Manual Hp3com

HP A-MSR Router Series Layer 2 - WAN Configuration Guide
Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers, and network administrators working with the HP A Series products.
Part number: 5998-2021 Software version: CMW520-R2207P02 Document version: 6PW100-20110810
Legal and notice information

Copyright 201 Hewlett-Packard Development Company, L.P. 1 No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Contents
SLIP configuration 1 Configuring SLIP 1 SLIP configuration example 1 PPP and MP configuration 4 PPP 4 MP 8 Configuring PPP 9 Configuring PAP authentication 10 Configuring CHAP authentication 11 Configuring MS-CHAP or MS-CHAP-V2 authentication 14 Configuring PPP negotiation 15 Enabling PPP link quality control 20 Enabling PPP traffic statistics collection 21 Configuring MP 21 Configuring MP by using a VT interface 21 Configuring an MP through an MP-group 24 Configuring short sequence number header format negotiation 25 Configuring the MP endpoint option 26 Configuring PPP link efficiency mechanisms 26 Introduction to PPP link efficiency mechanisms 26 Configuring PPP link efficiency mechanisms 28 Displaying and maintaining PPP, MP, and PPP link efficiency mechanisms 29 PPP and MP configuration examples 30 One-way PAP authentication configuration example 30 Two-way PAP authentication configuration example 32 One-way CHAP authentication configuration example 34 PPP IP address negotiation configuration example 36 MP configuration example 38 MP binding mode configuration examples 40 Troubleshooting PPP configuration 48 PPPoE configuration 50 PPPoE 50 Configuring a PPPoE server 51 Configuring a PPPoE client 52 Configuring a dialer interface 52 Configuring a PPPoE session 53 Resetting/terminating a PPPoE session 54 Displaying and maintaining PPPoE 54 PPPoE configuration examples 55 PPPoE server configuration example 55 PPPoE client configuration example 56 Connecting a LAN to the internet using an ADSL modem 58 Using ADSL to provide backup connection 60 Accessing the internet through an ADSL interface 61 ISDN configuration 63 Configuring ISDN 64 Configuring ISDN BRI 64 Configuring the negotiation parameters of ISDN layer 3 protocol 67
iii
Configuring the ISDN Q.931 protocol version 71 Configuring the SPID of the ISDN NI protocol 72 Setting the called number or sub-address to be checked during a digital incoming call 73 Configuring an interface to send calling number during an outgoing call 73 Setting the local management ISDN B channel 73 Configuring ISDN B channel selection mode 74 Configuring the sliding window size on a BRI interface 74 Configuring the sliding window size on a PRI interface 75 Collecting statistics about ISDN message receiving and sending 75 Configuring an interface to check the calling number when an incoming call comes 76 Configuring progress-to-alerting conversion 76 Configuring ISDN to carry the Calling-Name field in outgoing packets 77 Configuring ISDN to carry the Connected-Name field in outgoing packets 77 Configuring the service type in the ISDN bearer compatibility signaling 77 Setting the progress indicator value in ISDN signaling messages 78 Configuring the interface to send out Alerting messages that do not carry the Channel-ID field 78 Configuring TEI treatment on the BRI interface 78 Configuring an ISDN BRI leased line 79 Configuring permanent link function at ISDN BRI link layer 79 Specifying an ISDN BRI interface to be in permanent active state on physical layer 80 Configuring deactivation protection for an ISDN BRI interface 80 Enabling remote powering on an ISDN BRI interface 81 Configuring ISDN call check 81 Enabling the trap function 81 Displaying and maintaining ISDN 82 ISDN configuration examples 82 Connecting routers through ISDN PRI lines 82 Connecting routers through ISDN BRI lines running NI 83 Using ISDN BRI leased lines to implement MP bundling 84 Configuring ISDN 128K leased lines 86 Interoperating with DMS100 switches 88 Troubleshooting 89
Frame relay configuration 91 Frame relay interface types 91 Virtual circuit 91 Data link connection identifier 92 Frame relay address mapping 92 LMI protocol 92 Typical application scenarios 93 Frame relay configuration task list 94 Configuring DTE side frame relay 95 Configuring basic DTE side frame relay 95 Configuring frame relay address mappings 95 Configuring a frame relay local virtual circuit 96 Configuring a frame relay subinterface 97 Configuring Annex G 97 Marking the DE bit 99 Configuring DCE side frame relay 100 Configuring basic DCE side frame relay 100 Configuring frame relay address mapping 100 Configuring frame relay local virtual circuit 100 Configuring frame relay subinterface 101 Configuring frame relay switching 101 Configuring frame relay over IP 102
iv
Configuring Annex G 103 Marking the DE bit 103 Enabling the trap function 103 Displaying and maintaining frame relay 104 Frame relay configuration examples 105 Connecting LANs through a frame relay network 105 Connecting LANs with a dedicated line 106 Connecting LANs through an Annex G DLCI 107 Troubleshooting frame relay 109
Frame relay compression configuration 110 FRF.9 110 FRF.20 110 Configuring frame relay compression 110 Configuring FRF.9 compression 110 Configuring FRF.20 IP header compression 111 Displaying and maintaining frame relay compression 112 Frame relay compression configuration examples 112 Frame relay FRF.9 stac compression configuration example 112 Frame relay FRF.20 IP header compression configuration example 113 Multilink frame relay configuration 117 Configuring multilink frame relay 117 Configuring an MFR bundle 117 Configuring an MFR bundle link 118 Displaying and maintaining multilink frame relay 119 Multilink frame relay configuration examples 119 MFR direct connection configuration example 119 MFR switched connection configuration example 120 PPPoFR configuration 123 Configuring PPPoFR 123 Displaying and maintaining PPPoFR 123 PPPoFR configuration example 124 MPoFR configuration 125 Configuring MPoFR 125 MPoFR configuration example 126 DCC configuration 129 Approaches to DCC 129 DCC features 131 Preparing for DCC configuration 132 DCC configuration 132 DCC configuration task list 132 Configuring basic settings for DCC 133 Configuring C-DCC 134 Configuring RS-DCC 141 Configuring MP for DCC 144 Configuring PPP callback 146 Configuring ISDN caller identification callback 149 Configuring advanced DCC functions 151 Configuring DCC timers and buffer queue length 153 Configuring dynamic route backup achieved through DCC 154 Configuring traffic statistics collecting interval 156 Displaying and maintaining DCC 157 DCC configuration examples 157
v
C-DCC application 157 RS-DCC application 159 DCC application on ISDN 163 RS-DCC application with MP 167 Router-to-router callback with DCC (PPP approach) 169 Router-to-router callback with DCC (ISDN approach) 171 Router-to-PC callback with DCC 172 NT server-to-router callback with DCC 174 Circular dial string backup and internet access with DCC 176 Dynamic route backup configuration example I 181 Dynamic route backup configuration example II 184 Dynamic route backup configuration example III 185 Dynamic route backup configuration example IV 188 Troubleshooting 191
Modem management configuration 192 Configuring modem management 192 Setting the modem answer mode 193 Issuing an AT command to a modem 193 Modem management configuration example 193 Troubleshooting 194 ATM configuration 196 Introduction to ATM technology 196 ATM connections and ATM switching 196 ATM architecture 197 Overview of IPoA, IPoEoA, PPPoA and PPPoEoA 198 IPoA 198 IPoEoA 198 PPPoA 198 PPPoEoA 198 ATM service types 199 CBR 199 rt_VBR 199 nrt_VBR 199 UBR 199 Introduction to InARP 199 ATM OAM 200 OAM F5 loopback 200 OAM continuity check 200 ATM configuration task list 200 Configuring an ATM interface 201 Configuring an ATM subinterface 201 Checking PVC status to determine the protocol state of an ATM P2P subinterface 202 Configuring PVCs and the maximum number of PVCs allowed on an interface 202 Configuring PVC parameters 202 Setting the CLP bit for ATM cells 204 Assigning a transmission priority to an ATM PVC 205 Configuring PVC service mapping 205 Configuring the maximum number of PVCs allowed on an ATM interface 206 Configuring an ATM class 206 Configuring VP policing 208 Configuring applications carried by ATM 208 Configuring a Layer 3 VE interface 209 Configuring IPoA 209 Configuring IPoEoA 210
vi
Configuring PPPoA 211 Configuring PPPoEoA 211 Displaying and maintaining ATM 213 ATM configuration examples 213 IPoA configuration example 213 IPoEoA configuration example 215 PPPoA configuration example 216 PPPoEoA server configuration example 217 PPPoEoA client configuration example 219 ATM PVC transmit priority configuration example 221 Troubleshooting ATM 222 Link state error in IPoA application 222 Link report error in PPPoA application 222 Ping failure 222 ATM interface state error 223 PVC state is down while ATM interface state is up 223 Ping failure after PPPoA configuration 223 Packet loss and CRC errors and changes of interface state 223
HDLC configuration 225 HDLC frame format and frame type 225 Enabling HDLC encapsulation on an interface 225 Configuring an IP address for an interface 226 Configuring the link status polling interval 226 Configuring HDLC compression 227 Displaying and maintaining HDLC 227 HDLC configuration examples 227 Basic HDLC configuration example 227 HDLC in conjunction with IP unnumbered interface configuration example 228 DLSw configuration 231 Differences between DLSw v1.0 and DLSw v2.0 231 Protocols and standards 233 Configuring DLSw in an Ethernet environment 233 Creating DLSw peers 234 Mapping a bridge set to DLSw 234 Adding an Ethernet interface to a bridge set 235 Setting DLSw timers 235 Configuring LLC2 parameters 235 Configuring the multicast function of DLSw v2.0 236 Configuring the maximum number of DLSw v2.0 explorer retries 237 Applying an ACL in DLSw 237 Configuring DLSw in an SDLC environment 238 Enabling SDLC encapsulation on an interface 238 Enabling DLSw forwarding on an SDLC interface 239 Configuring SDLC roles 239 Configuring an SDLC address for a secondary station 240 Configuring an SDLC peer 240 Configuring an SDLC XID 241 Configuring an SDLC virtual MAC address 241 Configuring the properties of a synchronous serial interface 242 Configuring optional SDLC parameters 242 Configuring local reachable MAC or SAP addresses 243 Configuring remote reachability information 244 Displaying and maintaining DLSw 244 DLSw configuration examples 245
vii
Configuring LAN-to-LAN DLSw 245 Configuring SDLC-to-SDLC DLSw 246 Configuring DLSw for SDLC-LAN remote media translation 247 Configuring DLSw with VLAN support 249 DLSw v2.0 configuration example 250 Troubleshooting DLSw 251 Unable to establish a TCP connection 251 Unable to establish a DLSw circuit 252
L2TP configuration 253 Typical L2TP networking application 253 Basic concepts of L2TP 254 L2TP tunneling modes and tunnel establishment process 255 L2TP features 258 Protocols and standards 258 L2TP configuration task list 258 Configuring basic L2TP capability 260 Configuring an LAC 260 Configuring an LAC to initiate tunneling requests for specified users 260 Configuring an LAC to transfer AVP data in hidden mode 261 Configuring AAA authentication for VPN users on LAC side 261 Configuring an LAC to establish an L2TP tunnel 262 Configuring an LNS 263 Creating a virtual template interface 263 Configuring the local address and the address pool for allocation 264 Configuring an LNS to grant certain L2TP tunneling requests 264 Configuring user authentication on an LNS 265 Configuring AAA authentication for VPN users on an LNS 266 Enabling L2TP multi-instance 266 Specifying to send ACCM 267 Configuring L2TP connection parameters 267 Configuring L2TP tunnel authentication 267 Setting the hello interval 268 Enabling tunnel flow control 268 Disconnecting tunnels by force 268 Displaying and maintaining L2TP 269 L2TP configuration examples 269 Configuration example for NAS-initiated VPN 269 Configuration example for client-initiated VPN 271 Configuration example for LAC-auto-initiated VPN 273 Configuration example for L2TP multi-domain application 275 Complicated network application 279 Troubleshooting L2TP 279 L2TP-based EAD configuration 281 Configuration prerequisites 281 Configuration procedure 281 Displaying and maintaining L2TP-based EAD 282 L2TP-based EAD configuration example 282 Network requirements 282 Configuration procedure 282 Bridging configuration 285 Introduction to bridging 285 Major functionalities of bridges 285 Bridging configuration task list 289
viii
Configuring basic bridging functionalities 289 Configuring bridge table entries 290 Configuring bridge routing 291 Enabling VLAN transparency 293 Displaying and maintaining bridging configurations 293 Transparent bridging configuration examples 294 Transparent bridging over ATM 294 Transparent bridging over PPP 295 Transparent bridging over MP 296 Transparent bridging over FR 297 Transparent bridging over X.25 298 Transparent bridging over HDLC 298 Bridging with FR sub-interface support 299 Bridge routing 301 Bridging over dialer interface 302 VLAN transparency configuration example 303
EtoPPP and EtoFR configuration 305 How EtoPPP and EtoFR work 305 Configuring EtoPPP and EtoFR 305 Creating an EtoPPP translation mapping 305 Creating an EtoFR translation mapping 306 Displaying and maintaining EtoPPP and EtoFR 306 EtoPPP and EtoFR configuration examples 307 EtoPPP configuration example 307 EtoFR configuration example 308 LAPB and X.25 configuration 310 X.25 and LAPB protocols 310 X.25 310 LAPB 311 Virtual circuit 312 X.25 switching 312 Configuring LAPB 313 LAPB parameters 313 Configuration procedure 313 Configuring an X.25 interface 315 Configuring the basic parameters of an X.25 interface 315 Configuring X.25 interface supplementary parameters 318 Configuring an X.25 subinterface 321 Configuring X.25 datagram transmission 322 Configuring basic X.25 datagram transmission functionality 322 Configuring additional parameters for X.25 datagram transmission 323 Configuring X.25 switching 329 Configuring the basic X.25 switching functionality 329 Configuring flow control negotiation of X.25 switching 330 Configuring X.25 load sharing 330 Configuring X.25 closed user group 332 Configuring X.25 PAD remote access service 334 Introduction to X.25 PAD 334 Configuring X.25 PAD 335 Configuring X.25 over TCP (XOT) 336 XOT 336 Configuration procedure 337 Configuring X.25 over FR 339 X.25 over FR 339
ix
Configuring an SVC application of X.25 over FR 339 Configuring a PVC application of X.25 over FR 340 Configuring X2T 341 Configuration procedure 342 Displaying and maintaining LAPB and X.25 342 LAPB configuration example 343 X.25 configuration examples 346 Direct connection of two routers connecting through serial interfaces (one address mapping) 346 Direct connection of two routers connecting through serial interfaces (two address mappings) 348 Connecting the router to X.25 public packet network 350 Configuring virtual circuit range 352 Transmitting IP datagrams through X.25 PVCs 353 X.25 subinterface configuration example 355 SVC application of XOT 358 PVC application of XOT 359 SVC application of X.25 over FR 361 PVC application of X.25 over FR 362 X.25 load sharing application 364 Implementing X.25 load sharing function for IP datagram transmission 367 TCP/IP header compression protocol application 370 X.25 PAD configuration example 371 X2T SVC configuration example 372 X2T PVC configuration example 373 Troubleshooting LAPB configuration 374 LAPB (or X.25) of two sides always being down 374 Failed to ping the other side with X.25 on both sides being up 374 Troubleshooting X.25 configuration 374 X.25 of two sides always being down with LAPB of two sides being up 374 Failed to ping the other side with X.25 on both sides being up 375 Continuous resets and clears of the virtual circuit established 375 PVC setup request rejected 375 Troubleshooting X.25 PAD 376 Failed to ping XOT SVCs 376 Failed to ping XOT PVCs 376
Support and other resources 378 Contacting HP 378 Subscription service 378 Related information 378 Documents 378 Websites 378 Conventions 379 Index 381
SLIP configuration
The following matrix shows the feature and router compatibility: Feature
SLIP configuration
A-MSR900
No
A-MSR201X
Yes
A-MSR20
Yes
A-MSR30
Yes
A-MSR5 0
Yes
The SLIP is a link layer protocol that transmits network layer data packets over serial lines. It is documented in RFC 1055. SLIP is easy to implement and is supported only on asynchronous interfaces.
Configuring SLIP
To configure SLIP: To do
1. Enter system view. 2. Enter interface view. 3. Configure the synchronous/asynchronous interface to work in asynchronous mode. 4. Configure the asynchronous interface to work in protocol mode. 5. Enable SLIP encapsulation on the interface.
Use the command

system-view interface interface-type interface-number
Remarks
Optional.
physical-mode async
You must configure this command for synchronous/asynchronous interfaces, but not for asynchronous interfaces. Optional. Protocol mode by default Optional. PPP by default
async mode protocol
link-protocol slip
You can enable SLIP encapsulation only on asynchronous interfaces. For a synchronous/asynchronous interface, you can switch it to the asynchronous mode and then enable SLIP encapsulation on it. Some asynchronous interfaces do not support the SLIP protocol, but you can still configure the link-protocol slip command on it. When you do that, the system informs you that the operation of SLIP encapsulation fails. By then, no encapsulation is enabled on the interface. You must use the link-protocol ppp command to enable PPP encapsulation on the interface to make it available again.
SLIP configuration example

Network requirements
As shown in Figure 1, enable SLIP encapsulation on the link connecting Router A and Router B.
Figure 1 Network diagram

S2/0 200.1.1.1/16 S2/0 200.1.1.2/16
Router A
Router B
Configuration procedure
1.
Configure Router A.
# Configure interface Serial 2/0 to work in asynchronous and protocol mode.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol
# Enable SLIP encapsulation on interface Serial 2/0.

[RouterA-Serial2/0] link-protocol slip
# Assign an IP address to interface Serial 2/0.

[RouterA-Serial2/0] ip address 200.1.1.1 16
2.
Configure Router B.
# Configure interface Serial 2/0 to work in asynchronous and protocol mode.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] physical-mode async [RouterB-Serial2/0] async mode protocol
# Enable SLIP encapsulation on interface Serial 2/0.

[RouterB-Serial2/0] link-protocol slip

[RouterB-Serial2/0] ip address 200.1.1.2 16
3.
Verify the configuration.
You can use the display interface command to view the information about interface Serial 2/0. The physical layer status and link layer status of Serial 2/0 are both up, and Router A and Router B can successfully ping each other.
[RouterB-Serial2/0] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.2/16 Primary Link layer protocol is SLIP Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Physical layer is asynchronous, Baudrate is 9600 bps Last clearing of counters: Never Last 300 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec 0/100/0 0/500/0 0/75/0
Input: 11753 packets, 147028 bytes 0 broadcasts, 0 multicasts 16 errors, 0 runts, 3 giants 1 CRC, 0 align errors, 0 overruns 0 dribbles, 0 aborts, 0 no buffers 12 frame errors Output:11741 packets, 142014 bytes 0 errors, 0 underruns, 0 collisions 0 deferred DCD=DOWN DTR=UP DSR=UP RTS=UP CTS=UP
[RouterB-Serial2/0] ping 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=255 time=103 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms --- 200.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/23/103 ms
PPP and MP configuration

PPP
PPP is a link layer protocol that carries network layer packets over point-to-point links. It gains popularity because it provides user authentication, supports synchronous/asynchronous communication, and allows for easy extension. PPP contains a set of protocols, including the LCP, various NCPs, and authentication protocols such as PAP, CHAP, MS-CHAP, and MS-CHAP-V2. Among these protocols, LCP establishes, tears down, and monitors data links. NCPs negotiate the formats and types of data packets transmitted on data links. PAP, CHAP, MS-CHAP, and MS-CHAP-V2 secure the network.
PAP authentication
PAP is a two-way handshake authentication protocol using plain text passwords. It operates in the following workflow.
1. 2.
The authenticatee sends its username and password to the authenticator. The authenticator then checks the local user list to see if the username and password are correct and returns an Acknowledge or Not Acknowledge packet.
Figure 2 PAP authentication

Authenticator Authenticatee
Sending the user name and the password
Ack or Not Ack
During PAP authentication, the password is transmitted on the link in plain text. In addition, the authenticatee sends the username and the password repeatedly through the established PPP link until the authentication is over. PAP is not a secure authentication protocol and cannot prevent attacks.
CHAP authentication
CHAP is a three-way handshake authentication protocol using cipher text password. Two types of CHAP authentication exist: one-way CHAP authentication and two-way CHAP authentication. In one-way CHAP authentication, one side of the link acts as the authenticator and the other acts as the
authenticatee. In two-way authentication, each side serves as both the authenticator and the authenticatee. Normally, one-way CHAP authentication is adopted. In one-way CHAP authentication, the authenticator may or may not be configured with a username. HP recommends that you configure a username for the authenticator to identify the authenticator more easily. If the authenticator is configured with a username, CHAP authentication is performed in the following workflow.
1. 2.
The authenticator initiates an authentication by sending a randomly-generated packet (Challenge) to the authenticatee. The packet carries the local username with it in addition. When the authenticatee receives the authentication request, it searches the local user list for the password of the username carried in the received packet, encrypts the packet by using the MD5 algorithm, with the packet ID and the password as the parameters, and then sends the encrypted packet and the local username to the authenticator (Response). The authenticator encrypts the original randomly-generated packet using the MD5 algorithm, with the password of the authenticatee it maintains as the parameter, compares the encrypted packet with the one received from the authenticatee, and returns an Acknowledge or Not Acknowledge packet depending on the comparison result.
3.
If the authenticator is not configured with a username, CHAP authentication is performed in the following workflow.
4. 5.
The authenticator initiates an authentication by sending a randomly-generated packet (Challenge) to the authenticatee. When the authenticatee receives the authentication request, it encrypts the packet by using the MD5 algorithm, with the packet ID and the default CHAP password as the parameters, and then sends the encrypted packet and its own username to the authenticator (Response). The authenticator encrypts the original randomly-generated packet by using the MD5 algorithm, with the password of the authenticatee it maintains as the parameter, compares the encrypted packet with the one received from the authenticatee, and returns an Acknowledge or Not Acknowledge packet depending on the comparison result.
6.
Figure 3 CHAP authentication

Authenticator Authenticatee
Challenge
Rsponse
Ack or Not Ack
MS-CHAP authentication
MS-CHAP is a three-way handshake authentication protocol using cipher text password.
Different from CHAP, MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3. Authentication Protocol and MS-CHAP provide the authenticator-controlled authentication retry mechanism. MS-CHAP authentication operates in the following workflow.
1. 2.
The authenticator initiates an authentication by sending a randomly-generated packet (Challenge) to the authenticatee. When the authenticatee receives the authentication request, it encrypts the packet and its own password by using the 0x80 algorithm, and then sends the encrypted packet and its own username to the authenticator (Response). When receiving the Response packet, the authenticator searches the local user list for the password of the username carried in the Response packet, encrypts the packet and the authenticatees password by using the 0x80 algorithm, with the Challenge packet and the password as the parameters, compares the encrypted packet with the one received from the authenticatee, and returns an Acknowledge or Not Acknowledge packet depending on the comparison result. If the authentication succeeds, the Acknowledge packet carries the greeting information. If the authentication fails, the Not Acknowledge packet carries errors, retry flag, and new randomly-generated packet (Challenge). When the authenticatee receives an Acknowledge packet, the authentication succeeds. When the authenticatee receives a Not Acknowledge packet that carries the retry (R) flag set to 1, the authenticatee encrypts the Challenge packet and its own password by using the 0x80 algorithm, and sends the encrypted packet and its own username to the authenticator. The authenticator re-authenticates the Response packet. If the R flag in the packet is 0, the authentication fails and the authenticator disconnects from the authenticatee. The authenticator allows the authenticatee to retry for three times.
3.

4. 5.
MS-CHAP-V2
MS-CHAP-V2 is a three-way handshake authentication protocol using cipher text password. Different from CHAP, MS-CHAP-V2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3, Authentication Protocol, provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Acknowledge packet, and supports the authentication retry and password changing mechanisms. MS-CHAP-V2 authentication operates in the following workflow.
1. 2.
The authenticator initiates an authentication by sending a randomly-generated packet (Challenge) to the authenticatee. When the authenticatee receives the authentication request, it encrypts the Challenge packet, its own randomly-generated packet (Peer-Challenge), its own username, and password by using the 0x81 algorithm, and then sends the encrypted packet and username to the authenticator (Response). When receiving the Response packet, the authenticator encrypts the authenticatees Peer-Challenge packet, the Challenge packet, and authenticatees username and password by using the 0x81 algorithm. The authenticator compares the encrypted packet with the one received from the authenticatee, and returns an Acknowledge or Not Acknowledge packet depending on the comparison result. If the authentication succeeds, the Acknowledge packet carries the encrypted packet from the authenticatee for piggybacking authentication. The encrypted packet is generated by using the 0x81 algorithm, with the authenticatees username and password, the encrypted packet received from the authenticatee, the Peer-Challenge packet, and the Challenge packet as the parameters.
3.

4.
If the authentication fails, the Not Acknowledge packet carries error code, retry flag, and new randomly-generated packet (Challenge). When the authenticatee receives an Acknowledge packet, it encrypts a packet by using the 0x81 algorithm, with its own username and password, the Challenge packet, Peer-Challenge packet, and the encrypted packet sent to the authenticator as the parameters. The authenticatee compares the encrypted packet with the one received from the authenticator. If they match each other, the authentication succeeds. If not, the link is disconnected. When the authenticatee receives a Not Acknowledge packet from the authenticator: If the error in the packet is due to password expiration, the authenticatee encrypts a packet by using the 0x81 algorithm, with a new password, the Challenge packet, Peer-Challenge packet, and its own username as the parameters, and sends the encrypted packet and new password after encryption (change password) to the authenticator. The authenticator re-authenticates the authenticatee by using the new password. If the R flag in the Not Acknowledge packet is 1, the authenticatee encrypts a packet by using the 0x81 algorithm, with the Challenge packet, Peer-Challenge packet, its own username and password as the parameters, and sends the encrypted packet and its own username to the authenticator. The authenticator re-authenticates the authenticatee by using the encrypted packet. If the R flag in the Not Acknowledge packet is 0, the link is disconnected. The authenticator allows the authenticatee to retry for three times.
5.
PPP link phases

Figure 4 illustrates the PPP link phases.
1.
A PPP link is in the Establish phase when it is about to be established. In this phase, LCP negotiation is performed, where LCP-related settings are determined, including operating mode (SP or MP), the authentication mode, and the MTU. If the negotiation is successful, the link enters the Opened state, indicating that the underlying layer link has been established. If the authentication (the remote verifies the local or the local verifies the remote) is configured, the PPP link goes to the Authenticate phase, where PAP, CHAP, MS-CHAP, or MS-CHAP-V2 authentication is performed. If the authenticatee fails to pass the authentication, the link goes to the Terminate phase, where the link is torn down and LCP goes down. If the authenticatee passes the authentication, the link goes to the Network phase. In this phase, NCP negotiation is performed, the LCP state remains Opened, and the state of IPCP is changed from Initial to Request. NCP negotiation supports the negotiation of IPCP, through which the IP addresses of both sides can be determined. NCP negotiation also determines and configures the network layer protocol to be used. Note that a PPP link can carry a network layer protocol only after the NCP negotiation succeeds. After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP frames close the link, or until some external events take place (for example, the intervention of a user).
2.
3.
4.
5.
Figure 4 PPP link phases

Dead UP Establish OPENED Authenticate
FAIL
FAIL SUCCESS/NONE
DOWN
CLOSING Terminate
Network
For more information about PPP, see RFC 1661.
MP
MP provides an approach to increasing bandwidth. It allows multiple PPP links to be bundled together to form an MP bundle. After receiving a packet that is larger than the minimum packet size for fragmentation, MP fragments the packet and distributes the fragments over multiple PPP links to the remote end. After the remote end receives these fragments, it reassembles them into a packet and passes the packet to the network layer.
Implementation
You can configure MP by using VT or MP-group interfaces. VTs are used to configure VA interfaces. After bundling multiple PPP links into an MP, you must create a VA interface for the MP to enable it to exchange data with the peers. VT and MP-group differ in the following aspects: Configuring MP by using VT interfaces can involve an authentication process. The device locates the specified VT interface according to the username provided by the peer, and creates a bundle (called VT channel in the system) corresponding to an MP link based on the configuration of the template. Create multiple bundles on the same VT interface, each of which is an MP link. From the perspective of the network layer, these links form a point to multipoint topology. In this sense, VT interfaces are more flexible than MP-group interfaces. Use bundling mode to distinguish multiple bundles created on a VT interface. Use the ppp mp binding-mode command in VT interface view to specify the binding mode. Three binding modes are available: authentication, both (the default), and descriptor. The authentication mode specifies to bundle links according to username, the descriptor mode specifies to bundle links according to the peer descriptor (which is determined during LCP negotiation), and the both mode specifies to bundle links according to both username and descriptor. MP-group interfaces are intended only for MP. On an MP-group interface, only one bundle is allowed, and links cannot be bundled according to the peers descriptor. Compared with VT interfaces, the configuration of MP-group interfaces is simpler and easy to configure and understand.
Negotiation
MP negotiation involves two processes: first LCP negotiation, and then NCP negotiation. LCP negotiation, during which both sides negotiate the common LCP parameters and check whether their peer interface is working in the MP mode. If not, the LCP negotiation fails. If the LCP negotiation succeeds, NCP negotiation starts. NCP negotiation, which is performed based on the NCP parameters (IP address for example) of the MP-group interface or the specified VT interface. NCP parameters on physical interfaces do not take part in the negotiation.
8
MP link is established after the NCP negotiation succeeds.
Functions
MP functions to: Increase bandwidth, or dynamically increase/reduce bandwidth by working with DCC. Load sharing. Backup. Decrease transmission delay through packet fragmentation.
MP is available to all physical or virtual interfaces encapsulated with PPP, including serial, ISDN BRI/PRI, and PPPoX (PPPoE, PPPoA, or PPPoFR) interfaces. However, in MP configuration, it is preferred that an MP bundle includes only one type of interfaces.
Configuring PPP
To configure PPP: To do...
1. Enter system view. 2. Enter interface view. 3. Enable PPP encapsulation on the interface.
Use the command...

system-view interface interface-type interface-number link-protocol ppp
Remarks
Optional. By default, PPP encapsulation is enabled on an interface. Optional. 10 seconds by default Optional. You can configure several authentication modes simultaneously. In LCP negotiation, the authenticator negotiates with the authenticatee in the sequence of configured authentication modes until the LCP negotiation succeeds. If the response packet from the authenticatee carries a recommended authentication mode, the authenticator directly uses the authentication mode if it finds the mode configured. PPP authentication is disabled by default.
4. Set the polling interval. Employ PAP.
timer hold seconds See Configuring PAP authentication.
Employ CHAP. 5. Configure PPP authentication mode.
See Configuring CHAP authentication.
Employ MS-CHAP or MS-CHAP-V2.
See Configuring MS-CHAP or MS-CHAP-V2 authentication.
6. Configure PPP negotiation.
See Configuring PPP negotiation.
Optional.
To do...
7. Configure PPP LQC.
Use the command...

