2. Computers & electronics
  3. Software
  4. Alcatel-Lucent
  5. OmniAccess 5740

Alcatel-Lucent OmniAccess 5740 Cli Configuration Manual

  • Hello! I am an AI chatbot trained to assist you with the Alcatel-Lucent OmniAccess 5740 Cli Configuration Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Beta
1
2
Notes on numbered items on banner & legal pages
1
Man26801 West Agoura Road
Calabasas, CA 91301
(818) 880-3500
FAX (818) 880-3505
[email protected]
US Customer Support—(800) 995-2696
International Customer Support—(818) 878-4507
Internet—service.esd.alcatel-lucent.com
Website: www.alcatel-lucent.com
Part No: 060316-00, Rev A
For final production, import color definitions from
\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.
OmniAccess 5740
Unified Services Gateway
CLI Configuration Guide
Release 3.0
Copyright
The Specifications And Information regarding the products in this manual are subject to change without
notice. All statements, information, and recommendations in this manual are believed to be accurate
but are presented without warranty of any kind, express or implied. Users must take full responsibility
for their application of any products.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET
FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED
HEREIN BY THIS REFERENCE.
This equipment has been tested and found to comply within the limits pursuant to the (Centre for
Telecom) rules. These limits are designed to provide protection against harmful interference when the
equipment is operated in a commercial environment.
The following information is for the Users of the OmniAccess 5740 Unified Services Gateway: If it is not
installed in accordance with the installation instructions, it may not function exactly to the said
specifications. Modifying the equipment without Alcatel-Lucent’s written authorization may result in the
equipment no longer complying with the said dimensions.
Copyright © 2010, Alcatel-Lucent. All rights reserved. Alcatel-Lucent and Alcatel-Lucent logo are
registered trademarks of Alcatel-Lucent. The contents or specifications contained within this document
are subject to change without notice.
Not withstanding any other warranty herein, all hardware and software are provided "as is" with all
faults. Alcatel-Lucent disclaim all warranties, expressed or implied, including, without limitation, those
of merchantability, fitness for a particular purpose and non-infringement or arising from a course of
dealing, usage, or trade practice. In no event shall Alcatel-Lucent be liable for any indirect, special,
consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data
arising out of the use or inability to use this manual, even if Alcatel-Lucent have been advised of the
possibility of such damages.
3
4
5
Table of Contents
1 Preface.............................................................................................................1
About This Guide ......................................................................................................................1
Audience...................................................................................................................................1
Organization..............................................................................................................................2
Part I - Introduction.............................................................................................................2
Part II - LAN Interfaces.......................................................................................................2
Part III- WAN Interfaces......................................................................................................3
Part IV - Packet Classification ............................................................................................4
Part V - Routing Protocols..................................................................................................4
Part VI - Network Security CLI............................................................................................5
Part VII - Quality Of Service ...............................................................................................5
Part VIII - TCP/IP Services.................................................................................................6
Part IX - License Manager..................................................................................................6
Document Conventions.............................................................................................................7
Obtaining Documentation..........................................................................................................8
Reference Publications.............................................................................................................8
Obtaining Technical Assistance................................................................................................9
Documentation Feedback.........................................................................................................9
Part 1: Introduction
2 The Command Line Interface......................................................................13
CLI Overview...........................................................................................................................13
Introduction to CLI Modes.......................................................................................................14
CLI User Mode .................................................................................................................14
CLI Configuration Mode....................................................................................................14
CLI Sub-Configuration Mode (SCM).................................................................................14
CLI Modes...............................................................................................................................15
CLI Modes........................................................................................................................16
Exiting Configuration Modes.............................................................................................25
Initial Setup.......................................................................................................................26
Using the Command Line Interface.........................................................................................27
CLI Help............................................................................................................................27
Partial Help.......................................................................................................................30
Partial Commands............................................................................................................30
Command Line Editing.....................................................................................................31
Command History.............................................................................................................33
Configuring Interfaces.............................................................................................................34
Interface Configuration Commands..................................................................................34
Interface Types and Limitations........................................................................................34
Common Interface Configuration Commands..................................................................34
Interface Show Commands..............................................................................................35
Clear Interface Commands...............................................................................................39
Shutting Down and Bring Up an Interface........................................................................39
Backup Interface...............................................................................................................40
3 System Configuration and Monitoring.......................................................43
System Configuration and Monitoring Tasks..........................................................................43
Chapter Conventions........................................................................................................44
Management Plane Overview.................................................................................................45
Out of Band Management (Console or Modem)...............................................................45
Inband Management (SSH and Telnet)............................................................................47
Idle Timeout......................................................................................................................51
Example............................................................................................................................51
Ping ..................................................................................................................................51
Example............................................................................................................................51
Traceroute........................................................................................................................55
Example............................................................................................................................55
Terminal Settings....................................................................................................................58
Example............................................................................................................................58
System Name..........................................................................................................................58
Example............................................................................................................................58
AAA Configuration on OmniAccess 5740 USG.......................................................................59
To Enable AAA Services..................................................................................................59
Example............................................................................................................................59
Authentication Commands ...............................................................................................60
Show Commands.............................................................................................................76
Clear Commands..............................................................................................................78
Setting and Displaying the System Time and Date.................................................................79
Set Time zone ..................................................................................................................80
Example............................................................................................................................80
Clock Set..........................................................................................................................80
Example............................................................................................................................80
Clock Synchronize............................................................................................................81
