. IA-OSPF interarea N1 .168.4 show tunnels / GRE via IPSEC XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Peer IP Proto Username Packets In/Out 40000001 12/02/2003.1 is enabled.OSPF NSSA external type 2 E1 . GRE.255. The tunnel encapsulation protocol is GRE.2.1/32.6 show crypto ipsec sa / GRE via IPSEC XSR-1805_2#show crypto ipsec sa 20.1.2/32.20. FastEthernet 2 O 10. XSR-1805_2# C1.1/32.candidate default. The tunnel peer's Internet IP address is 20. Vpn1 C 80. D .0SPF external type 1.20.1.20.20.0/24 [108/0110] via 192. S-static.20. 0 ==> 20. Life=1961S/999796KB 20.1.20. 0 : 2709 packets ESP: SPI=5e39f5c0. E2 . Transform=3DES/HMAC-SHA. Life=1961S/999718KB XSR-1805_2# C1.10.0 Multicast redirect to 192.168.

Helper address is not set. Proxy ARP is enabled. : 1. Outgoing access list is not set. IP Policy Based Routing is not enabled.255. 6 unicast packets.: 40e4be30 DMT state: 41 OAM counters: ifInOctets ifInUcastPkts ifInDiscards ifInErrors ifOutOctets ifOutUcastPkts ifOutDiscards ifOutErrors total_count tx_notready tx_toomany 00258672 00005390 00000002 00000000 00000000 00000000 00000000 00000000 50 0 0 UNK counters: ifInOctets ifInUcastPkts ifInDiscards ifInErrors ifOutOctets ifOutUcastPkts ifOutDiscards ifOutErrors 00278016 00002773 00000000 00000000 00000000 00000000 00000000 00000000 Cells: AIS in RDI in RDI out CC in CC out LBBK in LPBK out 00000000 00000000 00000000 00000000 00000000 00000000 00000000 XSR1805-ADSL# Configuration Guide Page 54 of 59 . 0 discards. 0 errors.1 show ip interface atm 1/0.1 XSR1805-ADSL#show ip interface atm 1/0. 0 unknown protocol. subnet mask is 255. Directed broadcast is enabled.fls DSP File Rev.D1.1 is Admin Up Internet address is 212. 0 discards.2 show controllers atm 1/0 XSR1805-ADSL#show controllers atm 1/0 ********** ATM Controller Stats ********** ATM 1/0 DSP Image File: cflash:adsl. Sent: 800 octets.0. 8 unicast packets.1 DSP Image Rev.161. MTU is 1492 bytes.0. 0 errors. XSR1805-ADSL# D1.184.1 ATM 1/0. Inbound access list is not set.76.255 Rcvd: 766 octets.255.

1 ********** ATM Sub-Interface Stats ********** ATM 1/0. ATM PassData is TRUE FE: Admin Up / Oper Up PPPoE: Oper Up ********** Driver Virtual Circuit Stats ********** VPI/VCI 1/32: ccRx1 42 ccRx2 42 received-adslr1 42 noeop 0 crc 0 wor 0 ovr 0 toomany 0 stop 0 be1 0 be2 0 receivertnerr 0 nonewmblk 0 receivertnnull 0 tx_null_mblk 0 tx_no_enable 0 tx_length_err 0 sent-adslt 50 tx_no_free_slots 0 tx_no_showtime_loop 0 XSR1805-ADSL# Configuration Guide Page 55 of 59 .D1.3 show controllers atm 1/0.1 XSR1805-ADSL#show controllers atm 1/0.1 Packet Processor Tx Scheduler Stats: Output Q length is 0/40/40(5) 48 Packet Tx OK 0 Packet not Tx: drop 0 Packet not Tx: MUX END_ERR_BLOCK 0 Packet not Tx: MUX ERROR 0 Packet not Tx: Unknown Msg from MUX Statistic Counters: Rx PacketTotalCount 42 Rx PacketDiscardCount 0 Rx MuxHeaderError 0 Rx SnapHeaderError 0 Rx PPPoEethTypeError 0 Rx PPPoEethTypeARP 0 Rx PPPoEethTypeIP 0 Rx PPPoEethTypeRARP 0 Tx PacketTotalCount 50 Tx PacketDiscardCount 0 ********** ATM Data Object Stats ********** Upper Adjacent is CONNECTED and UP.

