Secure Routers

1
Secure Routers

• 1001, 1002, 1004, and 3120

2
Typical 100X Chassis - Front
WAN Port LEDs 1-4
1004 Router Front Panel
DUP
DUP
HS
HS
Power LED
LINK/ACT
LINK/ACT
Ethernet 1 LEDs
Ethernet 0 LEDs
LED DESCRIPTION COLOR WAN Status 1-4
Indicates traffic activity on this interface
Green normal activity Red alarm
state Yellow test mode Ethernet
0/1 Link/Act Indicates traffic activity on this
interface Green link is operational Blinki
ng Yellow either receiving or sending
traffic Red packet collisions HS
Indicates traffic speed on the interface Off
10 Mbps Green 100 Mbps DUP Indicates the
type of duplex mode Off Half duplex Green
Full duplex SR Logo Back lighted when power
is applied Blue Power Indicates router power
status Off power off Green power on
3
Typical 100X Chassis - Back
1004 Router Rear Panel
Aux Port
WAN Port 1-4
Power Tie-Down
Console Port
Fast Ethernet Port 0
12 VDC Input Jack
Fast Ethernet Port 1
PORT DESCRIPTION WAN 1 - WAN 4 WAN connection
port. These ports accept cables with RJ-48C
connectors. If drop and insert is configured,
then ports 1 and 2 are reserved for that
feature. FE 0 - FE 1 Ethernet LAN connection
ports. These ports accept cables with RJ-45 cable
connectors. AUX Currently no functionality is
supported on this interface. Console Console
management port. This port accepts a cable with
an RJ-45 cable connector. DC power 12 VDC
power connection. This port accepts the 2 mm
power connector on the power supply cable that
ships with the 1004 router.
4
Connect to the Console Port

• Connect to the Console port
• Using a PC with a VT100 terminal emulation
• Configure the terminal for
• 9600
• 8 data bits
• 1 stop bit
• No parity
• XON/OFF flow control (note this is NOT the
  default setting for HyperTerminal)
• Use the two DB9 to RJ45 connectors and cable
  provided

5
Logon using the CLI

• Once the console cable is connected to the PC and
  SR device
• Press the Enter key
• This should present the system prompt
• Now login to the device
• loginadmin
• passwordsetup
• You now see the initial CLI prompt
• SR-1004

6
Exercise the CLI

• Use the following command tips and shortcuts with
  command line interface commands.
• The CLI is case sensitive
• To display all commands, type tree.
• To access help associated with a command, type
  help ltcommand namegt. You may also use the ? key
  after any command.
• To exit back one level in the command hierarchy,
  type exit and press Return.
• To exit the command mode and/or return to the
  base CLI prompt, press the key combination
  Ctrl-Z.
• Type the first two letters of a command, and then
  press the Tab key to automatically spell out the
  command.
• Scroll through the available commands using the
  Tab key.
• Refer to the Command Reference Guide for
  additional navigation key shortcuts

7
Changing Admin Password

• The System Administrator login consists of two
  components the user name and the password. The
  initial login name is always admin, but you can
  change this to suit your needs after logging in
  for the first time. The default password for user
  admin, setup, should be changed as soon as
  possible to ensure only authorized access to the
  router.
• To change the password
• This procedure enables the system administrator
  to change any or all user passwords, or any user
  to change their password on the 1004. The
  password must be 3-10 characters.
• Access the password configuration mode.
• example SR-1004 password
• The system prompts for the current user name.
• Type admin, and then press Return.
• The system prompts for the old password.
• Type setup, and then press Return.
• The system prompts for the new password.
• Type your new password, and then press Return.
• The system prompts you to verify the new
  password.
• Type the new password again and then press
  Return.
• A message is appears confirming that the password
  has been changed.

8
Changing Admin Login

• This procedure changes the administrator login
  name (Level 1 access) to a user-specified name.
  The default is admin.
• To change the account name
• Access the configure mode.
• example
• admin-1004 configure term
• Change the account name.
• example
• SR-1004/configure admin_name Greg
• This example above changes the Level 1 user name
  to Greg.
• The system displays a confirming message
  Administrator account name changed to Greg.

9
Modifying the System Host Name

• The default host name is SR-model_number.
• Use the configure hostname command to assign a
  host name to the Secure Router. Once assigned,
  the host name becomes the command line interface
  (CLI) prompt name.
• To configure the host name
• Access the terminal configuration mode SR-1004
  configure term
• Type hostname, and then type a new host name.
• Press Return.
• example
• SR-1004/configure hostname Fremont
• In the above example, the new host name for the
  system is Fremont. The CLI prompt
• changes to Fremont, accordingly.
• example
• Fremont/configure

10
Modifying the Date and Time

• To set the date
• 1 Enter the terminal configuration mode SR-1004
  configure term
• 2 Press Return.
• 3 Use the date command to enter month, day, and
  year.
• To enter the date March 19, 2003, see the
  following example
• example
• SR-1004/configure date 03 19 2003
• To set the time
• 1 Enter the terminal configuration mode SR-1004
  configure term
• 2 Press Return.
• 3 Use the time command to enter hour, minute, and
  second.
• To enter the time 24035 pm, see the following
  example
• example
• SR-1004/configure time 14 40 35
• The router confirms the setting by automatically
  displaying the date and time. To confirm the date
  and time parameters, use the display date
  command.
• Or, use the SNTP client to have a time server
  automatically set the time.

11
Configuring SNMP Monitoring

• configure snmp community private rwro
• configure snmp contact sysop
• configure snmp chassis-id sanjose_ca
• configure snmp location R1MDF
• configure snmp snmp-source 192.168.1.1
• configure snmp trap-host 10.1.1.1 private
• configure snmp trap-source 192.168.1.1
• configure snmp enable traps list below
• bgp established, backward trans
• bundle up, down
• config change,save
• environment temp,fan
• frame_relay vcstate
• failover success, failure
• snmp auth_failure
• sntp enable
• system shutdown,logon,logoff,loginfail
• vrrp enable
• ospf to many to list here

12
Users Levels

• User privilege levels
• 1 - Full privileges.
• 2 - Can configure the system, view system data,
  conduct tests, and change the users current
  access password. Cannot add users to or remove
  users from the system.
• 3 - Can view system data, conduct tests, and
  change users current access password. Cannot
  perform any other operations.
• 4 - Can view system data and change users
  current access password. Cannot perform any other
  operations. This level is automatically assigned
  to a user if you do not specify a level.
• Stored locally on NVRAM
• Network stored and used via RADIUS
• Admin password recovery requires physical access
• Recovery does not impact configuration file

13
Adding Users

• The configure user command allows the system
  administrator to add up to 15 users (login ID)
  and assign each user an access privilege (levels
  2-4). Only the system administrator (level 1) can
  add, modify, or remove this information.
• To add a new user
• Enter the terminal configuration mode SR-1004
  configure term
• Type user name, enter the name that you want to
  add, and then enter the access level to be
  assigned to that name (optional). The user name
  may be up to 30 characters. The password must be
  3-10 characters.
• example
• SR-1004/configure user John level 2
• The system prompts you to enter a new password.
• Enter the new password.
• The system prompts you to re-enter the new
  password.
• Re-enter the new password.
• The system confirms that the password is set and
  confirms the name of the added user.
• You can use the show user_accounts command to
  view user information.