Example............................................................................................................................81
System Logging and Debugging.............................................................................................82
Example............................................................................................................................83
Example 1.........................................................................................................................84
Example 2.........................................................................................................................85
Example 3.........................................................................................................................85
Example 4.........................................................................................................................85
Rate Limiting in Statlog...........................................................................................................86
Example 1.........................................................................................................................87
Example 2.........................................................................................................................87
Example 3.........................................................................................................................87
Saving Log Messages.............................................................................................................88
Example............................................................................................................................88
Viewing Tech Support ......................................................................................................89
Example............................................................................................................................89
The File System......................................................................................................................90
Example 1.........................................................................................................................90
Example 2.........................................................................................................................91
Copying Files....................................................................................................................91
Example............................................................................................................................91
Deleting Files....................................................................................................................92
Example............................................................................................................................92
Configuration File Management .......................................................................................93
Software Package Management...........................................................................................101
Package Types...............................................................................................................101
Reloading the System...........................................................................................................107
Example..........................................................................................................................107
Managing Individual Slots...............................................................................................108
Example..........................................................................................................................108
System Monitoring and Troubleshooting...............................................................................109
Core Generation.............................................................................................................109
Environmental Information..............................................................................................109
Example..........................................................................................................................109
System Hardware Information........................................................................................110
Example..........................................................................................................................110
System Status ................................................................................................................111
Example..........................................................................................................................111
To View the Current State Of LEDs................................................................................112
Example..........................................................................................................................112
To View Process Information..........................................................................................113
Example..........................................................................................................................113
Memory Information........................................................................................................114
Example..........................................................................................................................114
Hot Key Support.............................................................................................................115
Rescue Mode Options....................................................................................................117
Factory Default Configuration...............................................................................................120
To Reload Factory Default Configuration.......................................................................121
Example..........................................................................................................................121
Importing Certificates............................................................................................................122
Example..........................................................................................................................122
SNMP (Simple Network Management Protocol)...................................................................127
SNMP Agent and Manager.............................................................................................128
SNMP Version................................................................................................................129
SNMPv3 Protocol Overview ...........................................................................................129
SNMP Configuration Commands ...................................................................................130
SNMP Show Commands................................................................................................135
SNMP MIB CLI...............................................................................................................139
SNMP MIB GUI ..............................................................................................................140
4 Virtual Router Redundancy Protocol........................................................141
Chapter Conventions......................................................................................................141
VRRP Overview....................................................................................................................142
VRRP Configuration..............................................................................................................143
VRRP Configuration Steps.............................................................................................143
VRRP Configuration Flow...............................................................................................144
VRRP CLI Commands....................................................................................................145
Modify Global VRRP Group Parameters........................................................................148
Monitor and Debug VRRP..............................................................................................153
VRRP Interface Tracking ......................................................................................................156
Alcatel-Lucent's Interface Tracking Design ....................................................................156
VRRP Configuration Scenario using OmniAccess 5740 USG..............................................158
Procedure.......................................................................................................................158
VRRP Configuration .......................................................................................................159
Part 2: LAN Interfaces and Configuration
5 Ethernet Interfaces on SE..........................................................................163
Chapter Conventions......................................................................................................163
Ethernet Overview.................................................................................................................164
Ethernet Basics ..............................................................................................................164
Ethernet Terminologies ..................................................................................................165
Switched Ethernet ..........................................................................................................166
Full-duplex Ethernet .......................................................................................................166
Alcatel-Lucent Specific Overview on Ethernet Interfaces...............................................166
Ethernet Configuration..........................................................................................................167
Ethernet Interface Configuration Steps ..........................................................................167
Ethernet Interface Configuration Flow............................................................................168
Ethernet Interface Configuration Commands.................................................................169
Configure GigE Sub-interface.........................................................................................172
Ethernet Interface Show Commands..............................................................................173
Ethernet Interface Clear Commands..............................................................................176
6 Layer 2 Switching Configuration ..............................................................177
Chapter Conventions......................................................................................................177
Switching Overview...............................................................................................................178
Alcatel-Lucent Specific Overview on Switching..............................................................180
L2 Switching Configuration...................................................................................................182
L2 Switching Configuration Steps...................................................................................182