See Enabling PPP link quality control. See Enabling PPP traffic statistics collection.
Remarks
Optional.
8. Enable PPP traffic statistics collection.
Optional.
This chapter describes local authentication. For more information about the remote AAA authentication, see Security Configuration Guide.
Configuring PAP authentication

Configuring the authenticator
To configure the authenticator: To do
1. Enter system view. 2. Enter interface view. 3. Configure the local device to authenticate the peer by using PAP. 4. Return to system view. 5. Create a local user account for the authenticatee and enter local user view. 6. Set a password for the local user. 7. Configure the service type of the local user as PPP. 8. Return to system view.
Use the command

system-view interface interface-type interface-number ppp authentication-mode pap [ [ call-in ] domain isp-name ] quit local-user username password { cipher | simple } password service-type ppp quit
Remarks
Required. By default, PPP authentication is disabled. Required.
Required. Required. Optional. To configure the ppp authentication-mode command with an ISP domain specified that is not the default domain system, configure this command before configuring the ppp authentication-mode command. Optional.
9. Create an ISP domain or enter an existing ISP domain view.
domain isp-name
10. Configure local authentication for the PPP users.
authentication ppp local
For more information about local user configuration and domain configuration, see Security Configuration Guide.
Configuring the authenticatee

To configure the authenticatee:
10
To do
1. Enter system view. 2. Enter interface view. 3. Configure the PAP username and password sent from the local device to the peer when the local device is authenticated by the peer by using PAP.
Use the command

Remarks
Required.
ppp pap local-user username password { cipher | simple } password
By default, when being authenticated by the peer using PAP, the local device sends null username and password to the peer.
Configuring CHAP authentication

According to whether the authenticator is configured with a username or not, the configuration of CHAP authentication falls into the following two types:
Configuring CHAP authentication when the authenticator name is configured

1.
Configure the authenticator Use the command

system-view interface interface-type interface-number ppp authentication-mode chap [ [ call-in ] domain isp-name ]
To configure the authenticator: To do

1. Enter system view. 2. Enter interface view. 3. Configure the local device to authenticate the peer using CHAP.
Remarks
4. Assign a username to the CHAP authenticator.
ppp chap user username
The username you assign to the authenticator must be the same as the local username you assign to the authenticator on the authenticatee. Required. Required.
5. Return to system view. 6. Create a local user account for the authenticatee and enter local user view. 7. Set the password for the local user. 8. Configure the service type of the local user as PPP. 9. Return to system view.
quit local-user username
password { cipher | simple } password
The password of the authenticator user must be the same as that of the authenticatee user. Required.
service-type ppp quit
11
To do
Use the command
Remarks
Optional. To configure the ppp authentication-mode command with an ISP domain specified that is not the default domain system, configure this command before configuring the ppp authentication-mode command. Optional.
10. Create an ISP domain, or enter an existing ISP domain view.
domain isp-name
2.
Configure the authenticatee Use the command

To configure the authenticatee: To do

1. Enter system view. 2. Enter interface view.
Remarks
Required.
3. Assign a username to the CHAP authenticate.
The username you assign to the authenticatee here must be the same as the local username you assign to the authenticatee on the authenticator. Required. Required.
4. Return to system view. 5. Create a local user account for the authenticator and enter local user view.
quit local-user username
6. Set the password for the local user.
password { cipher | simple } password
The password of the authenticator user must be the same as that of the authenticatee user. Required.
7. Configure the service type of the local user as PPP.
service-type ppp
For more information about local user configuration, see Security Configuration Guide. If the authenticator name is configured, do not configure the ppp chap password command on the interface that connects the authenticatee. Otherwise, the authentication may fail.
Configuring CHAP authentication when no authenticator name is configured

1.
Configure the authenticator
To configure the authenticator:
12
To do
1. Enter system view. 2. Enter interface view. 3. Configure the local device to authenticate the peer by using CHAP. 4. Return to system view. 5. Create a local user account for the authenticatee and enter local user view. 6. Set the password for the local user. 7. Set the service type of the local user to PPP. 8. Return to system view.
Use the command

system-view interface interface-type interface-number ppp authentication-mode chap [ [ call-in ] domain isp-name ] quit local-user username password { cipher | simple } password service-type ppp quit
Remarks
Required. Required. Optional. To configure the ppp authentication-mode command with an ISP domain specified that is not the default domain system, configure this command before configuring the ppp authentication-mode command. Optional.
domain isp-name
2.
Configure the authenticatee
To configure the authenticatee: To do

Use the command

Remarks
Required.
3. Assign a username to the CHAP authenticatee.
The username you assign to the authenticatee must be the same as the local username you assign to the authenticatee on the authenticator.
13
To do
4. Set the default CHAP authentication password.
Use the command
Remarks
Required. The password you set for the authenticatee must be the same as the password you set for the authenticatee on the authenticator.
ppp chap password { cipher | simple } password
Configuring MS-CHAP or MS-CHAP-V2 authentication

In MS-CHAP or MS-CHAP-V2 authentication, a HP device can only be an authenticator. L2TP supports the MS-CHAP authentication, but does not support the MS-CHAP-V2 authentication. Password change in MS-CHAP-V2 authentication does not support local authentication, but is used only in RADIUS authentication. To configure the authenticator for MS-CHAP or MS-CHAP-V2 authentication: To do
1. Enter system view. 2. Enter interface view. 3. Configure the local device to authenticate the peer by using MS-CHAP or MS-CHAP-V2. 4. Return to system view. 5. Create a local user account for the authenticatee and enter local user view. 6. Set the password for the local user. 7. Set the service type of the local user to PPP. 8. Return to system view.
Use the command

system-view interface interface-type interface-number ppp authentication-mode { ms-chap | ms-chap-v2 } [ [ call-in ] domain isp-name ] quit
Remarks
Required. By default, PPP authentication is disabled.
local-user username
Required.
password { cipher | simple } password service-type ppp quit
Required. Required. Optional.
domain isp-name
To configure the ppp authentication-mode command with an ISP domain specified that is not the default domain system, configure this command before configuring the ppp authentication-mode command. Optional.
To create the local user and the ISP domain, and set their attributes, see Security Configuration Guide.
14
Configuring PPP negotiation

Introduction to PPP negotiation parameters
PPP negotiation parameters that can be configured include:
1.
Negotiation timeout time IP address negotiation DNS server address negotiation ACCM negotiation ACFC negotiation PFC negotiation Negotiation timeout time
Negotiation timeout time determines the interval for sending request packets. During PPP negotiation, if no response is received from the peer during a specific period after the local device sends a packet, the device sends the packet again. The period is known as negotiation timeout time, which ranges from 1 to 10 seconds.
2.
IP address negotiation The device operating as the client: You can configure the local interface to operate in this mode if it uses PPP at the data link layer but does not have an IP address, whereas the peer is configured with an IP address, after which the interface can receive an IP address allocated by its peer. This configuration applies to the situations where you access the Internet through ISP. The device operating as the server: In this case, you must configure a local IP address pool in domain view or system view to specify the range of the IP addresses to be allocated, and then bind the address pool to the interface. DNS address negotiation
IP address negotiation can be implemented in the following two modes.
3.
PPP address negotiation can also determine the DNS server address. You can configure a device to allocate the DNS server address to the peer or receive the DNS server address from the peer. Normally, for a PPP link between a PC and a device, the DNS server address is usually allocated by the device, through which the PC can access the Internet directly using domain names. For a PPP link established between a device and the access server of a carrier, the DNS server address is usually allocated by the access server, through which the device can resolve domain names through the DNS server address allocated by the access server.
4.
ACCM negotiation
The escape mechanism is implemented to transparently transmit asynchronous control characters on asynchronous links. This is to avoid payloads being treated as control characters when the payloads contain the same characters as the control characters. The length of each asynchronous control character is one byte. PPP uses the escape mechanism to map all one-byte asynchronous control characters into two-byte characters. This increases the bandwidth consumed by asynchronous control characters and as a result reduces effective payload bandwidth. The ACCM configuration option provides a method to negotiate the use of control character transparency on asynchronous links. The ACCM field contains 32 bits numbered 1 to 32 from left to right. Each bit corresponds to an asynchronous control character numbered the same. If the value of a bit is 0, the system does not escape the corresponding asynchronous control character; if the value of a bit is 1, the system escapes the corresponding asynchronous control character by prefacing it with a backslash (\). For example,
15
if the value of the bit numbered 19 is 0, the asynchronous control character numbered 19 (DC3, Control-S) is sent without being escaped. ACCM negotiation is implemented at the LCP negotiation stage. After ACCM negotiation is completed, the peer escapes asynchronous control characters according to the Async Control Character Mappings when sending packets. By default, the ACCM field takes the value of 0x000A0000. To reduce the bandwidth consumed by asynchronous control characters and increase effective payload bandwidth on low-rate links, set the ACCM field to 0x0.
5.
ACFC negotiation
By default, in a PPP packet, the address field is fixed to 0xFF, and the control field is fixed to 0x03. The fixed values make these two fields easy to be compressed. ACFC negotiation notifies the peer that the local end can receive packets carrying compressed address and control fields. ACFC negotiation is implemented at the LCP negotiation stage. After the ACFC negotiation is completed, the device compresses the address and control fields of non-LCP packets before sending them out, and does not add address and control fields to them, thus increasing effective payload bandwidth on the link. To ensure successful LCP negotiation, do not apply the compression to LCP packets. HP recommends that you use the ACFC configuration option on low speed links.
6.
PFC negotiation
By default, the length of the protocol field in a PPP packet is 2 bytes. Because data protocols are typically assigned protocol field values less than 256, the PPP protocol field of most packets can be compressed from 2 bytes to 1 byte and is still able to indicate protocol types. PFC negotiation notifies the peer that the local end can receive the packets with single-byte protocol fields. PFC negotiation is implemented at the LCP negotiation stage. After PFC negotiation is completed, the device compresses the protocol fields of non-LCP packets before sending them out; if the first 8 bits of the protocol field are all zeros, the device does not add them, thus increasing effective payload bandwidth on the link. To ensure successful LCP negotiation, the compression does not apply to LCP packets. HP recommends that you use this configuration option on low speed links.
Configuring the PPP negotiation timeout time

To configure PPP timeout time: To do
1. Enter system view. 2. Enter interface view. 3. Configure the negotiation timeout time.
Use the command

system-view interface interface-type interface-number ppp timer negotiate seconds
Remarks
Optional 3 seconds by default
Configuring IP address negotiation

1.
Configuring the local end as the client
To configure the local end as the client:
16
To do
1. Enter system view. 2. Enter interface view. 3. Enable IP address negotiation. 2.
Use the command

system-view interface interface-type interface-number ip address ppp-negotiate
Remarks
Required
Configuring the local end as the server Use the command...

system-view ip pool pool-number low-ip-address [ high-ip-address ]
To configure the local end as the server (for cases where PPP authentication is not enabled): To do...
1. Enter system view.
Remarks
2. Assign an IP address of a global address pool for the peer or specify the IP address to be allocated to the peer.
Define a global address pool and bind it to the interface.
interface interface-type interface-number remote address pool [ pool-number ]
Required. Use either approach. As for the remote address pool command, if the pool-number parameter is not provided, the global address pool numbered 0 is used.
Specify the IP address to be allocated to the peer.
interface interface-type interface-number remote address ip-address
To configure the local end as the server (for cases where PPP authentication is enabled): To do...
1. Enter system view. 2. Enter domain view. 3. Define the domain address pool. 4. Return to system view. 5. Enter interface view.
Use the command...

system-view domain domain-name ip pool pool-number low-ip-address [ high-ip-address ] quit interface interface-type interface-number
Remarks
Required. Required. Required.
6. Specify the address pool for IP address allocation.
remote address pool [ pool-number ]
If you execute the remote address pool command without providing the pool-number parameter, all the address pools in the domain are used in turn for IP address allocation.
17
To do...
Use the command...
Remarks
Optional. By default, the peer end is allowed to use the locally configured IP address. In this case, the local end does not allocate an IP address to the peer end if the latter already has an IP address.
7. Disable the peer end from using the locally configured IP address.
ppp ipcp remote-address forced
Note that the domain used in defining the pool address is the domain specified when performing PPP authentication.
Configuring DNS server address negotiation

Configure DNS server settings depending on the role of your device in PPP negotiation.
1.
Configure the local end as the client
To configure settings for DNS server address negotiation when the device is functioning as the client in PPP negotiation: To do
1. Enter system view. 2. Enter interface view. 3. Enable the local end to request the peer for a DNS server address.
Use the command

Remarks
Required.
ppp ipcp dns request
By default, a device does not request its peer for a DNS server address. Optional.
4. Enable the local end to accept the DNS server address assigned by the peer.
ppp ipcp dns admit-any
By default, a device does not accept the DNS server address assigned by the peer.
2.
Configure the local end as the server
To configure settings for DNS server address negotiation when the device is functioning as the server in PPP negotiation: To do
Use the command

Remarks
Required.
3. Enable the local end to assign a DNS server address to the peer.
ppp ipcp dns primary-dns-address [ secondary-dns-address ]
By default, a device does not assign a DNS server address to the peer.
Configuring ACCM negotiation

To configure ACCM negotiation:
18
To do
Use the command

system-view interface interface-type interface-number ppp accm hex-number
Remarks
Optional.
3. Configure the ACCM value.
By default, the ACCM value is 0x000A0000.
ACCM negotiation only applies on asynchronous links.
Configuring ACFC negotiation

1.
Configure the local end to send ACFC requests
To configure the local end to send ACFC requests: To do

1. Enter system view. 2. Enter interface view. 3. Configure the local end to send ACFC requests, that is, configure the local end to include the ACFC option in its outbound LCP negotiation requests. 2.
Use the command

Remarks
Required.
ppp acfc local request
By default, the local end does not include the ACFC option in its outbound LCP negotiation requests.
Configure the local end to handle the ACFC requests received from the peer
To configure the local end to handle the ACFC requests received from the peer: To do
1. Enter system view. 2. Enter interface view. 3. Configure the local end to accept ACFC requests received from the peer and to perform ACFC on frames sent to the peer. 4. Configure the local end to accept ACFC requests received from the peer, but not to perform ACFC on frames sent to the peer. 5. Configure the local end to reject ACFC requests sent from the peer.
Use the command

Remarks

ppp acfc remote apply Optional. By default, the local end accepts the ACFC requests from the remote peer, but does not perform ACFC on frames sent to the peer.
ppp acfc remote ignore
ppp acfc remote reject
Configuring PFC negotiation

1.
Configure the local end to send PFC requests

19
To configure the local end to send PFC requests: To do

1. Enter system view. 2. Enter interface view. 3. Configure the local end to send PFC requests, that is, configure the local end to include the PFC option in its outbound LCP negotiation requests. 2.
Use the command

Remarks
Required.
ppp pfc local request
By default, the local end does not include the PFC option in its outbound LCP negotiation requests.
Configure the local end to handle the PFC requests received from the peer
To configure the local end to handle the PFC requests received from the peer: To do
1. Enter system view. 2. Enter interface view. 3. Configure the local end to accept PFC requests received from the peer and to perform PFC on frames sent to the peer. 4. Configure the local end to accept PFC requests received from the peer, but not to perform PFC on frames sent to the peer. 5. Configure the local end to reject PFC requests sent from the peer.
Use the command

Remarks

ppp pfc remote apply Optional. ppp pfc remote ignore By default, the device accepts PFC requests received from the peer, but does not perform PFC on frames sent to the peer.
ppp pfc remote reject
Enabling PPP link quality control

Introduction
PPP LQC monitors the quality of PPP links (including those in MP bundles) in real-time. A link goes down when its quality drops below the PPP LQC close-percentage and goes up when its quality recovers above the PPP LQC resume-percentage. To avoid frequent flapping, a delay is introduced before a link is brought up. If PPP LQC is not enabled, each end of a PPP link sends keepalive packets to its peer periodically. After you enable PPP LQC, LQRs packets replace keepalive packets to monitor the link. With PPP LQC enabled, the system monitors link quality by processing LQR packets received and shuts down the link if the link quality is below the PPP LQC close-percentage in two consecutive LQR packet sending intervals. For a link shut down due to the link quality below the PPP LQC close-percentage, the system detects its link quality in each period ten times of LQR packet sending intervals, and brings the link up if the link quality is higher than the PPP LQC resume-percentage in three consecutive such periods. This means a disabled link must experience at least 30 keepalive periods before it can go up again. If a large keepalive period is specified, it may take long time for the link to go up.
20
To enable PPP LQC: To do...
1. Enter system view. 2. Enter interface view. 3. Enable PPP LQC.
Use the command...

system-view interface interface-type interface-number ppp lqc close-percentage [ resume-percentage ]
Remarks
Required. By default, PPP LQC is disabled.
Enabling PPP traffic statistics collection

Introduction to PPP traffic statistics collection
PPP can generate traffic-based accounting statistics on each PPP link. The statistics include the amount of the inbound and outbound information (in terms of bytes and the number of the packets) on a link. The information can be used by AAA application modules for accounting and control purpose.
Enabling PPP traffic statistics collection

To enable PPP traffic statistics collection: To do
1. Enter system view. 2. Enter interface view. 3. Enable PPP traffic statistics collection.
Use the command

system-view interface interface-type interface-number ppp account-statistics enable [ acl { acl-number | name acl-name } ]
Remarks
Required Disabled by default
Configuring MP
Configuring MP by using a VT interface
When configuring MP using a VT interface, you can do one of the following: Associating physical interfaces to the virtual template using the ppp mp virtual-template command. In this case, the configuration of authentication is optional. If the authentication is not performed, the system binds links according to the descriptor of the peer end. If the authentication is performed, the system binds links according to both the username and the descriptor of the peer. Associating a username to the virtual template. After a user passes the authentication, the system searches for the virtual template interface associated to the username and bundles links according to the username and the descriptor of the peer. To ensure a successful link negotiation, configure the ppp mp command and two-way authentication (PAP, CHAP, MS-CHAP, or MS-CHAP-V2) on the bundled interfaces.
The ppp mp command and the ppp mp virtual-template command are mutually exclusive on an interface. You must configure the interfaces to be bundled in the same way.
21
In actual use, you may configure one-way authentication, where one end associates physical interfaces to a virtual template interface and the other end searches for the virtual template interface by username. A virtual template interface is intended to provide only one service, such as MP, L2TP, or PPPoE. When configuring MP on a virtual template interface, you can specify to bundle links by username, peer descriptor, or both. The username discussed here refers to the username of the peer end received during PAP, CHAP, MS-CHAP, or MS-CHAP-V2 authentication. The descriptor is sent during LCP negotiation. It uniquely identifies a device. The system distinguishes among the MP bundles created on a virtual template interface by username and descriptor.
To configure MP using a virtual template interface: To do
1. Enter system view. 2. Create a VT interface and enter VT interface view.
Use the command

system-view interface virtual-template number
Remarks
Required. Optional.
3. Set the interface description.
description text
By default, the description of a VT interface is interface name Interface. Optional. 1500 bytes by default. Optional.
4. Set the MTU size of the interface.
mtu size
5. Configure the MP sort buffer size factor.
1 by default. ppp mp sort-buffer-size size The MP sort buffer size = The number of channels in the current MP bundle size. Optional. 30 by default. Optional. Optional. Required. ppp mp virtual-template number Specify the number of the VT interface to which the interface is to be bound, and specify that the interface operate in MP mode.
6. Set the maximum number of links that can be used for transmitting multicast or broadcast packets supported on the virtual template. 7. Set the maximum available bandwidth for the VT interface. 8. Restore the default settings. 9. Return to system view. 10. Associate a physical interface or a username to the VT interface (use either method).
broadcast-limit link number
bandwidth bandwidth-value default quit interface interface-type interface-number
Associate a physical interface to the virtual template interface.
22
To do
Use the command

Configure PPP authentication. For more information, see Configuring PAP authentication, Configuring CHAP authentication, and Configuring MS-CHAP or MS-CHAP-V2 authentication. ppp mp user username bind virtual-template number interface interface-type interface-number Associate a username to the VT interface.
Remarks
Optional. PPP authentication has no effect on the setup of MP
Required. Associate a VT interface to MP users. Required.
ppp mp
Configure the interface encapsulated with PPP to operate in MP mode.
Configure two-way PPP authentication. For more information, see Configuring PAP authentication, Configuring CHAP authentication, and Configuring MS-CHAP or MS-CHAP-V2 authentication. 11. Configure other MP parameters. See Configuring other optional parameters.
Required.
Optional.
Configuring other optional parameters

To configure other optional parameters: To do...
1. Enter system view. 2. Create an MP VT interface or enter dialer interface view.
Use the command...

system-view interface virtual-template number interface dialer number
Remarks
Required. The interface virtual-template command also leads you to VT interface view. Optional. By default, MP binding is based on both the PPP authentication username and the descriptor.
3. Set the binding mode.
ppp mp binding-mode { authentication | both | descriptor }
23
To do...
Use the command...
Remarks
Optional. 16 by default. This command is available in VT interface view and dialer interface view. Changing the number may impact the PPP performance. In most cases, the change is not necessary. If you have to change the number, do that under proper guidance of the technical engineer. Optional.
4. Set the maximum number of links allowed in an MP bundle.
ppp mp max-bind max-bind-num
5. Set the minimum number of links required in an MP bundle.
This command is available only in dialer interface view. ppp mp min-bind min-bind-num By default, the minimum number of links in an MP bundle is 0, that is, MP dialup depends on traffic detection. Optional. Enabled by default. Optional. 128 bytes by default.
6. Enable MP fragmentation. 7. Set the minimum size of MP fragments.
ppp mp fragment enable
ppp mp min-fragment size
The ppp mp max-bind, ppp mp min-bind, and ppp mp min-fragment commands can take effect on an MP bundle only after you re-enable all the physical interfaces in the MP bundle by using the shutdown and undo shutdown commands. The maximum number of links allowed in an MP bundle configured with the ppp mp max-bind command must be greater than or at least equal to the minimum number of links required in the MP bundle configured with the ppp mp min-bind command. After you configure the undo ppp mp fragment enable command on an interface, the settings configured with the ppp mp lfi and ppp mp min-fragment commands become invalid on the interface. When MP binding is based on descriptor only, users cannot be differentiated. To bind users to different MP bundles, set the binding mode as both. When MP binding is based on authentication username only, peer devices cannot be differentiated. If a MP bundle involves multiple devices, set the binding mode as both. For a VT interface, if a static route is used, specify the next hop rather than the outgoing interface. If the outgoing interface must be specified, make sure that the physical interfaces bound to the VT are active to ensure normal transport of packets. For more information about configuring MP parameters in Dialer interface view, see the chapter DCC configuration.
Configuring an MP through an MP-group

To configure an MP through an MP-group interface:
24
To do...
1. Enter system view. 2. Create an MP-group interface.
Use the command...

system-view interface mp-group mp-number
Remarks
Required. Optional.
description text
By default, the description of a MP-group interface is interface name Interface. 1500 bytes by default.
4. Set the MTU size of the interface. 5. Set the maximum available bandwidth for the MP-group interface. 6. Restore the default settings. 7. Bring up the interface. 8. Return to system view. 9. Enter interface view. 10. Add the interface to the MP-group. 11. Set the maximum number of links in an MP bundle.
mtu size
bandwidth bandwidth-value default undo shutdown quit interface interface-type interface-number ppp mp mp-group mp-number ppp mp max-bind max-bind-num
Optional. Optional. Optional. By default, the interface is up. Required. Optional. 16 by default. Optional.
12. Configure the MP sort buffer size factor.
1 by default. ppp mp sort-buffer-size size The MP sort buffer size = The number of channels in the current MP bundle size. Optional. Enabled by default Optional. 128 bytes by default.
13. Enable MP fragmentation. 14. Set the minimum size of MP fragments.
ppp mp fragment enable
ppp mp min-fragment size
The ppp mp max-bind command and the ppp mp min-fragment command you configured can take effect on an MP bundle only after you re-enable all the physical interfaces in the MP bundle by using the shutdown and undo shutdown commands. After you configure the undo ppp mp fragment enable command on an interface, the settings configured with the ppp mp lfi and ppp mp min-fragment commands become invalid on the interface.
Configuring short sequence number header format negotiation

By default, an MP bundle receives and transmits fragments with long sequence numbers. If the local end wants to receive fragments with short sequence numbers, it should request the peer to transmit short sequence numbers during LCP negotiation. After the negotiation succeeds, the peer transmits fragments with short sequence numbers.
25
If the local end wants to transmit fragments with short sequence numbers, it should ask the peer to send a request for receiving short sequence numbers during LCP negotiation. After the negotiation succeeds, the local end transmits fragments with short sequence numbers. To do
1. Enter system view. 2. Enter interface view. 3. Trigger MP short sequence number header negotiation, specifying that the interface receive fragments with short sequence numbers after the negotiation succeeds.
To configure short sequence number header format negotiation for MP: Use the command
Remarks
Required.
ppp mp short-sequence
By default, long sequence number header format negotiation is performed.
The sequence number format (long or short) of an MP bundle depends on the configuration of the first channel joining the MP bundle. To negotiate the use of short sequence numbers on a dialer MP bundle, configure the command on the dialer interfaces and the ISDN D channels; to do that on a common MP bundle, use the command on all its channels. Note that the command causes PPP re-negotiation.
Configuring the MP endpoint option

During the LCP negotiation for MP, endpoint options are negotiated for bundling. By default, the endpoint option in the packets sent out an interface is the device name. After you use the ppp mp mp-group command to add the interface to the specified MP-group, the endpoint option in the packets sent out the interface is the MP-group interface name. Because the endpoint option is no longer than 20 bytes, if the default is longer than 20 bytes, the first 20 bytes are taken as the endpoint option. You can use the following commands to configure the endpoint option in the packets sent out an interface. To configure the MP endpoint option in the packets sent out from an interface: To do
1. Enter system view. 2. Enter interface view. 3. Configure the MP endpoint option.
Use the command

system-view interface interface-type interface-number ppp mp endpoint string char-string
Remarks
Optional
Configuring PPP link efficiency mechanisms

Introduction to PPP link efficiency mechanisms
Four mechanisms are available for improving transmission efficiency on PPP links. They are IPHC, Stac LZS compression on PPP packets, header compression, and LFI.
26
IP header compression
IPHC is a host-to-host protocol used to carry real-time multimedia services such as voice and video over IP networks. To decrease the bandwidth consumed by packet headers, you can enable IPHC on PPP links to compress RTP (including IP, UDP, and RTP) headers or TCP headers. The following describes how compression operates by taking RTP header compression as an example. The RTP is a UDP protocol using fixed port number and format. An RTP packet comprises a 40-byte header and a data section. The 40-byte header, which is composed of a 20-byte IP header, an 8-byte UDP header, and a 12-byte RTP header, is large compared with the payload, which is usually 20 bytes to 160 bytes in size. To reduce bandwidth consumption, you can use IPHC to compress RTP packet headers. After compression, the 40-byte header can be reduced to 2 to 5 bytes. If the payload is 40 bytes, the compression ratio is (40+40) / (40+5), about 1.78, which is very efficient.
Stac LZS compression

Stac LZS compression is a link layer data compression standard developed by Stac Electronics. Stac LZS is a Lempel-Ziv-based algorithm that compresses only packet payloads. It replaces a continuous data flow with binary codes that can accommodate to the change of data. Though allowing for more flexibility, this requires more CPU resources.
VJ TCP header compression

VJ TCP header compression was defined in RFC 1 144 for use on low-speed links. Each TCP/IP packet transmitted over a TCP connection contains a typical 40-byte TCP/IP header containing an IP header and a TCP header that are 20-byte long each. However, the information in some fields of these headers remains the same through the lifetime of the connection and is sent only once. In addition, although the information in some other fields changes, the changes are predictable and are within a definite range. Based on such situation, VJ TCP header compression may compress a 40-byte TCP/IP header to 3 to 5 bytes. It can significantly improve the transmission speed of some applications, such as FTP, on a low-speed serial link like PPP.
Link fragmentation and interleaving

On a low speed serial link, packets of real-time interactive communications (such as Telnet and VoIP) may be blocked or delayed if packets of other applications are also transmitted across the link. For example, if a voice packet arrives when large packets are being scheduled and waiting for being transmitted, it has to wait until all the large packets have been transmitted. For the real-time applications such as VoIP, delays longer than 100 or 150 ms will cause voice quality to drop dramatically and cannot be tolerated. On a 56 Kbps link, it costs approximately 215 ms to transmit a 1500-byte packet (the size of the MTU of common links). To confine the delay of transmitting time-sensitive packets on low-speed links (such as 56 Kbps frame relay channels or 64 Kbps ISDN B channels) to an acceptable level, a method is required to fragment larger packets and adding both the smaller packets and fragments of the large packet to an output queue. LFI reduces delays and jitters on low-speed links by fragmenting large packets into small fragments and transmitting them along with small packets. The fragmented datagrams are reassembled at the destination. Figure 5 illustrates the process of LFI. When large packets and small voice packets arrive at a WFQ-enabled interface at the same time, the large packets are fragmented into small fragments, which are then added to the queues along with the voice packets.
27
Figure 5 Link fragmentation and interleaving

WFQ Fragmentation Large packet Output queue
WFQ Traffic classifying
Voice packet
Configuring PPP link efficiency mechanisms

CAUTION: Disabling LFI also removes the user-configured settings of maximum LFI fragment delay and size. To configure PPP Link efficiency mechanisms: To do...
1. Enter system view. 2. Create an MP-group. 3. Return to system view. 4. Enter interface view. Enable IPHC. Configure the maximum number of connections allowed by TCP header compression. Configure the maximum number of connections allowed by RTP header compression.
Use the command...

system-view interface mp-group mp-number quit interface interface-type interface-number ppp compression iphc [ nonstandard ] ppp compression iphc tcp-connections number
Remarks
Required. Required. Disabled by default. Optional. 16 by default.
5. Configure IPHC (optional) .
ppp compression iphc rtp-connections number
Optional. 16 by default.
28
To do...
Use the command...
Remarks
Optional. Disabled by default. Stac LZS compression takes effect on a link only after you enable Stac LZS compression at both ends of the link. Outbound expedite forwarding is not applicable on links with Stac-LZS compression enabled. Disable outbound expedite forwarding before performing this operation. Optional. Disabled by default.
6. Enable Stac LZS compression.
ppp compression stac-lzs
7. Enable VJ TCP header compression.
ip tcp vjcompress
Enter VT interface view or MP-group interface view.
interface virtual-template number Required. Use either command. interface mp-group mp-number Required. Disabled by default. Required. ppp mp lfi delay-per-frag time Use either command. By default, the maximum delay of transmitting an LFI fragment is 10 ms, and the maximum size of LFI fragments depends on the configuration of the ppp mp lfi delay-per-frag command.
8. Configure LFI (optional).
Enable LFI. Configure the maximum delay of transmitting an LFI fragment. Configure the maximum size (in bytes) of LFI fragments.
ppp mp lfi
ppp mp lfi size-per-frag size
Displaying and maintaining PPP, MP, and PPP link efficiency mechanisms
To do Use the command
display interface mp-group mp-number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ mp-group ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display the information about one or all existing MP-group interfaces.
Available in any view
29
To do
Display the information about a VA interface or all the VA interfaces on a VT.
Use the command

display virtual-access [ va-number | dialer dialer-number | peer peer-address | user user-name | vt vt-number ] * [ | { begin | exclude | include } regular-expression ] display interface virtual-template number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ virtual-template ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display ppp mp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display ppp compression iphc tcp [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display ppp compression iphc rtp [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display ppp compression stac-lzs [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] reset ppp compression iphc [ interface-type interface-number ] reset ppp compression stac-lzs [ interface-type interface-number ] reset counters interface [ mp-group [ interface-number ] ] reset counters interface [ virtual-template [ interface-number ] ]
Remarks
Display the information about an existing VT.
Display the information about an MP interface. Display the statistics on TCP header compression. Display statistics on RTP header compression. Display statistics on Stac LZS compression. Clear all statistics on IP header compression. Clear statistics on Stac LZS compression. Clear statistics on a specified interface.
Available in user view Available in user view
Available in user view
PPP and MP configuration examples

One-way PAP authentication configuration example
As shown in Figure 6, Router A and Router B are interconnected through their Serial 2/0 interfaces. Configure Router A to authenticate Router B by using PAP, but Router B not to authenticate Router A. Figure 6 Network diagram for PAP and CHAP authentication
S2/0 200.1.1.1/16 S2/0 200.1.1.2/16
Router A
Router B
30
1.
Configure Router A.
# Create a user account for Router B.