14
Removing Users

• The no user name command allows the system
  administrator to remove configured user names
  from the Secure Router system.
• To remove a user name
• Type no user name, followed by the users name.
• example
• SR-1004/configure no user John
• Press Return.
• The user name is removed from the system.

15
Default Configuration

• There are three ways to restore factory default
  configuration settings. Remember to reboot the
  router after performing any of the following
  procedures.
• Clear/Erase the contents of the system.cfg file
• clear cfg_file system.cfg
• erase startup
• Delete the system.cfg file
• rm system.cfg
• erase flash system.cfg
• Rename and remove the system.cfg file
• copy system.cfg system.bk
• rm system.cfg
• After performing any of the above options, the
  system.cfg file no longer exists. Subsequently, a
  file not found error message is displayed upon
  rebooting the system. This message will not
  impact operation, and it should be ignored.
• NOTE If you change any of the factory default
  settings, issue the wr mem command to retain the
  changed configuration before rebooting.

16
Basic WAN T1 Interface Configuration

• Connect the T1 crossover cable between the two
  devices being tested in the lab. You should now
  see a green link status on the T1
• This confirms that there are no layer one errors
• The following are examples of T1 interface
  configurations. To scroll through the options
  available at any command prompt, press the Tab
  key. For descriptions of the options available at
  any command prompt, type help and press Enter.
• T1 Interface
• SR-1004 configure term
• SR-1004/configure module t1 1
• SR-1004/configure/module/t1 1 framing esf
  (default esf)
• SR-1004/configure/module/t1 1 clock_source line
  (defaultinternal)
• SR-1004/configure/module/t1 1 linecode b8zs
  (defaultb8zs)
• SR-1004/configure/module/t1 1 exit 3

17
Software Selectable T1/E1 Option

• TiOS 8.3 adds E1 support on 1001 product line.
  All 1001 products that ship with TiOS 8.3 (and
  higher) will have the software selectable T1/E1
  port option. The 1001 hardware supports both T1
  and E1 signaling. This is unlike 1002 and 1004
  products where T1 and E1 routers are manufactured
  and ordered separately. Hence, the software
  selectable option will only work on the 1001
  product. The standard 1001 products with TiOS 8.3
  will ship with T1 as the default carrier-type.
  The customer can use one CLI command to convert
  the T1 port into an E1 port. The procedure to
  convert T1 to E1 is as follows
• Step 1 configure the carrier-type of the port
  to convert from T1(default) to E1
• Hostgt configure term
• Host/configuregt module t1 1
• Host/configure/module/t1 1gt carrier-type e1
• TiOS 9.0 added this same support for the 3120
  T1/E1 modules the procedure to convert T1 to E1
  is as follows?
• Step 1 configure the carrier-type of the port
  to convert from T1(default) to E1
• SR/configure system carrier-type 2 e1
• E1 carrier set for slot 2
• You need to REBOOT for the change to take effect

18
E1 Unchannelized Option (G.703)

• To provide an E1 unframed and to get 2048M you
  need to disable framing on the E1
• 1001/configure/module/e1 1 gt framing disable
• 1001/configure/interface/bundle wan gtshow int
  bundle wan
• bundle wan
• ----------
• status down, ipcp
  not in open state
• number of links 1
• total bandwidth 2048 kbps
• link speed bw inverted
  status diffdelay(msec)
• ---- ----- -- --------
  ------ ----------------
• e1 1unchannelised 64 2048 no up
  -

19
Saving the Configuration

• wr mem - Saves the current system configuration
  to flash memory. This allows the system to boot
  from the latest configuration upon a subsequent
  power-up or reboot.
• SR-1004write memory
• You also can assign a filename to the saved
  configuration. If a filename is not specified,
  the default file SYSTEM.CFG is used.
• SR-1004write mem test.cfg
• save network - Use the save network command to
  save the configuration to a network tftp server.
  You must specify a filename and the pathname to
  the destination file.
• SR-1004write network 10.1.100.16
  /maindir/temp.cfg

20
Alarms and Statistics
21
Configuring T1 alarms thresholds

• When thresholds are exceeded, the system
  generates alarms that indicate the possible
  deterioration of a T1 link. Refer to the
  following parameters to determine the specific T1
  data type that needs to be configured. You can
  define one alarm threshold for each parameter.
• Parameter Definition
• number Statistic alarm threshold number
• The range is 1 - 10.
• variable Variable on which a threshold is to be
  configured.
• ses Threshold for Severely Errored Seconds
• es Threshold for Errored Seconds
• bes Threshold for Bursty Errored Seconds
• uas Threshold for Unavailable Seconds
• eev Threshold for Excessive Error Violation
  Seconds
• lofc Threshold for Loss-of-Frame Counts
• css Threshold for Controlled Slip Seconds
• oof Threshold for Out-of-Frame Seconds
• crc Threshold for CRC-6 errors
• bpv Threshold for Bipolar Violations
• interval Sampling interval, in seconds.
• The range is 1 - 65535.
• rising_threshold Number of errored seconds or
  events which, if exceeded during any sampling
  interval, results in a rising alarm.
• The range is 0 - 2147483647.

22
T1 Module-Related Commands

• SR-1004 show module config t1 1
• T1 1 is ENABLED
• Alarm Hierarchy TRUE,
• Yellow Alarm DISABLE
• FramingESF, LineCodeB8ZS, ClockSourceLINE,
  LineModeCSU, LBO0 db
• FDL ANSI Unit Protocol enabled ,ATT Unit
  Protocol enabled ,
• CsuDsuType CSU DSU
• CIRCUIT-ID Not Configured ,CONTACT-INFO Not
  Configured ,
• DESCRIPTION Not Configured ,
• Line Status
• RLOSOFF RAISOFF RLOFOFF RRAIOFF
  TAISOFF
• TRAIOFF TLnCodOFF TPlCodOFF TRstCodOFF
  TPtrnOFF
• LoopOFF LORCOFF
• Other related commands
• SR-1004 show module userstats t1 1
• Show all layer 1 errors

23
Sample Test Configuration
24
Layer 3 Solutions
25
Ethernet Interface Configuration

• Each router has two Ethernet ports (0 and 1).
• To view the current configuration of an Ethernet
  port, use the display interface Ethernet command.
  To view a summary of information for both ports,
  use the display interface Ethernets command.
• Configure Ethernet parameters, including
  description, IP address and shutdown/no shutdown.
• Example
• SR-1004 configure term
• SR-1004/configure interface ethernet 0
• SR-1004/configure/interface/ethernet 0 ip addr
  192.168.1.1 24 (or 255.255.255.0 for the subnet
  mask)
• SR-1004/configure/interface/ethernet 0
  description backbone
• SR-1004/configure/interface/ethernet 0 no
  shutdown
• SR-1004/configure/interface/ethernet 0 exit
• SR-1004/configure