L2 Switching Configuration Flow....................................................................................184
L2 Switching Commands................................................................................................185
L2 Switching Show Commands......................................................................................189
L2 Switching Clear Commands ......................................................................................195
Switching Configuration using OmniAccess 5740 USG........................................................196
OmniAccess 5740 USG as a Switch with no VLANs......................................................196
OmniAccess 5740 USG as a Switch with VLANs...........................................................197
7 Per VLAN Spanning Tree +........................................................................199
Chapter Conventions......................................................................................................199
Per VLAN Spanning Tree (PVST+) Overview.......................................................................200
PVST+ Configuration............................................................................................................201
PVST+ Configuration Steps............................................................................................201
PVST+ Configuration Flow.............................................................................................202
PVST+ Configuration Commands ..................................................................................203
Show Commands in PVST+...........................................................................................207
PVST+ Configuration Examples ...........................................................................................210
Example 1.......................................................................................................................210
Example 2 - Spanning Tree with no VLAN (Default VLAN)............................................212
Topology.........................................................................................................................212
Procedure.......................................................................................................................213
Verification......................................................................................................................213
8 Integrated Routing and Bridging ..............................................................215
Chapter Conventions......................................................................................................215
Integrated Routing and Bridging Overview ...........................................................................216
Alcatel-Lucent Specific IRB Overview............................................................................216
IRB Configuration..................................................................................................................217
IRB Configuration Steps.................................................................................................217
IRB Commands..............................................................................................................218
IRB Configuration using OmniAccess 5740 USG.................................................................219
Topology for IRB Configuration on OmniAccess 5740 USG..........................................219
9 802.1X Port-Based Authentication............................................................221
Chapter Conventions......................................................................................................221
802.1X Overview...................................................................................................................222
Generic Terms Used in 802.1X ......................................................................................223
Using 802.1X with VLAN Assignment ............................................................................225
Alcatel-Lucent Specific Overview...................................................................................225
802.1X Configuration ............................................................................................................226
802.1X Configuration Steps............................................................................................226
802.1X Configuration Flow.............................................................................................229
802.1X Configuration Commands ..................................................................................230
802.1X Show Commands...............................................................................................236
802.1X Configuration Example .............................................................................................238
10 Port Monitoring...........................................................................................243
Chapter Conventions......................................................................................................243
Port Monitoring Overview......................................................................................................244
Port Monitoring Configuration ...............................................................................................245
Port Monitoring Configuration Steps...............................................................................245
Port Monitoring Commands............................................................................................246
Port Monitoring Configuration on OmniAccess 5740 USG ...................................................247
Part 3: WAN Interfaces and Protocols
11 T1E1 Line Card ...........................................................................................251
Chapter Conventions......................................................................................................251
T1 and E1 Overview..............................................................................................................252
E1 Interface Overview...........................................................................................................253
E1 Timeslot Functionalities.............................................................................................253
Mechanisms Supported by the E1 interface...................................................................254
E1 Modes of Operation...................................................................................................255
Alcatel-Lucent Specific Overview...................................................................................255
E1 Configuration ...................................................................................................................256
E1 Configuration Steps...................................................................................................256
E1 Configuration Flow....................................................................................................258
E1 Configuration Commands .........................................................................................259
E1 Show Commands......................................................................................................268
Troubleshooting E1 Lines...............................................................................................270
T1 Interface Overview...........................................................................................................271
Frame Formats Used in T1 Cards..................................................................................271
T1 Modes of Operation...................................................................................................272
T1 Configuration....................................................................................................................273
T1 Configuration Steps...................................................................................................273
T1 Configuration Flow ....................................................................................................275
T1 Configuration Commands..........................................................................................276
T1 Show Commands......................................................................................................284
Troubleshooting T1 Lines...............................................................................................286
12 Universal Serial Port (USP) Line Card......................................................287
Chapter Conventions......................................................................................................288
USP Line Card (V.35/X.21/RS-232) Overview......................................................................289
Alcatel-Lucent Specific Overview...................................................................................290
V.35/X.21/RS-232 Configuration...........................................................................................291
V.35/X.21/RS-232 Interface Configuration Steps...........................................................291
V.35/X.21/RS-232 Configuration Flow............................................................................292
V.35/X.21/RS-232 Configuration Commands.................................................................293
V.35/X.21/RS-232 DTE and DCE CLI Configuration Commands ..................................295
Show Command.............................................................................................................298
Clear Command .............................................................................................................299
13 High-level Data Link Control .....................................................................301
Chapter Conventions......................................................................................................301
HDLC Overview ....................................................................................................................302
HDLC Frame Structure...................................................................................................302
HDLC Frame Formats....................................................................................................303
HDLC Protocol Operation...............................................................................................303
HDLC Configuration..............................................................................................................304
HDLC Configuration Steps .............................................................................................305
HDLC Configuration Flow...............................................................................................308
HDLC Configuration Commands....................................................................................309
14 Frame Relay................................................................................................313
Chapter Conventions......................................................................................................313
Frame Relay Overview..........................................................................................................314