<RouterA> system-view [RouterA] local-user userb
# Set a password for the user account.

[RouterA-luser-userb] password simple passb
# Set the service type of the user account to PPP.

[RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit
# Enable PPP encapsulation on Serial 2/0.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol ppp
# Set the authentication mode to PAP.

[RouterA-Serial2/0] ppp authentication-mode pap domain system
# Assign an IP address to Serial 2/0.

[RouterA-Serial2/0] ip address 200.1.1.1 16 [RouterA-Serial2/0] quit
# Configure local authentication for the PPP users in the default ISP domain system.
[RouterA] domain system [RouterA-isp-system] authentication ppp local
2.
Configure Router B.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp
# Configure the PAP username and password sent from Router B to Router A when Router B is authenticated by Router A using PAP.
[RouterB-Serial2/0] ppp pap local-user userb password simple passb
# Assign an IP address to Serial 2/0 of Router B.

3.
Verify the configurations
Use the display interface command to display information about Serial 2/0 of Router B. The physical layer status and link layer status of the interface are both up, and the states of LCP and IPCP are both Opened, indicating that PPP negotiation is successful. Router A and Router B can ping each other.
[RouterB-Serial2/0] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.2/16 Primary Link layer protocol is PPP LCP opened, IPCP opened
31
Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Interface is V35 206 packets input, 206 packets output, 2496 bytes 2492 bytes
0/100/0 0/500/0 0/75/0
Two-way PAP authentication configuration example

As shown in Figure 6, Router A and Router B are interconnected through their Serial 2/0 interfaces. Configure Router A and Router B to authenticate each other.
1.
Configure Router A.


[RouterA-luser-userb] password simple passb



[RouterA-Serial2/0] ppp authentication-mode pap domain system
# Configure the PAP username and password sent from Router A to Router B when Router A is authenticated by Router B using PAP.
[RouterA-Serial2/0] ppp pap local-user usera password simple passa
32
# Assign an IP address to Serial 2/0 of Router A.

2.
Configure Router B.
# Create a user account for Router A on Router B.

<RouterB> system-view [RouterB] local-user usera

[RouterB-luser-usera] password simple passa

[RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp

[RouterB-Serial2/0] ppp authentication-mode pap domain system
# Configure the PAP username and password sent from Router B to Router A when Router B is authenticated by Router A using PAP.
[RouterB-Serial2/0] ppp pap local-user userb password simple passb

[RouterB-Serial2/0] ip address 200.1.1.2 16 [RouterB-Serial2/0] quit
[RouterB] domain system [RouterB-isp-system] authentication ppp local
3.
[RouterB-isp-system] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.2/16 Primary Link layer protocol is PPP LCP opened, IPCP opened Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 0/100/0 0/500/0 0/75/0 Output queue : (Protocol queuing : Size/Length/Discards)
33
Interface is V35 206 packets input, 206 packets output, 2496 bytes 2492 bytes
[RouterB-isp-system] ping 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=255 time=103 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms --- 200.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/23/103 ms
One-way CHAP authentication configuration example

As shown in Figure 6, configure Router A to authenticate Router B by using CHAP.
Approach I: The authenticator configured with a username authenticates the remote end using CHAP
1.
Configure Router A.


[RouterA-luser-userb] password simple hello


# Configure the username for Router A when Router A authenticates Router B.

[RouterA-Serial2/0] ppp chap user usera
# Set the authentication mode to CHAP.

[RouterA-Serial2/0] ppp authentication-mode chap domain system
# Assign an IP address to Serial 2/0

34
2.
Configure Router B.
# Create a user account for Router A on Router B.

<RouterB> system-view [RouterB] local-user usera

[RouterB-luser-usera] password simple hello

[RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp
# Configure the username for Router B when Router B is authenticated.

[RouterB-Serial2/0] ppp chap user userb
# Assign an IP address to Serial 2/0 of Router B.

Approach II: The authenticator with no username configured authenticates the remote end using CHAP.
3.
Configure Router A.


[RouterA-luser-userb] password simple hello

# Set the authentication mode to CHAP.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ppp authentication-mode chap domain system

4.
Configure Router B.
# Configure the username of Router B when Router B is authenticated.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ppp chap user userb
35
# Set the default CHAP password.

[RouterB-Serial2/0] ppp chap password simple hello

5.
[RouterB-Serial2/0] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.2/16 Primary Link layer protocol is PPP LCP opened, IPCP opened Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Interface is V35 206 packets input, 206 packets output, 2496 bytes 2492 bytes 0/100/0 0/500/0 0/75/0
PPP IP address negotiation configuration example

As shown in Figure 7, configure Router A and Router B to enable Router A to allocate an IP address for Serial 2/0 of Router B through PPP negotiation.
36

S2/0 200.1.1.1/16 S2/0
Router A
Router B
1.
Configure Router A
# Configure a local IP address pool.

<RouterA> system-view [RouterA] ip pool 1 200.1.1.10 200.1.1.20
# Configure the IP address of Serial 2/0.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 200.1.1.1 16
# Allocate an IP address for the remote port, that is, Serial 2/0 of Router B, from the IP address pool.
[RouterA-Serial2/0] remote address pool 1
2.
Configure Router B
# Enable IP address negotiation on Serial 2/0.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address ppp-negotiate
After the configuration finishes, display the summary information about Serial 2/0:
[RouterB-Serial2/0] display interface serial 2/0 brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface S2/0 Link Protocol Main IP UP UP 200.1.1.10 Description
The output shows that Serial 2/0 gets IP address 200.1.1.10 through PPP negotiation.
3.
Ping Serial 2/0 of Router A from Router B:

[RouterB] ping 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=255 time=10 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=255 time=4 ms --- 200.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/4/10 ms
37
The output shows that Serial 2/0 of Router A can be pinged.
MP configuration example
In Figure 8, On an E1 interface of Router A, four channels are created with the interface names being Serial 2/0:1, Serial 2/0:2, Serial 2/0:3, and Serial 2/0:4. On Router B, two channels are created with the interface names being Serial 2/0:1 and Serial 2/0:2. It is the same case with Router C. Bind two channels on Router A with the two channels on Router B and another two channels with the two channels on Router C. Adopt binding authentication.
Do the following:

Router B
S2/0
Host
Host
S2/0
Host
DDN
Host
S2/0
Router A
Host
Router C
Host
1.
Configure Router A:
# Create user accounts for Router B and Router C and set the passwords.
<RouterA> system-view [RouterA] local-user router-b [RouterA-luser-router-b] password simple router-b [RouterA-luser-router-b] service-type ppp [RouterA-luser-router-b] quit [RouterA] local-user router-c [RouterA-luser-router-c] password simple router-c [RouterA-luser-router-c] service-type ppp [RouterA-luser-router-c] quit
# Create two virtual-templates for the two user accounts.

[RouterA] ppp mp user router-b bind virtual-template 1 [RouterA] ppp mp user router-c bind virtual-template 2
# Configure the virtual-templates.

[RouterA] interface virtual-template 1
38
[RouterA-Virtual-Template1] ip address 202.38.166.1 255.255.255.0 [RouterA-Virtual-Template1] quit [RouterA] interface virtual-template 2 [RouterA-Virtual-Template2] ip address 202.38.168.1 255.255.255.0 [RouterA-Virtual-Template2] quit
# Add interfaces Serial 2/0:1, Serial 2/0:2, Serial 2/0:3, and Serial 2/0:4 to MP channels, taking Serial 2/0:1 as an example.
[RouterA] interface serial 2/0:1 [RouterA-Serial2/0:1] link-protocol ppp [RouterA-Serial2/0:1] ppp mp [RouterA-Serial2/0:1] ppp authentication-mode pap domain system [RouterA-Serial2/0:1] ppp pap local-user router-a password simple router-a [RouterA-Serial2/0:1] quit
2.
Configure Router B:
# Create a user account for Router A.

<RouterB> system-view [RouterB] local-user router-a [RouterB-luser-router-a] password simple router-a [RouterB-luser-router-a] service-type ppp [RouterB-luser-router-a] quit
# Create a virtual-template for the user and specify to use the NCP information of this template for PPP negotiation.
[RouterB] ppp mp user router-a bind virtual-template 1
# Configure the virtual-template.

[RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 202.38.166.2 255.255.255.0 [RouterB-Virtual-Template1] quit
# Add interfaces Serial 2/0:1 and Serial 2/0/:2 to the MP channel, taking Serial 2/0:1 as an example.
[RouterB] interface serial 2/0:1 [RouterB-Serial2/0:1] ppp mp [RouterB-Serial2/0:1] ppp authentication-mode pap domain system [RouterB-Serial2/0:1] ppp pap local-user router-b password simple router-b [RouterB-Serial2/0:1] quit
[RouterB] domain system [RouterB-isp-system] authentication ppp local
3.
Configure Router C:
# Create a user account for Router A.

<RouterC> system-view [RouterC] local-user router-a [RouterC-luser-router-a] password simple router-a [RouterC-luser-router-a] service-type ppp
39
[RouterC-luser-router-a] quit
# Create a virtual-template for the user and specify to use the NCP information of the template for PPP negotiation.
[RouterC] ppp mp user router-a bind virtual-template 1
# Configure the virtual-template.

[RouterC] interface virtual-template 1 [RouterC-Virtual-Template1] ip address 202.38.168.2 255.255.255.0 [RouterC-Virtual-Template1] quit
# Add interfaces Serial 2/0:1 and Serial 2/0:2 to the MP channel, taking Serial 2/0:1 as an example.
[RouterC] interface serial 2/0:1 [RouterC-Serial2/0:1] ppp mp [RouterC-Serial2/0:1] ppp authentication-mode pap domain system [RouterC-Serial2/0:1] ppp pap local-user router-c password simple router-c [RouterC-Serial2/0:1] quit
# Configure local authentication for the PPP users in the default ISP domain system. .
[RouterC] domain system [RouterC-isp-system] authentication ppp local
MP binding mode configuration examples

As showed in Figure 9, Router A and Router B are connected together through Serial 2/0 and Serial 2/1 interfaces. It is designed to bind the links in the three MP binding modes. Figure 9 Network diagram
S2/0 S2/0
MP Router A S2/1
S2/1
Router B
1.
Directly bind the physical interfaces to a virtual template interface Configure Router A:
# Configure the username and password of Router B.

<RouterA> system-view [RouterA] local-user rtb [RouterA-luser-rtb] password simple rtb [RouterA-luser-rtb] service-type ppp [RouterA-luser-rtb] quit
# Create a virtual template interface and assign an IP address to it.

[RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ip address 8.1.1.1 24 [RouterA-Virtual-Template1] ppp mp binding-mode authentication
# Configure Serial 2/1.

[RouterA-Virtual-Template1] quit
40
[RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol ppp [RouterA-Serial2/1] ppp authentication-mode pap domain system [RouterA-Serial2/1] ppp pap local-user rta password simple rta [RouterA-Serial2/1] ppp mp virtual-template 1 [RouterA-Serial2/1] shutdown [RouterA-Serial2/1] undo shutdown [RouterA-Serial2/1] quit

[RouterA] interface serial2/0 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp authentication-mode pap domain system [RouterA-Serial2/0] ppp pap local-user rta password simple rta [RouterA-Serial2/0] ppp mp virtual-template 1 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown [RouterA-Serial2/0] quit
[RouterA] domain system [RouterA-isp-system] authentication ppp local [RouterA-isp-system] quit
Configure Router B:
# Configure the username and password of Router A.

<RouterB> system-view [RouterB] local-user rta [RouterB-luser-rta] password simple rta [RouterB-luser-rta] service-type ppp [RouterB-luser-rta] quit
# Create a virtual-template interface and assign an IP address to it.

[RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 8.1.1.2 24 [RouterB-Virtual-Template1] ppp mp binding-mode authentication [RouterB-Virtual-Template1] quit

[RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol ppp [RouterB-Serial2/1] ppp authentication-mode pap domain system [RouterB-Serial2/1] ppp pap local-user rtb password simple rtb [RouterB-Serial2/1] ppp mp virtual-template 1 [RouterB-Serial2/1] shutdown [RouterB-Serial2/1] undo shutdown [RouterB-Serial2/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap domain system
41
[RouterB-Serial2/0] ppp pap local-user rtb password simple rtb [RouterB-Serial2/0] ppp mp virtual-template 1 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown [RouterB-Serial2/0] quit
[RouterB] domain system [RouterB-isp-system] authentication ppp local [RouterB-isp-system] quit
Verify the configuration on Router A:
[RouterA] display ppp mp Template is Virtual-Template1 Bundle rtb, 2 member, Master link is Virtual-Template1:0 0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved, sequence 0/0 rcvd/sent The bundled member channels are: Serial2/1 Serial2/0
Check information about virtual access interfaces:
[RouterA] display virtual-access Virtual-Template1:0 current state: UP Line protocol current state: UP Description: Virtual-Template0:0 Interface The Maximum Transmit Unit is 1500 Link layer protocol is PPP LCP opened, MP opened, IPCP opened, OSICP opened Physical is MP, baudrate: 64000 bps Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: Last 300 seconds output: 0 bytes/sec 0 packets/sec 0 bytes/sec 0 packets/sec 0/100/0 0/500/0 0/75/0
520 packets input, 44132 bytes, 0 drops 527 packets output, 44566 bytes, 4 drops
The output about Router B is similar. Ping the IP address 8.1.1.1 on Router B.
PING 8.1.1.1: 56 data bytes, press CTRL_C to break [RouterB] ping 8.1.1.1 Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=255 time=29 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=255 time=29 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms --- 8.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received
42
0.00% packet loss round-trip min/avg/max = 29/30/31 ms
Because PPP authentication is configured on the physical interface, the bundle field in the output of the display ppp mp command is the peer username. If authentication is disabled, the bundle field should be the peer descriptor. In addition, you can check the state of MP virtual channels by checking the state of virtual access interfaces by using the display virtual-access command.
2.
Associate the remote username with a virtual template interface Configure Router A
# Configure the username and password of Router B.

<RouterA> system-view [RouterA] local-user rtb [RouterA-luser-rtb] password simple rtb [RouterA-luser-rtb] service-type ppp [RouterA-luser-rtb] quit
# Assign a virtual-template to user RTB.

[RouterA] ppp mp user rtb bind virtual-template 1
# Create a virtual-template and configure the IP address.

[RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ip address 8.1.1.1 24 [RouterA-Virtual-Template1] ppp mp binding authentication [RouterA-Virtual-Template1] quit

[RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol ppp [RouterA-Serial2/1] ppp authentication-mode pap domain system [RouterA-Serial2/1] ppp pap local-user rta password simple rta [RouterA-Serial2/1] ppp mp [RouterA-Serial2/1] shutdown [RouterA-Serial2/1] undo shutdown [RouterA-Serial2/1] quit

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp authentication-mode pap domain system [RouterA-Serial2/0] ppp pap local-user rta password simple rta [RouterA-Serial2/0] ppp mp [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown [RouterA-Serial2/0] quit
Configure Router B
43
# Configure the username and password of Router A.

# Assign a virtual-template to user RTA.

[RouterB] ppp mp user rta bind virtual-template 1
# Create a virtual-template and configure the IP address.

[RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 8.1.1.2 24 [RouterB-Virtual-Template1] ppp mp binding authentication [RouterB-Virtual-Template1] quit

[RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol ppp [RouterB-Serial2/1] ppp authentication-mode pap domain system [RouterB-Serial2/1] ppp pap local-user rtb password simple rtb [RouterB-Serial2/1] ppp mp [RouterB-Serial2/1] shutdown [RouterB-Serial2/1] undo shutdown [RouterB-Serial2/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap domain system [RouterB-Serial2/0] ppp pap local-user rtb password simple rtb [RouterB-Serial2/0] ppp mp [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown [RouterB-Serial2/0] quit
# Configure the user in the domain to use the local authentication scheme.
Verify the configuration on Router A.
<RouterA> display ppp mp Template is Virtual-Template1 Bundle rtb, 2 member, Master link is Virtual-Template1:0 0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved, sequence 0/0 rcvd/sent The bundled member channels are: Serial2/1 Serial2/0
Verify the results on Router B.

44
[RouterB] display ppp mp
Template is Virtual-Template1 Bundle rta, 2 member, Master link is Virtual-Template1:0 0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved, sequence 0/0 rcvd/sent The bundled member channels are: Serial2/1 Serial2/0
# Check the information about the virtual access interface.

[RouterB] display virtual-access Virtual-Template1:0 current state : UP Line protocol current state : UP Description : Virtual-Template1:0 Interface The Maximum Transmit Unit is 1500 Link layer protocol is PPP LCP opened, MP opened, IPCP opened, OSICP opened, MPLSCP opened Physical is MP Output queue : (Urgent queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 21 packets input, 1386 bytes, 0 drops 21 packets output, 1386 bytes, 0 drops 0/500/0 0/75/0
# Ping the IP address 8.1.1.1 on Router B.

[RouterB] ping 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=255 time=29 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms --- 8.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 29/30/31 ms
When you bind interfaces Serial 2/1 and Serial 2/0 to the same MP, if you configure one interface as ppp mp and the other as ppp mp virtual-template 1, the system binds the two interfaces to different MPs.
3.
Configure an MP bundle on an MP-group interface
In addition to virtual template interfaces, the system provides MP-group interfaces to implement MP bundle. This implementation is similar to directly adding physical interfaces to a virtual template. Configure Router A: # Configure the username and password of Router B.
<RouterA> system-view [RouterA] local-user rtb [RouterA-luser-rtb] password simple rtb
45
[RouterA-luser-rtb] service-type ppp [RouterA-luser-rtb] quit
# Create an MP-group interface, and assign an IP address to it.

[RouterA] interface mp-group 1 [RouterA-Mp-group1] ip address 111.1.1.1 24

[RouterA-Mp-group1] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol ppp [RouterA-Serial2/1] ppp authentication-mode pap domain system [RouterA-Serial2/1] ppp pap local-user rta password simple rta [RouterA-Serial2/1] ppp mp mp-group 1 [RouterA-Serial2/1] shutdown [RouterA-Serial2/1] undo shutdown [RouterA-Serial2/1] quit

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp authentication-mode pap domain system [RouterA-Serial2/0] ppp pap local-user rta password simple rta [RouterA-Serial2/0] ppp mp mp-group 1 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown [RouterA-Serial2/0] quit
Configure Router B:
# Configure username and password for Router A

# Create an MP-group interface and assign an IP address to it.

[RouterB] interface mp-group 1 [RouterB-Mp-group1] ip address 111.1.1.2 24 [RouterB-Mp-group1] quit

[RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol ppp [RouterB-Serial2/1] ppp authentication-mode pap domain system [RouterB-Serial2/1] ppp pap local-user rtb password simple rtb [RouterB-Serial2/1] ppp mp mp-group 1
46
[RouterB-Serial2/1] shutdown [RouterB-Serial2/1] undo shutdown [RouterB-Serial2/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap domain system [RouterB-Serial2/0] ppp pap local-user rtb password simple rtb [RouterB-Serial2/0] ppp mp mp-group 1 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown [RouterB-Serial2/0] quit
Verify the configuration on Router A:
[RouterA] display ppp mp Mp-group is Mp-group1 Bundle Multilink, 2 member, Master link is Mp-group1 0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved, sequence 0/0 rcvd/sent The bundled member channels are: Serial2/1 Serial2/0
# Check the state of interface Mp-group 1.

[RouterA] display interface Mp-group 1 Mp-group1 current state : UP Line protocol current state : UP Description : Mp-group1 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 111.1.1.1/24 Link layer protocol is PPP LCP opened, MP opened, IPCP opened, MPLSCP opened Physical is MP Output queue : (Urgent queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 5 packets input, 58 bytes, 0 drops 5 packets output, 54 bytes, 0 drops 0/500/0 0/75/0
# Ping the IP address 1 1.1.1.2 on Router A. 1

[RouterA] ping 111.1.1.2 PING 111.1.1.2: 56 data bytes, press CTRL_C to break Reply from 111.1.1.2: bytes=56 Sequence=1 ttl=255 time=29 ms Reply from 111.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 ms
47
Reply from 111.1.1.2: bytes=56 Sequence=3 ttl=255 time=29 ms Reply from 111.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 111.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms --- 111.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 29/29/31 ms
In this approach, all the users are bound together to the MP-group interface and the concept of virtual access is not involved.
Troubleshooting PPP configuration

Symptom 1
PPP authentication always fails, preventing the link from going up.
Solution
This problem may occur if the parameters for authentication are incorrect. Enable the debugging of PPP, and you can see the information describing that LCP went up upon a successful LCP negotiation but went down after PAP or CHAP negotiation. Check the PPP authentication settings at the local and peer ends to make sure that they are consistent. See Configuring PAP authentication and Configuring CHAP authentication for reference.
Symptom 2
Physical link is down.
Solution
Check that The interface has been brought up. The interface has not been shut down administratively. LCP negotiation has passed.
Execute the display interface serial command to check the state of the interface. The output information can be:
serial number is administratively down, line protocol is down, which indicates that the
interface is shut down by the administrator.

serial number is down, line protocol is down, which indicates that the interface is not activated
or the physical layer has not gone up yet.

Virtual-template number is down, line protocol is spoofing up, which indicates that the
interface is a dialer interface and the call establishment attempt has failed.
serial number is up, line protocol is up, which indicates that LCP negotiation succeeded. serial number is up, line protocol is down, which indicates that the interface is active, but LCP
negotiation failed.
Symptom 3
Configure an IPv6 address on a PPP-encapsulated interface when IPv6 is disabled. The PPP link fails IPv6CP negotiation and cannot go up. After enabling IPv6, the interface still cannot go up.
48
Analysis
IPv6CP negotiation cannot succeed when IPv6 is disabled. As IPv6CP does not support re-negotiation, IPv6CP negotiation cannot succeed even if you enable IPv6 subsequently.
Solution
To resolve the problem, do the following: Enable IPv6 before configuring an IPv6 address on a PPP link. If IPv6CP negotiation fails, re-enable the interface with the shutdown command and the undo shutdown command to re-enable IPv6CP negotiation.
49
PPPoE configuration
PPPoE
PPPoE can provide access to the Internet for the hosts in an Ethernet through a remote access device, and implement access control and accounting on a per-host basis. Integrating the low cost of Ethernet and scalability and management functions of PPP, PPPoE has gained popularity in various application environments, such as residential networks. PPPoE adopts the client/server model. It can establish point-to-point links in Ethernet. With PPPoE, PPP packets are encapsulated in Ethernet frames. PPPoE undergoes two phases: discovery and PPP session. Discovery phase, where a PPPoE session is initiated. In this phase, the host gets the MAC address of the access end and generates the PPPoE session ID. When the discovery phase ends, the PPPoE session ID between the host and the server is determined, and the PPP session phase begins. PPP session phase, where PPP packets are encapsulated in Ethernet frames before being sent to the peer. In the frame, the session ID must be the one determined in the discovery phase, the MAC address must be that of the peer, and the PPP packet section begins from the Protocol ID field. In the session phase, either side of the link can terminate the session by sending PADT packets.
For more information about PPPoE, see RFC 2516.
PPPoE server
A device can operate as a PPPoE server to provide the following functions: Dynamic IP address allocation. Multiple authentication methods, such as local authentication and RADIUS/TACACS+. When working with a packet-filtering firewall or stateful firewall, a PPPoE server can provide security for networks connecting the Internet through Ethernet, such as campus networks and residential networks. However, this requires installation of PPPoE client dial-up software on hosts.
PPPoE client
PPPoE is widely used in ADSL broadband access applications. Usually, to enable a host to access the Internet through ADSL, you need to install the PPPoE client dial-up software on the host. Run the PPPoE client dial-up software on a device. The device operates as a PPPoE client and can provide Internet access for all the hosts in a LAN using a single ADSL account, even if the hosts do not have PPPoE client software installed.
50

PPPoE Server
PPPoE Session
ADSL Modem
PPPoE Client
Host A
Host B
As shown in Figure 10, Host A and Host B are in an Ethernet and are connected to the device operating as a PPPoE client. Data in the Ethernet and destined for the Internet is passed to the PPPoE client and is then encapsulated by PPPoE before being transmitted to the PPPoE server, which in turn transmits the data to the Internet. For Host A and Host B, the PPPoE client dial-up software is not needed.
Configuring a PPPoE server

Configure PPPoE servers on Ethernet ports or virtual Ethernet interfaces created on ADSL interfaces. For more information about configuring PPPoE servers on virtual Ethernet interfaces, see the chapter ATM configuration. To configure a PPPoE server: To do...
1. Enter system view. 2. Create a VT. 3. Set PPP parameters (including authentication type, IP address negotiation, and so on); specify the IP address to be allocated to the peer or define an IP address pool (optional). 4. Enter Ethernet interface view. 5. Enable PPPoE on the Ethernet port. 6. Return to system view.
Use the command...

system-view interface virtual-template number
Remarks
This operation also leads you to virtual template view.
See Configuring PPP.
Optional.
interface interface-type interface-number pppoe-server bind virtual-template number quit
Required. Disabled by default.
51
To do...
7. Set the maximum number of PPPoE sessions allowed with regard to a peer MAC address. 8. Set the maximum number of PPPoE sessions allowed with regard to the local MAC address. 9. Set the maximum number of PPPoE sessions allowed.
Use the command...

pppoe-server max-sessions remote-mac number
Remarks
pppoe-server max-sessions local-mac number pppoe-server max-sessions total number
Optional. 100 by default. Optional. 4096 by default. Optional.
10. Set the upper threshold for the PPPoE abnormal offline event count.
pppoe-server abnormal-offline-count threshold number
65,535 by default. If the PPPoE abnormal offline event count in the last five minutes exceeds this threshold, the system outputs a trap message. Optional.
11. Set the upper threshold for the PPPoE abnormal offline event percentage.
pppoe-server abnormal-offline-percent threshold number
100 by default If the PPPoE abnormal offline event percentage in the last five minutes exceeds this threshold, the system outputs a trap message. Optional.
12. Set the lower threshold for the PPPoE normal offline event percentage.
pppoe-server normal-offline-percent threshold number
0 by default If the PPPoE normal offline event percentage in the last five minutes is lower than this threshold, the system outputs a trap message. Optional. Optional. Enabled by default.
13. Configure authentication and accounting on PPP users. 14. Disable PPP log displaying.
See Security Configuration Guide. pppoe-server log-information off
When configuring a static route on a virtual template interface, specify the next hop instead of the outgoing interface. If the outgoing interface is required, make sure that the physical interface bound to the virtual template is effective to ensure normal transport of packets.
Configuring a PPPoE client

PPPoE client configuration includes dialer interface configuration and PPPoE session configuration.
Configuring a dialer interface

Before establishing a PPPoE session, you must first create a dialer interface and configure a dialer bundle on the interface. Each PPPoE session uniquely corresponds to a dialer bundle and each dialer bundle uniquely corresponds to a dialer interface. A PPPoE session uniquely corresponds to a dialer interface.
52
Configuring a dialer interface for an IPv4 PPPoE client

To configure a dialer interface for an IPv4 PPPoE client: To do...
1. Enter system view. 2. Configure a dialer rule. 3. Create a dialer interface. 4. Create a dialer user. 5. Assign an IP address to the interface. 6. Associate the interface with a dialer bundle. 7. Assign the interface to a dialer group.
Use the command...

system-view dialer-rule dialer-group { protocol-name { permit | deny } | acl acl-number } interface dialer number dialer user username ip address { address mask | ppp-negotiate } dialer bundle bundle-number dialer-group group-number
Remarks
Required Required Required Required Required Required
Configuring a dialer interface for an IPv6 PPPoE client

To configure a dialer interface for an IPv6 PPPoE client: To do...
1. Enter system view. 2. Enable IPv6 forwarding. 3. Create a dialer interface. 4. Create a dialer user. 5. Specify an IPv6 address for the interface. Manually. Automatically.
Use the command...

system-view ipv6 interface dialer number dialer user username ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ link-local ] ipv6 address auto [ link-local ] dialer bundle bundle-number
Remarks
Required. Required. Required. Required. Use either command. Required.
6. Associate the interface with a dialer bundle.
Also, you can configure PPP authentication or set other parameters on the dialer interface, as needed. For more information about dialer interface, see the chapter DCC configuration.
Configuring a PPPoE session

PPPoE sessions fall into these categories: permanent PPPoE session, packet-triggered PPPoE session, and diagnostic PPPoE session. A permanent PPPoE session is established immediately when the line is physically up. It remains valid till a user terminates it explicitly. A packet-triggered PPPoE session is established when there is a demand for data transmitting. It is terminated when idled for a specific period of time. That is, a packet-triggered PPPoE session may not be established even if the line is physically up. A diagnostic PPPoE session is established immediately after the device configurations finish, and automatically terminates and then tries to re-establish at a pre-configured interval. By establishing and terminating PPPoE sessions periodically, you can monitor the working status of the PPPoE links.
53
Establish a PPPoE session on an Ethernet port or a VE interface created on an ADSL interface. To enable a device to access the Internet through an ADSL interface, you must establish a PPPoE session on a virtual Ethernet interface. To enable a device to access the Internet through an ADSL modem attached to an Ethernet interface, you must establish the PPPoE session on the Ethernet interface. For more information about creating a PPPoE session on a virtual Ethernet interface, see the chapter ATM configuration. To configure a PPPoE session: To do...
1. Enter system view. 2. Enter Layer 3 Ethernet interface view or VLAN interface view. 3. Create a PPPoE session, and specify a dialer bundle for the session.
Use the command...

system-view interface interface-type interface-number pppoe-client dial-bundle-number number [ no-hostuniq ] | idle-timeout seconds [ queue-length packets ] ]
Remarks
Required. By default, no PPPoE sessions are created.
Establish multiple PPPoE sessions on an Ethernet interface, which means, an Ethernet interface can belong to multiple dialer bundles at the same time, but a dialer bundle can only have one Ethernet interface. A PPPoE session uniquely corresponds to a dialer bundle, and vice versa. IPv6 PPPoE sessions cannot be packet-triggered PPPoE sessions.
Resetting/terminating a PPPoE session

To reset/terminate a PPPoE session: To do
1. Reset a PPPoE session on a PPPoE client. 2. Reset a PPPoE session on a PPPoE server. 3. Terminate a PPPoE session on a PPPoE client.
Use the command

reset pppoe-client { all | dial-bundle-number number } reset pppoe-server { all | interface interface-type interface-number | virtual-template number } undo pppoe-client dial-bundle-number number
Remarks
Available in Ethernet interface view or virtual Ethernet interface view
Displaying and maintaining PPPoE

To do
Display the statistics and state information about a PPPoE server.
Use the command

display pppoe-server session { all | packet } [ | { begin | exclude | include } regular-expression ] display pppoe-client session { packet | summary } [ dial-bundle-number number ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display the statistics and state information about a PPPoE client.
54
PPPoE configuration examples

PPPoE server configuration example
In Figure 1 Host A and Host B, acting as PPPoE clients, access the Internet through the Router. The Router acts 1, as the PPPoE server, performing local authentication and assigning IP addresses for the users. The Router provides Internet access for Host A and Host B through Ethernet 1/1. It connects to the Internet through Serial 2/0. Figure 11 Network diagram
Host A Router
Eth1/1 S2/0
Internet
Host B
CHAP authentication configuration # Add a PPPoE user.
<Router> system-view [Router] local-user user1 [Router-luser-user1] password simple pass1 [Router-luser-user1] service-type ppp [Router-luser-user1] quit
# Configure virtual-template 1 on the Router.