26
WAN Interface Bundle Configuration-HDLC

• T1/Cisco-compatible HDLC Bundle
• SR-1004 configure term
• SR-1004/configure interface bundle wan1
• SR-1004/configure/interface/bundle wan1 link t1
  1
• SR-1004/configure/interface/bundle wan1
  encapsulation hdlc
• SR-1004/configure/interface/bundle wan1 hdlc
  keepalive 10 (default10)
• SR-1004/configure/interface/bundle wan1 ip
  address 192.168.2.1 24 (or 255.255.255.0 for the
  subnet mask)
• SR-1004/configure/interface/bundle wan1 exit 3

27
WAN Interface Bundle Configuration-PPP

• T1/PPP Bundle
• SR-1004 configure term
• SR-1004/configure interface bundle wan1
• SR-1004/configure/interface/bundle wan1 link t1
  1
• SR-1004/configure/interface/bundle wan1
  encapsulation ppp
• SR-1004/configure/interface/bundle wan1 ip
  address 192.168.2.1 24 (or 255.255.255.0 for the
  subnet mask)
• SR-1004/configure/interface/bundle wan1 exit 3

28
WAN Interface Bundle Configuration-FR

• T1/Frame Relay Bundle
• SR-1004 configure term
• SR-1004/configure interface bundle wan1
• SR-1004/configure/interface/bundle wan1 link t1
  1
• SR-1004/configure/interface/bundle wan1
  encapsulation frelay
• SR-1004/configure/interface/bundle wan1fr
• SR-1004/configure/interface/bundle wan1pvc 100
• SR-1004/configure/interface/bundle
  wan1/fr/pvc100 ip address 192.168.2.1 24 (or
  255.255.255.0 for the subnet mask)
• SR-1004/configure/interface/bundle wan1 exit 3

29
WAN Interface Bundle Configuration-MLPPP

• T1/MLPPP Bundle
• SR-1004 configure term
• SR-1004/configure interface bundle wan1
• SR-1004/configure/interface/bundle wan1 link t1
  1-4
• SR-1004/configure/interface/bundle wan1
  encapsulation ppp
• SR-1004/configure/interface/bundle wan1 ip
  address 192.168.2.1 24 (or 255.255.255.0 for the
  subnet mask)
• SR-1004/configure/interface/bundle wan1 exit 3

30
WAN Interface Bundle Configuration-MLFR

• T1/Frame Relay Bundle
• SR-1004 configure term
• SR-1004/configure interface bundle wan1
• SR-1004/configure/interface/bundle wan1 link t1
  1-4
• SR-1004/configure/interface/bundle wan1
  encapsulation frelay
• SR-1004/configure/interface/bundle wan1fr
• SR-1004/configure/interface/bundle wan1pvc 100
• SR-1004/configure/interface/bundle
  wan1/fr/pvc100 ip address 192.168.2.1 24 (or
  255.255.255.0 for the subnet mask)
• SR-1004/configure/interface/bundle wan1 exit 3

31
Verify the WAN is up

• SR-1004 show interface bundle wan1
• bundle wan 1
• ----------
• status up
• number of links 1
• total bandwidth 1536 kbps
•  
• link speed bw inverted status
  diffdelay(ms)
• T1 1 0 1536 no up 0
• encapsulation hdlc
• keepalive 10
• keepalive packet type unicast
• mtu 1536
• ip info
• ipaddr 10.1.1.1
• netmask 255.255.255.0

counters for the last five minutes Bytes Rx 0
Bytes Tx 0 Packets Rx 0
Packets Tx 0 Err Packets Rx
0 Up/Down States 0 RED
Configuration ----------------- Status
Enabled Minimum Threshold 207 Maximum Threshold
621 Wq Bias Factor 9 Current Loaned Count
0, Max Loaned Count 0 Current Average Queue
Size 0, Max Ave Queue Size 0 RED
Statistics Threshold Below Min Betn Mn-Mx
Max Q Overflows Allowed
0 0 0 -
Dropped 0 0
0 0
32
Configuring a Default Route

• There are two methods to provide a default route
  for the device. This first points to the next
  hop routers IP interface as the gateway address.
  The second uses the interface name as the
  gateway.
• SR-1004/configure ip route 0.0.0.0 0.0.0.0
  10.1.1.1
• In the above example, x.x.x.x represents the
  gateway.
• SR-1004/configure ip route 0.0.0.0 0.0.0.0 wan1
• In the above example, wan1 represents the
  gateway interface.