Frame Relay Devices .....................................................................................................314
Frame Relay Virtual Circuits...........................................................................................314
Frame Relay Network Deployments...............................................................................315
Frame Relay Configuration...................................................................................................316
Frame Relay Configuration Steps ..................................................................................317
Frame Relay Configuration Flow....................................................................................319
Frame Relay Configuration Commands.........................................................................320
15 Point-to-Point Protocol..............................................................................329
Chapter Conventions......................................................................................................329
PPP Overview.......................................................................................................................330
PPP Components...........................................................................................................330
PPP Operation................................................................................................................330
PPP Configuration.................................................................................................................331
PPP Configuration Steps................................................................................................332
PPP Configuration Flow .................................................................................................335
PPP Configuration Commands.......................................................................................336
PPP Optional Parameters ..............................................................................................337
PPP Show Commands...................................................................................................346
PPP Debug Commands .................................................................................................353
16 Point-to-Point Protocol over Ethernet (PPPoE).......................................355
Chapter Conventions......................................................................................................355
PPPoE Overview...................................................................................................................356
PPPoE Operation...........................................................................................................356
Alcatel-Lucent Specific Overview on PPPoE Features ..................................................356
PPPoE Configuration............................................................................................................357
PPPoE Configuration Steps ...........................................................................................358
PPPoE Configuration Flow.............................................................................................360
PPPoE Configuration Commands ..................................................................................361
PPPoE Optional Parameters..........................................................................................362
PPPoE Show Commands...............................................................................................366
17 Multilink Point to Point Protocol...............................................................367
Chapter Conventions......................................................................................................367
MLPPP Overview..................................................................................................................368
MLPPP Components......................................................................................................369
MLPPP Operation...........................................................................................................369
Alcatel-Lucent Specific Overview on MLPPP Features..................................................370
MLPPP Configuration............................................................................................................371
MLPPP Configuration Steps...........................................................................................372
MLPPP Configuration Flow ............................................................................................375
MLPPP Configuration Commands..................................................................................376
MLPPP Show Commands..............................................................................................378
MLPPP Configuration Example.............................................................................................379
18 Multilink Frame Relay.................................................................................381
Chapter Conventions......................................................................................................381
MLFR Overview ....................................................................................................................382
MLFR Components ........................................................................................................382
MLFR Operation.............................................................................................................382
Alcatel-Lucent Specific Overview on MLFR Features....................................................384
MLFR Configuration..............................................................................................................384
MLFR Configuration Steps.............................................................................................385
MLFR Configuration Flow...............................................................................................388
MLFR Configuration Commands....................................................................................389
MLFR Show Commands ................................................................................................393
19 Ethernet OAM (Operations, Administration, and Maintenance).............395
Chapter Conventions......................................................................................................395
OAM Overview......................................................................................................................397
Alcatel-Lucent Specific Overview...................................................................................398
OAM Configuration on OmniAccess 5740 USG....................................................................400
OAM Configuration Steps...............................................................................................400
OAM Configuration Flow ................................................................................................403
OAM Configuration Commands......................................................................................404
OAM Configuration using OmniAccess 5740 USG...............................................................421
Configuration Steps........................................................................................................421
20 Bridging Configuration..............................................................................423
Chapter Conventions......................................................................................................423
Bridging overview..................................................................................................................424
Alcatel-Lucent Specific Bridging Overview.....................................................................424
Bridging Configuration on PPP/MLPPP/FR/MLFR/HDLC/GigE Interface.............................426
Bridging Configuration Steps..........................................................................................426
Bridging Configuration Flow ...........................................................................................428
Bridging Configuration Commands.................................................................................429
BCP Configuration using OmniAccess 5740 USG................................................................436
Topology for BCP Configuration on OmniAccess 5740 USG.........................................436
21 Link Fragmentation and Interleaving (LFI)...............................................437
Chapter Conventions......................................................................................................437
LFI Overview.........................................................................................................................438
Alcatel-Lucent Specific Overview on LFI Features.........................................................438
Overview of LFI in MLPPP....................................................................................................439
Packet Formats ..............................................................................................................439
Configuration of LFI on MLPPP......................................................................................441
LFI Configuration on MLPPP ................................................................................................442
LFI - MLPPP Configuration Steps ..................................................................................443
LFI - MLPPP Configuration Flow....................................................................................446
LFI - MLPPP Configuration Commands.........................................................................447
LFI - MLPPP Show Commands......................................................................................450
Configuration Example of LFI on MLPPP.......................................................................451
Overview of LFI in Frame Relay............................................................................................454
End-to-End Fragmentation .............................................................................................454
Packet Formats ..............................................................................................................454
Configuration of LFI on FR (and FR Sub Interface)........................................................455
LFI Configuration on FR........................................................................................................456
LFI - FR Configuration Steps..........................................................................................457
LFI - FR Configuration Flow ...........................................................................................460
LFI-FR Configuration Commands...................................................................................461
LFI Configuration on FR Sub Interface...........................................................................463
LFI - FR Show Commands.............................................................................................464
Configuration Example of LFI on FR..............................................................................467
Part 4: Common Classification
22 Common Classifiers...................................................................................471