[Router] interface virtual-template 1 [Router-Virtual-Template1] ppp authentication-mode chap domain system [Router-Virtual-Template1] ppp chap user user1 [Router-Virtual-Template1] remote address pool 1 [Router-Virtual-Template1] ip address 1.1.1.1 255.0.0.0 [Router-Virtual-Template1] quit
# Configure PPPoE server on the Router.

[Router] interface ethernet 1/1 [Router-Ethernet1/1] pppoe-server bind virtual-template 1 [Router-Ethernet1/1] quit
# Configure local authentication for the users in the default ISP domain system.
[Router] domain system [Router-isp-system] authentication ppp local
55
# Add a local IP address pool.

[Router-isp-system] ip pool 1 1.1.1.2 1.1.1.10
MS-CHAP authentication configuration
# Add a PPPoE user.

<Router> system-view [Router] local-user user1 [Router-luser-user1] password simple pass1 [Router-luser-user1] service-type ppp [Router-luser-user1] quit
# Configure virtual-template 1 on the Router.

[Router] interface virtual-template 1 [Router-Virtual-Template1] ppp authentication-mode ms-chap domain system [Router-Virtual-Template1] remote address pool 1 [Router-Virtual-Template1] ip address 1.1.1.1 255.0.0.0 [Router-Virtual-Template1] quit
# Configure the PPPoE server on the Router.

[Router] interface ethernet 1/1 [Router-Ethernet1/1] pppoe-server bind virtual-template 1 [Router-Ethernet1/1] quit
[Router] domain system [Router-isp-system] authentication ppp local

[Router-isp-system] ip pool 1 1.1.1.2 1.1.1.10
Verification
After the configuration, Host A and Host B can access the Internet using the username user1 and password pass1 through the Router if they have PPPoE client software installed. If you specify the authentication scheme as radius-scheme or hwtacacs-scheme by using the authentication ppp command, you also need to configure RADIUS/HWTACACS settings to enable AAA. For detailed configuration procedures, see Security Configuration Guide.
PPPoE client configuration example

As shown in Figure 12, Router A and Router B are connected to each other through Ethernet 1/1. Configure the routers to make Router A authenticate Router B using PAP or CHAP. Figure 12 Network diagram
PPPoE Server
Eth1/1 Eth1/1
PPPoE Client
Router A
Router B
56
1.
PAP authentication configuration Configure Router A as the PPPoE server
# Add a PPPoE user.

<RouterA> system-view [RouterA] local-user user2 [RouterA-luser-user2] password simple hello [RouterA-luser-user2] service-type ppp [RouterA-luser-user2] quit
# Configure virtual template 1.

[RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ppp authentication-mode pap [RouterA-Virtual-Template1] ip address 1.1.1.1 255.0.0.0 [RouterA-Virtual-Template1] remote address 1.1.1.2 [RouterA-Virtual-Template1] quit
# Configure the PPPoE server.

[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] pppoe-server bind virtual-template 1
2.
Configure Router B as the PPPoE client.
<RouterB> system-view [RouterB] dialer-rule 1 ip permit [RouterB] interface dialer 1 [RouterB-Dialer1] dialer user user2 [RouterB-Dialer1] dialer-group 1 [RouterB-Dialer1] dialer bundle 1 [RouterB-Dialer1] ip address ppp-negotiate [RouterB-Dialer1] ppp pap local-user user2 password simple hello [RouterB-Dialer1] quit
# Configure the PPPoE session.

[RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] pppoe-client dial-bundle-number 1
3.
CHAP authentication configuration Configure Router A as the PPPoE server
# Add a PPPoE user.

<RouterA> system-view [RouterA] local-user user2 [RouterA-luser-user2] password simple hello [RouterA-luser-user2] service-type ppp [RouterA-luser-user2] quit

[RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ppp authentication-mode chap [RouterA-Virtual-Template1] ppp chap user user1 [RouterA-Virtual-Template1] ip address 1.1.1.1 255.0.0.0
57
[RouterA-Virtual-Template1] remote address 1.1.1.2 [RouterA-Virtual-Template1] quit
# Configure the PPPoE server.

[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] pppoe-server bind virtual-template 1
4.
Configure Router B as the PPPoE client.
<RouterB> system-view [RouterB] dialer-rule 1 ip permit [RouterB] interface dialer 1 [RouterB-Dialer1] dialer user user2 [RouterB-Dialer1] dialer-group 1 [RouterB-Dialer1] dialer bundle 1 [RouterB-Dialer1] ip address ppp-negotiate [RouterB-Dialer1] ppp chap user user2 [RouterB-Dialer1] quit [RouterB] local-user user1 [RouterB-luser-user1] password simple hello [RouterB-luser-user1] quit
# Configure the PPPoE session.

[RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] pppoe-client dial-bundle-number 1
Connecting a LAN to the internet using an ADSL modem

As shown in Figure 13, Router A provides Internet access for Host A, Host B, and Host C. It connects to DSLAM through an ADSL modem and a permanent PPPoE session. The username and password of the ADSL account are user1 and 123456. Router A operates as a PPPoE client, allowing the hosts in the LAN to access the Internet without PPPoE client software. Router B operates as the PPPoE server. It is connected to the DSLAM through interface ATM 1/0 and performs RADIUS authentication and accounting.
58

DSLAM
ATM1/0
Router B PPPoE Server
Modem
Eth1/1
Router A
PPPoE Client
Eth1/2 192.168.1.1/24
Host A
Host B
Host C
1.
Configure Router A as a PPPoE client
# Configure a dialer interface.

<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] interface dialer 1 [RouterA-Dialer1] dialer-group 1 [RouterA-Dialer1] dialer bundle 1 [RouterA-Dialer1] ip address ppp-negotiate [RouterA-Dialer1] ppp pap local-user user1 password cipher 123456 [RouterA-Dialer1] quit
# Configure a PPPoE session.

[RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] pppoe-client dial-bundle-number 1 [RouterA-Ethernet1/2] quit
# Configure an Internet interface for the LAN and configure the default route.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 192.168.1.1 255.255.255.0 [RouterA-Ethernet1/1] quit [RouterA] ip route-static 0.0.0.0 0 dialer 1
If the IP addresses of the hosts in the LAN are private addresses, you must configure NAT on Router A. For more information about NAT, see Layer 3IP Services Configuration Guide.
2.
Configure Router B as the PPPoE server
# Add a PPPoE user.

<RouterB> system-view [RouterB] local-user user1 [RouterB-luser-user1] password simple 123456 [RouterB-luser-user1] service-type ppp
59
[RouterB-luser-user1] quit
# Configure ATM 1/0 interface.

[RouterB] interface atm 1/0 [RouterB-Atm1/0] pvc 0/32 [RouterB-atm-pvc-Atm1/0-0/32] map bridge virtual-ethernet 1 [RouterB-atm-pvc-Atm1/0-0/32] quit [RouterB-Atm1/0] quit
# Enable PPPoE server on the virtual Ethernet interface.

[RouterB] interface virtual-ethernet 1 [RouterB-Virtual-Ethernet1] pppoe-server bind virtual-template 1 [RouterB-Virtual-Ethernet1] quit

[RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ppp authentication-mode pap domain system [RouterB-Virtual-Template1] remote address pool 1 [RouterB-Virtual-Template1] ip address 1.1.1.1 255.0.0.0 [RouterB-Virtual-Template1] quit
[RouterB] domain system [RouterB-isp-system] authentication ppp radius-scheme imc

[RouterB-isp-system] ip pool 1 1.1.1.2 1.1.1.10 [RouterB-isp-system] quit
# Configure RADIUS scheme.

[RouterB] radius scheme imc [RouterB-radius-imc] primary authentication 10.110.91.146 1812 [RouterB-radius-imc] primary accounting 10.110.91.146 1813 [RouterB-radius-imc] key authentication expert [RouterB-radius-imc] key accounting expert [RouterB-radius-imc] server-type extended [RouterB-radius-imc] user-name-format with-domain [RouterB-radius-imc] quit
For more information about RADIUS, see Security Configuration Guide.
Using ADSL to provide backup connection

As shown in Figure 14, Router is connected to Network Center through a DDN dedicated line and an ADSL connection, where the ADSL connection provides backup for the DDN dedicated line. When the DDN dedicated line fails, the Router initiates a PPPoE call to establish an ADSL connection to the Network Center on the demand of data transmitting. The ADSL connection is terminated when it idled for 2 minutes.
60

Modem
Eth1/1
ADSL
S2/0
DDN
Network Center
Configure Router: # Configure a dialer interface.
<Router> system-view [Router] dialer-rule 1 ip permit [Router] interface dialer 1 [Router-Dialer1] dialer user user1 [Router-Dialer1] dialer-group 1 [Router-Dialer1] dialer bundle 1 [Router-Dialer1] ip address ppp-negotiate

[Router-Dialer1] interface ethernet 1/1 [Router-Ethernet1/1] pppoe-client dial-bundle-number 1 idle-timeout 120 [Router-Ethernet1/1] quit
# Configure the DDN interface Serial 2/0.

[Router] interface serial 2/0 [Router-Serial2/0] ip address 10.1.1.1 255.255.255.0 [Router-Serial2/0] standby interface dialer 1 [Router-Serial2/0] quit
# Configure the static routes to the peer.

[Router] ip route 0.0.0.0 0 serial 2/0 preference 60 [Router] ip route 0.0.0.0 0 dialer 1 preference 70
Accessing the internet through an ADSL interface

As shown in Figure 15, ATM 1/0 on Router is used as an ADSL interface, through which Router can access the Internet directly without an ADSL modem. Figure 15 Network diagram
Internet
ATM1/0
Router
<Router> system-view [Router] dialer-rule 1 ip permit
61
[Router] interface dialer 1 [Router-Dialer1] dialer user mypppoe [Router-Dialer1] dialer-group 1 [Router-Dialer1] dialer bundle 1 [Router-Dialer1] ip address ppp-negotiate
# Configure VE interface 1.
[Router-Dialer1] interface virtual-ethernet 1 [Router-Virtual-Ethernet1] mac 0001-0002-0003 [Router-Virtual-Ethernet1] quit [Router]interface atm 1/0.1 [Router-atm1/0.1]pvc to_adsl_a 0/60 [Router-atm-pvc-atm1/0.1-0/60-to_adsl_a] map bridge virtual-ethernet 1 [Router-atm-pvc-atm1/0.1-0/60-to_adsl_a] quit [Router-atm1/0.1] quit

[Router] interface virtual-ethernet 1 [Router-Virtual-Ethernet1] pppoe-client dial-bundle-number 1 idle-timeout 120 [Router-Virtual-Ethernet1] quit
# Configure a default route.

[Router]ip route-static 0.0.0.0 0.0.0.0 dialer 1
62
ISDN configuration
The HP A-MSR900 series routers do not support ISDN BRI interfaces. ISDN evolved from IDN. It provides end-to-end digital connectivity and supports an extensive range of services, covering both voice and non-voice services. ISDN furnishes a finite set of standard multi-purpose UNIs. The ITU-T I.412 recommendation specifies two types of UNIs: BRI with bandwidth of 2B + D and PRI with Bandwidth of 30B + D or 23B + D. Where, B channel is a user channel, which transmits such user information as voice and data with a transmission rate of 64 kbps. D channel is a control channel, which transmits the public channel signaling. These signals control the calls on the B channel of the same interface. The rate of D channel is 16 kbps (BRI) or 64 kbps (PRI). The ITU-T Q.921 is a data link layer protocol of D channel. It defines the rule for Layer 2 information interchange via D channel from the user to a network interface and supports the access of a Layer-3 entity. The ITU-T Q.931 is a network layer protocol of D channel. It provides a measure for creating, maintaining and terminating network connection between communication application entities. CC is a further encapsulation of Q.931, which forwards the message from the network side to CC for CC to perform information interchange with higher layer applications such as DCC.
Figure 16 ISDN D channel protocol stack

CC Layer 3 Q.931
Layer 2
Q.921 LAPD
Layer 1
BRI
PRI
The ISDN protocol proposed by the ITU-T provides different services in different areas, forming the ISDN protocols that are suitable for different regions, such as NTT in Japan, ETSI in Europe, NI, AT&T, and ANSI in North America. Besides the default DSS1 ISDN protocol, the router supports the basic calling function of NTT, ETSI, AT&T, ANSI, NI, NI2, Q.SIG, and 5ESS protocols, but does not support the supplementary functions of these protocols. Additionally, DSS1, Q.SIG, NI2, and 5ESS support network side operation. NI protocol used in North America is only applied to BRI interfaces. The ISDN network uses SPID as the ID of different services, and the switch provides the service to the terminal user according to the SPID. Each B channel corresponds to a SPID. The user can proceed with normal calling and disconnection process only after having employed the SPID to perform the SPID handshake interaction. After the Q.921 establishes link successfully and before the Q.931 calling processing starts, the user needs to get SPID to interact with the switch to perform the Layer 3 (Q.931) initialization, and then the user can start normal calling and disconnect process. Otherwise, the calling will fail. By far, you can get the SPID on one BRI interface over the ISDN in North America in any of the following ways. Manually input the SPID consisting of 9 to 20 digits.
63
14-digit SPID (Generic SPID Format). The former 10 digits are input by the user, and the latter 4 digits can only be 0101. Allocate by SPCS through automated SPID selection regulation.
The former two ways to get SPID are regarded as static configuration methods, and the third one is taken as dynamic negotiation method. If the user does not specify a SPID in static method, the system adopts dynamic method by default.
Configuring ISDN
Configuring ISDN BRI
To configure ISDN BRI: To do
1. Enter system view. 2. Enter ISDN BRI interface view.
Use the command

system-view interface bri interface-number
Remarks
Optional.
3. Configure the BRI interface to operate in the point-to-point mode.
isdn link-mode p2p
By default, a BRI interface operates in point-to-multipoint mode, in which a BRI interface operating on the network side can have multiple end devices attached to it. Optional.
4. Set the ISDN protocol type.
isdn protocol-type protocol
The ISDN protocol on the BRI interface is DSS1 protocol by default. Optional.
5. Configure the ISDN protocol mode.
isdn protocol-mode mode
By default, the ISDN protocol mode of an ISDN BRI interface is user. Only the BSV cards can work at the network side.
6. Configure the negotiation parameters of ISDN Layer 3 protocol. 7. Configure the ISDN Q.931 protocol version. 8. Configure the SPID parameters about ISDN NI protocol. 9. Configure the called number and subaddress to be checked during an incoming call. 10. Configure the interface to send calling number during an outgoing call.
See Configuring the negotiation parameters of ISDN layer 3 protocol. See Configuring the ISDN Q.931 protocol version. See Configuring the SPID of the ISDN NI protocol. See Setting the called number or sub-address to be checked during a digital incoming call. See Configuring an interface to send calling number during an outgoing call.
Optional.
Optional. Optional.
Optional.
Optional.
64
To do
11. Set the local management ISDN B channel. 12. Configure ISDN B channel selection mode. 13. Configure ISDN BRI sliding window size. 14. Configure statistics about ISDN message receiving and sending. 15. Configure the allowed incoming calling number. 16. Configure Progress-to-Alerting conversion. 17. Configure ISDN to carry the Calling-Name field in outgoing packets. 18. Configure ISDN to carry the Connected-Name field in outgoing packets. 19. Configure the service type in the ISDN bearer compatibility signaling. 20. Configure the progress indicator value in the ISDN signaling. 21. Configure the interface to send out Alerting messages that do not carry the Channel-ID field. 22. Configure TEI treatment on the BRI interface. 23. Configure ISDN BRI leased line. 24. Configure deactivation protection for the ISDN BRI interface. 25. Configure permanent link function on ISDN BRI link layer.
Use the command

See Setting the local management ISDN B channel See Configuring ISDN B channel selection mode. See Configuring the sliding window size on a BRI interface. See Collecting statistics about ISDN message receiving and sending. See Configuring an interface to check the calling number when an incoming call comes. See Configuring progress-to-alerting conversion. See Configuring ISDN to carry the Calling-Name field in outgoing packets. See Configuring ISDN to carry the Connected-Name field in outgoing packets. See Configuring the service type in the ISDN bearer compatibility signaling. See Setting the progress indicator value in ISDN signaling messages. See Configuring the interface to send out Alerting messages that do not carry the Channel-ID field. See Configuring TEI treatment on the BRI interface. See Configuring an ISDN BRI leased line. See Configuring deactivation protection for an ISDN BRI interface. See Configuring permanent link function at ISDN BRI link layer.
Remarks
Optional. Optional. Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional. Optional.
Optional.
Optional.
To configure ISDN PRI: To do

Use the command

system-view
Remarks
65
To do
2. Configure PRI interfaces to send ISDN RESTART messages actively.
Use the command
Remarks
Optional. By default, a PRI interface actively sends ISDN RESTART messages to the peer end before B channel maintenance. Optional.
isdn send-restart
3. Enter ISDN PRI interface view.
interface interface-type interface-number
4. Set the ISDN protocol type.
isdn protocol-type protocol
The ISDN protocol on the PRI interface is DSS1 protocol by default. Optional.
5. Configure the ISDN protocol mode. 6. Configure the negotiation parameters of ISDN Layer 3 protocol. 7. Configure the ISDN Q.931 protocol version. 8. Configure the called number and subaddress to be checked during an incoming call. 9. Configure the interface to send calling number during an outgoing call. 10. Set the local management ISDN B channel. 11. Configure ISDN B channel selection mode. 12. Configure ISDN PRI sliding window size. 13. Configure statistics about ISDN message receiving and sending. 14. Configure the allowed incoming calling number. 15. Configure Progress-to-Alerting conversion. 16. Configure ISDN to carry the Calling-Name field in outgoing packets.
isdn protocol-mode mode
By default, the ISDN protocol mode of an ISDN PRI interface is user. Optional.
See Configuring the negotiation parameters of ISDN layer 3 protocol. See Configuring the ISDN Q.931 protocol version. See Setting the called number or sub-address to be checked during a digital incoming call. See Configuring an interface to send calling number during an outgoing call. See Setting the local management ISDN B channel. See Configuring ISDN B channel selection mode. See Configuring the sliding window size on a PRI interface. See Collecting statistics about ISDN message receiving and sending. See Configuring an interface to check the calling number when an incoming call comes. See Configuring progress-to-alerting conversion. See Configuring ISDN to carry the Calling-Name field in outgoing packets.
Optional.
Optional.
Optional.
Optional. Optional. Optional.
Optional.
Optional.
Optional.
Optional.
66
To do
17. Configure ISDN to carry the Connected-Name field in outgoing packets. 18. Configure the service type in the ISDN bearer compatibility signaling. 19. Configure the progress indicator value in the ISDN signaling.
Use the command

See Configuring ISDN to carry the Connected-Name field in outgoing packets. See Configuring the service type in the ISDN bearer compatibility signaling. See Setting the progress indicator value in ISDN signaling messages.
Remarks
Optional.
Optional.
Optional.
Configuring the negotiation parameters of ISDN layer 3 protocol

To configure the negotiation parameters of ISDN Layer-3 protocol: To do
Use the command

Remarks
Optional.
3. Set the length of the call reference adopted when the ISDN interface initiates a call.
isdn crlength call-reference-length
The call reference length is two bytes for CE1 PRI and CT1 PRI interfaces and one byte for BRI interfaces by default. Optional. By default, in the event that the router is communicating with an ISDN switch:
The ISDN protocol must wait for

4. Configure how the ISDN protocol handles CONNECT ACK messages. isdn ignore connect-ack [ incoming | outgoing ] the CONNECT ACK in response to the CONNECT message before it can switch to the ACTIVE state to start the data and voice service communications.
After the ISDN protocol

receives a CONNECT message, it needs to respond to the peer with a CONNECT ACK message. 5. Disable ISDN from carrying the HLC information element in SETUP messages when placing voice calls. 6. Disable ISDN from carrying the LLC information element in SETUP messages when placing voice calls. Optional. isdn ignore hlc By default, HLC information element is carried in SETUP messages when placing voice call. Optional. isdn ignore llc By default, LLC information element is carried in SETUP messages when placing voice call.
67
To do
Use the command
Remarks
Optional. As for the data exchange performed between a router and an ISDN switch, the default is as follows.
For an incoming call, the router

checks the received Setup messages for the Sending Complete Information Element to determine whether or not the number is received completely. If a Setup message does contain the Sending Complete Information Element, the number is not received completely.
7. Configure the ISDN protocol to ignore the processing on the Sending Complete Information Element.
isdn ignore sending-complete [ incoming | outgoing ]
For outgoing calls, a Setup

message containing the Sending Complete Information Element indicates that the number is sent completely. Optional. The default time-out value of an ISDN L3 timer varies by ISDN protocol type. By default, the DSS1 ISDN L3 timers are set in seconds as follows:
8. Set the time-out value of an ISDN Layer 3 timer.
isdn l3-timer timer-name time-interval
T301 defaults to 240 T302 defaults to 15 T303 defaults to 4 T304 defaults to 30 T305 defaults to 30 T308 defaults to 4 T309 defaults to 90 T310 defaults to 40 T313 defaults to 4 T316 defaults to 120 T322 defaults to 4
9. Set the type and code scheme of calling or called numbers in incoming or outgoing ISDN calls.
Optional. isdn number-property number-property [ calling | called ] [ in | out ] By default, the system selects ISDN number type and code scheme depending on upper layer service. For more information, see Table 1.
68
To do
10. Set the called number of ISDN interface to send in overlap mode (in this mode, the digits of each called number are sent separately and the number of the digits sent each time can be set by the user).
Use the command
Remarks
Optional.
isdn overlap-sending [digits ]
In full-sending mode, all the digits of each called number are collected and sent at a time by default.
Table 1 Types and code schemes of ISDN numbers Field (Bit) value Protocol 8 Type 7
0 0 0 ANSI
Code scheme 5
0 0 1 0 0 0 0 0 0 0 0 1 0 1 1
Definition
6
0 1 1
1
User-specified National network identification International network identification Unknown/user-specified Carrier identification code Data network identification code (ITU-T Recommendation X.121) Unknown International number National number Subscriber number
0 0 0 AT&T 1
0 0 1 0
0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 1
Unknown ISDN/telephony numbering loan (Recommendation E.164/E.163) Private numbering plan
69
Field (Bit) value Protocol 8 Type 7

0 0 0 0 1 1 1 DSS1
Code scheme 5
0 1 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 1 0 0 1 0 0 1 0 0 0 1 0 1 1 0 0 1 1
Definition
6
0 0 1 1 0 1 1
1
Unknown International number National number Network specific number Subscriber number Abbreviated number Reserved for extension Unknown ISDN/telephony numbering plan (Recommendation E.164) Data numbering plan (Recommendation X.121) Telex numbering plan (Recommendation F.69) National standard numbering plan Private numbering plan Reserved for extension Unknown International number National number Network specific number Subscriber number Abbreviated number Reserved for extension
0 0 0 0 1 1 1 ETSI
0 0 1 1 0 1 1
0 1 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 1 1 0 0 1 1 0 1 1
Unknown ISDN/telephony numbering plan (Recommendation E.164) Data numbering plan (Recommendation X.121) Telex numbering plan (Recommendation F.69) National standard numbering plan Private numbering plan Reserved for extension Unknown number in Unknown numbering plan International number in ISDN numbering plan (Rec. E.164) National number in ISDN numbering plan (Rec. E.164)
0 NI 0 0
0 0 1
0 1 0
0 0 0
70
Field (Bit) value Protocol 8 Type 7

0 1 1 0 0 0 NTT 1
Code scheme 5
1 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 1 1 1 1 1 1 1
Definition
6
1 0 1 0 1 1 0
4
1 0 1
3
0 0 0
2
0 0 0
1
1 1 1 Network specific number in private numbering plan Local (directory) number in ISDN numbering plan (Rec. E.164) Abbreviated number in private numbering plan Unknown National number Network specific number Subscriber number Unknown ISDN/telephony numbering plan (Recommendation E.164) Private numbering plan Unknown number in Unknown numbering plan Unknown number in ISDN/Telephony numbering plan (ITU-T Rec.E.164/E.163) International number in ISDN/Telephony numbering plan (ITU-T Rec.E.164/E.163) National number in ISDN/Telephony numbering plan (ITU-T Rec.E.164/E.163) Subscriber number in ISDN/Telephony numbering plan (ITU-T Rec.E.164/E.163) Unknown number in private numbering plan Level 2 regional number in private numbering plan Level 1 regional number in private numbering plan PISN specific number in private numbering plan Level 0 regional number in private numbering plan
0 0 0 0 QSIG 0 0 0 0 0 1
0 0 0 1 1 0 0 1 1 0
0 0 1 0 1 0 1 0 1 0
0 0 0 0 0 1 1 1 1 1
The undefined bits in all the protocols are reserved for other purposes.
Configuring the ISDN Q.931 protocol version

The ISDN Q.931 protocol has multiple versions. By default, Q.931 (1998) runs on your device. However, some devices in the network may run Q.931 (1988). For interoperation with such a device, configure the connecting interface to run Q.931 (1988). To enable Q.931 (1988) on an interface: To do
Use the command

system-view interface interface-type interface-number 71
Remarks

To do
3. Enable Q.931 (1988) on the interface.
Use the command

isdn q931-traditional
Remarks
Required. By default, an interface runs Q.931 (1998).
Configuring the SPID of the ISDN NI protocol

You may configure SPID on the BRI interfaces that are running the ISDN NI protocol. To configure the SPID parameters of the ISDN NI protocol: To do
Use the command

system-view interface interface-type interface-number Static: Set the SPID value of B1 on the BRI interface running the NI protocol isdn spid1 spid [ ldn ] Set the SPID value of B2 on the BRI interface running the NI protocol
Remarks

Required. By default, the SPID is obtained through dynamic negotiation.
3. Set the SPID type on the BRI interface running the NI protocol to NIT, static, or dynamic (only one of them can be available once).
isdn spid2 spid [ ldn ] Dynamic: Enable the SPID negotiation on the BRI interface running the NI protocol isdn spid auto_trigger NIT: Set the SPID processing mode to NIT on the BRI interface running the NI protocol isdn spid nit By default, a BRI interface does not use the NIT mode. Optional. By default, a BRI interface does not initiate a SPID negotiation request unless triggered by a call.
4. Set the service type supported by SPID. 5. Set the time-interval of timer TSPID on the BRI interface running the NI protocol. 6. Set the number of times of resending message on the BRI interface running the NI protocol.
isdn spid service [ audio | data | speech ] isdn spid timer seconds
SPID needs to support speech and data services simultaneously. Optional. The time-interval of timer TSPID is 30 seconds by default. Optional. Once by default
isdn spid resend times
72
Setting the called number or sub-address to be checked during a digital incoming call
If a called number or subaddress is specified, the system denies an incoming digital call if the calling party sends a wrong called number or subaddress or does not send at all. To configure the called number or sub-address to be checked during a digital incoming call: To do
Use the command

Remarks
Optional.
3. Set the called number or sub-address to be checked during a digital incoming call.
isdn check-called-number check-index called-party-number [ : subaddress ]
No called number or sub-address is configured by default. When configuring this command, the called number and subaddress are separated with string space: space.
Configuring an interface to send calling number during an outgoing call

The purpose for setting this command is to reduce cost in some networks that charge the calling side by providing advantageous accounting numbers for users. To configure an interface to send the calling number during an outgoing call: To do
1. Enter system view. 2. Enter interface view. 3. Configure the interface to send the calling number during an outgoing call.
Use the command

system-view interface interface-type interface-number isdn calling calling-number
Remarks
Optional. Calling number is not sent by default.
Setting the local management ISDN B channel

Configured with the isdn bch-local-manage command, the router operates in local B-channel management mode to select available B channels for calls. Despite this, the connected exchange has higher priority in B channel selection. If the B channel the router selected for a call is different from the one indicated by the exchange, the one indicated by the exchange is used for communication. Configured with the isdn bch-local-manage exclusive command, the router operates in exclusive local B-channel management mode. In this mode, the B channel selected by the router must be adopted for communication. In the Channel ID information element of the call Setup message sent for a call, the router indicates that the B channel is mandatory and unchangeable. If the connected exchange indicates a B channel different from the one selected by the router, call failure occurs.
73
To set the local management ISDN B channel: To do