33
Cisco to SR T1 using HDLCSingle T1 on the WAN L3
using default routes
SR 1004
CISCO CONFIGURATION conf t hostname Hub int fast
0/0 ip address 192.168.2.1 255.255.255.0
exit controller T1 0/0 framing esf linecode
b8zs clock source internal exit interface
Serial 0/0 ip address 200.1.1.1 255.255.255.252
encapsulation hdlc no cdp enable no
fair-queue exit ip route 0.0.0.0 0.0.0.0
200.1.1.2 exit copy run start
Cisco 7513
200.1.1.0/30
.1
.2
HDLC
E0-192.168.0.1/24
fe 0/0-192.168.2.1/24
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.1 24
exit module t1 1 framing esf linecode b8zs
clock_source line exit interface bundle wan
link t1 1 encapsulation hdlc ip address
200.1.1.2 30 exit ip route 0.0.0.0 0 200.1.1.1
exit wr mem
192.168.0.7/24
192.168.2.100/24
34
Cisco to SR NxT1 using HDLCwith ECMP per packet
load balance per packet
CISCO CONFIGURATION conf t int fast 0/0 ip
address 192.168.2.1 255.255.255.0 no ip
mroute-cache exit controller T1 0/0 framing
esf linecode b8zs clock source line
exit controller T1 0/1 framing esf linecode
b8zs clock source internal exit interface
Serial 0/0 ip address 192.168.1.1
255.255.255.252 encapsulation hdlc no ip
mroute-cache no cdp enable ip load-sharing
per-packet exit interface Serial 0/1 ip
address 192.168.1.5 255.255.252 encapsulation
hdlc no ip mroute-cache no cdp enable ip
load-sharing per-packet exit ip route 0.0.0.0
0.0.0.0 192.168.1.2 ip route 0.0.0.0 0.0.0.0
192.168.1.6 exit copy run start
SR 1004
Cisco 7513
.1
.2
HDLC
.6
.5
HDLC
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.100 24
exit module t1 1-2 framing esf linecode b8zs
clock_source internal exit interface bundle
LB1 link t1 1 encapsulation hdlc ip address
192.168.1.2 30 exit interface bundle LB2 link
t1 1 encapsulation hdlc ip address
192.168.1.6 30 exit Ip load_balance
per_packet route 0.0.0.0 0.0.0.0 192.168.1.2
route 0.0.0.0 0.0.0.0 192.168.1.5 exit wr mem
192.168.2.1/24
192.168.0.7/24
192.168.2.100/24
35
Cisco to SR T1 using PPPSingle T1 on the WAN L3
using default routes
CISCO CONFIGURATION conf t int fast 0/0 ip
address 192.168.2.1 255.255.255.0
exit controller T1 0/0 framing esf linecode
b8zs clock source internal exit interface
Serial 0/0 ip address 192.168.1.2
255.255.255.0 encapsulation ppp no cdp
enable no fair-queue exit ip route 0.0.0.0
0.0.0.0 192.168.1.1 exit copy run start
SR 1004
Cisco 7513
192.168.1.0/24
.1
.2
PPP
192.168.2.1/24
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.10 24
exit module t1 1 framing esf linecode b8zs
clock_source line exit interface bundle wan
link t1 1 encapsulation ppp ip address
192.168.1.1 24 exit ip route 0.0.0.0 0
192.168.1.2 exit wr mem
192.168.0.7/24
192.168.2.100/24
36
Cisco to SR NxT1 using MLPPPNxT1 3Mbs on the WAN
L3 using default routes
CISCO CONFIGURATION conf t int fast 0/0 ip
address 192.168.2.1 255.255.255.0
exit controller T1 0/0 framing esf linecode
b8zs clock source internal exit controller T1
0/1 framing esf linecode b8zs clock source
internal exit interface Multilink1 ip
address 192.168.1.2 255.255.255.0 no cdp
enable ppp multilink multilink-group 1
exit interface Serial 0/0 no ip address
encapsulation ppp no fair-queue ppp
multilink multilink-group 1 exit interface
Serial 0/1 no ip address encapsulation ppp
no fair-queue ppp multilink multilink-group
1 ip route 0.0.0.0 0.0.0.0 192.168.1.1
exit copy run start
SR 1004
Cisco 7513
192.168.1.0/24
.1
.2
MLPPP
192.168.2.1/24
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.10 24
exit module t1 1-2 framing esf linecode b8zs
clock_source line exit interface bundle wan
link t1 1-2 encapsulation ppp ip address
192.168.1.1 24 exit ip route 0.0.0.0 0
192.168.1.2 exit wr mem
192.168.0.7/24
192.168.2.100/24
37
Cisco CT3 NxT1 CPE SR MLPPP NxT1 3Mbs on the WAN
L3 using default routes
CISCO CONFIGURATION int fast 0/0 ip address
192.168.2.1 255.255.255.0 exit controller T3
0/0/0 t1 10 channel-group 0 timeslots 1-24
framing esf linecode b8zs clock source
internal exit t1 11 channel-group 0 timeslots
1-24 framing esf linecode b8zs clock source
internal exit no ip cef interface Multilink1
-Admin to Elm ip address 172.16.64.1/24 no
cdp enable ppp multilink multilink-group 1
exit interface Serial0/0/0/100 no ip address
encapsulation ppp no fair-queue ppp
multilink multilink-group 1 exit interface
Serial0/0/0/110 no ip address encapsulation
ppp no fair-queue ppp multilink
multilink-group 1 exit ip route 0.0.0.0 0.0.0.0
207.98.248.130 exit copy run start
Channelized DS3
Cisco 7505
192.168.1.0/24
Two T1 Lines Using MLPPP
SR 1004
.1
.2
MLPPP
192.168.2.1/24
SR CONFIGURATION conf t hostname
Remote interface ethernet 0 ip address
192.168.0.10 24 exit module t1 1-2 framing
esf linecode b8zs clock_source line
exit interface bundle wan link t1 1-2
encapsulation ppp ip address 192.168.1.1 24
exit ip route 0.0.0.0 0.0.0.0 192.168.1.2
exit wr mem
192.168.2.100/24
192.168.0.7/24
38
SR T1 NxT1 CPE MLPPP NxT1 3Mbs on the WAN L3
using default routes
SR CONFIGURATION conf t hostname HUB module t1
1-2 clock_source internal exit int eth 0
ip add 192.168.1.1 30 exit int bundle wan
link t1 1 1-2 encap ppp ip address
172.16.64.1 24 exit ip route 0.0.0.0
0.0.0.0 172.16.64.2 exit wr mem
SR 1004
T1 Crossover Simulated T1 WAN
Two T1 Line-MLPPP
SR CONFIGURATION conf t hostname CPE module t1
1-2 clock_source line exit interface
ethernet 0 ip address 172.16.72.1 24
exit interface bundle wan link t1 1-2
encapsulation ppp ip address 172.16.64.2 24
exit ip route 0.0.0.0 0.0.0.0 172.16.64.1
exit wr mem
SR 1004
39
SR T1 NxT1 MLPPP RIP NxT1 3Mbs on the WAN L3
using RIP on the WAN interface
SR CONFIGURATION conf t hostname HUB module t1
1-2 clock_source internal exit int eth 0
ip add 192.168.1.1 24 exit int bundle wan
link t1 1-2 encap ppp ip address
172.16.64.1 30 exit router rip interface
ethernet0 exit interface wan exit 2 wr mem
SR 1004
SR CONFIGURATION conf t hostname REMOTE module
t1 1-2 clock_source line exit interface
ethernet 0 ip address 192.168.2.1 24
exit interface bundle wan link t1 1-2
encapsulation ppp ip address 172.16.64.2 30
exit router rip interface ethernet0 exit