Chapter Conventions......................................................................................................471
CC Overview.........................................................................................................................472
Benefits of Alcatel-Lucent Devices Common Classifiers................................................473
CC Architecture..............................................................................................................473
Before you Configure CC ...............................................................................................474
CC Configuration...................................................................................................................475
CC Configuration Steps..................................................................................................475
Elements Used in Configuring CC..................................................................................476
To Configure a Match-list ...............................................................................................479
Example..........................................................................................................................479
Rules within Match-lists..................................................................................................479
To Configure Rules Using the Protocol Numbers...........................................................486
Lists in CC......................................................................................................................487
Nesting Of Match-lists ....................................................................................................489
Show commands in CC..................................................................................................491
Deletion Commands in CC.............................................................................................494
Sample examples on the usage of CC across applications..................................................496
Example 1.......................................................................................................................496
Example 2.......................................................................................................................497
Example 3.......................................................................................................................498
Part 5: Routing Protocols
23 Protocol Independent Features.................................................................501
Chapter Conventions......................................................................................................501
Protocol-Independent Configuration...............................................................................502
Protocol-Independent Configuration Commands ...........................................................503
24 Routing Information Protocol....................................................................531
Chapter Conventions......................................................................................................531
RIP Overview........................................................................................................................532
RIP Configuration..................................................................................................................533
RIP Configuration Steps.................................................................................................534
RIP Configuration Flow...................................................................................................536
RIP Configuration Commands........................................................................................537
RIP Optional Parameters................................................................................................538
RIP Show Commands ....................................................................................................551
RIP Clear Commands.....................................................................................................555
25 Border Gateway Protocol ..........................................................................557
Chapter Conventions......................................................................................................557
BGP Overview.......................................................................................................................558
BGP Configuration................................................................................................................559
BGP Configuration Steps ...............................................................................................559
BGP Configuration Flow.................................................................................................561
BGP Configuration Commands......................................................................................562
BGP Show Commands...................................................................................................564
BGP Clear Commands...................................................................................................567
A Typical BGP Example Using OmniAccess 5740 USG.......................................................570
26 Open Shortest Path First...........................................................................573
Chapter Conventions......................................................................................................573
OSPF Overview ....................................................................................................................574
OSPF Configuration..............................................................................................................575
OSPF Configuration Steps .............................................................................................575
OSFP Configuration Flow...............................................................................................577
OSPF Configuration Commands....................................................................................578
OSPF Optional Parameters............................................................................................579
Show Commands in OSPF.............................................................................................597
Clear Commands in OSPF.............................................................................................606
OSPF Configuration on OmniAccess 5740 USG..................................................................607
Example 1.......................................................................................................................607
27 Multicast Routing .......................................................................................609
Chapter Conventions......................................................................................................609
Multicast Overview................................................................................................................611
Protocol Independent Multicast (PIM) ............................................................................611
Internet Group Management Protocol (IGMP)................................................................612
RFCs ..............................................................................................................................613
PIM Configuration .................................................................................................................614
PIM Configuration Steps.................................................................................................614
PIM Configuration Flow..................................................................................................616
PIM Configuration Commands .......................................................................................617
Show Commands in PIM................................................................................................623
Clear Commands in PIM ................................................................................................626
IGMP Configuration...............................................................................................................627
IGMP Configuration Steps..............................................................................................627
IGMP Configuration Flow ...............................................................................................629
IGMP Configuration Commands.....................................................................................630
Show Commands in IGMP.............................................................................................634
Show Commands in Multicast........................................................................................635
Clear Commands in Multicast.........................................................................................636
Multicast Configuration on OmniAccess 5740 USG..............................................................637
Verifying Multicast Routing.............................................................................................641
28 Policy Based Routing.................................................................................643
Chapter Conventions......................................................................................................643
PBR Overview.......................................................................................................................644
Alcatel-Lucent Specific Overview...................................................................................644
PBR Configuration................................................................................................................645
PBR Configuration Steps................................................................................................645
PBR Configuration Flow.................................................................................................647
PBR Configuration Commands ......................................................................................648
Show Commands in PBR...............................................................................................651
Clear Commands............................................................................................................652
PBR Configuration Example.................................................................................................653
Configuration Steps........................................................................................................654
Verification......................................................................................................................655
29 Virtual Routing and Forwarding................................................................657
Chapter Conventions......................................................................................................658
VRF-CE Overview.................................................................................................................659
VRF-CE Configuration ..........................................................................................................661
VRF-CE Configuration Steps..........................................................................................661