Use the command

Remarks
Local ISDN B channel management is not configured and the remote end is responsible for B channel management by default.
3. Set the local management ISDN B channel.
isdn bch-local-manage [ exclusive ]
Exclusive local management mode for ISDN B channels is applied to network side for the device. If the device serves as user side connected with ISDN switch, and the B channel indicated by the exchange is inconsistent with the one required by the local end, call failure occurs.
Configuring ISDN B channel selection mode

To configure ISDN B channel selection mode: To do
1. Enter system view. 2. Enter specified interface interview.
Use the command

Remarks
Optional. ISDN B channel ascending selection mode is adopted by default. When the switch manages B channel, this command takes no effect. For more information about configuring local management ISDN B channel, see Setting the local management ISDN B channel.
3. Configure ISDN B channel ascending or descending selection mode.
isdn bch-select-way { ascending | descending }
Configuring the sliding window size on a BRI interface

Frames in the Q.921 buffer are sent in sequence. Usually, a frame can be sent only when the last frame is acknowledged. To improve transmission efficiency, the sliding window mechanism is introduced. It allows the system to send multiple continuous frames without having to wait for the acknowledgement to the last frame. The sliding window size determines the maximum number of unacknowledged frames. When sending a frame, the system checks the number of unacknowledged frames. Suppose V(A) is the sequence number of the last acknowledged frame, V(S) is the sequence number of the frame to be sent, and K is the sliding window size. If V(A) + K = V(S), the system stops sending frames.
74
By default, the sliding window size of an ISDN BRI interface is 1. Tune the size depending on the link status to maximize the throughput. To configure the size of the sliding window on a BRI interface: To do
1. Enter system view. 2. Enter interface view. 3. Configure the sliding window size on the BRI interface.
Use the command

system-view interface interface-type interface-number isdn bri-slipwnd-size window-size
Remarks
Optional. The sliding window on the BRI interface defaults to 1.
Configuring the sliding window size on a PRI interface

Frames in the Q.921 buffer are sent in sequence. Usually, a frame can be sent only when the last frame is acknowledged. To improve transmission efficiency, the sliding window mechanism is introduced. It allows the system to send multiple continuous frames without having to wait for the acknowledgement to the last frame. The sliding window size determines the maximum number of unacknowledged frames. When sending a frame, the system checks the number of unacknowledged frames. Suppose V(A) is the sequence number of the last acknowledged frame, V(S) is the sequence number of the frame to be sent, and K is the sliding window size. If V(A) + K = V(S), the system stops sending frames. By default, the sliding window size of an ISDN PRI interface is 7. Tune the size depending on the link status to maximize the throughput. To configure the size of the sliding window on a PRI interface: To do
1. Enter system view. 2. Enter interface view. 3. Configure the sliding window size on the PRI interface.
Use the command

system-view interface interface-type interface-number isdn pri-slipwnd-size window-size
Remarks
Optional. The sliding window on the PRI interface defaults to 7.
Collecting statistics about ISDN message receiving and sending

To collect statistics about ISDN message receiving and sending: To do
1. Enter system view. 2. Enter interface view. 3. Configure ISDN to start collecting the statistics about message receiving and sending.
Use the command

Remarks

isdn statistics start
Optional
75
To do
4. Set ISDN to stop collecting the statistics about message receiving and sending. 5. Display ISDN statistics. 6. Set ISDN to continue the statistics of information received by ISDN. 7. Clear ISDN statistics.
Use the command

isdn statistics stop isdn statistics display [ flow ] isdn statistics continue isdn statistics clear
Remarks
Optional Optional Optional Optional
Configuring an interface to check the calling number when an incoming call comes
To configure an interface to check the calling number when an incoming call comes: To do
1. Enter system view. 2. Enter interface view. 3. Configure the interface to check the calling number when an incoming call comes.
Use the command

system-view interface interface-type interface-number isdn caller-number caller-number
Remarks
Required. Execute this command to configure limited incoming calls.
Configuring progress-to-alerting conversion

When ISDN is processing voice calls, Alerting messages are used as ring indications as defined in the standard protocol. However, some devices use Progress messages as ring indications. In this case, you must convert the received Progress messages into Alerting messages. Use the related command to determine whether to perform the conversion. The conversion is needed when the current device is connected to a device using Progress messages as ring indications. Otherwise, the conversion is unnecessary. The conversion is enabled by default. To configure Progress-to-Alerting conversion: To do...
1. Enter system view. 2. Enter interface view. 3. Configure the ISDN interface to convert received Progress messages into Alerting messages.
Use the command...

system-view interface interface-type interface-number isdn message-conversion progress-to-alerting enable
Remarks
Optional Enabled by default
76
Configuring ISDN to carry the Calling-Name field in outgoing packets

To configure ISDN to carry the Calling-Name field in outgoing packets: To do
1. Enter system view. 2. Enter interface view. 3. Configure ISDN to carry the Calling-Name field in outgoing packets.
Use the command

Remarks
Optional.
isdn carry calling-name
By default, ISDN does not carry the Calling-Name field in outgoing packets.
Configuring ISDN to carry the Connected-Name field in outgoing packets

To configure ISDN to carry the Connected-Name field in outgoing packets: To do
1. Enter system view. 2. Enter interface view. 3. Configure ISDN to carry the Connected-Name field in outgoing packets.
Use the command

Remarks
Optional.
isdn carry connected-name
By default, ISDN does not carry the Connected-Name field in outgoing packets.
Configuring the service type in the ISDN bearer compatibility signaling

This feature is available only on voice interfaces such as BSV, VE1, and VT1 interfaces. The bearer compatibility field in the ISDN signaling specifies the service type of the ISDN bearer. The following service types are supported: SpeechSpecifies the speech service. audioSpecifies the 3.1 kHz audio. dataSpecifies the unrestricted digital information.
The default service type is speech. Change the service type to audio or data as needed. To configure the service type in the ISDN bearer compatibility signaling: To do
Use the command

system-view
Description
77
To do
2. Enter interface view. 3. Configure the service type in the ISDN bearer compatibility signaling.
Use the command

interface interface-type interface-number isdn service [ audio | data | speech ]
Description
Optional. The default service type is speech.
Setting the progress indicator value in ISDN signaling messages

To set the progress indicator value in the ISDN signaling messages sent by an ISDN interface: To do
1. Enter system view. 2. Enter ISDN interface view. 3. Set the progress indicator value in the ISDN signaling messages sent by the interface.
Use the command

Remarks
Optional.
isdn progress-indicator indicator
By default, the progress indicator value set by the upper-layer voice service applies.
Configuring the interface to send out Alerting messages that do not carry the Channel-ID field
To configure the interface to send out Alerting messages that do not carry the Channel-ID field: To do
Use the command

Remarks
Optional.
3. Configure the interface to send out Alerting messages that do not carry the Channel-ID field.
isdn carry channel-id once-only
By default, all ISDN messages sent carry the Channel-ID field. For compatibility with most PBX devices, HP recommends you use the default configuration of this command.
Configuring TEI treatment on the BRI interface

To configure TEI treatment on the BRI interface: To do
1. Enter system view. 2. Enter BRI interface view.
Use the command

Remarks

78
To do
3. Request the switch for a new TEI each time a B channel on the BRI interface places a call.
Use the command

isdn two-tei
Remarks
Optional. All B channels on the BRI interface use the same TEI by default.
Configuring an ISDN BRI leased line

ISDN leased lines are implemented by establishing MP semi-permanent connections. This requires that the PBXs of your telecommunication service provider provide leased lines and are connected to the remote devices. To configure an ISDN BRI leased line: To do
1. Enter system view. 2. Enter BRI interface view. 3. Configure the B channel for ISDN leased line connection.
Use the command

system-view interface bri interface-number dialer isdn-leased { number | 128k }
Remarks
No B channel on the ISDN BRI interface is configured for leased line connection by default.
Before configuring an ISDN BRI leased line, make sure that C-DCC is enabled. For more information about C-DCC configuration, see the chapter DCC configuration.
Configuring permanent link function at ISDN BRI link layer

With the isdn q921-permanent command, the BRI interface sets up a data link connection automatically and maintain the connection even when no calls are received from the network layer. If the two-tei mode is also configured on the interface, two such connections are present. You may need to configure permanent Q.921 link mode where the ISDN NI protocol is adopted to ensure the success of every call attempt. To configure Q.921 permanent link mode for an ISDN BRI interface: To do
1. Enter system view. 2. Enter BRI interface view. 3. Set the Q.921 link on the BRI interface in permanent state.
Use the command

Remarks
Required.
isdn q921-permanent
The Q.921 links on BRI interfaces are not in permanent state by default.
On PRI interfaces, Q.921 layer negotiates to enter multi-framing state immediately after the correct connection of the user side and the network side. However, on BRI interfaces, the Q.921 layer transits to the multi-framing state only after a call is placed and the Q.921 link that has been set up is torn down if no Layer 3 call is received before the T.325 timer expires.
79
Specifying an ISDN BRI interface to be in permanent active state on physical layer

Specifying the BRI interface to be in permanent active state on physical layer
A-MSR20-1X
Available to BSV interfaces operating at the network side
A-MSR20
A-MSR30
A-MSR50
On a BRI interface operating on the network side, the T325 timer is triggered when the link is torn down on data link layer and deactivating requests are sent from data link layer to physical layer when the timer expires. Deactivating request causes the BRI interface to turn to inactive mode on physical layer and helps reduce power consumption. To make a BRI interface remain in active state on physical layer even if no link exists on the data link layer, perform the operations listed in the following table, through which you can disable activating request sending. To specify an ISDN BRI interface to be in permanent active state on physical layer: To do
1. Enter system view. 2. Enter BRI interface view. 3. Specify the BRI interface to be in permanent active state on physical layer.
Use the command...

system-view interface bri interface-number permanent-active
Remarks
Optional. A BRI interface is not in permanent active state on physical layer.
This function is only applicable to BRI interfaces operating in the network side mode. (Only BSV board can operate on network side.) This function is different from the permanent link function. The former maintains the active state of BRI interfaces on physical layer and is only applicable to BRI interfaces operating on the network side. It cannot activate the BRI interfaces that are in inactive state on physical layer. However, the latter enables BRI interfaces to enter Q.921 multi-framing state immediately after the user side and the network side are connected correctly. It is only applicable to BRI interfaces operating on the user side. If you enable the permanent link function when no Q.921 link is established, the system attempts to establish Q.921 links.
Configuring deactivation protection for an ISDN BRI interface

With deactivation protection enabled on an ISDN BRI interface, the deactivation timer starts when you deactivate the ISDN BRI interface, and the ISDN BRI interface is deactivated when the timer expires. With deactivation protection disabled on an ISDN BRI interface, the ISDN BRI interface is deactivated as soon as you deactivate the ISDN BRI interface, and the deactivation timer is not started. To configure deactivation protection for an ISDN BRI Interface: To do
1. Enter system view. 2. Enter BRI interface view.
Use the command

Remarks

80
To do
3. Enable deactivation protection for the ISDN BRI Interface.
Use the command

deactive-protect
Remarks
When some applications require the ISDN BRI interface to be deactivated rapidly, you must disable deactivation protection on the ISDN BRI interface.
Enabling remote powering on an ISDN BRI interface

Enabling remote powering on an ISDN BRI interface
A-MSR20-1X
A-MSR20
A-MSR30
A-MSR50
To enable remote powering on an ISDN BRI interface: To do...

1. Enter system view. 2. Enter BRI interface view. 3. Enable remote powering on the interface.
Use the command...

Remarks
Required.
power-source
The remote powering function is disabled on an ISDN BRI interface by default.
This function is available to BSV interfaces operating in the network side mode. For example, you can enable this function on a BSV interface operating in the network side mode to provide power supply to the ISDN digital phone sets attached to the interface. (Only BSV board can operate in the network side mode.)
Configuring ISDN call check

With the ISDN call check function, the system checks all the ISDN call records at the specified time every day to see whether or not the call control blocks of the CC module and the Q.931 module are synchronized. The ISDN calls whose call control blocks are not synchronized are released. To configure ISDN call check: To do
1. Enter system view. 2. Configure ISDN call check.
Use the command

system-view isdn check-time date-time
Remarks
Enabling the trap function

To learn events that occur on the ISDN module, you can enable the trap function for ISDN. When events occur on the ISDN module, traps are sent to the information center. Configure the information center to output
81
the trap information matches certain criteria to a desired destination (the console for example) for analysis. To configure the information center, see Network Management and Monitoring Configuration Guide. To enable the trap function: To do...
1. Enter system view. 2. Enable the trap function for the ISDN module.
Use the command...

system-view snmp-agent trap enable isdn [ call-clear | call-setup | lapd-status ]
Remarks
For more information about the snmp-agent trap enable isdn command, see Network Management and Monitoring Command Reference.
Displaying and maintaining ISDN

To do
Display the active calling information on an ISDN interface.
Use the command

display isdn active-channel [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display isdn call-info [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display isdn call-record [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display isdn parameters { protocol | interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] regular-expression ] display isdn spid interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display the current status of an ISDN interface.
Display the history record of an ISDN call.
Display the system parameters of ISDN protocol Layer 2 and Layer 3 running on the interface.
Display the information of SPID on the BRI interface running the NI protocol.
ISDN configuration examples

Connecting routers through ISDN PRI lines
As shown in Figure 17, connect Router to Router B through ISDN PRI lines.
82

Router A
CE/PRI 1/0 202.38.154.1/16 8810152
ISDN network
CE/PRI 1/0 202.38.154.2/16 8810154
Router B
1.
Configure Router A.
# Create an ISDN PRI interface.

<RouterA> system-view [RouterA] controller e1 1/0 [RouterA-E1 1/0] pri-set [RouterA-E1 1/0] quit
# Configure an ISDN PRI interface.

[RouterA] interface serial 1/0:15 [RouterA-Serial1/0:15] ip address 202.38.154.1 255.255.0.0 [RouterA-Serial1/0:15] isdn protocol-type dss1 [RouterA-Serial1/0:15] dialer enable-circular [RouterA-Serial1/0:15] dialer route ip 202.38.154.2 8810154 [RouterA-Serial1/0:15] dialer-group 1 [RouterA-Serial1/0:15] quit [RouterA] dialer-rule 1 ip permit
2.
Configure Router B.
Follow the same procedures to configure Router B.
Connecting routers through ISDN BRI lines running NI

As shown in Figure 18, connect Router A to Router B through NI protocol of ISDN BRI lines.
83

Router A
BRI2/0 202.38.154.1/16 8810152
ISDN network
BRI2/0 202.38.154.2/16 8810154
Router B
1.
Configure Router A.
# Configure the dialing parameters on ISDN BRI interface.

<RouterA> system-view [RouterA] interface bri 2/0 [RouterA-Bri2/0] ip address 202.38.154.1 255.255.0.0 [RouterA-Bri2/0] dialer enable-circular [RouterA-Bri2/0] dialer route ip 202.38.154.2 8810154 [RouterA-Bri2/0] dialer-group 1 [RouterA-Bri2/0] quit [RouterA] dialer-rule 1 ip permit
# Configure ISDN NI protocol parameters to make the B channel of BRI interface support static SPID value, and set the negotiation message to be resent twice when no reply exists.
[RouterA] interface bri 2/0 [RouterA-Bri2/0] isdn protocol-type ni [RouterA-Bri2/0] isdn spid1 12345 [RouterA-Bri2/0] isdn spid2 23456 [RouterA-Bri2/0] isdn spid resend 2
2.
Configure Router B.
Follow the same procedures to configure Router B.
Using ISDN BRI leased lines to implement MP bundling

As shown in Figure 19, connect Router A to Router B through two BRI leased lines, which are used for MP bundling.
84

Router A
BRI2/0 202.38.154.1/16
ISDN network
BRI2/0 202.38.154.2/16
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] interface bri 2/0 [RouterA-Bri2/0] link-protocol ppp [RouterA-Bri2/0] ppp mp virtual-template 5 [RouterA-Bri2/0] dialer enable-circular [RouterA-Bri2/0] dialer isdn-leased 0 [RouterA-Bri2/0] dialer isdn-leased 1 [RouterA-Bri2/0] quit [RouterA] interface virtual-template 5 [RouterA-Virtual-Template5] ip address 202.38.154.1 255.255.0.0
2.
Configure Router B.
<RouterB> system-view [RouterB] interface bri2/0 [RouterB-Bri2/0] link-protocol ppp [RouterB-Bri2/0] ppp mp virtual-template 5 [RouterB-Bri2/0] dialer enable-circular [RouterB-Bri2/0] dialer isdn-leased 0 [RouterB-Bri2/0] dialer isdn-leased 1 [RouterB-Bri2/0] quit [RouterB] interface virtual-template 5 [RouterB-Virtual-Template5] ip address 202.38.154.2 255.255.0.0
Only virtual-templates can be used as the MP binding templates for ISDN leased lines. As leased lines do not require dialing, you do not need to configure dial numbers. The system accepts MP bundles formed by 64-kbps, 128-kbps ISDN leased lines or a mix of both. For more information, see the three ways to configure MP bundles discussed in the chapter PPP and MP configuration.
85
Configuring ISDN 128K leased lines

As shown in Figure 20, connect Router A to Router B by connecting their ISDN BRI interfaces through a 128K leased line. Figure 20 Network diagram
BRI2/0 100.1.1.1/24 BRI2/0 100.1.1.2/24
ISDN network
Router A Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] interface bri 2/0 [RouterA-Bri2/0] ip address 100.1.1.1 255.255.255.0 [RouterA-Bri2/0] link-protocol ppp [RouterA-Bri2/0] dialer enable-circular [RouterA-Bri2/0] dialer-group 1 [RouterA-Bri2/0] dialer isdn-leased 128k
2.
Configure Router B.
<RouterB> system-view [RouterB] dialer-rule 1 ip permit [RouterB] interface bri 2/0 [RouterB-Bri2/0] ip address 100.1.1.2 255.255.255.0 [RouterA-Bri2/0] link-protocol ppp [RouterB-Bri2/0] dialer enable-circular [RouterB-Bri2/0] dialer-group 1 [RouterB-Bri2/0] dialer isdn-leased 128k
You do not need to configure a dial number because setup of leased line connection does not involve dialing process. After you configure a leased line successfully, dial through. To view the interface states, execute the following commands:
<RouterA> display interface bri 2/0 Bri2/0 current state :UP Line protocol current state :UP (spoofing) Description : Bri2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) baudrate is 128000 bit/s, Encapsulation is ISDN Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Timeslot(s) Used: 1, 2 Internet Address is 100.1.1.1/24
Output queue : (Protocol queue : Size/Length/Discards) 0/500/0
86
Output queue : (FIFO queuing : Size/Length/Discards)
0/75/0
Last 300 seconds input rate 0.00 bytes/sec, 0.00 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0.00 packets/sec Input: 0 packets, 0 bytes 0 broadcasts, 0 multicasts 2 errors, 0 runts, 0 giants, 2 CRC, 0 align errors, 0 overruns, 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:0 packets, 0 bytes 0 errors, 0 underruns, 0 collisions 0 deferred <RouterA> display interface bri 2/0:1 Bri2/0:1 current state :UP Line protocol current state :UP (spoofing) Description : Bri2/0:1 Interface The Maximum Transmit Unit is 1500 baudrate is 128000 bit/s, Link layer protocol is PPP LCP opened, IPCP opened, OSICP opened Output queue : (Urgent queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 0/50/0 0/75/0 Output queue : (Protocol queue : Size/Length/Discards) 0/500/0 Last 300 seconds input rate 2.44 bytes/sec, 0.20 packets/sec Last 300 seconds output rate 2.54 bytes/sec, 0.20 packets/sec Input: 17782 packets, 220973 bytes 0 broadcasts, 0 multicasts 2 errors, 0 runts, 0 giants, 2 CRC, 0 align errors, 0 overruns, 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:17085 packets, 208615 bytes 0 errors, 0 underruns, 0 collisions 0 deferred <RouterA> display interface bri 2/0:2 Bri2/0:2 current state :DOWN Line protocol current state :UP (spoofing) Description : Bri2/0:2 Interface The Maximum Transmit Unit is 1500 baudrate is 64000 bit/s, Link layer protocol is PPP LCP initial Output queue : (Urgent queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 0/50/0 0/75/0 Output queue : (Protocol queue : Size/Length/Discards) 0/500/0 Last 300 seconds input rate 0.16 bytes/sec, 0.01 packets/sec Timeslot(s) Used: NULL Timeslot(s) Used: 1, 2
87
Last 300 seconds output rate 0.16 bytes/sec, 0.01 packets/sec Input: 17494 packets, 216768 bytes 0 broadcasts, 0 multicasts 2 errors, 0 runts, 0 giants, 2 CRC, 0 align errors, 0 overruns, 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:16634 packets, 201465 bytes 0 errors, 0 underruns, 0 collisions 0 deferred
The output shows that: the state of interface Bri 2/0:1 is up, its speed is 128 kbps, and channels (timeslots used) B1 and B2 are in use; the state of Bri 2/0:2 is down, and the field of timeslots used is NULL.
Interoperating with DMS100 switches

As shown in Figure 21, Router D is connected to a DMS100 switch of the carrier, using the access number of 8810148. The ISDN lines on interface BRI 1/0 are allocated two SPIDs and LDNs; they are: SPID1 = 31427583620101, LDN1 = 1234567 SPID2 = 31427583870101, LDN2 = 7654321
In addition, the username and password for dialing are user and hello, respectively. Router D needs to place an MP call on interface Bri 2/0 to get an address from the carrier for accessing the Internet. Figure 21 Network diagram
Router NT1 DMS 100
BRI2/0
8810148
SPID1:31427583620101,LDN1=1234567 SPID1:31427583870101,LDN1=7654321
# Enable IP packet-triggered dial.
# Encapsulate interface BRI 2/0 with MP.

[Router] interface bri 2/0 [Router-Bri2/0] link-protocol ppp [Router-Bri2/0] ppp mp
# Enable C-DCC.
[Router-Bri2/0] dialer enable-circular [Router-Bri2/0] dialer-group 1 [Router-Bri2/0] dialer circular-group 1
# Configure ISDN parameters.

88
[Router-Bri2/0] isdn protocol-type ni [Router-Bri2/0] isdn two-tei [Router-Bri2/0] isdn number-property 0 [Router-Bri2/0] isdn spid1 31427583620101 1234567 [Router-Bri2/0] isdn spid2 31427583870101 7654321 [Router-Bri2/0] isdn spid service data [Router-Bri2/0] isdn spid service speech [Router-Bri2/0] quit

[Router] interface dialer 1 [Router-Dialer1] link-protocol ppp [Router-Dialer1] ppp pap local-user user password simple hello [Router-Dialer1] dialer threshold 0 in-out [Router-Dialer1] ppp mp [Router-Dialer1] ip address ppp-negotiate [Router-Dialer1] dialer enable-circular [Router-Dialer1] dialer-group 1 [Router-Dialer1] dialer number 8810148 [Router-Dialer1] quit
# Configure the static route to segment 65.0.0.0 where the network access server is located.
[Router] ip route-static 65.0.0.0 255.0.0.0 Dialer 1 preference 60
To interoperate with the DMS 100, you must configure two commands: isdn two-tei and isdn number-property 0. The isdn two-tei command allows each call on the BRI interface to use a unique TEI. The isdn number-property 0 command sets the numbering plan and numbering type in the called-party information element in ISDN Q.931 SETUP messages to unknown. In addition, if the carrier allocates an LDN, you must configure it. The dialer threshold 0 in-out command that is configured on interface dialer 1 allows the system to bring up another B channel automatically after bringing up a BRI link. You can do this without a flow control mechanism, and the links that have been brought up are not disconnected automatically.
Troubleshooting
Symptom
Two routers are interconnected via an ISDN PRI or BRI line and they cannot ping each other.
Analysis
The causes may be: The interface is not configured or activated. The dial-up configuration is wrong. The line is not well connected.
Solution
Execute the display isdn call-info command. If no prompt appears in the system, it indicates no ISDN PRI interface exists. It is necessary to configure interfaces. For specified configuration method, see the contents about configuration of CE1/PRI interface and CT1/PRI interface in Interface module. If ISDN
89
is not in multi-frame operation status on a PRI interface, or if ISDN is not in TEI_ASSIGNED status on a BRI interface, it may be not physically connected well. If Q.921 debugging has been enabled, and ISDN on PRI is in multi-frame creation mode and that on BRI is in TEI configured mode, check whether dial-up configuration is correct. If the maintaining information Q921 send data fail (L1 return failure). is output, it indicates that the physical layer has not been activated. In this case, execute the shutdown or undo shutdown command to disable or re-enable interfaces. Check whether the dial-up configuration is correct. If dial-up is correctly configured and the maintaining information Q921 send data fail (L1 return failure). is not output, the ISDN line may be not connected well.
90
Frame relay configuration

Frame relay is essentially simplified X.25 WAN technology. It uses statistical multiplexing technology and can establish multiple virtual circuits over a single physical cable to make full use of network bandwidth. Frame relay uses DLCIs to identify virtual circuits and maintain the status of each virtual circuit with the LMI protocol.
Frame relay interface types

As shown in Figure 22, frame relay enables communication between user devices such as routers and hosts. The user devices are also called data terminal equipment, or DTE. They are connected to a frame relay network through the DTE interface. The devices that provide access to the frame relay network for DTEs are called data communications equipment, or DCE. A DCE is connected to a DTE with a DCE interface on the UNI side and to a frame relay switch in the frame relay network with a NNI on the NNI side. The switches in the frame relay cloud are interconnected with the NNI. In actual applications, a DTE interface can connect to only a DCE interface, and an NNI interface can connect to only an NNI interface. On a frame relay switch, the frame relay interface should be an NNI or DCE interface. As shown in Figure 22, Router B and Router C form a simple frame relay network, to which DTE devices Router A and Router D are attached. See that the DTE and DCE are identified on only the UNI interface. A virtual circuit between two DTE devices can be assigned different DLCIs on different segments. Figure 22 An example frame relay network
Frame relay network
Router A
Router B
Router C
Router D
DTE
S2/0 DLCI=100
S2/0 DCE
S2/1 NNI DLCI 200 =
S2/0 NNI
S2/1 DCE
S2/0 DTE DLCI 300 =
UNI
NNI
UNI
Virtual circuit
Virtual circuits are logical paths established between two devices. Depending on how they are set up, virtual circuits fall into two groups: PVCs, which are pre-configured by network administrators and maintain until being manually removed. SVCs are analogous to dialup connections. They are dynamically set up or cleared on an as-needed basis through protocol negotiation.
91
PVCs are used far more than SVCs.
Data link connection identifier

A DLCI is a unique number assigned to a virtual circuit endpoint in a frame relay network for the addressing purpose. A DLCI uniquely identifies a particular virtual circuit on a physical link and has local significance only to that link. A DLCI can be used on different physical ports to address different virtual circuits and a virtual circuit between two DTE devices may be addressed with different DLCIs at the two ends, as shown in Figure 22. As the virtual circuits in a frame relay network are connection oriented, each DLCI on a physical port is destined for a distinct remote device. DLCIs can be regarded the frame relay addresses of remote devices. The maximum number of PVCs that can be created on a frame relay interface is 1024. The user configurable DLCIs for the PVCs are in the range 16 to 1007. Other DLCIs are reserved for special purposes. For example, DLCI 0 and DLCI 1023 are reserved for the LMI protocol to transfer control messages.
Frame relay address mapping

Frame relay address mapping associates the protocol address of a remote device with its frame relay address (local DLCI) so that the upper layer protocol, IP for example, can locate the remote device. Take delivering an IP packet across a frame relay network for example. After a DTE device receives an IP packet, it looks up the IP routing table for the outgoing interface and next hop address. If the outgoing interface is enabled with frame relay, the device must look up the frame relay address mapping table based on the next hop IP address for the DLCI. The address mappings can be static ones administratively created or dynamic ones created with the InARP. The following describes how frame relay uses InARP to create an address mapping: Once a new virtual circuit is created, InARP sends an inverse ARP request over the circuit to request the peer end for its protocol address. This request also conveys the local protocol address. When the peer device receives the request, it creates an address mapping based on the protocol address in the request and responds with its protocol address. When the local end receives the response, it creates the address mapping for the peer. For virtual circuits that have static address mappings, InARP is not performed regardless of whether the mappings are correct or not. In addition, the inverse ARP request recipient does not create a mapping based on the protocol address in the request if a static entry is already available for the address.
LMI protocol
Frame relay uses the LMI protocol to set up virtual circuits and maintain their status between DTE and DCE. The system supports three LMI standards: ITU-T Q.933 Annex A ANSI T1.617 Annex D Nonstandard LMI (compatible with other vendors)
To communicate properly, the DTE and the DCE must use the same type of LMI. LMI uses the status inquiry message and the status messages to maintain the link status and PVC status, for example, to advertise new PVCs, detect deleted PVCs, monitor PVC status changes, and verify link integrity. For these purposes, the DTE sends status inquiry messages regularly to the DCE to request for the availability
92
of individual PVCs. On receiving a status inquiry, the DCE responds with a status message that describes the status of each virtual circuit on the physical link. For a DTE, the status of a PVC is determined by the DCE. For a DCE, the status is determined by the frame relay network. Table 2 lists the major parameters ITU-T Q.933 Annex A uses for message exchange. Configure these parameters to optimize device performance. Table 2 Parameter description for frame relay protocol Device role Timer/counter Value range Default value Description
Sets the frequency with which status inquires expect a full status report. Full status polling counter (N391) 1 to 255 6 Suppose the N391 is set to 5. Every fifth status inquiry sent by the DTE asks for a full status report. The intermediate inquiries ask for a keepalive exchange only. Sets the number of errors required for LMI to declare a link dead, within the event count specified by N393. Sets the monitored event count. If the number of errors within the N393 status inquiries reaches N392, the DTE considers that the error threshold is reached. Sets the interval (in seconds) at which the DTE sends a status inquiry message. An error is recorded if no reply is received before the timer expires. Sets the number of errors required for LMI to declare a link dead, within the event count specified by N393. Sets the monitoring interval for error counts. Sets the interval (in seconds) for receiving a status inquiry message. If no status inquiry message is received before the timer expires, an error is recorded.
DTE
Error threshold counter (N392)
1 to 10
Monitored events counter (N393) Keepalive (link integrity verification polling) timer (T391) Error threshold counter (N392) Monitored events count (N393) Keepalive (polling verification) timer (T392)
1 to 10
0 to 32767 0 means LMI disabled. 1 to 10 10
DCE
1 to 10
5 to 30
15
Typical application scenarios