interface wan exit 2 wr mem
T1 Crossover Simulated T1 WAN
Two T1 Line-MLPPP
SR 1004
40
SR T1 NxT1 MLPPP OSPF NxT1 3Mbs on the WAN L3
using OSPF on the WAN interface
SR CONFIGURATION conf t hostname HUB module t1
1-2 clock_source internal exit int eth 0
ip add 192.168.1.1 24 exit int bundle wan
link t1 1-2 encap ppp ip address
172.16.64.1 30 exit router routerid
192.168.1.1 exit router ospf area 0 exit
interface ethernet0 area 0 exit interface wan
area 0 exit 2 wr mem
SR 1004
SR CONFIGURATION conf t hostname REMOTE module
t1 1-2 clock_source line exit interface
ethernet 0 ip address 192.168.2.1 24
exit interface bundle wan link t1 1-2
encapsulation ppp ip address 172.16.64.2 24
exit router routerid 192.168.2.1
exit router ospf area 0 exit interface
ethernet0 area 0 exit interface wan area 0
exit 2 wr mem
Two T1 Line-MLPPP
T1 Crossover Simulated T1 WAN
SR 1004
41
Cisco to SR Frame Relay OSPFCisco to SR with FR
on single T1 on the WAN L3 OSPF routing
SR 1004
CISCO CONFIGURATION conf t hostname Hub int fast
0/0 ip address 192.168.2.1 255.255.255.0
exit controller T1 0/0 framing esf linecode
b8zs clock source internal exit interface
Serial 0/0 ip address 192.168.1.2
255.255.255.252 encapsulation frame-relay
IETF frame-relay lmi-type ansi frame-relay
interface-dlci 100 frame-relay intf-type dte
ip ospf network point-to-point mtu 1500
exit router ospf 1 router-id 192.168.2.1
network 192.168.2.0 0.0.0.255 area 0 network
192.168.1.0 0.0.0.3 area 0 exit copy run
start
Cisco 7513
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.1 24
exit module t1 1 clock_source internal
exit interface bundle wan link t1 1
encapsulation frelay fr intf_type dce
frame_size 1500 lmi ansi exit pvc
100 ip address 192.168.1.1 30 exit
3 router routerid 192.168.0.1 router ospf area
0 exit interface ethernet0 area 0 network
broadcast exit interface wan dlci 100 area 0
network point_to_point exit wr mem
192.168.1.0/30
.1
.2
Frame Relay
192.168.2.1/24
192.168.0.7/24
192.168.2.100/24
42
SR T1 PPP BGP with Loopback WAN L3 using BGP on
the WAN interfaces and Loopback ID
AS 200
AS 100
Router A
Router B
Loopback 100.1.1.1/24
10.1.1.1/24
10.1.1.2/24
Loopback 200.1.1.1/24
REMOTE SIDE inter ether 0 ip address
192.168.2.1 24 exit interface bundle t1
link t1 1 encapsulation ppp ip address
10.1.1.2 24 exit interface loopback 0 ip
address 200.1.1.1 32 exit ip route
0.0.0.0 0 10.1.1.1 exit router routerid
200.1.1.1 router bgp 200 redistribute
connected neighbor 100.1.1.1 100
ebgp_multihop update source 200.1.1.1
exit 2
HUB SIDE inter ether 0 ip address 192.168.1.1
24 exit interface bundle wan link t1 1
encapsulation ppp ip address 10.1.1.1 24
exit bundle interface loopback 0 ip
address 100.1.1.1 32 exit ip route
0.0.0.0 0 10.1.1.2 exit router routerid
100.1.1.1 router bgp 100 redistribute
connected neighbor 200.1.1.1 200
ebgp_multihop update source 100.1.1.1
exit 2
43
Two SR Dualhomed to 1 ISP BGP SR Load Sharing
when Dualhomed to One ISP through Multiple Local
Routers using BGP
hostname R1 module t1 1 exit t1 interface
ethernet 0 ip address 10.1.1.1 24 exit
ethernet interface ethernet 0.1 ip address
20.1.1.1 24 exit ethernet interface bundle
wan link t1 1 encapsulation ppp ip
address 100.1.1.2 30 exit bundle ip exit
ip router routerid 100.1.1.2 router bgp 100
distance 170 redistribute connected
group R1 external route_map Peer out
exit group neighbor 100.1.1.1 99
neighbor_group R1 exit neighbor
neighbor 10.1.1.2 100 exit neighbor
exit bgp policy ip_access_list 1 10 action
permit network 10.1.1.0 netmask 0.0.0.255 policy
ip_access_list 2 20 action permit network
20.1.1.0 netmask 0.0.0.255 policy route_map Peer
100 permit match ip ip_address 1
exit match exit policy route_map Peer 200
permit match ip ip_address 2
exit match set as_path prepend 100 100
100 exit set exit route_map exit
hostname R2 module t1 1 exit t1 interface
ethernet 0 ip address 10.1.1.2 24 exit
ethernet interface ethernet 0.1 ip address
20.1.1.2 24 exit ethernet interface bundle
wan link t1 1 encapsulation ppp ip
address 200.1.1.2 30 exit bundle ip exit
ip router routerid 200.1.1.2 router bgp 100
distance 170 redistribute connected
group R2 external route_map Peer out
exit group neighbor 200.1.1.1 99
neighbor_group R2 exit neighbor
neighbor 10.1.1.1 100 exit neighbor
exit bgp policy ip_access_list 1 10 action
permit network 20.1.1.0 netmask 0.0.0.255 policy
ip_access_list 2 20 action permit network
10.1.1.0 netmask 0.0.0.255 policy route_map Peer
100 permit match ip ip_address 1
exit match exit policy route_map Peer 200
permit match ip ip_address 2
exit match set as_path prepend 100 100
100 exit set exit route_map exit
hostname Hub interface bundle wan1 link t1
1 encapsulation ppp ip address 100.1.1.1
30 exit bundle interface bundle wan2
link t1 2 encapsulation ppp ip address
200.1.1.1 30 exit bundle interface loopback
LB0 ip address 99.1.1.1 32 exit
loopback router routerid 99.1.1.1 router bgp
99 distance 170 redistribute connected
neighbor 100.1.1.2 100 exit neighbor
neighbor 200.1.1.2 100 exit neighbor exit
bgp
ISP AS 99
.1
.1
200.1.1.0/30
100.1.1.0/30
AS 100
.2
R2
.2
R1
10.1.1.0 20.1.1.0
44
Two SR Dualhomed to 2 ISP BGP SR Load Sharing
when Dualhomed to two ISPUsing Multiple Local
Routers using BGP
hostname R1 module t1 1-2 clock_source
line exit t1 interface ethernet 0 ip
address 10.1.1.1 24 exit ethernet interface
ethernet 0.1 ip address 20.1.1.1 24 exit
ethernet interface bundle wan link t1 1-2
encapsulation ppp ip address 100.1.1.2
30 exit bundle ip exit ip router routerid
100.1.1.2 router bgp 100 redistribute
connected group R1 external route_map
Peer out exit group neighbor 100.1.1.1
99 neighbor_group R1 exit neighbor
neighbor 10.1.1.2 100 exit neighbor
exit bgp policy ip_access_list 1 10 action
permit network 10.1.1.0 netmask 0.0.0.255 policy
ip_access_list 2 20 action permit network
20.1.1.0 netmask 0.0.0.255 policy route_map Peer
100 permit match ip ip_address 1
exit match exit policy route_map Peer 200
permit match ip ip_address 2
exit match set as_path prepend 100 100
100 exit set exit route_map exit
hostname R2 module t1 1 clock_source line