General info: ifindex ifType ifAdminStatus ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen AAL5 in AAL5 out HEC errors AIS F4 RDI F4 CC F4 LPBK F4 0 94 1 1 00:16:09 539868 8205 0 2 0 0 5184 50 0 0 0 50 42 50 0 0 0 0 0 VPI/VCI 1/32 AIS/F5 00000000 AAL5 00000042 RDI/F5 00000000 CC/F5 00000000 LPBK/F5 00000000 AIS/RDI XSR1805-ADSL# Configuration Guide Page 56 of 59 .D1.4 show interface atm 1/0 XSR1805-ADSL #show interface atm 1/0 ********** ATM Interface Stats ********** ATM 1/0 is Admin Up / Oper Up Description: "ADSL-connection" The name of this device is adsl. The downstream data rate is 928 kbit/sec. Administrative State is ENABLED Operational State is UP. The upstream data rate is 192 kbit/sec.

subnet mask is 255.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.5 show interface atm 1/0.1 is Admin Up / Oper Up Internet address is 212.D1.255.255.161. ifindex ifType ifAdminStatus ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 94 1 1 00:16:09 3180 42 0 0 0 0 5184 50 0 0 0 50 XSR1805-ADSL# Configuration Guide Page 57 of 59 .1 XSR1805-ADSL #show interface atm 1/0. Administrative State is ENABLED Operational State is UP Circuit monitoring disabled. VPI is 1.76. VCI is 32.184.255 LCP State: OPENED IPCP State: OPENED PPPoE is Oper Up The logical link is currently Up The Name of the Access Concentrator is ERX1400 The Session Id is 0x0054 The MAC Address of the Access Concentrator is 0x00:90:1a:01:03:84 The MTU is 1492 The name of this device is adsl-0.

1: PPP is Admin Up / Oper Up LCP Current State: OPENED IPCP Current State: OPENED LCP STATS Total Rcv Total Rcv Total Rcv Total Rcv Total Total Total Total Rx Rx Rx Rx Tx Tx Tx Tx Pck: Control Pck: Data Pck: Pck Discarded: Pck: Control Pck: Data Pck: Pck Discarded: Control Control Control Control Pck Pck Pck Pck Discarded: Error: Unknown protocol: Too Long: LocalToRemoteProtocolCompression: RemoteToLocalProtocolCompression: LocalMRU: RemoteMRU: ReceiveFcsSize: TransmitFcsSize: 40 26 14 0 33 25 8 0 0 0 0 0 Disabled Disabled 1500 1492 16 16 LQR STATS No LQM Monitoring Remote Authentication: CHAP authentication success with LCP CONFIGURATION InitialMRU: MagicNumber: FcsSize: LQR CONFIGURATION Period: Status: 1500 true 16 10 sec Disabled XSR1805-ADSL# Configuration Guide Page 58 of 59 .1 ********** PPP Stats ********** ATM 1/0.6 show ppp interface atm 1/0.D1.1 XSR1805-ADSL#show ppp interface atm 1/0.

All rights reserved.enterasys.com To expedite your message.enterasys. and Canada) For the Enterasys Networks Support toll-free number in your country: http://www.Getting Help For additional support related to the XSR.com Login: anonymous Password: Email address Acquire the latest image and Release Notes http://www. FTP ftp://ftp. please type [xsr] in the subject line. Lit.enterasys. #9013653 5/05 Configuration Guide Page 59 of 59 .com techwriting@enterasys. Inc.com/download/ Additional documentation / manuals http://www. All contents are copyright © 2004 Enterasys Networks.com/support/manuals Forward comments or suggestions techwriting@enterasys. contact Enterasys Networks using one of the following methods: World Wide Web http://www. and include the document Part Number in the Email.enterasys.enterasys.com Phone (978) 684-1000 1-800-872-8440 (toll-free in U.com/support/gtachttp://www.html mail mailto:support@enterasys.S.enterasys.com To expedite your message.com/support/gtac-all. type [techwriting] in the subject line.

Sign up to vote on this title
UsefulNot useful