VRF-CE Configuration Flow...........................................................................................663
VRF-CE CLI Commands ................................................................................................664
VRF Show Commands...................................................................................................673
Example..........................................................................................................................673
VRF Clear Commands ...................................................................................................678
Example..........................................................................................................................678
Part 6: Network Security
30 Network Address Translation....................................................................681
Chapter Conventions......................................................................................................681
NAT Overview.......................................................................................................................682
Types of NAT..................................................................................................................682
Benefits of NAT ..............................................................................................................684
Before You Configure NAT.............................................................................................684
Alcatel-Lucent Specific Overview...................................................................................684
Source NAT Configuration....................................................................................................685
SNAT Configuration Steps .............................................................................................686
SNAT Configuration Flow...............................................................................................688
SNAT Configuration Commands....................................................................................689
Sample Configurations of SNAT on OmniAccess 5740 USG.........................................695
Destination NAT Configuration..............................................................................................696
DNAT Configuration Steps.............................................................................................697
DNAT Configuration Flow...............................................................................................699
DNAT Configuration Commands....................................................................................700
Sample Configuration Example of DNAT on OmniAccess 5740 USG ...........................704
Bypass IPsec Traffic.......................................................................................................705
NAT Show Commands...................................................................................................706
NAT Clear Commands ...................................................................................................708
NAT Debug Commands .................................................................................................709
Modifying NAT Configuration................................................................................................710
Insertions........................................................................................................................710
Updations .......................................................................................................................711
NAT Deletion Commands...............................................................................................713
31 Filter and Firewall.......................................................................................715
Chapter Conventions......................................................................................................715
Network Security - An overview............................................................................................716
Network Security Terminologies.....................................................................................717
Firewall Mechanisms......................................................................................................718
Before You Configure Filters and Firewalls....................................................................719
OmniAccess 5740 USG Specific Overview....................................................................719
Filter Configuration................................................................................................................720
Filter Configuration Steps...............................................................................................720
Filter Configuration Flow.................................................................................................722
Filter Configuration Commands......................................................................................723
Filter Show Commands ..................................................................................................727
Filter Deletion Commands..............................................................................................729
Filter Clear Commands...................................................................................................730
Filter Debug Commands.................................................................................................731
L2 (Layer2) Filter Configuration Commands ..................................................................732
L2 Filter Show Commands.............................................................................................735
L2 Filter Clear Commands..............................................................................................736
Sample Examples of Configuring Filters on OmniAccess 5740 USG ............................737
Managing Security Configuration..........................................................................................738
Insertions........................................................................................................................738
Updations .......................................................................................................................739
Network Attacks - An Overview.............................................................................................741
Types of Network Attacks...............................................................................................741
Default Attacks (Rate-limiting / Stateful).........................................................................742
Default Attacks (Non-rate Limiting / Stateless)...............................................................744
Optional Attacks .............................................................................................................746
Network Attack Prevention Configuration.............................................................................748
Network Attack Prevention Configuration Steps.............................................................748
Network Attack Prevention Configuration Flow ..............................................................750
Network Attack Prevention Configuration Commands ...................................................751
Firewall Show Commands..............................................................................................761
Firewall Debug Commands ............................................................................................768
Sample Firewall Policy Configurations on OmniAccess 5740 USG...............................769
Zone Configuration................................................................................................................771
Trusted Zone Configuration............................................................................................771
Untrusted Zone Configuration ........................................................................................771
Semi-trusted Zone or Demilitarized Zone.......................................................................772
Three Zone Firewall Example.........................................................................................773
Example 2: Simple Zone Configuration in OmniAccess 5740 USG...............................781
Time-range/Timer Configuration...........................................................................................783
Time-range Configuration Commands ...........................................................................783
Time-range Show Command..........................................................................................784
ALGs Supported in OmniAccess 5740 USG.........................................................................785
ALG Configuration Commands.......................................................................................787
Customized-service Rule Based ALG Configuration ............................................................794
Customizing ALG Commands........................................................................................794
Typical Rule Based ALG and DNAT Example Using OmniAccess 5740 USG.....................797
Security - Best Practices.......................................................................................................799
Rules for Configuring Packet Filters...............................................................................799
32 IP Security - Virtual Private Network ........................................................803
Chapter Conventions......................................................................................................804
IPsec VPN Overview.............................................................................................................805
IPsec Enabled VPN........................................................................................................807
IPsec Connection Types.................................................................................................807
IPsec Concepts ..............................................................................................................809
Benefits of IPsec Enabled VPN......................................................................................814
Default Configuration Setting on OmniAccess 5740 USG..............................................815
IPsec VPN Configuration......................................................................................................816
IPsec VPN Configuration Steps......................................................................................816
IPsec VPN Configuration Flow.......................................................................................818
IPsec Configuration Commands.....................................................................................819
To Configure the Match-lists...........................................................................................819
IPsec Configuration with Preshared Key........................................................................819
Example..........................................................................................................................820
IPsec Configuration with X.509 Certificates ...................................................................820
To Import a RSA Key......................................................................................................821