exit t1 interface ethernet 0 ip address
10.1.1.2 24 exit ethernet interface ethernet
0.1 ip address 20.1.1.2 24 exit
ethernet interface bundle wan link t1 1-2
encapsulation ppp ip address 200.1.1.2
30 exit bundle ip exit ip router routerid
200.1.1.2 router bgp 100 redistribute
connected group R2 external route_map
Peer out exit group neighbor 200.1.1.1
98 neighbor_group R2 exit neighbor
neighbor 10.1.1.1 100 exit neighbor
exit bgp policy ip_access_list 1 10 action
permit network 20.1.1.0 netmask 0.0.0.255 policy
ip_access_list 2 20 action permit network
10.1.1.0 netmask 0.0.0.255 policy route_map Peer
100 permit match ip ip_address 1
exit match exit policy route_map Peer 200
permit match ip ip_address 2
exit match set as_path prepend 100 100
100 exit set exit route_map exit
AS 99
AS 98
100.1.1.0/30
200.1.1.0/30
AS 100
R1
R2
.2
.2
10.1.1.0
20.1.1.0
45
One SR Dualhomed to 2 ISP BGP SR Load Sharing
when Multihomed to two ISPUsing Single Local
Routers with BGP
router bgp 20356 redistribute connected
redistribute static neighbor 157.130.235.113
701 route_map UPDATES-1 in exit
neighbor neighbor 160.81.70.105 1239
route_map UPDATES-2 in exit 2 policy
ip_access_list 1 1 action permit network 0.0.0.0
netmask 127.255.255.255 policy ip_access_list 2
1 action deny network 0.0.0.0 netmask
127.255.255.255 policy ip_access_list 2 2
action permit network 0.0.0.0 netmask
255.255.255.255 policy route_map UPDATES-1 10
permit match ip ip_address 1
exit match set distance 100 exit
2 policy route_map UPDATES-1 20 permit match
ip ip_address 2 exit 2 policy route_map
UPDATES-2 10 permit match ip
ip_address 1 exit 2 policy route_map
UPDATES-2 20 permit match ip
ip_address 2 exit match set
distance 100 exit 2
hostname R1 module t1 1 clock_source line
exit t1 interface ethernet 0 ip address
65.165.135.254 29 exit ethernet interface
bundle mercury link t1 1 encapsulation
frelay fr intf_type dte lmi ansi
exit lmi pvc 500 ip address
157.130.235.114 30 map 157.130.235.113
exit pvc exit fr exit bundle interface
bundle sprint link t1 2 encapsulation
hdlc ip address 160.81.70.106 30 exit
bundle hostname DesMoines_SR ip pname_server
64.7.161.13 name_server 64.7.161.12
name_server 64.7.172.13 route 0.0.0.0 0.0.0.0
157.130.135.113 route 0.0.0.0 0.0.0.0
160.81.70.105 route 65.165.135.0
255.255.255.192 65.165.135.252 1 route
65.165.135.64 255.255.255.192 65.165.135.252 1
route 65.165.135.128 255.255.255.192
65.165.135.252 1 route 65.167.126.0
255.255.255.0 65.165.135.252 1 route
65.171.120.0 255.255.255.0 65.165.135.252 1
exit ip
AS 701
AS 1239
.113
.105
157.130.235.112/30
160.81.70.104/30
AS 20356
.106
.114
E0-65.165.135.254/29
R1
E3/0-65.165.135.252/29
Cisco 3640
E0/0-65.165.135.1/26 -65.167.126.1/24
ATM 1/0-65.165.135.65/26 ATM 1/3-65.167.135.129/26
S0/1-65.165.134.0/24 S3/0
Cisco 2600
E0-65.171.120.0/24
46
SR Multicast support with PIM SMSR Using 3M NxT1
MLPPP WAN on OSPF with PIM SM
HUB Side conf t hostname HUB module t1 1-2
clock_source internal exit interface ethernet
0 ip address 10.1.1.1 24 exit interface
bundle wan link t1 1-2 encapsulation
ppp ip address 192.168.1.2 24 exit ip
multicast exit pim interface wan
exit interface ethernet0 exit cbsr
interface wan exit crp
group-add 224.1.1.0 mask 255.0.0.0
interface wan exit 2 igmp interface
ethernet0 query-interval 60 exit 3
iprouter routerid 10.1.1.1 router ospf area
0 exit interface wan area_id 0
exit interface interface ethernet0 area_id 0
exit interface exit
REMOTE Side conf t hostname REMOTE module t1
1-2 clock_source line exit interface
ethernet 0 ip address 192.168.0.100 24
exit interface bundle wan link t1 1-2
encapsulation ppp ip address 192.168.1.1 24
exit ip multicast exit pim
interface wan exit interface ethernet0
exit cbsr interface wan
exit crp group-add 224.1.1.0 mask
255.0.0.0 interface wan exit 2
igmp interface ethernet0 query-interval
60 exit 3 iprouter routerid
192.168.0.100 router ospf area 0 exit
interface wan area_id 0 exit interface
interface ethernet0 area_id 0 exit
interface exit
10.1.1.2 /24 DG 10.1.1.1 Local MC int-10.1.1.2 MC
224.1.1.1
SR 1002
10.1.1.1
.1
HUB Side
.2
T1 Crossover Simulated T1 WAN
192.168.1.0
.1
192.168.0.100
.1
SR 1002
REMOTE Side
192.168.0.3/24 DG 192.168.0.100 Local MC
int-192.168.0.3 MC 224.1.1.1
47
SR Multicast support with PIM SMSR Using 3M NxT1
MLPPP WAN on OSPF with PIM SM
HUB/show/ip mfc (10.1.1.2, 224.1.1.1) RPF
ethernet0 Exp 0 Outgoing Interface List
vif 1 wan (ttl 1) HUB/show/ip mroute flags
R - RP-bit set W - Wildcard T - SPT-bit set N
- Neg cache I - wrong IIF E - external
r - rejected i - null IIF J - Joining
SPT L - local source PIM SM routes (10.1.1.2/3
2, 224.1.1.1/32) age/exp 002858/000221,
flags TL (40004) IIF ethernet0 (10.1.1.1,
vif 2) RPF nbr 10.1.1.2, pref 0, metric 1
register suppression timeout 27 Outgoing
interface list wan (192.168.1.1, vif 1)
protos none, exp 253
10.1.1.2 /24 DG 10.1.1.1 Local MC int-10.1.1.2 MC
224.1.1.1
HUB Side
SR 1002
10.1.1.1
.1
.2
T1 Crossover Simulated T1 WAN
Remote sh ip igmp interface all IGMP Interface
ethernet0 information interface ethernet0
192.168.0.100/24, owner PIM-SM Querier
192.168.0.100 (this system) Version 3
Query Interval 125 secs Query Response
Interval 10 secs Last member Query
Interval 1 secs Last member Query Count
2 Startup Query Interval 31 secs
Startup Query Count 2 Send Router Alert
Enabled Require Router Alert Disabled
Ignore V1 Messages Disabled Ignore
V2 Messages Disabled Robustness 2
No of Joins on this interface 2 Group
Addr/mask 224.1.1.1/32 Group
age 710 Group Expiry Time 322
Address of last reporter 192.168.0.3
192.168.1.0
.1
Remote/show/ip mfc (10.1.1.2, 224.1.1.1) RPF
wan Exp 0 Outgoing Interface List vif
2 ethernet0 (ttl 1) Remote/show/ip
mroute flags R - RP-bit set W - Wildcard T -
SPT-bit set N - Neg cache I - wrong IIF
E - external r - rejected i - null IIF
J - Joining SPT L - local source PIM SM
routes (0.0.0.0/0, 224.1.1.1/32) age/exp
001218/000242, flags W (2) IIF register
(127.0.0.1, vif 0) RPF nbr 127.0.0.1, pref 0,
metric 1 Outgoing interface list
ethernet0 (192.168.0.100, vif 2) protos none,