Use frame relay to construct a public or private network, as shown in Figure 23, and even direct connections between data equipment, as shown in Figure 24.
93
Figure 23 Interconnect LANs through a frame relay cloud

Router A
S2/0 202.38.163.251/24
Router B
S2/0 202.38.163.252/24
DLCI=50 DLCI=60
DLCI=70 Router C
FR
S2/0 202.38.163.253/24
DLCI=80
Figure 24 Interconnect LANs through a dedicated line

S2/0 202.38.163.251/24 S2/0 202.38.163.252/24
Router A
DLCI=100
Router B
Frame relay configuration task list

Complete the following tasks to configure frame relay: Task
Configuring basic DTE side frame relay Configuring frame relay address mappings Configuring DTE side frame relay Configuring a frame relay local virtual circuit Configuring a frame relay subinterface Configuring Annex G Marking the DE bit Configuring basic DCE side frame relay Configuring frame relay address mapping Configuring frame relay local virtual circuit Configuring DCE side frame relay Configuring frame relay subinterface Configuring frame relay switching Configuring frame relay over IP Configuring Annex G Marking the DE bit Enabling the trap function
Remarks
Required Required Required Optional Optional Optional Required Required Required Optional Optional Optional Optional Optional Optional
Configure an NNI interface in the same way as configuring a DCE interface. For the configuration procedure, see Configuring DCE side frame relay. If one endpoint of a link is an NNI interface, the peer endpoint must also be an NNI interface.
94
Configuring DTE side frame relay

Configuring basic DTE side frame relay
To configure DTE side frame relay: To do...
1. Enter system view. 2. Enter the view of the interface connecting to the Frame Relay network. 3. Enable frame relay on the interface. 4. Set the frame relay interface type to DTE.
Use the command...

system-view interface interface-type interface-number link-protocol fr [ ietf | nonstandard ]
Remarks
Required. The default link layer protocol of a WAN interface is PPP. Optional. DTE by default. Optional.
fr interface-type dte
5. Configure frame relay LMI protocol type.
fr lmi type { ansi | nonstandard | q933a | bi-direction }
q933a by default. Support for the bi-direction parameter varies with device models. Optional. 6 by default. Optional. 3 by default. Optional. 4 by default. Optional. 10 seconds by default.
6. Configure DTE side N391.
fr lmi n391dte n391-value
9. Configure DTE side T391.
timer hold seconds
Configuring frame relay address mappings

Configure frame relay address mappings in one of the following ways: Manually create static mappings between remote IP addresses and local DLCIs. Use this approach when the network topology is relatively stable and no new users are expected in a certain period of time. Because static mappings do not change, the network connections are stable, and attacks from unknown users are avoided. Use InARP to dynamically create mappings between peer IP addresses and local DLCIs. Use this approach in complicated networks and make sure that the peer device also supports InARP.
Configuring static frame relay address mappings

To configure static frame relay address mappings:
95
To do...
Use the command...

system-view interface interface-type interface-number fr map ip { ip-address [ mask ] | default } dlci-number [ broadcast | [ ietf | nonstandard ] ] * [ compression { frf9 | iphc connections number } ]
Remarks
Required. No static frame relay address mappings are configured by default.
3. Create a static frame relay address mapping.
Configuring dynamic frame relay address mapping

To configure dynamic frame relay address mapping: To do...
1. Enter system view. 2. Enter interface view. 3. Enable frame relay InARP for dynamic address mapping.
Use the command...

system-view interface interface-type interface-number fr inarp [ ip [ dlci-number ] ]
Remarks
You do not need to configure DLCIs for PVCs, if static address mappings are configured. Do not configure static address mapping on a P2P subinterface. A P2P subinterface carries only one PVC.
Configuring a frame relay local virtual circuit

On a DCE or NNI frame relay main interface or subinterface, you must manually create virtual circuits. On a DTE main interface, you do not necessarily create virtual circuits manually because the device can automatically create virtual circuits according to the settings received from the DCE side. On a DTE subinterface, the virtual circuit must be manually created. When manually creating virtual circuits on a DTE interface, make sure that their DLCIs are identical to those used on the DCE. A virtual circuit number is unique on a physical interface. To configure a frame relay local virtual circuit: To do...
1. Enter system view. 2. Enter interface view. 3. Configure a virtual circuit on the interface.
Use the command...

system-view interface interface-type interface-number fr dlci dlci-number
Remarks
Required. By default, no virtual circuits are created on interfaces.
If the DLCI of a PVC is changed on the DCE interface, reset both the DCE and DTE interfaces or execute the reset inarp command on both ends to enable the DTE to re-learn the correct address mappings as soon as possible. Before doing that, make sure that no services are interrupted.
96
Configuring a frame relay subinterface

Frame relay offers two types of interfaces: main interface and subinterface. The subinterface is of logical structure, which can be configured with protocol address and virtual circuit. One physical interface can include multiple subinterfaces, which do not exist physically. However, for the network layer, the subinterface and main interface make no difference and both can be configured with virtual circuits to connect to remote devices. The subinterface of frame relay falls into two types: P2P subinterface and P2MP subinterface. A P2P subinterface connects a single remote device and a P2MP subinterface connects multiple remote devices. A P2MP subinterface can be configured with multiple virtual circuits, each of which sets up an address map with its connected remote network address to distinguish different connections. Address maps can be manually set up, or dynamically set up by InARP. The methods to configure a virtual circuit and address map for P2P subinterfaces and P2MP subinterfaces are different, as described below. P2P subinterface Because only one peer address exists for a P2P subinterface, the peer address is determined when a virtual circuit is configured for the subinterface. You do not need to configure dynamic or static address mapping for P2P subinterface. P2MP subinterface For a P2MP subinterface, a peer address can be mapped to the local DLCI through static address mapping or InARP. The InARP configuration only needs to be configured on the main interface. If static address mapping is required, it is necessary to set up static address map for each virtual circuit. To configure a frame relay subinterface: To do...
1. Enter system view. 2. Create a subinterface and enter subinterface view.
Use the command...

system-view interface interface-type interface-number.subnumber [ p2mp | p2p ]
Remarks
Required. By default, a frame relay subinterface operates in point to multipoint (p2mp) mode. Required.
3. Configure a virtual circuit on the frame relay subinterface.
See Configuring a frame relay local virtual circuit.
On a frame relay subinterface, virtual circuits must be created manually and be identical to those created at the DCE end. Optional for a P2P subinterface. Required for a P2MP subinterface.
4. Configure address mappings.
See Configuring frame relay address mappings.
Configuring Annex G
ANSI T1.617 Annex G (Annex G for short) defines the way to transmit X.25 packets through frame relay virtual circuits. In an Annex G implementation, the acknowledgement/retransmission and flow-control mechanism used in X.25 are invoked to provide reliable transmission. Annex G can also connects X.25 networks through FR networks. It helps you to migrate from X.25 network to FR network and protects the investment on X.25 effectively.
97
Configuring an Annex G interface

CAUTION: Because Annex G is not compliant with Inverse-ARP, you must configure a static FR mapping for the destination IP
address.
For the two Annex G interfaces of a virtual circuit, you must configure one as the DTE and the other as the DCE. To configure an Annex G interface: To do...
1. Enter system view. 2. Enter interface view. 3. Enable frame relay on the interface.
Use the command...

system-view interface interface-type interface-number link-protocol fr [ ietf | nonstandard ]
Remarks
Required. PPP by default. Required.
4. Create a virtual circuit.
fr dlci dlci-number
This operation also leads you to interface DLCI view. By default, no virtual circuit is created on an interface.
5. Configure the VC interface as an Annex G interface.
annexg { dce | dte }
Required.
Configuring X.25 parameters for an Annex G interface

With FR address mapping configured in FR interface view, packets destined for the destination are transmitted through specific DLCI. With X.25 address mapping configured in X.25 template view, a call to the specific X.25 address is launched before a packet is sent to the destination IP address. IP packets can be transmitted correctly only when both types of address mappings are configured. The configuration performed in X.25 template view is similar to that performed in X.25 interface view. To establish an X.25 link successfully, the configurations on the devices of both sides must be consistent with each other. To configure X.25 parameters for an Annex G interface: To do...
1. Enter system view. 2. Create an X.25 template and enter its view. 3. Configure X.25 parameters. 4. Configure LAPB parameters. 5. Return to system view. 6. Enter interface view.
Use the command...

system-view x25 template name See the chapter LAPB and X.25 configuration. See the chapter LAPB and X.25 configuration. quit interface interface-type interface-number 98
Remarks
Required.
Optional. Optional.
To do...
7. Create a virtual circuit and enter its view. 8. Apply the X.25 template to the DLCI.
Use the command...

fr dlci dlci-number
Remarks
Required. By default, no virtual circuit is created on an interface. Required.
x25-template name
Marking the DE bit

The DE bit in an FR frame determines the drop precedence of the frame at times of congestion: if the DE bit is 1, the frame is dropped preferentially. Set the DE bit for an FR traffic class to redefine its drop precedence. To set the DE bit for an FR class: To do
1. Enter system view. 2. Configure a traffic class. 3. Configure a behavior with the action of marking the DE bit. Create a traffic class and enter class view. Configure the match criteria. Exit class view. Create a behavior and enter behavior view. Configure the DE bit marking action. Exit behavior view. Create a policy and enter the policy view. Associate the class with the traffic behavior in the QoS policy. Exit policy view. 5. Apply the QoS policy to an FR class. 6. Associate the FR class with an FR interface or FR PVC. Enter FR class view. Apply the QoS policy to the FR class. Exit FR class view. Associate the FR class with an FR interface. Associate the FR class Enter FR interface view. Associate the FR class with the FR interface. Enter FR interface view.
Use the command

system-view traffic classifier tcl-name [ operator { and | or } ] if-match [ not ] match-criteria quit traffic behavior behavior-name remark fr-de fr-de-value
Remarks
Required. Required.
quit
qos policy policy-name classifier tcl-name behavior behavior-name quit fr class class-name apply policy policy-name outbound quit interface interface-type interface-number fr-class class-name interface interface-type interface-number
Required. Required. Use either approach or all By default, no FR class is associated with any FR interfaces or FR
4. Configure a policy.
99
To do
with an FR PVC. Enter FR PVC view. Associate the FR class with the FR PVC.
Use the command

fr dlci dlci fr-class class-name
Remarks
PVCs.
To configure traffic classes, traffic behaviors, and QoS policies, see ACL and QoS Configuration Guide. To configure FR classes, see ACL and QoS Configuration Guide.
Configuring DCE side frame relay

Configuring basic DCE side frame relay
To configure DCE side frame relay: To do...
Use the command...

Remarks
Required.
3. Enable frame relay on the interface.
link-protocol fr [ ietf | nonstandard ]
The default link layer protocol on a WAN interface is PPP. If frame relay is enabled with no operating mode specified, the IETF standard applies. Required. DTE by default. Optional. q933a by default. Optional. 3 by default. Optional. 4 by default. Optional. 15 seconds by default.
4. Configure the frame relay interface type as DCE or NNI. 5. Configure the frame relay LMI protocol type. 6. Configure network side N392.
fr interface-type { dce | nni } fr lmi type { ansi | nonstandard | q933a } fr lmi n392dce n392-value
7. Configure network side N393.
fr lmi n393dce n393-value
8. Configure network side T392.
fr lmi t392dce t392-value
Configuring frame relay address mapping

See Configuring frame relay address mappings.
Configuring frame relay local virtual circuit

See Configuring a frame relay local virtual circuit.
100
Configuring frame relay subinterface

See Configuring a frame relay subinterface.
Configuring frame relay switching

A device with frame relay switching enabled can work as a frame relay switch. To configure frame relay switching, configure static routes in interface view, or configure PVCs in system view. The interfaces used for frame relay switching must be NNI or DCE. To configure frame relay switching: To do...
1. Enter system view. 2. Enable frame relay switching. 3. Enter interface view.
Use the command...

system-view fr switching interface interface-type interface-number
Remarks
Required. Required.
4. Set the type of an interface for frame relay switching to NNI or DCE.
fr interface-type { dce | nni }
The default frame relay interface type is DTE, which does not support frame relay switching. Required. No static routes are configured for frame relay switching by default. IMPORTANT:
The static routes are

Configure static routes for frame relay switching in interface view. fr dlci-switch in-dlci interface interface-type interface-number dlci out-dlci unidirectional. To ensure normal communication, you must create a route for returning traffic on the outgoing interface specified in this command.
5. Configure frame relay switching (either by configurin g static routes or PVCs).
The DLCIs used in this

command must have been configured on the interfaces. quit Configure a PVC for frame relay switching in system view. fr switch name interface interface-type interface-number dlci dlci1 interface interface-type interface-number dlci dlci2 fr switch name Required. A PVC created in this approach is bidirectional. Optional. Enter frame relay switching PVC view
101
To do...
Use the command...

undo shutdown
Remarks
Optional. Enable the current switching PVC
Configuring frame relay over IP

Before configuring frame relay over IP network, it is necessary to create and configure a tunnel interface. After the GRE tunnel interface is set up, specify it for transmitting frame relay packets over IP network. You must configure a static route for frame relay switching in frame relay interface view or MFR interface view at both ends of the GRE tunnel, or configure a PVC for frame relay switching in system view. After that, the system adds two route entries to the frame relay routing table. In one route entry, the incoming interface is the tunnel interface and the outgoing interface is the frame relay interface. In the other route entry, the incoming interface is the frame relay interface and the outgoing interface is the tunnel interface. On the tunnel interface, a virtual circuit identified by out-dlci is also generated. The status of this virtual circuit determines the status of the two routes. The virtual circuit must be assigned the same DLCI (out-dlci) on the tunnel interfaces at both ends of the GRE tunnel. To interconnect two frame relay networks across an IP network, Frame Relay over IP was developed. The idea is to create a GRE tunnel between frame relay networks to tunnel frame relay packets across the IP network, as shown in Figure 25. Figure 25 Typical implementation diagram of frame relay over IP
Frame Relay network Frame Relay network
IP network GRE tunnel
GRE tunneled frame relay packets fall into three categories: FR packets that carry IP data InARP packets LMI packets used for negotiating virtual circuit status in the GRE tunnel
Configure static routes in interface view or configure PVCs in system view for frame relay switching. The interfaces used for frame relay switching must be NNI or DCE. To configure frame relay over IP: To do...
Use the command...

system-view
Remarks
102
To do...
2. Create a tunnel interface in system view and configure the tunnel interface. 3. Return to system view. 4. Enable frame relay switching. 5. Enter interface view. 6. Set the type of an interface for frame relay switching to NNI or DCE. Configure static routes for frame relay switching in interface view.
Use the command...

To create and configure a tunnel interface, see Layer 3IP Services Configuration Guide. quit fr switching interface interface-type interface-number
Remarks
Required.
Required. Required.
fr interface-type { dce | nni }
The default frame relay interface type is DTE, which does not support frame relay switching. Required.
fr dlci-switch in-dlci interface tunnel interface-number dlci out-dlci
No static routes are configured for frame relay switching by default. You do not need to configure a static route on the tunnel interface. Required. No PVC for frame relay switching exists by default. Optional. Optional.
7. Configure frame relay switching either by configuri ng static routes or PVCs.
quit Configure a PVC for frame relay switching in system view. fr switch name interface interface-type interface-number dlci dlci1 interface tunnel interface-number dlci dlci2 fr switch name undo shutdown
After a PVC is created, its status is up by default.
Configuring Annex G
See Configuring Annex G.
Marking the DE bit

See Marking the DE bit in the section for configuring DTE side frame relay.
Enabling the trap function

The trap function enables the frame relay module to report critical events to the information center. Configure the information center to output interesting trap messages to a destination (for example, the console) for analysis. For more information about how to configure the information center, see Network Management and Monitoring Configuration Guide. To enable the trap function for the frame relay module:
103
To do
1. Enter system view. 2. Enable trap for frame relay.
Use the command

system-view snmp-agent trap enable fr
Remarks
Optional. By default, trap is enabled for frame relay.
For more information about the snmp-agent trap enable fr command, see Network Management and Monitoring Command Reference.
Displaying and maintaining frame relay

To do... Use the command...
display interface mfr { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ mfr ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display fr map-info [ interface interface-type { interface-number | interface-number.subnumber } ] [ | { begin | exclude | include } regular-expression ] display fr lmi-info [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display fr statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display fr pvc-info [ interface interface-type { interface-number | interface-number.subnumber } ] [ dlci-number ] [ | { begin | exclude | include } regular-expression ] display fr inarp-info [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display fr dlci-switch [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display x25 template [ name ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display frame relay protocol status on an interface.
Display the mapping table of protocol address and frame relay address.
Display receiving/sending statistics of frame relay LMI type messages.
Display incoming and outgoing frame relay data statistics.
Display frame relay permanent virtual circuit table.
Display statistics of frame relay InARP messages.
Display the information of configured frame relay switching. Display the configuration of an X.25 template.
104
To do...
Clear all the automatically established frame relay address mappings. Clear the statistics for an FR PVC.
Use the command...

reset fr inarp reset fr pvc interface serial interface-number [ dlci dlci-number ]
Remarks
Frame relay configuration examples

Connecting LANs through a frame relay network
As shown in Figure 26, connect LANs through a public frame relay network. The routers can only work as DTE. Figure 26 Network diagram
Router A
S2/0 202.38.163.251/24
Router B
S2/0 202.38.163.252/24
DLCI=50 DLCI=60
DLCI=70 Router C
FR
S2/0 202.38.163.253/24
DLCI=80
1.
Configure Router A.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 202.38.163.251 255.255.255.0
# Enable frame relay on the interface.

[RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] fr interface-type dte
# If the opposite router supports InARP, configure dynamic address mapping.

[RouterA-Serial2/0] fr inarp
# Otherwise, configure static address mappings.

[RouterA-Serial2/0] fr map ip 202.38.163.252 50 [RouterA-Serial2/0] fr map ip 202.38.163.253 60
2.
Configure Router B.
105

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 202.38.163.252 255.255.255.0

[RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dte

[RouterB-Serial2/0] fr inarp
# Otherwise, configure a static address mapping.

[RouterB-Serial2/0] fr map ip 202.38.163.251 70
3.
Configure Router C.

<RouterC> system-view [RouterC] interface serial 2/0 [RouterC-Serial2/0] ip address 202.38.163.253 255.255.255.0

[RouterC-Serial2/0] link-protocol fr [RouterC-Serial2/0] fr interface-type dte

[RouterC-Serial2/0] fr inarp
# Otherwise, configure a static address mapping.

[RouterC-Serial2/0] fr map ip 202.38.163.251 80
Connecting LANs with a dedicated line

As shown in Figure 27, configure Router A to work in DCE mode, and configure Router B to work in DTE mode. Figure 27 Network diagram
S2/0 202.38.163.251/24 S2/0 202.38.163.252/24
Router A
DLCI=100
Router B
Approach I: On main interfaces
1.
Configure Router A.

# Enable frame relay on the interface and configure the interface to operate in DCE mode.
106
[RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] fr interface-type dce
# Configure a local virtual circuit.

[RouterA-Serial2/0] fr dlci 100
2.
Configure Router B.

# Enable frame relay on the interface and configure the interface to operate in DTE mode.
[RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dte
Approach II: On subinterfaces

3.
Configure Router A.
# Enable frame relay on interface Serial 2/0 and configure the interface to operate in DCE mode.
<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] fr interface-type dce [RouterA-Serial2/0] quit
# Configure the IP address and DLCI of the subinterface Serial 2/0.1.

[RouterA] interface serial 2/0.1 p2p [RouterA-Serial2/0.1] ip address 202.38.163.251 255.255.255.0 [RouterA-Serial2/0.1] fr dlci 100
4.
Configure Router B.
# Enable frame relay on interface Serial 2/0 and configure the interface to operate in DTE mode.
<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] quit
# Configure IP address of the subinterface and local virtual circuit.

[RouterB] interface serial 2/0.1 p2p [RouterB-Serial2/0.1] ip address 202.38.163.252 255.255.255.0 [RouterB-Serial2/0.1] fr dlci 100
Connecting LANs through an Annex G DLCI

As shown in Figure 28, use frame relay PVCs to transmit X.25 packets, configure Router A to work in DCE mode and Router B to work in DTE mode.
107

S2/0 202.38.163.251/24 X121 address: 10094 S2/0 202.38.163.252/24 X121 address: 20094
Router A
DLCI=100
Router B
1.
Configure Router A.
# Create an X.25 template.

<RouterA> system-view [RouterA] x25 template vofr
# Configure the local X.25 address.

[RouterA-x25-vofr] x25 x121-address 10094
# Configure the X.25 address mapping to the destination IP address.

[RouterA-x25-vofr] x25 map ip 202.38.163.252 x121-address 20094 [RouterA-x25-vofr] quit
# Assign an IP address to the local interface.

[RouterA] interface serial 2/0 [RouterASerial2/0] ip address 202.38.163.251 255.255.255.0
# Enable frame relay on the interface and configure the interface to operate in DCE mode.
[RouterASerial2/0] link-protocol fr [RouterASerial2/0] fr interface-type dce
# Create a PVC.
[RouterASerial2/0] fr dlci 100
# Configure the PVC to work in Annex G DCE mode.

[RouterA-fr-dlci-Serial2/0-100] annexg dce
# Apply the X.25 template to the PVC.

[RouterA-fr-dlci-Serial2/0-100] x25-template vofr [RouterA-fr-dlci-Serial2/0-100] quit
# Configure the FR address mapping to the destination IP address.

[RouterASerial2/0] fr map ip 202.38.163.252 100
2.
Configure Router B.

<RouterB> system-view [RouterB] x25 template vofr
# Configure the local X.25 address.

[RouterB-x25-vofr] x25 x121-address 20094
# Configure the X.25 address mapping to the destination IP address.

[RouterB-x25-vofr] x25 map ip 202.38.163.251 x121-address 10094 [RouterB-x25-vofr] quit
# Assign an IP address to the local interface.

[RouterB] interface serial 2/0 [RouterBSerial2/0] ip address 202.38.163.252 255.255.255.0
108
# Enable frame relay on the interface and configure the interface to operate in DTE mode.
[RouterBSerial2/0] link-protocol fr [RouterBSerial2/0] fr interface-type dte
# Create a frame relay PVC.

[RouterBSerial2/0] fr dlci 100
# Configure the PVC to operate in Annex G DTE mode.

[RouterB-fr-dlci-Serial2/0-100] annexg dte
# Apply the X.25 Template to the PVC.

[RouterB-fr-dlci-Serial2/0-100] x25-template vofr [RouterB-fr-dlci-Serial2/0-100] quit
# Configure the FR address mapping to the destination IP address.

[RouterBSerial2/0] fr map ip 202.38.163.251 100
Troubleshooting frame relay

Symptom 1
The physical layer is in down status.
Solution
Check the following items: Check the physical line. Check that the remote device is correctly working.
Symptom 2
The physical layer is already up, but the link layer protocol is down.
Solution
Check the following items: Check that frame relay is enabled on the peer devices. If the two devices are directly connected, check that one end is in DTE mode and the other end is in DCE mode. Check that the both ends are using the same LMI protocol. If the problem persists, execute the debugging lmi command to check that one Status Response message is received for each Status Request message. If not, check the physical layer.
Symptom 3
The link layer protocol is up, but the remote party cannot be pinged.
Solution
Check the following items: Check that the devices at both ends have configured (or created) correct address mapping for the peer. Check that a route to the peer exists if the devices are not in the same subnet segment.
109
Frame relay compression configuration

Frame relay compression technique compresses frame relay packets to save network bandwidth, reduces network load, and improves the data transfer efficiency on the frame relay network. The device supports FRF.9 stac compression (called FRF.9) and FRF.20 IPHC, which is called FRF.20.
FRF.9
FRF.9 classifies packets into two types: control packets and data packets. Control packets are used for status negotiation between the two ends of DLCI where the compression protocol has been configured. FRF.9 data packets cannot be switched before the negotiation succeeds. If FRF.9 fails to negotiate the state after ten FRF.9 control packets are sent, the negotiating parties stop negotiation and the compression configuration does not take effect. FRF.9 compresses only data packets and InARP packets. It does not compress LMI packets. FRF.9 stac compression is suitable for low speed links.
FRF.20
FRF.20 compresses the IP header (including the RTP/TCP header) of packets transmitted over frame relay. For example, you may use it to compress voice packets (RTP packets) to save bandwidth, decrease load, and improve transmission efficiency on a frame relay network. FRF.20 classifies packets into control packets and data packets. Control packets are sent between FRF.20-enabled interfaces to negotiate status information. The interfaces cannot exchange FRF.20 data packets before the negotiation succeeds. If FRF.20 fails to negotiate the state after ten control packets are sent, the interfaces stop negotiation and their compression settings do not take effect. FRF.20 compresses only RTP packets and TCP ACK packets.
Configuring frame relay compression

Configuring FRF.9 compression
Frame relay main interface is a P2MP interface, and frame relay subinterface includes the following types: P2P and P2MP. The configuration of frame relay FRF.9 compression varies by different interface types. For a P2P subinterface, use the fr compression frf9 command to enable FRF.9 compression in subinterface view. For a P2MP frame relay interface or subinterface, the frame relay compression is configured when creating static address mapping. To configure FRF.9 compression: To do...
Use the command...

system-view
Remarks
110
To do...
Use the command...

Remarks
2. Enter frame relay interface or subinterface view.
or interface serial interface-number.subnumber
3. Configure FRF.9 compression (use either one according to interface type).
Optional. For P2P subinterface, enable FRF.9 compression. fr compression frf9 FRF.9 compression is disabled by default.
For a P2MP interface, enable FRF.9 compression when creating static address mapping.
fr map ip { ip-address [ mask ] | default } dlci-number [ broadcast | [ ietf | nonstandard ] ] * compression frf9
Optional.
To make FRF.9 compression take effect, enable it on both ends. The fr compression frf9 command is applicable to only P2P subinterfaces with IETF frame relay enabled. Before configuring the fr compression frf9 command on a subinterface, configure a DLCI on it first. After enabling or disabling FRF.9 compression on a subinterface, re-enable the subinterface using the shutdown command and then the undo shutdown command to make the configuration take effect. FRF.9 compression requires a synchronization procedure. If packets are out of order when being compressed, the compression is prone to failure.
Configuring FRF.20 IP header compression

The frame relay function provides IP header compression including RTP/TCP header compression. Enable IP header compression on interfaces or when configuring static address mapping. To configure FRF.20 IP header compression: To do...
Use the command...

Remarks
Optional.
3. Configure FRF.20 IP header compression (select either method).
fr compression iphc Enable FRF.20 IP header compression on an interface and provide FRF.20 IP header compression option.
FRF.20 IP header compression is disabled on interface by default. Optional.
fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 | tcp-include }
FRF.20 IP header compression option is not provided by default.
111
To do...
Enable FRF.20 IP header compression when creating a static address mapping.
Use the command...

fr map ip { ip-address [ mask ] | default } dlci-number [ broadcast | [ ietf | nonstandard ] ] * compression iphc connections number
Remarks
Optional. No static address mapping is configured by default.
Displaying and maintaining frame relay compression

To do...
Display statistics about FRF.9 compression.
Use the command...

display fr compress [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display fr iphc [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display statistics about FRF.20 IP header compression.
Frame relay compression configuration examples

Frame relay FRF.9 stac compression configuration example
As shown in Figure 29, Router A and Router B are connected through a frame relay network. Enable frame relay compression function (FRF.9) between them. Figure 29 Network diagram for frame relay FRF.9 stac compression
S2/0 10.110.40.1/24
Router A
Frame Relay network
S2/0 10.110.40.2/24
Router B
1.
Configure Router A.
# Enable frame relay on interface Serial 2/0.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr
# Configure an IP address for interface Serial 2/0.

[RouterA-Serial2/0] ip address 10.110.40.1 255.255.255.0
# Configure interface Serial 2/0 to operate in DTE mode.

[RouterA-Serial2/0] fr interface-type dte
# Create an IP address map entry and enable FRF.9 compression on interface Serial 2/0.
112
[RouterA-Serial2/0] fr map ip 10.110.40.2 100 compression frf9
2.
Configure Router B.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr

[RouterB-Serial2/0] ip address 10.110.40.2 255.255.255.0

[RouterB-Serial2/0] fr interface-type dte
# Create an IP address map entry and enable FRF.9 compression on interface Serial 2/0.
[RouterB-Serial2/0] fr map ip 10.110.40.1 100 compression frf9
3.
Verification
# Ping Router B from Router A.

<RouterA> ping 10.110.40.2 PING 10.110.40.2: 56 data bytes, press CTRL_C to break Reply from 10.110.40.2: bytes=56 Sequence=1 ttl=255 time=13 ms Reply from 10.110.40.2: bytes=56 Sequence=2 ttl=255 time=12 ms Reply from 10.110.40.2: bytes=56 Sequence=3 ttl=255 time=12 ms Reply from 10.110.40.2: bytes=56 Sequence=4 ttl=255 time=12 ms Reply from 10.110.40.2: bytes=56 Sequence=5 ttl=255 time=12 ms --- 10.110.40.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 12/12/13 ms
# Display statistics about packet compression on Router A.

<RouterA> display fr compress Serial2/0 -DLCI:100 enable frame-relay compression uncompressed bytes send/receive : 595/595 compressed bytes send/receive : 159/157 1 min 5 min avg ratio send/receive : avg ratio send/receive : 0.000/0.000 0.267/0.264
Frame relay FRF.20 IP header compression configuration example

As shown in Figure 30, Router A and Router B are interconnected with a frame relay link. Enable FRF.20 IP compression on the two routers.
113
Figure 30 Network diagram for frame relay FRF.20 IP header compression

S2/0 10.1.1.1/24 S2/0 10.1.1.2/24 S2/1 12.1.1.1/24 S2/0 12.1.1.2/24
Router A
Router B
Router C
1.
Configure Router A.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr

[RouterA-Serial2/0] ip address 10.1.1.1 24

[RouterA-Serial2/0] fr interface-type dte [RouterA-Serial2/0] quit
# Configure a static route, setting the destination IP address to 12.1.1.2/24 and next hop IP address to 10.1.1.2.
[RouterA] ip route-static 12.1.1.2 24 10.1.1.2
2.
Configure Router B.

<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr

# Configure interface Serial2/0 to operate in DCE mode.

[RouterB-Serial2/0] fr interface-type dce
# Configure a frame relay DLCI for interface Serial 2/0.

[RouterB-Serial2/0] fr dlci 100 [RouterB-fr-dlci-Serial2/0-100] quit [RouterB-Serial2/0] quit

[RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol fr

# Configure interface Serial 2/1 to operate in DCE mode.

[RouterB-Serial2/1] fr interface-type dce
# Configure a frame relay DLCI for interface Serial 2/1.