Example..........................................................................................................................821
Example..........................................................................................................................821
To Export RSA Keys.......................................................................................................829
Example..........................................................................................................................829
To Delete a CA Certificate..............................................................................................829
Example..........................................................................................................................829
To Delete a Signed Certificate........................................................................................830
Example..........................................................................................................................830
To Delete a Peer Certificate ...........................................................................................830
Example..........................................................................................................................830
To Delete an RSA Key Pair............................................................................................830
Example..........................................................................................................................830
Internet Key Exchange (IKE) Policy ...............................................................................831
To Configure Transform-set in IPsec..............................................................................835
To Configure IPsec Crypto Map.....................................................................................837
Example..........................................................................................................................837
To Attach Crypto Map to an Interface.............................................................................841
Dead Peer Detection (DPD)...........................................................................................842
IPsec VPN Show Commands.........................................................................................844
Clear Commands in IPsec..............................................................................................861
IPsec Scenarios on OmniAccess 5740 USG........................................................................862
Best Practices For Deploying IPsec VPN .............................................................................865
Identity............................................................................................................................865
IPsec Access Control .....................................................................................................866
IPsec...............................................................................................................................866
Network Address Translation .........................................................................................867
Network Access Control.................................................................................................867
Interoperability................................................................................................................867
Routing Entry..................................................................................................................867
IPsec NAT-Traversal.............................................................................................................868
Scenarios Depicting IPsec Nat-traversal...............................................................................869
IPsec Tunnel Interface..........................................................................................................871
Before You Configure IPsec Tunnel Interface................................................................871
Default Configuration for an IPsec Profile on OmniAccess 5740 USG ..........................872
IPsec Tunnel Interface Configuration....................................................................................873
IPsec Tunnel Interface Configuration Steps...................................................................873
IPsec Tunnel Interface Configuration Flow.....................................................................875
IPsec Tunnel Interface Configuration Commands..........................................................876
IPsec Tunnel Configuration Scenarios using OmniAccess 5740 USG.................................884
Dynamic Multipoint Virtual Private Network (DMVPN) Overview..........................................886
Alcatel-Lucent Specific Overview...................................................................................887
DMVPN Configuration...........................................................................................................888
DMVPN Configuration Steps..........................................................................................888
DMVPN Configuration Flow............................................................................................891
DMVPN Configuration Commands.................................................................................892
DMVPN Configuration Scenarios using OmniAccess 5740 USG.........................................900
IPsec VPN Server Overview.................................................................................................903
Alcatel-Lucent Specific Overview...................................................................................903
IPsec VPN Server Configuration...........................................................................................904
IPsec VPN Server Configuration Steps..........................................................................904
IPsec VPN Server Configuration Flow............................................................................908
IPsec VPN Server Configuration Commands.................................................................909
33 Intrusion Detection/Intrusion Prevention System...................................919
Chapter Conventions......................................................................................................919
IDS/IPS Overview .................................................................................................................920
Alcatel-Lucent Specific Overview...................................................................................920
IDS/IPS Configuration...........................................................................................................920
IDS/IPS Configuration Steps..........................................................................................921
IDS/IPS Configuration Flow............................................................................................923
IDS/IPS Configuration Commands.................................................................................924
IDS/IPS Show Commands .............................................................................................930
IDS/IPS Clear Commands..............................................................................................935
IDS/IPS Debug Commands............................................................................................936
IDS/IPS Configuration Scenario Using OmniAccess 5740 USG...........................................937
Configuration Steps........................................................................................................937
Show Commands...........................................................................................................937
IDS/IPS Topology...........................................................................................................938
34 Generic Routing Encapsulation................................................................939
Chapter Conventions......................................................................................................939
GRE Overview ......................................................................................................................940
GRE Tunnel Setup .........................................................................................................940
GRE Tunnel Features.....................................................................................................941
Summary........................................................................................................................942
Alcatel-Lucent Specific Overview...................................................................................942
GRE Tunnel Configuration....................................................................................................943
GRE Configuration Steps ...............................................................................................943
GRE Configuration Flow.................................................................................................945
GRE Configuration Commands......................................................................................946
GRE Configuration Scenarios using OmniAccess 5740 USG ..............................................950
1. GRE Configuration .....................................................................................................950
2. GRE + IP Filters + DoS Configuration......................................................................953
3. GRE over IPsec Configuration .................................................................................955
35 Transparent Firewall ..................................................................................959
Chapter Conventions......................................................................................................959
TF Overview..........................................................................................................................960
OmniAccess 5740 USG Specific Overview....................................................................960
TF Configuration...................................................................................................................961
TF Configuration Steps...................................................................................................961
TF Configuration Flow....................................................................................................962
TF Configuration Commands .........................................................................................963
Show Commands in TF..................................................................................................965
Clear Commands in TF ..................................................................................................966
TF Configuration on OmniAccess 5740 USG .......................................................................967
Configuration Steps........................................................................................................967
Show Commands...........................................................................................................967
Part 7: Quality of Service
36 Quality of Service.......................................................................................971