exp never (10.1.1.2/32, 224.1.1.1/32) age/exp
001149/000242, flags T (4) IIF wan
(192.168.1.2, vif 1) RPF nbr 192.168.1.2, pref
1, metric 0 Outgoing interface list
ethernet0 (192.168.0.100, vif 2) protos none,
exp never
192.168.0.100
.1
SR 1002
REMOTE Side
192.168.0.3/24 DG 192.168.0.100 Local MC
int-192.168.0.3 MC 224.1.1.1
Remote/show/ip igmp groups all Interface
Group Address Uptime Expires Last
Reporter --------- ------------- ------
------- ------------- ethernet0 224.1.1.1
529 340 192.168.0.3
48
Cisco to SR Multicast support SR to Cisco using
T1 PPP WAN, with PIM SM
HUB Side conf t hostname HUB ip subnet-zero ip
multicast-routing mta receive maximum-recipients
0 ! interface FastEthernet0/0 ip address
10.1.1.1 255.255.255.0 ip pim sparse-mode ip
igmp explicit-tracking ip igmp version 3 no ip
mroute-cache duplex auto speed auto ! interface
Serial0/0 ip address 192.168.1.1
255.255.255.252 ip pim sparse-mode
encapsulation ppp ip igmp explicit-tracking ip
igmp version 3 no ip mroute-cache ! ip
classless ip route 0.0.0.0 0.0.0.0 192.168.1.2 ip
pim bidir-enable ip pim bsr-candidate Serial0/0
0 ip pim rp-candidate Serial0/0 group-list
10 ! access-list 10 permit 224.0.0.0
0.255.255.255 snmp-server community public
RO call rsvp-sync end
REMOTE Side conf t hostname REMOTE module t1 1
clock_source line exit interface ethernet 0
ip address 192.168.0.100 24 exit
interface bundle wan link t1 1
encapsulation ppp ip address 192.168.1.1 24
exit ip multicast exit pim
interface wan exit interface ethernet0
exit cbsr interface wan
exit crp group-add 224.1.1.0 mask
255.0.0.0 interface wan exit 2
igmp interface ethernet0 exit 3 Ip
route 0.0.0.0 0 192.168.1.1 exit
10.1.1.2 /24 DG 10.1.1.1 Local MC int-10.1.1.2 MC
224.1.1.1
Cisco
10.1.1.1
.1
HUB Side
.2
T1 Crossover Simulated T1 WAN
192.168.1.0
.1
192.168.0.100
.1
SR 1002
REMOTE Side
192.168.0.3/24 DG 192.168.0.100 Local MC
int-192.168.0.3 MC 224.1.1.1
49
Layer 3 Applications
50
Cisco to SR ML IP based QoSQoS configured on
both WAN interfaces based on source IP
Cisco 7513
SR 1004
CISCO CONFIGURATION conf t int fast 0/0 ip
address 192.168.2.1 255.255.255.0
exit interface Multilink1 ip address
192.168.1.2 255.255.255.0 no cdp enable ppp
multilink multilink-group 1 service-policy
output qostest exit interface Serial 0/0 no
ip address encapsulation ppp no fair-queue
ppp multilink multilink-group 1
exit interface Serial 0/0 no ip address
encapsulation ppp no fair-queue ppp
multilink multilink-group 1 ip route 0.0.0.0
0.0.0.0 192.168.1.1 policy-map qostest class
c1 shape peak 10000 class-map match-all c1
match access-group 101 access-list 102 permit ip
any host 192.168.0.7 access-list 102 deny ip
any any
192.168.1.0/24
.1
.2
MLPPP
192.168.2.1/24
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.10 24 exit module
t1 1-2 clock_source line exit interface bundle
wan link t1 1-2 encapsulation ppp ip address
192.168.1.1 24 qos add_class qostest
root-out cr 10 br 10 priority 1 class
qostest add_src_ip 192.168.0.7
exit class enable cbq outbound exit ip
route 0.0.0.0 0.0.0.0 192.168.1.2 exit wr mem
192.168.0.7/24
192.168.2.100/24
51
SR Hierarchical QoS using DSCP Root QoS allows
all traffic, with 2 branch classes for VoIP or
Default
SR 3120
.2
Channelized DS3
T1 Line Using PPP
192.168.1.0/30
SR 1004
SR 6300 CONFIGURATION conf t hostname
Hub interface ethernet 0 ip address
192.168.2.1 24 exit module ct3 1 t1 1-2
clock internal exit interface bundle wan
link ct3 1 1 encapsulation ppp ip address
192.168.1.1 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_src_ip default
exit class class VoIP add_dscp
43-44 exit class class NonVoIP
add_dscp default exit class enable
cbq outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.2 exit wr mem
192.168.2.10/24
SR 1001 CONFIGURATION conf t hostname
Remote interface ethernet 0 ip address
192.168.0.10 24 exit module t1 1
clock_source line exit interface bundle wan
link t1 1 encapsulation ppp ip address
192.168.1.2 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_src_ip default
exit class class VoIP add_dscp
43-44 exit class class NonVoIP
add_dscp default exit class enable
cbq outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.1 exit wr mem
.1
192.168.0.7/24
VoIP Phone Mitel 5215 Marks packets with TOS
B0 All 8 bits 1011 0000B0 DSCP 44 Use only
first 6 bits 10110044
VoIP Phone Mitel 5215 Marks packets with TOS
B0 All 8 bits 1011 0000B0 DSCP 44 Use only
first 6 bits 10110044
52
SR Hierarchical QoS using 802.1p Root QoS allows
all traffic, with 2 branch classes for VoIP or
Default
SR 3120
.2
Channelized DS3
T1 Line Using PPP
192.168.1.0/30
SR 1004
SR 6300 CONFIGURATION conf t hostname
Hub interface ethernet 0 ip address
192.168.2.1 24 exit module ct3 1 t1 1-2
clock internal exit interface bundle wan
link ct3 1 1 encapsulation ppp ip address
192.168.1.1 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_dst_ip default
exit class class VoIP add_dot1p
1 exit class class NonVoIP
add_dot1p default exit class enable
cbq outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.2 exit wr mem
192.168.2.10/24
SR 1001 CONFIGURATION conf t hostname
Remote interface ethernet 0 ip address
192.168.0.10 24 exit module t1 1
clock_source line exit interface bundle wan
link t1 1 encapsulation ppp ip address
192.168.1.2 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_dst_ip default
exit class class VoIP add_dot1p
1 exit class class NonVoIP
add_dot1p default exit class enable
cbq outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.1 exit wr mem
.1
192.168.0.7/24
VoIP Phone Mitel 5215 Marks packets with 802.1p1
VoIP Phone Mitel 5215 Marks packets with 802.1p1
53
SR Hierarchical QoS using ports Root QoS allows
all traffic, with 2 branch classes for VoIP or
Default
SR 3120
.2
Channelized DS3
T1 Line Using PPP
192.168.1.0/30
SR 1004
SR 6300 CONFIGURATION conf t hostname
Hub interface ethernet 0 ip address
192.168.2.1 24 exit module ct3 1 t1 1-2
clock internal exit interface bundle wan
link ct3 1 1 encapsulation ppp ip address
192.168.1.1 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_src_ip default