[RouterB-Serial2/1] fr dlci 100 [RouterB-fr-dlci-Serial2/1-100] quit
114
# Enable FRF.20 compression on interface Serial 2/1, and configure interface Serial 2/1 to include TCP header compression when performing RTP compression.
[RouterB-Serial2/1] fr compression iphc [RouterB-Serial2/1] fr iphc tcp-include
3.
Configure Router C.

<RouterC> system-view [RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol fr

[RouterC-Serial2/0] ip address 12.1.1.2 24

[RouterC-Serial2/0] fr interface-type dte
# Enable FRF.20 compression on interface Serial 2/0, and configure interface Serial 2/0 to include TCP header compression when performing RTP compression.
[RouterB-Serial2/0] fr compression iphc [RouterB-Serial2/0] fr iphc tcp-include [RouterC-Serial2/0] quit
# Configure a static route, setting the destination IP address to 10.1.1.1/24 and next hop IP address to 12.1.1.1.
[RouterC] ip route-static 10.1.1.1 24 12.1.1.1
4.
Verification
# Telnet to Router C from Router A.

<RouterA> telnet 12.1.1.2 Trying 12.1.1.2 ... Press CTRL+K to abort Connected to 12.1.1.2 ... ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. * * *
******************************************************************************
# Display FRF.20 compression statistics on Router B.

<RouterB> display fr iphc Serial2/1 -DLCI:100 RTP header compression information: Compression: Total packets: Link searches: Bytes saved Decompression: Total packets: Errors : 0 , Packets compressed: 0 0 : 0 , Packets compressed: 0 , Search missed 0 , Bytes sent : : 0 0 0
Compression-connections: 16 , Decompression-connections: 16 Information of TCP header compression:
115
Compression: Total packets: Link searches: Bytes saved Decompression: Total packets: Errors : 0 , Packets compressed: 0 0 : 31 , Packets compressed: 0 , Search Missed 976 , Bytes sent : : 28 2 314
Compression-connections: 16 , Decompression-connections: 16
116
Multilink frame relay configuration

MFR is a cost effective bandwidth solution. It is based on the FRF.16 protocol of the frame relay forum and implemented on DTE/DCE interfaces. MFR provides MFR interfaces, a type of logical interface. An MFR interface is formed by a bundle of frame relay physical links to provide high transmission speed and bandwidth beyond the capabilities of a single link. For the purpose of this document, an MFR interface is called a bundle and the physical links within it are called bundle links. A bundle manages its bundle links, as shown in Figure 31: Figure 31 An MFR bundle
Bundle Bundle Link Bundle Link Bundle Link
The bundle links works in the physical layer, and the bundle works in the data link layer. Configuring a bundle and its bundle links is to configure an MFR interface and its member physical interfaces. The functionality and configuration of the MFR interface is the same as that of the FR interface. Similar to the FR interface, the MFR interface supports DTE and DCE modes as well as QoS queuing. After physical interfaces are bundled into an MFR interface, their original network layer and frame relay link layer parameters are replaced with the parameter settings of the MFR interface. To reduce overheads and maximize the bandwidth of an MFR interface, assign physical links of the rate rather than different rates to it. You can configure subinterfaces on an MFR interface.
Configuring multilink frame relay

Configuring an MFR bundle
To configure an MFR bundle: To do...
Use the command...

system-view
Remarks
Required.
2. Create an MFR interface and enter MFR interface view.
interface mfr { interface-number | interface-number.subnumber [ p2mp | p2p ] }
No MFR interface or subinterface exists by default. Before creating an MFR subinterface, make sure that the specific main MFR interface already exists.
117
To do...
Use the command...
Remarks
Optional. The default bundle identifier is MFR + frame relay bundle number, for example, MFR4. You cannot set a bundle identifier in the MFR number format.
3. Set the MFR bundle identifier.
mfr bundle-name [ name ]
4. Enable MFR fragmentation. 5. Configure the size of the MFR sliding window. 6. Configure maximum fragment size for bundle link. 7. Configure other parameters of the MFR interface.
mfr fragment
Optional. Disabled by default. Optional.
mfr window-size number
The size of the MFR sliding window is equal to the number of physical interfaces bundled by MFR by default. Optional. 300 bytes by default. Optional.
mfr fragment-size bytes
See the chapter Frame relay configuration.
The fr interface-type command and the fr inarp command are applicable to only main MFR interfaces.
Configuring an MFR bundle link

To configure an MFR bundle link: To do...
1. Enter system view. 2. Enter frame relay interface view. 3. Assign the current interface to an MFR interface. 4. Configure the MFR bundle link identifier. 5. Configure the hello message sending interval for the MFR bundle link. 6. Configure the waiting time before the MFR bundle link resends hello messages.
Use the command...

Remarks
Required.
link-protocol fr mfr interface-number
An interface is not assigned to any MFR interface by default. Optional.
mfr link-name [ name ]
The name of the current interface is used by default. Optional. 10 seconds by default.
mfr timer hello seconds
mfr timer ack seconds
Optional. 4 seconds by default.
118
To do...
7. Configure the maximum times that the MFR bundle link can resend hello messages.
Use the command...
Remarks
mfr retry number
Displaying and maintaining multilink frame relay

To do...
Display configuration and status of an MFR interface. Display configuration and statistics of an MFR bundle and bundle links. Clear statistics of MFR interfaces.
Use the command...

display interface mfr [ interface-number | interface-number.subnumber] [ | { begin | exclude | include } regular-expression ] display mfr [ interface interface-type interface-number | verbose ] [ | { begin | exclude | include } regular-expression ] reset counters interface [ mfr [ interface-number | interface-number.subnumber ] ]
Remarks
Multilink frame relay configuration examples

MFR direct connection configuration example
Router A and Router B are directly connected through Serial 2/0 and Serial 2/1. The frame relay protocol bundles the two serial ports to provide broader bandwidth. Figure 32 Network diagram of MFR direct connection
Router A
S2/0 S2/1 MFR 4 10.140.10.1/24 S2/0 S2/1 MFR 4 10.140.10.2/24
Router B
1.
Configure Router A.
# Create and configure MFR interface 4 (MFR4)

<RouterA> system-view [RouterA] interface mfr 4 [RouterA-MFR4] ip address 10.140.10.1 255.255.255.0 [RouterA-MFR4] fr interface-type dte [RouterA-MFR4] fr map ip 10.140.10.2 100 [RouterA-MFR4] quit
119
# Bundle Serial 2/0 and Serial 2/1 to MFR4.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr mfr 4 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol fr mfr 4
2.
Configure Router B.
# Create and configure MFR4.

<RouterB> system-view [RouterB] interface mfr 4 [RouterB-MFR4] ip address 10.140.10.2 255.255.255.0 [RouterB-MFR4] fr interface-type dce [RouterB-MFR4] fr dlci 100 [RouterB-fr-dlci-MFR4-100] quit [RouterB-MFR4] fr map ip 10.140.10.1 100 [RouterB-MFR4] quit
# Bundle Serial 2/0 and Serial 2/1 to MFR4.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr mfr 4 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol fr mfr 4
MFR switched connection configuration example

Router A and Router C are connected through MFR to Router B where MFR switching is enabled. Figure 33 Network diagram for MFR switching
Router A
S2/0 S2/1 MFR 1 1.1.1.1/8 MFR 1 S2/0 S2/1
Router B
S2/2 S2/3 MFR 2 MFR 2 1.1.1.2/8 S2/0 S2/1
Router C
1.
Configure Router A.
# Configure interface MFR1.

<RouterA> system-view [RouterA] interface mfr 1 [RouterA-MFR1] ip address 1.1.1.1 255.0.0.0 [RouterA-MFR1] quit
# Add Serial 2/0 and Serial 2/1 to interface MFR1.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr mfr 1 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1
120
[RouterA-Serial2/1] link-protocol fr mfr 1 [RouterA-Serial2/1] quit
2.
Configure Router B.
# Enable frame relay switching.

<RouterB> system-view [RouterB] fr switching

[RouterB] interface mfr 1 [RouterB-MFR1] fr interface-type dce [RouterB-MFR1] fr dlci 100 [RouterB-fr-dlci-MFR1-100] quit [RouterB-MFR1] quit

[RouterB] interface mfr 2 [RouterB-MFR2] fr interface-type dce [RouterB-MFR2] fr dlci 200 [RouterB-fr-dlci-MFR2-200] quit [RouterB-MFR2] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr mfr 1 [RouterB] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol fr mfr 1 [RouterB-Serial2/1] quit

[RouterB] interface serial 2/2 [RouterB-Serial2/2] link-protocol fr mfr 2 [RouterB-Serial 2/2] li quit [RouterB] interface serial 2/3 [RouterB-Serial2/3] link-protocol fr mfr 2 [RouterB-Serial2/3] quit
# Configure static route for frame relay switching.

[RouterB] fr switch pvc1 interface mfr 1 dlci 100 interface mfr 2 dlci 200
3.
Configure Router C.

<RouterC> system-view [RouterC] interface mfr 2 [RouterC-MFR2] ip address 1.1.1.2 255.0.0.0 [RouterC-MFR2] quit

[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol fr mfr 2 [RouterC-Serial2/0] quit [RouterC] interface serial 2/1
121
[RouterC-Serial2/1] link-protocol fr mfr 2
122
PPPoFR configuration
PPPoFR enables routers to establish end-to-end PPP sessions on a frame relay network, allowing frame relay stations to use PPP features such as LCP, NCP, authentication, and MP fragmentation.
Configuring PPPoFR
To configure PPPoFR: To do...
1. Enter system view. 2. Create a virtual template interface and the virtual template interface view. 3. Assign IP address. 4. Return to system view. 5. Enter the frame relay interface view. 6. Enable frame relay on the interface. 7. Configure a frame relay DLCI. 8. Return to frame relay interface view. 9. Map frame relay DLCI to PPP.
Use the command...

system-view interface virtual-template interface-number ip address ip-address { mask-length | mask } quit interface interface-type interface-number link-protocol fr [ ietf | nonstandard ] fr dlci dlci-number quit fr map ppp dlci-number interface virtual-template interface-number
Remarks

Required Required Required Required (optional for DTE side) Required
When you configure a static route on a virtual-template interface, specify only the next hop. If you want to specify the outbound interface as well, make sure the physical interface bound to the virtual-template interface works properly.
Displaying and maintaining PPPoFR

To do... Use the command...
display fr map-info pppofr [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display PPPoFR MAP and status.
123
PPPoFR configuration example

Router A and Router B connect through the frame relay network, and enable PPPoFR between them. Figure 34 Network diagram of PPPoFR
VT1 10.1.1.2/8
FR
VT1 10.1.1.1/8 S2/0
Router A
S2/0
Router B
1.
Configure Router A.
# Create and configure virtual template interface Virtual-Template 1.

<RouterA> system-view [RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ip address 10.1.1.2 255.0.0.0 [RouterA-Virtual-Template1] quit

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr
# Create PPP mapping on Serial 2/0.

[RouterA-Serial2/0] fr map ppp 16 interface virtual-template 1
2.
Configure Router B.

<RouterB> system-view [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 10.1.1.1 255.0.0.0 [RouterB-Virtual-Template1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dce
# Create DLCI 16.

[RouterB-Serial2/0] fr dlci 16 [RouterB-fr-dlci-Serial2/0-16] quit
# Create PPP map on Serial 2/0.

[RouterB-Serial2/0] fr map ppp 16 interface virtual-template 1
124
MPoFR configuration
MPoFR is PPPoFR making use of MP fragments to transmit MP fragments over frame relay stations. In MPoFR configuration, configure PPPoFR on two or more virtual templates (it is not necessary to configure an IP address on virtual templates), and then bind them to another virtual template configured with PPP MP.
Configuring MPoFR
To ensure packet transmission quality over VT interfaces, you can configure queue-independent QoS features on a VT interface and queue-dependent QoS features on an FR interface. For more information, see ACL and QoS Configuration Guide. When you configure a static route on a virtual-template interface, specify only the next hop. If you want to specify the outbound interface as well, make sure the physical interface bound to the virtual-template interface works properly. For more information about MP-related configuration, see the chapter PPP and MP configuration. To configure MPoFR: To do...
1. Enter system view. 2. Create a PPP MP virtual template interface. 3. Configure the maximum bandwidth available for the current interface. 4. Assign an IP address to the current interface. 5. Return to system view.
Use the command...

system-view interface virtual-template interface-number-mp qos max-bandwidth bandwidth ip address ip-address { mask-length | mask } quit Create virtual template interface and enter the virtual template interface view interface virtual-template interface-numbe r ppp mp virtual-template interface-numbe r-mp quit interface interface-type interface-numbe r
Remarks
Optional. For virtual template, the default maximum bandwidth is 64 kbps. Required.
6. Configure PPPoFR on two or more virtual templates, and bind to virtual template interface configured with PPP MP.
Configure MP on virtual template interface Return to system view Enter the frame relay interface view
Required.
125
To do...
Use the command...

Enable frame relay on the interface Configure a frame relay DLCI Return to frame relay interface view link-protocol fr [ ietf | nonstandard ] fr dlci dlci-number quit fr map ppp dlci-number interface virtual-template interface-numbe r
Remarks
Required. Required. Optional for DTE side.
Map frame relay DLCI to PPP
Required.
7. Return to system view.
quit
MPoFR configuration example

As shown in Figure 35, the ATM backbone network uses FR network as the access network to support transmitting traffic of multiple services. A single virtual circuit of an FR link can transport multiple kinds of service data. As shown in Figure 35, the bandwidth of Router A Serial2/0 is 64 kbps. Host A sends data traffic stream 1 to Host C, Host B sends data traffic stream 2 to Host D, and a voice service stream exists between Router A and Telephone A. The bandwidth of Router B Serial2/0 is 64 kbps. Host C sends data traffic stream 3 to Host A, Host D sends data traffic stream 4 to Host B, and a voice service stream exists between Router B and Telephone B. To ensure voice quality, fragment the data packets to reduce voice jitter caused by transmission delay. MPoFR is used here, and MP is used to fragment data packets.
126
Figure 35 Network diagram for MPoFR implementation

ATM
FR
FR
Telephone A Router A
S 2/0 1.1.6.1/ 24 S2/0 1.1.6.2/ 24 Eth1/2 1.1.4.2/ 24
Telephone B Router B
Eth1/2 1.1.1.2/ 24
Eth1/1 10.1.1.2/ 24
Eth1/1 10.1.4.2/ 24
Host A
1.1.1.1/ 24
Host B
10.1.1.1/ 24
Host C
1.1.4.1/24
Host D
10.1.4.1/24
This example only covers MPoFR related configuration. You must perform other configurations on services and routes.
1.
Configure Router A.

<RouterA> system-view [RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ppp mp virtual-template 3 [RouterA-Virtual-Template1] quit

[RouterA] interface virtual-template 2 [RouterA-Virtual-Template2] ppp mp virtual-template 3 [RouterA-Virtual-Template2] quit

[RouterA] interface virtual-template 3 [RouterA-Virtual-Template3] ppp mp lfi [RouterA-Virtual-Template3] qos max-bandwidth 64 [RouterA-Virtual-Template3] ip address 1.1.6.1 255.255.255.0
# Map specified DLCI to PPP virtual template on the interface.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] fr dlci 100 [RouterA-fr-dlci-Serial2/0-100] quit [RouterA-Serial2/0] fr map ppp 100 interface virtual-template 1 [RouterA-Serial2/0] fr dlci 200 [RouterA-fr-dlci-Serial2/0-200] quit [RouterA-Serial2/0] fr map ppp 200 interface virtual-template 2
127
2.
Configure Router B.

<RouterB> system-view [RouterB] interface Virtual-Template 1 [RouterB-Virtual-Template1] ppp mp virtual-template 3 [RouterB-Virtual-Template1] quit

[RouterB] interface Virtual-Template 2 [RouterB-Virtual-Template2] ppp mp virtual-template 3 [RouterB-Virtual-Template2] quit

[RouterB] interface Virtual-Template 3 [RouterB-Virtual-Template3] ppp mp lfi [RouterB-Virtual-Template3] qos max-bandwidth 64 [RouterB-Virtual-Template3] ip address 1.1.6.2 255.255.255.0
# Map specified DLCI to PPP virtual template on the interface.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] fr dlci 100 [RouterB-fr-dlci-Serial2/0-100] quit [RouterB-Serial2/0] fr map ppp 100 interface virtual-template 1 [RouterB-Serial2/0] fr dlci 200 [RouterB-fr-dlci-Serial2/0-200] quit [RouterB-Serial2/0] fr map ppp 200 interface virtual-template 2
128
DCC configuration
DCC is a routing technology used when routers interconnect through a public switched network, such as a PSTN or an ISDN. It can provide the dial-on-demand service where any two routers dial to set up a connection when data needs transferring instead of setting up a connection before that. When the link becomes idle, DCC automatically disconnects it. Under certain circumstances, connections between routers are instantly established whenever there is data to be transferred, so data transfer is time-independent, bursty, and small-sized. DCC is a flexible, economical and efficient solution for such applications. In DCC, backup mechanisms are available to guarantee communications. In case a primary line fails, DCC switches traffic over to a secondary line to ensure ongoing services.
Approaches to DCC
Two approaches are available to DCC: C-DCC and RS-DCC. They are suitable for different applications. In practice, the two parties in a call do not necessarily adopt the same approach. Terms used in DCC configuration: Physical interface: An interface that physically exists. Examples are serial, BRI, and asynchronous interfaces. Dialer interface: A logical interface created for configuring DCC parameters. A physical interface can inherit the DCC configurations after it is assigned to a dialer interface. Dial interface: Any interface used for dialup connection. It can be a dialer interface, a physical interface assigned to a dialer interface, or a physical interface directly configured with DCC parameters.
C-DCC
1.
Features of C-DCC A logical dial (dialer) interface can contain multiple physical interfaces, but a physical interface can be assigned to only one dialer interface. A physical interface can provide only one type of dial service. You may assign a physical interface to a dialer interface to inherit DCC parameters by assigning it to a dialer circular group, or directly configure DCC parameters on the physical interface. All the physical interfaces in a dialer circular group inherit the attributes of the same dialer interface. You may associate a dialer interface with multiple call destination addresses by configuring the dialer route command or with a single call destination address by configuring the dialer number command.
C-DCC is powerful and has broad applications. However, it lacks flexibility and extensibility. For example, on an ISDN BRI interface, all the B channels inherit its configuration in the C-DCC approach. The static binding between call destination address settings and physical interface configurations restrict the use of C-DCC, as dialer routes are becoming increasingly complicated as a result of network growth and support to more protocols.
2.
Association of physical interfaces and dialer interfaces in C-DCC
129
Figure 36 Association between physical interfaces and dialer interfaces

Physical interface
S2/0 Dialer1 BRI1/0
Dialer interface dialer number
Destination A
S2/1
dialer route
BRI1/1 S2/2 Dialer2
Destination B
dialer route
Async5/0
Destination C
As shown in Figure 36, a physical interface can be assigned to only one dialer interface, but each dialer interface can contain multiple physical interfaces and be mapped to multiple destination addresses. In addition, a physical interface does not necessarily belong to any dialer interface. You may directly map it to one or multiple destination addresses. In the figure, physical interfaces Serial 2/1, BRI 1/1, and Serial 2/2 are assigned to Dialer2, where mappings between dial strings and destination addresses are configured.
RS-DCC
1.
Different from C-DCC, RS-DCC separates logical configuration from physical configuration. Thus, it is simpler and more flexible. RS-DCC delivers these features: Physical interface configuration and logical configuration for calls are separate. They are associated dynamically when triggered by calls. This allows a physical interface to provide services for different dial applications. Associations between dialer interfaces and call destination addresses are one-to-one. You may configure them with the dialer number command. Each dialer interface can contain multiple physical interfaces, and each physical interface can be assigned to multiple dialer interfaces. Dial attributes, such as dialer interface, dialer bundle, and physical interface, are described by an RS-DCC set. All the calls destined to the same network use the same RS-DCC set. RS-DCC parameters cannot be directly configured on physical interfaces. A physical interface can participate in RS-DCC only after it is assigned to a dialer interface. Association of physical interfaces, dialer bundles and dialer interfaces in RS-DCC

2.
130
Figure 37 Association of physical interfaces, dialer bundles and dialer interfaces

Physical interface Dialer bundle3
S2/0 Dialer1 BRI1/0
Dialer interface
dialer number
Destination A
Dialer bundle2
S2/1 BRI1/1 S2/2 Dialer2
dialer number
Destination B
Dialer bundle1
Async5/0 Dialer3
dialer number
Destination C
As shown in Figure 37, a physical interface can be assigned to multiple dialer bundles and serve multiple dialer interfaces, but each dialer interface can use only one dialer bundle and configured with one dial string. The physical interfaces in a dialer bundle can be assigned different priorities. In the figure, interface Dialer2 uses dialer bundle 2, which contains physical interfaces BRI 1/0, BRI 1/1, and Serial 2/1. Suppose BRI 1/0 is assigned the priority of 100, BRI 1/1 the priority of 50, and Serial 2/1 the priority of 75. Since BRI 1/0 has a higher priority over BRI 1/1 and Serial 2/1, it is preferred when Dialer2 places a call.
DCC features
Basic DCC features
The following are basic DCC features: Supporting a wide range of dial interfaces, such as synchronous/asynchronous serial interface, AUX port, ISDN BRI or PRI interface, and AM interface to accommodate to different networking requirements. Supporting link layer protocols such as PPP. Supporting IP on dial interfaces. Supporting dynamic routing protocols such as RIP and OSPF on dial interfaces. Providing flexible dial interface backup. Allowing you to manage different modems on the user interface.
Callback through DCC

In callback, the called party originates a return call to the calling party. The calling party is the client, and the called party is the server. The callback client originates a call first, and the callback server decides whether to originate a return call. If a callback is needed, the server immediately disconnects and originates a return call. DCC callback brings these benefits:
131
Enhanced security. When placing a return call, the server dials the calling number configured at the local end. This prevents the insecurity resulting from user name and password compromise. Payer change. This is useful for saving cost in the case that the call rates in two directions are different. Consolidated call charge bills, facilitating settlement.
PPP callback and ISDN caller identification callback features are available. The PPP callback conforms to RFC1570 specifications and can be used where both client and server own fixed network addresses, or the client accepts dynamic network address assignment.
Preparing for DCC configuration

When preparing for DCC configuration, you must do the following: Identifying the topology of DCC application Making preparatory configuration Configuring DCC parameters
Identifying the topology of DCC application

You must identify: Which routers provide DCC and how they are related to each other. Which interfaces on the routers provide DCC, and which roles they will play. Which transmission medium is used, PSTN or ISDN.
Making preparatory configuration

Before configuring DCC on an interface, do the following: Identify the interface type (synchronous/asynchronous serial, ISDN BRI or PRI, or AUX) and configure physical interface parameters. On the dial interface, enable link layer protocol encapsulation, PPP for example. Configure the routing protocol, RIP or OSPF for example. Configure the network protocol, IP for example. Select a DCC approach, C-DCC or RS-DCC.
Configuring DCC parameters

Configure DCC parameters depending on the DCC approach you selected for basic DCC dial functions. Based on that, you may configure advanced functions such as MP, PPP callback, ISDN caller identification callback, ISDN leased line, auto-dial, and circular dialer string backup. You can also tune the attribute values of DCC dial interfaces depending on link conditions.
DCC configuration
DCC configuration task list
Complete these tasks to configure DCC: Task
Configuring basic settings for DCC
Remarks
Required
132
Task
Configuring C-DCC Configuring RS-DCC Configuring MP for DCC Configuring PPP callback Configuring ISDN caller identification callback Configuring an ISDN leased line Configuring advanced DCC functions Configuring auto-dial Configuring circular dial string backup Configuring DCC overlap receiving Configuring DCC timers and buffer queue length Configuring dynamic route backup achieved through DCC Configuring traffic statistics collecting interval
Remarks
Required Configure either C-DCC or RS-DCC as required. Optional Optional Optional
Optional
Optional Optional Optional
Configuring basic settings for DCC

Regardless of which DCC approach is used, C-DCC or RS-DCC, you must perform the tasks described in this section. Complete these tasks to configure basic parameters for DCC: Task
Setting the operating mode for physical interfaces Configuring link layer/network/routing protocol on the dial interface Associating a DCC dial ACL with the dial interface
Remarks
Optional Skip this task when configuring on ISDN BRI or PRI interfaces. Required Required
Setting the operating mode for physical interfaces

For a synchronous/asynchronous serial interface, you must set its operating mode depending on the connected modem. If the connected modem is asynchronous, set the interface to operate in asynchronous mode and then enable modem dial on the corresponding user interface. If the connected modem is synchronous, set the interface to operate in synchronous mode. By default, a synchronous/asynchronous serial interface operates in synchronous mode, and an asynchronous serial interface operates in asynchronous mode. For more information, see Interface Configuration Guide and the chapter Modem management.
Configuring link layer/network/routing protocol on the dial interface

In dial interface (physical or dialer) view, configure the link layer protocol (which can only be PPP for a dialer interface) using the link-protocol command and assign the dial interface an IP address using the ip address command.
133
In system view, perform other configurations. When PPP encapsulation is configured, you may configure PAP or CHAP authentication in addition. Moreover, consider the following when configuring PPP related commands: In the C-DCC approach, make the configuration on dialer interfaces. In the RS-DCC approach, make the configuration on dialer interfaces and preferably the same configuration on physical dial interfaces on the calling side to guarantee the reliability of PPP link parameters negotiation; on the called side, make the configuration on physical dial interfaces.
For more information, see Layer 2WAN Configuration Guide, the Layer 3IP Services Configuration Guide, and the Layer 3IP Routing Configuration Guide.
Associating a DCC dial ACL with the dial interface

You may configure a dial ACL to filter traffic that traverses a dial interface. Packets fall into two categories, depending on whether they are in compliance with the permit or deny statements in the dial ACL. Packets that match a permit statement or that do not match any deny statements. When receiving such a packet, DCC either sends it out if a link is present and resets the idle-timeout timer or originates a new call to set up a link if no link is present. Packets that do not match any permit statements or that match a deny statement. When receiving such a packet, DCC either sends it out without resetting the idle-timeout timer if a link is present, or drops it without originating calls for link setup if no link is present.
For DCC to send packets normally, you must configure a dial ACL and associate it with the concerned dial interface (physical or dialer) by using the dialer-group command. You may either configure a dial ACL directly using the dialer-rule command or reference an existing ACL. To associate a dial ACL with the dial interface: To do...
1. Enter system view. 2. Configure a dial ACL for a dialer access group, specifying the conditions triggering DCC calls. 3. Enter dial interface (physical or dialer) view. 4. Associate the dial interface with the dial ACL by associating the interface with the corresponding dialer access group.
Use the command...

system-view dialer-rule group-number { protocol-name { deny | permit } | acl { acl-number | name acl-name } } interface interface-type interface-number
Remarks
Required
dialer-group group-number
Required
Make sure that the group-number parameters in the dialer-rule and dialer-group commands take the same value.
Configuring C-DCC
In the C-DCC approach, configure DCC parameters for a physical interface in either of the following two ways: Directly configure DCC parameters on the physical interface. This is applicable only to one-to-one calls or one-to-many calls.
134
Bind the interface to a dialer interface by assigning it to the dialer circular group associated with the dialer interface. Thus, the interface can inherit the DCC parameters configured on the dialer interface. This is applicable to many-to-one and many-to-many calls in addition to one-to-many and one-to-one calls.
A dialer circular group associates a dialer interface with a group of physical interfaces. All physical interfaces in the group inherit the DCC configurations on the dialer interface. If the dialer interface is associated with multiple destinations, any physical interface in the group can call any of these destinations. Depending on your network topology and dial needs, for example, to allow one or multiple interfaces to both place and receive calls, you may use any combinations of the following C-DCC configuration approaches: Configuring an interface to place calls to a remote end Configuring an interface to receive calls from a remote end Configuring an interface to place calls to multiple remote ends Configuring an interface to receive calls from multiple remote ends Configuring multiple interfaces to place calls to one or multiple remote ends Configuring multiple interfaces to receive calls from one or multiple remote ends
In the C-DCC implementation of DCC, the two dial parties can configure the PAP or the CHAP authentication. HP recommends that you configure authentication to ensure security of dialing IDs. For more information about configuring authentication, see the chapter PPP and MP configuration. When doing that, note the following: If one party has configured authentication, the other party must do that as well. At the sending side, if DCC is enabled on physical interfaces, directly configure PAP or CHAP authentication on the physical interfaces. If DCC is enabled on a dialer circular group, configure PAP or CHAP authentication on the dialer interface corresponding to the dialer circular group. At the receiving end, make the configuration on both physical and dialer interfaces, because after a physical interface receives a call, it negotiates PPP and authenticates the dialer prior to handing over the call to the upper layer DCC module
Configuring an interface to place calls to a remote end

As shown in Figure 38, an interface at the local end places calls to a single remote end (the components in inverse color represent the routers irrelevant to the networking): Figure 38 Network diagram for an interface to place calls to a remote end
if1
Local end (Single interface)
if0
Remote end (Single interface)
135
In this scenario, for Interface0 (if0) to place DCC calls to a single remote interface if1, you may configure a dial string with the dialer number or dialer route command. As calls are to be placed from a single interface, you can configure DCC by configuring a dialer circular group. In addition, you may configure PAP or CHAP authentication. After completing the basic DCC configurations, follow these steps to configure an interface to place calls to a remote end: To do...
1. Enter system view. 2. Enter dial interface (physical or dialer) view. 3. Enable C-DCC.
Use the command...

system-view interface interface-type interface-number dialer enable-circular dialer number dial-number
Remarks
4. Configure a dial string for calling a remote end.
dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] *
Required. Use either command.
Configuring an interface to receive calls from a remote end

As shown in Figure 39, an interface at the local end receives calls from a single remote end (the components in inverse color represent the routers irrelevant to the networking): Figure 39 Network diagram for an interface to receive calls from a remote end
if0
if1
Remote end (Single interface)
In this scenario, for interface0 (if0) at the local end to receive DCC calls from a remote interface if1, you can configure DCC by configuring a dialer circular group. In addition, you may configure authentication, PAP or CHAP. After completing the basic DCC configurations, follow these steps to configure an interface to receive calls from a single remote end: To do...
1. Enter system view. 2. Enter dial interface (physical or dialer) view.
Use the command...