Chapter Conventions......................................................................................................971
QoS Overview.......................................................................................................................972
Generic terms used in QoS............................................................................................972
Alcatel-Lucent Specific Overview on QoS......................................................................974
Traffic Without Policing and Shaping..............................................................................976
Traffic with Policing.........................................................................................................977
Traffic with Shaping........................................................................................................978
Hierarchical Queuing......................................................................................................979
Bandwidth Sharing in Tunnels........................................................................................981
QoS Configuration.................................................................................................................982
QoS Configuration Steps................................................................................................982
QoS Configuration Flow .................................................................................................985
QoS Configuration Commands.......................................................................................987
Class Map Configuration................................................................................................987
Policy Map Configuration................................................................................................989
Attaching a Policy Map to an Interface...........................................................................991
Traffic Class Attributes Configuration.............................................................................993
Auto QoS Configuration................................................................................................1004
Hierarchical Policy Configuration..................................................................................1006
QoS over Tunnel Interface ...........................................................................................1011
Example........................................................................................................................1011
QoS Show Commands.................................................................................................1013
QoS Clear Commands .................................................................................................1021
QoS Debug Commands ...............................................................................................1021
QoS Test Scenarios on OmniAccess 5740 USG................................................................1022
Traffic Shaping .............................................................................................................1022
Priority Queuing............................................................................................................1023
QoS on Frame Relay (Per-PVC Queuing)..........................................................................1025
QoS on FR and FR Sub Interface ................................................................................1025
Frame Relay Queuing and Fragmentation at the Interface..........................................1026
Alcatel-Lucent Specific Overview.................................................................................1027
QoS on FR Configuration Steps...................................................................................1028
QoS on FR Configuration Commands..........................................................................1031
QoS on FR Sub Interface Configuration Commands ...................................................1032
QoS on FR Show Commands......................................................................................1033
L2 QoS................................................................................................................................1034
To Attach a L2 Policy Map to an Interface....................................................................1034
Part 8: TCP/IP Services
37 DHCP (Dynamic Host Configuration Protocol) Server..........................1037
Chapter Conventions....................................................................................................1037
DHCP Server Overview ......................................................................................................1038
Alcatel-Lucent Specific Overview.................................................................................1038
DHCP Server Configuration................................................................................................1039
DHCP Server Configuration Steps...............................................................................1039
DHCP Server Configuration Flow.................................................................................1041
DHCP Server Configuration Commands......................................................................1042
DHCP Server Show Commands ..................................................................................1050
DHCP Server Test Scenarios using OmniAccess 5740 USG.............................................1053
Configuration Steps......................................................................................................1054
38 DHCP (Dynamic Host Configuration Protocol) Client...........................1055
Chapter Conventions....................................................................................................1055
DHCP Client Overview........................................................................................................1056
Alcatel-Lucent Specific Overview.................................................................................1056
DHCP Client Configuration .................................................................................................1058
DHCP Client Configuration Steps.................................................................................1058
DHCP Client Configuration Flow ..................................................................................1060
DHCP Client Configuration Commands .......................................................................1061
DHCP Client Show Commands....................................................................................1067
DHCP Client Test Scenarios using OmniAccess 5740 USG..............................................1069
Configuration Steps......................................................................................................1069
39 TFTP (Trivial File Transfer Protocol) Server..........................................1071
Chapter Conventions....................................................................................................1071
TFTP Server Overview........................................................................................................1072
Alcatel-Lucent Specific Overview.................................................................................1072
TFTP Server Configuration.................................................................................................1073
TFTP Server Configuration Steps ................................................................................1073
TFTP Server Configuration Flow..................................................................................1074
TFTP Server Configuration Commands.......................................................................1075
TFTP Server Show Commands....................................................................................1076
40 DHCP (Dynamic Host Configuration Protocol) Relay...........................1077
Chapter Conventions....................................................................................................1077
DHCP Relay Overview........................................................................................................1078
Alcatel-Lucent Specific Overview.................................................................................1078
DHCP Relay Configuration .................................................................................................1079
DHCP Relay Configuration Steps.................................................................................1079
DHCP Relay Configuration Flow ..................................................................................1080
DHCP Relay Configuration Commands .......................................................................1081
DHCP Relay Test Scenarios using OmniAccess 5740 USG..............................................1083
Configuration Steps......................................................................................................1083
41 DNS (Domain Name Service) Client........................................................1085
Chapter Conventions....................................................................................................1085
DNS Client Overview ..........................................................................................................1086
DNS Client Configuration....................................................................................................1086
DNS Client Configuration Steps...................................................................................1087
DNS Client Configuration Flow.....................................................................................1089
DNS Client Configuration Commands..........................................................................1090
DNS Client Test Scenario using OmniAccess 5740 USG...................................................1094
Configuration Steps......................................................................................................1094
42 Dynamic DNS (DDNS) Client ...................................................................1095
Chapter Conventions....................................................................................................1095
DDNS Client Overview........................................................................................................1096
Alcatel-Lucent Specific Overview.................................................................................1096
DDNS Client Configuration .................................................................................................1097
DDNS Client Configuration Steps.................................................................................1097
DDNS Client Configuration Flow ..................................................................................1099
DDNS Client Configuration Commands .......................................................................1100
GRE Tunnel with DDNS Client Test Scenario using OmniAccess 5740 USG....................1107
Configuration Steps......................................................................................................1108
IPsec Tunnel with DDNS Client Test Scenario using OmniAccess 5740 USG...................1110
Configuration Steps......................................................................................................1111
/