exit class class VoIP add_port
2205-3301 exit class class NonVoIP
add_port default exit class
enable cbq outbound exit ip route 0.0.0.0
0.0.0.0 192.168.1.2 exit wr mem
192.168.2.10/24
SR 1001 CONFIGURATION conf t hostname
Remote interface ethernet 0 ip address
192.168.0.10 24 exit module t1 1
clock_source line exit interface bundle wan
link t1 1 encapsulation ppp ip address
192.168.1.2 30 qos add_class WAN
root-out cr 1536 br 1536 priority 1
add_class VoIP WAN cr 768 br 1536 priority 1
add_class NonVoIP WAN cr 768 br 1536 priority 7
class WAN add_src_ip default
exit class class VoIP add_port
2205-3301 exit class class NonVoIP
add_port default exit class
enable cbq outbound exit ip route 0.0.0.0
0.0.0.0 192.168.1.1 exit wr mem
.1
192.168.0.7/24
VoIP Phone Mitel 5215 Uses packets with Port
2205-3301
VoIP Phone Mitel 5215 Uses packets with Port
2205-3301
54
SR QoS used to monitor the WANQoS can be enabled
to only monitor the classes and not enforce the
rates
SR 3120
SR CONFIGURATION conf t hostname Hub interface
ethernet 0 ip address 192.168.2.1 24 exit module
t1 1-2 clock_source line exit interface bundle
wan link t1 1-2 encapsulation ppp ip address
192.168.1.1 24 qos add_class bwmon root-out
cr 3072 br 3072 priority 1 class bwmon
add_src_ip default exit class
enable mon outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.2 exit wr mem
MLPPP
SR 1004
SR CONFIGURATION conf t hostname Remote interface
ethernet 0 ip address 192.168.0.10 24 exit module
t1 1-2 clock_source line exit interface bundle
wan link t1 1-2 encapsulation ppp ip address
192.168.1.2 24 qos add_class bwmon root-out
cr 3072 br 3072 priority 1 class bwmon
add_src_ip default exit class
enable mon outbound exit ip route 0.0.0.0 0.0.0.0
192.168.1.1 exit wr mem
55
SR QoS used for monitoring SR QoS for 3 T1 WAN
(4608M) using CBQ, start with monitoring
module t1 1-3 clock_source line exit
t1 interface ethernet 0 ip address 10.1.1.1
24 exit ethernet interface ethernet 1
exit ethernet interface bundle wan link t1
1-3 encapsulation ppp ip address
200.1.1.1 30 qos add_class WAN root-out
cr 4608 br 4608 add_class SNTP WAN cr 500
br 1000 priority 3 add_class SMTP WAN cr
1000 br 1500 priority 2 add_class WEB WAN
cr 1000 br 2000 priority 4 add_class IPSEC
WAN cr 608 br 1000 priority 6 add_class DNS
WAN cr 500 br 1000 priority 1 add_class
Default WAN cr 1000 br 4608 priority 7
class WAN add_src_ip default exit
class class SNTP add_port 123
exit class class SMTP add_port
25 exit class class WEB
add_port 80 exit class class
IPSEC add_port 500 exit class
class DNS add_port 53 exit
class class Default add_port
default exit class enable mon
outbound exit qos nat enable
dynamic ip route 0.0.0.0 0.0.0.0 200.1.1.2 30
exit ip wr mem
3 T1 MLPPP Pipe to Verizon
WAN SIPANY CR 4608 BR 4608
LAN
SNTP Port123 CR 500 BR 1K Priority3
SMTP Port25 CR 1K BR 1.5K Priority2
WEB Port80 CR 1K BR 2K Priority4
IPSEC Port500 CR 608 BR 1K Priority6
DNS Port53 CR 500 BR 1K Priority1
Default PortANY CR 1K BR 4608 Priority7
56
SR QoS using CBQSR QoS for 3 T1 WAN (4608M)
using CBQ, then enable CBQ
SR1004 sh qos bundle wan Interface Bundle wan
(Bandwidth 4608Kbps) Interface Outbound
Configuration Statistics -----------------------
---------------------- CBQ on Policing off
MON off ------------------------------------
---------------------------------- Traffic
Class CBQ-CR CBQ-BR Police Avg Out Avg In
Packets Packets (kbps)
(kbps) (kbps) (kbps) (kbps) Fwded
Dropped -------------------------------------
--------------------------------- WAN
4608 4608 - 0 0
0 0 Default 1000 4608
- 0 0 0 0
DNS 500 1000 - 0
0 0 0 IPSEC
608 1000 - 0 0 0
0 WEB 1000 2000 -
0 0 0 0 SMTP
1000 1500 - 0 0
0 0 SNTP 500 1000
- 0 0 0 0
module t1 1-3 clock_source line exit
t1 interface ethernet 0 ip address 10.1.1.1
24 exit ethernet interface ethernet 1
exit ethernet interface bundle wan link t1
1-3 encapsulation ppp ip address
200.1.1.1 30 qos add_class WAN root-out
cr 4608 br 4608 add_class SNTP WAN cr 500
br 1000 priority 3 add_class SMTP WAN cr
1000 br 1500 priority 2 add_class WEB WAN
cr 1000 br 2000 priority 4 add_class IPSEC
WAN cr 608 br 1000 priority 6 add_class DNS
WAN cr 500 br 1000 priority 1 add_class
Default WAN cr 1000 br 4608 priority 7
class WAN add_src_ip default exit
class class SNTP add_port 123
exit class class SMTP add_port
25 exit class class WEB
add_port 80 exit class class
IPSEC add_port 500 exit class
class DNS add_port 53 exit
class class Default add_port
default exit class enable cbq
outbound exit qos nat enable
dynamic ip route 0.0.0.0 0.0.0.0 200.1.1.2 30
exit ip wr mem
WAN SIPANY CR 4608 BR 4608
SNTP Port123 CR 500 BR 1K Priority3
SMTP Port25 CR 1K BR 1.5K Priority2
WEB Port80 CR 1K BR 2K Priority4
IPSEC Port500 CR 608 BR 1K Priority6
DNS Port53 CR 500 BR 1K Priority1
Default PortANY CR 1K BR 4608 Priority7
57
SR VRRP SR VRRP allows tracking of the WAN
interfaces and switch if down
HUB Side conf t hostname HUB1 module t1 1
clock_source internal exit int bundle wan
link t1 1-2 encap ppp ip address 192.168.0.1
30 exit int ethernet 0 ip address
192.168.1.1 24 vrrp_mode 0 vrrp 10
authentication SR ipaddr 192.168.1.254
preempt priority 95 track wan 10
enable exit 2 router routerid 192.168.1.1
exit router ospf area 0 exit inter
ethernet0 area 0 exit inter wan area 0 exit
2 wr mem
HUB Side conf t hostname HUB2 module t1 1
clock_source internal exit int bundle wan
link t1 1-2 encap ppp ip address 192.168.0.5
30 exit int ethernet 0 ip address
192.168.1.2 24 vrrp_mode 0 vrrp 10
authentication SR ipaddr 192.168.1.254
preempt priority 100 track wan 10
enable exit 2 router routerid 192.168.1.2
exit router ospf area 0 exit inter
ethernet0 area 0 exit inter wan area 0 exit
2 wr mem
192.168.1.15/24 DG 192.168.1.254
REMOTE Side conf t hostname REMOTE2 module t1 1
clock_source line exit int bundle wan link t1
1-2 encap ppp ip address 192.168.0.6 30
exit int ethernet 0 ip address 192.168.2.2 24
vrrp_mode 0 vrrp 20 authentication SR
ipaddr 192.168.2.254 preempt priority 95
track wan 10 enable exit 2 router
routerid 192.168.2.2 exit router ospf area
0 exi