Remarks

To do...
3. Enable C-DCC.
Use the command...

dialer enable-circular
Remarks
Required. Disabled by default. Optional.
4. Configure the interface to receive calls from a remote end.
dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] *
If the dialer route ip next-hop-address user hostname command is configured at the called end, the called party uses the specified next hop address and hostname to authenticate the calling party.
Configuring an interface to place calls to multiple remote ends

As shown in Figure 40, an interface at the local end places calls to multiple remote ends (the components in inverse color represent the routers irrelevant to the networking): Figure 40 Network diagram for an interface to place calls to multiple remote ends
if1
Remote end A (Single/Multiple interfaces)
if0 if2
Remote end B (Single/Multiple interfaces)
if3
Remote end C (Single/Multiple interfaces)
In this scenario, a single local interface interface0 (if0) places DCC calls to multiple remote interfaces including if1, if2, and if3. As multiple remote ends are involved, you must use the dialer route command to configure the dialer strings and destination addresses. As only one originating interface is involved, you may configure DCC parameters for the interface by configuring a dialer circular group. In addition, you may configure PAP or CHAP authentication. After completing the basic DCC configurations, follow these steps to configure an interface to place calls to multiple remote ends: To do...
Use the command...

system-view interface interface-type interface-number dialer enable-circular
Remarks
137
To do...
4. Repeat this step to configure the dial strings and destination addresses for the interface to place calls to multiple remote ends.
Use the command...

dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] *
Remarks
Required
Configuring an interface to receive calls from multiple remote ends

As shown in Figure 41, an interface at the local end receives calls from multiple remote ends (the components in inverse color represent the routers irrelevant to the networking): Figure 41 Network diagram for an interface to receive calls from multiple remote ends
if1
if0
if2
if3
if4
In this scenario, a single local interface interface0 (if0) receives DCC calls from multiple remote interfaces including if1, if2, if3, and if4. As only one interface is involved at the local end, you may configure DCC parameters for the interface by configuring a dialer circular group. In addition, you may configure PAP or CHAP authentication. After completing the basic DCC configurations, follow these steps to configure an interface to receive calls from multiple remote ends: To do...
Use the command...

system-view interface interface-type interface-number dialer enable-circular
Remarks
Required. Disabled by default. Optional.
4. Configure the interface to receive calls from a remote end (if multiple remote ends are involved, repeat this step).
If the dialer route ip next-hop-address user hostname command is configured at a called end, the called party uses the specified next hop address and hostname to authenticate the calling party.
138
Configuring multiple interfaces to place calls to one or multiple remote ends

As shown in Figure 42, multiple interfaces at the local end place calls to one or multiple remote ends (the components in inverse color represent the routers irrelevant to the networking): Figure 42 Multiple interfaces place calls to one or multiple remote ends
if1
if0
if1 if2
if2
if3
In this scenario, interfaces if0, if1, and if2 at the local end place DCC calls to interfaces if1, if2, and if3 at the remote ends. If only one remote end is involved, use the dialer number command to configure a dial string. If multiple remote ends are involved, use the dialer route command to configure the dial strings and destination addresses. As multiple interfaces are involved at the local end, configure DCC parameters for them by configuring dialer circular groups. In addition, you may configure PAP or CHAP authentication. When placing calls, the physical interfaces in a dialer circular group use the IP address of the associated dialer interface instead of its own. An ISDN BRI or PRI interface itself can be regarded as a dialer circular group for its B channels. At the same time, it can be assigned to other dialer circular groups. After completing the basic DCC configurations, follow these steps to configure multiple interfaces to place calls to one or multiple remote ends: To do...
1. Enter system view. 2. Create a dialer interface and enter dialer interface view. 3. Enable C-DCC. 4. Configure the dial string and destination address for calling a remote end (repeat this step if multiple remote ends are involved). 5. Exit to system view. 6. Enter physical interface view.
Use the command...

system-view interface dialer number dialer enable-circular dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] * quit interface interface-type interface-number
Remarks
Required. Disabled by default. Required. If only one remote end is involved, you may use the dialer number dial-number command instead.
139
To do...
7. Assign the physical interface to the dialer circular group corresponding to the dialer interface. 8. Assign a priority to the physical interface in the dialer circular group.
Use the command...
Remarks
Required. The number parameter in this command must take the same value assigned to the number parameter in the interface dialer number command. Optional. The default priority is 1.
dialer circular-group number
dialer priority priority
Configuring multiple interfaces to receive calls from one or multiple remote ends
As shown in Figure 43, multiple interfaces at the local end receive calls from one or multiple remote ends (the components in inverse color represent the routers irrelevant to the networking): Figure 43 Multiple interfaces receive calls from one or multiple remote ends
if1
Local end (Multiple interfaces)
if0 if1 if2
if2
if3
if4
In this scenario, interfaces if0, if1, and if2 at the local end receive DCC calls from multiple remote interfaces including if1, if2, if3, and if4. As multiple interfaces are involved at the local end, you should configure DCC parameters for them by configuring a dialer circular group. In addition, you may configure PAP or CHAP authentication. After completing the basic DCC configurations, follow these steps to configure multiple interfaces to receive calls to one or multiple remote ends: To do...
1. Enter system view. 2. Create a dialer interface and enter dialer interface view. 3. Enable C-DCC.
Use the command...

system-view interface dialer number dialer enable-circular
Remarks
140
To do...
Use the command...
Remarks
Optional. If the dialer route ip next-hop-address user hostname command is configured at a called end, the called party uses the specified next hop address and hostname to authenticate the calling party. Required.
4. Configure the interface to receive calls from a remote end (if multiple remote ends are involved, repeat this step).
5. Exit to system view. 6. Enter physical interface view.
quit interface interface-type interface-number
7. Assign the physical interface to the dialer circular group corresponding to the dialer interface. 8. Assign a priority to the physical interface in the dialer circular group.
dialer circular-group number
The number parameter in this command must take the same value assigned to the number parameter in the interface dialer number command. Optional. The default priority is 1.
dialer priority priority
Configuring RS-DCC
In the RS-DCC approach, physical interface configuration is separated from logical configuration for calls and they can be combined dynamically for each call. When configuring RS-DCC for on-demand dial, you must configure RS-DCC sets. Each RS-DCC set is an attribute collection containing a dialer interface, dialer interface attributes, and a dialer bundle. For each dialer interface, you can define only one dial string. As this dial string has its own dial attribute set, all calls placed using this dial string use the same DCC attribute parameters (such as dial rate). Each dialer interface can use only one dialer bundle. Each dialer bundle may contain multiple physical interfaces with different priorities but each of these interfaces can belong to multiple dialer bundles. For an ISDN BRI or PRI interface, you can set the number of B channels to be used by configuring the dialer bundle command. All calls destined to the same network segment use the same RS-DCC set.
Due to the separation between physical configuration and logical configuration, RS-DCC can accommodate more network topologies and DCC dial demands. For example, it allows multiple interface groups to call multiple remote ends.
141
Figure 44 Multiple interfaces call multiple remote ends in RS-DCC approach

Physical interface groups Call remote end A
if1 Dialer0
Local end (Multiple interfaces)

if2
Call remote end B
Dialer1
Call remote end C
Dialer2
if3
In this scenario, a dialer interface is configured only for calling one remote end. On-demand dial in this case is implemented by assigning a physical interface to dialer bundles associated with different dialer interfaces. If RS-DCC sets are used to configure RS-DCC parameters, you only need to configure link layer encapsulation and dialer bundle numbers on physical interfaces. Before configuring RS-DCC, note that: In RS-DCC, a RS-DCC set is unable to apply the attribute information in it, PPP authentication for example, to the physical interfaces in a dialer bundle. The physical interfaces do not inherit the authentication attribute in the RS-DCC set. Therefore, authentication information must be configured on call-receiving physical interfaces. Authentication is mandatory in RS-DCC. You must configure authentication (dialer user and PPP authentication) on both dialer interfaces and their physical interfaces. This is because RS-DCC must conduct PPP negotiation on the physical interface and sends the agreed-upon remote username to DCC. Based on this remote username, DCC decides which dialer interface address is used and then informs PPP. PPP then uses the configuration of the dialer interface to start IPCP negotiation.
Complete these tasks to configure RS-DCC for on-demand calling: Task

Enabling RS-DCC Configuring a dial string for the dialer interface Assigning physical interfaces to the dialer bundle Configuring dial authentication for RS-DCC
Remarks
Required Required Required Required
Enabling RS-DCC
To enable RS-DCC: To do...
1. Enter system view. 2. Create a dialer interface and enter dialer interface view. 3. Set the remote username.
Use the command...

system-view interface dialer number dialer user username
Remarks
Required
142
To do...
4. Enable RS-DCC by creating a dialer bundle for the dialer interface.
Use the command...

dialer bundle number
Remarks
Required
Configuring a dial string for the dialer interface

In the RS-DCC approach to on-demand dial, the attributes of physical interfaces vary by dial string. Therefore, DCC parameters must be configured on dialer interfaces and dial strings can be configured only with the dialer number command. Furthermore, for each dialer interface, you can configure only one dial string. To configure a dial string for the dialer interface: To do...
1. Enter system view. 2. Enter dialer interface view. 3. Configure a dial string for calling a remote end.
Use the command...

system-view interface dialer number dialer number dial-number
Remarks
Required
Assigning physical interfaces to the dialer bundle

A dialer bundle is a collection of physical interfaces with different priorities. When placing a call, DCC selects a physical interface from the bundle in priority order. To assign physical interfaces to the dialer bundle: To do...
1. Enter system view. 2. Enter physical interface view.
Use the command...

Remarks
Required.
3. Assign the interface to the dialer bundle.
dialer bundle-member number [ priority priority ]
Physical interfaces do not belong to any dialer bundle by default. After a physical interface is assigned without priority to a dialer bundle, it takes the default priority of 1.
Configuring dial authentication for RS-DCC

In RS-DCC, associations between physical interfaces and dialer interfaces are rather flexible. To allow a called party to identify calling parties, you must configure authentication, either PAP or CHAP. To configure dial authentication for RS-DCC: To do...
1. Enter system view. 2. Enter dialer interface view. 3. Configure the remote username.
Use the command...

system-view interface dialer number dialer user username
Remarks
Required
143
To do...
4. Configure PPP encapsulation and PPP authentication (PAP or CHAP).
Use the command...

See the chapter PPP and MP configuration.
Remarks
Required
HP recommends that you configure either PAP or CHAP authentication on both physical and dialer interfaces at both sending and receiving ends. When PPP encapsulation is enabled on a dialer interface, you must configure a remote username with the dialer user command for the dialer interface. When DCC decides which dialer interface is used for receiving a call, it compares the remote username gained through PPP negotiation against those assigned to dialer interfaces for a match.
Configuring MP for DCC

Implementing DCC with MP
In DCC applications, you may configure load thresholds for links. If you set a link load threshold in the range 1 to 99, MP tunes allocated bandwidth according to actual traffic percentage in the following steps: When the percentage of traffic on a link to bandwidth exceeds the defined traffic threshold, the system automatically brings up the second link, and assigns them to an MP bundle. When the percentage of traffic on these two links to bandwidth exceeds the defined traffic threshold, the system brings up a third link, and assigns it to the MP bundle, so on and so forth. This ensures appropriate traffic distribution on DCC links. On the contrary, when the percentage of the traffic on N (which is an integer greater than 2) links to the bandwidth of N 1 links decreases below the defined traffic threshold, the system automatically shuts down a link, so on and so forth. This ensures the efficient use of DCC links.
If you set the link load threshold to zero, DCC brings up all available links when triggered by auto-dial or packets instead of looking at the traffic size before doing that. In addition, it does not tear down links that have been established due to timeout. To implement MP with DCC, you must use dialer interfaces. This is how MP operates after you configure the ppp mp and dialer threshold commands on a dialer interface:
1.
When the ratio of traffic to bandwidth on a physical interface assigned to the dialer interface exceeds the configured load threshold, DCC brings up another physical interface in the dialer interface, and assigns these links to an MP bundle. If the physical interfaces are ISDN BRI or PRI interfaces, DCC uses idle B channels on them to form an MP bundle. When the number of bundled links reaches the upper threshold specified by the max-bind-num parameter, DCC stops to bring up new links.
2.
Some dial applications may require multiple links to carry services. To this end, you may configure the ppp mp min-bind command, allowing DCC to bring up multiple links when triggered to ensure minimum bandwidth. MP operates in the following workflow.
3. 4.
DCC brings up the first link. When the first link comes up, DCC checks whether the number of links in the MP bundle reaches the lower limit specified by the min-bind-num parameter. If not, the router brings up the second link.
This process continues until the number of links in the MP bundle reaches the lower limit.
144
Note that when MP is used with DCC, the commands dialer threshold, ppp mp max-bind, and ppp mp min-bind must be configured in dialer interface view. When configuring other PPP commands, do as the following configurations: In the C-DCC approach, configure in dialer interface view. In the RS-DCC approach, configure in dialer interface view at the calling end and in physical dial interface view at the called end. However, at the calling end, configure the same PPP parameters on physical dial interfaces as well to ensure reliable PPP link negotiation.
When the three commands, ppp mp min-bind, dialer threshold, and ppp mp max-bind, are configured, DCC brings up links in the following steps:
5. 6.
Bring up a minimum number of links depending on the setting of the ppp mp min-bind command. If traffic size still exceeds the link load threshold set by the dialer threshold command, bring up the next idle link. This process continues until the number of links reaches the upper limit set by the ppp mp max-bind command or traffic size decreases below the specified link load threshold.
To configure MP for DCC: To do...
1. Enter system view. 2. Enter dialer interface view. 3. Enable PPP on the dialer interface. 4. Enable MP.
Use the command...

system-view interface dialer number link-protocol ppp ppp mp
Remarks
Required. Required. Disabled by default. Required.
5. Set link load thresholds.
dialer threshold traffic-percentage [ in-out | in | out ]
If the traffic-percentage parameter is set to 0, DCC brings up all available links when triggered. Optional. The default is 16. Optional.
6. Set the upper limit of links in an MP bundle. 7. Set the lower limit of links in an MP bundle.
ppp mp max-bind max-bind-num
ppp mp min-bind min-bind-num
The default is 0; DCC brings up links depending on traffic size.
Configure PPP commands on both dialer and physical interfaces to ensure reliable PPP link negotiation. The dialer threshold 0 command voids the dialer timer idle command. DCC brings up all available links when triggered. Similar to the dialer threshold 0 command, the ppp mp min-bind command voids the dialer timer idle command. When it is configured, DCC does not look at traffic size to bring up links for MP bundling. However, links that are already up are brought down due to timeout. You need to configure the dialer threshold command only at the calling end.
145
Configuring PPP callback

PPP callback adopts the client/server model where the calling party is the callback client and the called party is the callback server. The client first originates a call, and the server decides whether to originate a return call. If a return call is needed, the callback server disconnects and then originates a return call according to the information such as username or callback number. Configure PPP callback after completing the basic configuration of C-DCC or RS-DCC. PPP callback implementation requires authentication. HP recommends that you configure PAP or CHAP authentication on both physical and dialer interfaces on both callback client and server. With dynamic route backup configured on an interface, only the dynamic route backup groups are used for dial. The interface does not accept incoming calls or outgoing calls. Therefore, do not configure dynamic route backup groups for interfaces with callback configured. Two approaches are available to configure PPP callback with DCC: Configuring PPP callback in the C-DCC implementation Configuring PPP callback in the RS-DCC implementation
Configuring PPP callback in the C-DCC implementation

Configuring PPP callback in C-DCC involves configuring PPP callback client and server.
1.
Configure a PPP callback client in the C-DCC implementation
As a callback client, your router can place calls to the remote end (which can be a router or Windows NT server with the PPP callback server function), and receive return calls from the remote end. To configure PPP callback client in the C-DCC implementation: To do...
1. Enter system view. 2. Enter dialer interface (physical or dialer) view. 3. Enable PPP encapsulation. 4. Configure authentication parameters. 5. Enable PPP callback client.
Use the command...

system-view interface interface-type interface-number link-protocol ppp See the chapter PPP and MP configuration. ppp callback client
Remarks
Required. Required. Required. Disabled by default. Optional.
6. Configure the dial string for a Windows NT Server to call back.
Not configured by default. ppp callback ntstring dial-number Configure this command if a Windows NT Server requires PPP callback clients to send callback numbers. Optional. HP recommends 15 seconds.
7. Set the interval for DCC to make the next call attempt. 2.
dialer timer enable seconds
Configure a PPP callback server in the C-DCC implementation
146
As a callback server, your router can place return calls according to network addresses configured with the dialer route command (PPP authentication must be configured in this case), or according to the PPP callback numbers. You must select either approach with the dialer callback-center command. You must configure callback client usernames with the dialer route command, so that the callback server can authenticate whether a callback client is valid when receiving a call from it. To configure a PPP callback server in the C-DCC implementation: To do...
1. Enter system view. 2. Enter dialer interface (physical or dialer) view. 3. Enable PPP callback server. 4. Configure the PPP callback reference.
Use the command...

system-view interface interface-type interface-number ppp callback server dialer callback-center [ user | dial-number ] * dialer route protocol next-hop-address [ mask network-mask-length ] user hostname [ broadcast ] [ dial-number [ autodial | interface interface-type interface-number ] * ] quit
Remarks
Required. Disabled by default. Required.
5. Configure a callback client username.
Required.
6. Exit to system view. If the dial-number parameter is configured, create a local user and enter local user view to configure a callback user and the dial string for callback. If the user parameter is configured, configure a dial string for callback.
7. Configure either command depending on the parameter configured with the dialer callback-ce nter command.
local-user user-name service-type ppp authorization-attribute callback-number callback-number
Required.
dialer route protocol next-hop-address [ mask network-mask-length ] user hostname [ broadcast ] dial-number [ autodial | interface interface-type interface-number ] *
If the network address used by a callback client is dynamically assigned, the server cannot use the dialer route command to associate the callback dial string with the network address for the client. You should use the authorization-attribute callback-number command instead to associate the dial string with the client username for callback. To leave enough time for a server to call back, set the interval for DCC to make the next call attempt on the client at least 10 seconds longer than that of the server. HP recommends that you set the interval on the server to 5 seconds (the default) and that on the client to 15 seconds.
Configuring PPP callback in the RS-DCC implementation

Configuring PPP callback in RS-DCC involves configuring PPP callback clients and configuring PPP callback servers.
1.
Configure a PPP callback client in the RS-DCC implementation

147
As a callback client, your router can place calls to the remote end (which can be a router or Windows NT server with the PPP callback server function), and receive return calls from the remote end. Configuring a PPP callback client in RS-DCC is the same as that in C-DCC except that the dial string is configured with the dialer number command in RS-DCC. To configure a PPP callback client in the RS-DCC implementation: To do...
1. Enter system view. 2. Enter dialer interface view. 3. Enable PPP encapsulation. 4. Configure authentication parameters. 5. Enable PPP callback client.
Use the command...

system-view interface dialer number link-protocol ppp See the chapter PPP and MP configuration. ppp callback client
Remarks
Required. Required. Required. Disabled by default. Optional.
6. Configure the dial string for a Windows NT Server to place return calls.
ppp callback ntstring dial-number
When a router operating as the PPP callback client calls a Windows NT Server operating as the PPP callback server, if the Windows NT Server needs the router to send the callback number, you must configure this command. Optional. HP recommends 15 seconds.
7. Set the interval for DCC to make the next call attempt. 2.
Configure a PPP callback server in the RS-DCC implementation
Configuring a PPP callback server in RS-DCC is the same as that in C-DCC except that the callback reference can only be dial-number in RS-DCC and dial strings for callback must be configured with the authorization-attribute callback-number command. To configure a PPP callback server in the RS implementation: To do...
1. Enter system view. 2. Enter dialer interface view. 3. Enable PPP callback server. 4. Configure the PPP callback reference. 5. Exit to system view. 6. Create a local user and enter local user view.
Use the command...

system-view interface dialer number ppp callback server dialer callback-center dial-number quit local-user user-name
Remarks
Required. Disabled by default. Required. Required.
148
To do...
Use the command...
Remarks
Required. When placing a return call, DCC identifies which dial string to be used according to the remote username obtained through PPP negotiation.
7. Configure a dial string for callback.
service-type ppp authorization-attribute callback-number callback-number
To leave enough time for a server to call back, set the interval for DCC to make the next call attempt on the client at least 10 seconds longer than that of the server. HP recommends you set the interval on the server to 5 seconds (the default) and that on the client to 15 seconds.
Configuring ISDN caller identification callback

In an ISDN environment, implementing DCC callback through the ISDN caller identification function does not require authentication configuration.
Features of ISDN caller identification callback

1.
In the applications of ISDN caller identification callback, the callback server can process an incoming call in three ways, depending on the result of matching the dial-in number against numbers configured in dialer call-in commands at the local end: Deny the incoming call, if one or multiple dialer call-in commands exist, but no match is found. Accept the incoming call, if the dial-in number matches a dialer call-in command without the callback parameter or if no dialer call-in command exists. Call back, if the dial-in number matches a dialer call-in command with the callback parameter. Dial-in numbers are matched against numbers configured in dialer call-in commands starting with the right-most character. In addition, asterisks (*) are used as wildcards to match any character. If a dial-in number matches multiple dialer call-in commands, the best match is selected in the following order: The one with the fewest asterisks (*). The one that is found first. At the server end, identify the dialer call-in commands matching incoming calls In C-DCC, upon receipt of an incoming call, the server compares the incoming number against the dialer call-in commands configured on the physical dial interface or its corresponding dialer interface for a match. In RS-DCC, upon receipt of an incoming call, the server compares the incoming number against the dialer call-in commands configured on the involved dialer interface for a match.

2.

3.
Configuring ISDN caller identification callback with C-DCC

Configuring ISDN caller identification callback with C-DCC involves configuring the server end and the client end.
1.
Configure the client of ISDN caller identification callback
To configure the client of ISDN caller identification callback: To do...

Use the command...

system-view
Remarks
149
To do...
2. Enter dial interface (physical or dialer) view. 3. Configure one or multiple destination addresses and dial strings.
Use the command...

interface interface-type interface-number dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] * dialer timer enable seconds
Remarks
Required.
4. Set the interval for DCC to make the next call attempt.
Optional. HP recommends15 seconds.
2.
Configure the server of ISDN caller identification callback
To configure the server of ISDN caller identification callback: To do...

1. Enter system view. 2. Enter dial interface (physical or dialer) view. 3. Configure the local end to place ISDN return calls for the specified ISDN calling number. 4. Configure one or multiple destination addresses and dial strings. 5. Use this command instead of the dialer route command if only one remote destination address is involved.
Use the command...

Remarks

dialer call-in remote-number [ callback ] dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] *
Required
Required
dialer number dial-number
Optional
To make a successful callback for an incoming number, make sure that the dial string configured in the dialer route or dialer number command on the dial interface at the server end is exactly the same as the incoming number. To leave enough time for a server to call back, set the interval for DCC to make the next call attempt on the client at least 10 seconds longer than that of the server. HP recommends that you set interval on the server to 5 seconds (the default) and that on the client to 15 seconds.
Configuring ISDN caller identification callback with RS-DCC

Configuring ISDN caller identification callback with RS-DCC involves configuring the server end and the client end.
1.
Configure the client of ISDN caller identification callback
To configure the client of ISDN caller identification callback: To do...

1. Enter system view. 2. Enter dialer interface view.
Use the command...

system-view interface dialer interface-number 150
Remarks

To do...
3. Configure a dial string for calling a remote end. 4. Set the interval for DCC to make the next call attempt. 2.
Use the command...

dialer number dial-number dialer timer enable seconds
Remarks
Required. Optional. HP recommends 15 seconds.
Configure the server of ISDN caller identification callback
To configure the server of ISDN caller identification callback: To do...

1. Enter system view. 2. Enter dialer interface view. 3. Configure the local end to place ISDN return calls for the specified ISDN calling number. 4. Configure a dial string for calling a remote end.
Use the command...

system-view interface dialer interface-number dialer call-in remote-number [ callback ] dialer number dial-number
Remarks
Required
Required
The number configured in the dialer number command on the dialer interface is not required to be the same as the incoming number. To leave enough time for a server to call back, set the interval for DCC to make the next call attempt on the client at least 10 seconds longer than that of the server. HP recommends that you set the interval on the server to 5 seconds (the default) and that on the client to 15 seconds.
Configuring advanced DCC functions

Configuring an ISDN leased line
An ISDN leased line can be configured with C-DCC but not RS-DCC. This function is fulfilled through establishing semi-permanent ISDN MP connections. Such application requires that a leased line has been established on the PBX of your telecom service provider and has been connected to the remote device. After completing C-DCC configurations, follow these steps to configure an ISDN leased line: To do...
1. Enter system view. 2. Enter physical interface view.
Use the command...

Remarks
Required.
3. Specify a B channel for ISDN leased line connection.
dialer isdn-leased number
No B channel is configured for ISDN leased line connection by default.
ISDN BRI interfaces support both 64 kbps and 128 kbps leased lines. For more information, see the chapter ISDN configuration.
Configuring auto-dial
Auto-dial can be used with C-DCC, but not RS-DCC. With auto-dial enabled, DCC automatically dials the remote end of connection upon each device startup without requiring a triggering packet. If the connection
151
cannot be established, it will retry at certain intervals. The connection thus established does not disconnect due to timeout of the idle-timeout timer as it would in the traffic-triggered dial approach. Its configuration thus voids the dialer timer idle command. To configure auto-dial: To do...
1. Enter system view. 2. Enter dial interface (physical or dialer) view. 3. Configure one or multiple destination addresses and dial strings that can be auto-dialed.
Use the command...

system-view interface interface-type interface-number dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number autodial [ interface interface-type interface-number ] dialer timer autodial seconds
Remarks
Required. Auto-dial is disabled by default. Optional. The default is 300 seconds.
4. Set the auto-dial interval.
Configuring circular dial string backup

In C-DCC, you may configure multiple dialer route commands for the dial strings used to call a destination address. These dial strings are backups to each other. If DCC fails to call the remote end with a dial string, it selects the dialer route command with the next dial string for another try. To configure dial string circular backup: To do...
1. Enter system view. 2. Enter dial interface (physical or dialer) view. 3. Repeat this step to associate multiple dial strings with the same next-hop-address.
Use the command...

system-view interface interface-type interface-number dialer route protocol next-hop-address [ mask network-mask-length ] [ user hostname | broadcast ] * dial-number [ autodial | interface interface-type interface-number ] *
Remarks

Required
Configuring DCC overlap receiving

By default, DCC operates in non-overlap receiving mode. A DCC called party starts establishing a DCC connection as soon as the first digit of the called number is received, instead of waiting for the complete called number to be gathered. With overlap receiving enabled, a DCC called party does not start establishing a DCC connection until the complete called number is received. You must configure the overlap receiving mode only when DCC is configured on the current ISDN physical interface. To configure DCC overlap receiving: To do...
1. Enter system view. 2. Enter dial interface (ISDN physical interface) view.
Use the command...

Remarks

152
To do...
3. Configure DCC to operate in overlap receiving mode.
Use the command...

dialer overlap-receiving
Remarks
Required. By default, DCC operates in non-overlap receiving mode.
Generally, there is no need for configuring this feature. However, in the North American market, you must configure this feature for interoperability purpose.
Configuring DCC timers and buffer queue length

C-DCC and RS-DCC are available with some optional parameters. You may configure them appropriately to improve on-demand dial efficiency.
DCC timers and buffer queue length

Link idle-timeout timer Holddown timer A link idle-timeout timer starts upon setup of a link. When the timer expires, DCC disconnects the link. A holddown timer starts upon disconnection of a link. The call attempt to bring up this link can be made only after the timer expires. This is to prevent a remote PBX from being overloaded. Compete-idle timer If all the channels are unavailable when DCC originates a new call, contention occurs. Normally, an idle-timeout timer starts upon setup of a link. If a call to another destination address is placed at the same time, contention occurs. DCC starts a compete-idle timer to replace the idle-timeout timer for the link. When the idle time of the link reaches the setting of this compete-idle timer, the link disconnects. Wait-carrier timer Sometimes, the time that DCC waits for a connection to be established may vary call by call. To handle this situation, you may use a wait-carrier timer. A wait-carrier timer starts when a call is placed. If the connection is not established upon expiration of the timer, DCC terminates the call. Buffer queue length If no connection is available when a dial interface without a buffer queue receives a packet, it drops the packet. Configured with a buffer queue, the dial interface buffers the packet until a connection is available for packet sending.
To configure DCC timers and buffer queue length on a dial interface: To do...
1. Enter system view. 2. Enter dial interface (physical or dialer) view. 3. Set the link idle-timeout timer.
Use the command...

system-view interface interface-type interface-number dialer timer idle seconds
Remarks
Optional. The default is 120 seconds. Optional. The default is 5 seconds.
4. Set the holddown timer.
153
To do...
5. Set the compete-idle timer.
Use the command...

dialer timer compete seconds
Remarks
Optional. The default is 20 seconds. Optional. The default is 60 seconds. Optional.
6. Set the wait-carrier timer.
dialer timer wait-carrier seconds
7. Set the buffer queue length.
dialer queue-length packets
Packets are not buffered by default.
Configuring dynamic route backup achieved through DCC

The dynamic route backup function is available to the following dialup interfaces: dialer interfaces, PRI interfaces, BRI interfaces, serial interfaces operating in the asynchronous mode, AM interfaces, AUX interfaces, and Asynchronous interfaces.
Introduction to dynamic route backup

The dynamic route backup function employs DCC to dynamically maintain dialup links. It can provide backup for dialup links based on routes. The dynamic route backup function combines the backup function and the routing function. It provides reliable connections and standard dial-on-demand services.
1.
Features of dynamic route backup
The dynamic route backup function is mainly used to back up dynamic routes; moreover, it can also back up static routes and directly-connected routes. The dynamic route backup function is suitable for scenarios with multiple interfaces and multiple routers. It is not dedicated to a specific interface or link. With dynamic route backup enabled, the backup link is activated automatically when the primary link fails. The primary-backup switchover does not incur dialup delay (the route convergence time is not counted in). The dynamic route backup function is routing protocol-independent. It can collaborate with the RIPv1, RIPv2, OSPF, IS-IS, and BGP. However, some routing protocols (such as BGP) use the optimal routes by default. Therefore, with BGP employed, when the backup link is activated due to a failure of the primary link to the monitored network segment, the device learns routes to the monitored network segment through BGP. When the primary link recovers, the device learns routes to the monitored network segment through BGP too. However, the routes that the primary link learns may be less optimal than what the backup link learns. As a result, the routes the backup link learns remain activated, dynamic route monitoring fails, and the backup link-to-primary link switchover fails. To address this problem, do the following:
2.
Make sure the IP address assigned to the backup link is greater than that assigned to the primary link. Make sure the same route can be learned by multiple links (which can be achieved through load balancing configuration). How dynamic route backup works
The dynamic route backup function is implemented using dynamic route backup groups. In a dynamic route backup group, the backup link is activated when the primary link leading to the monitored network segment fails. Dynamic route backup operates in the following steps:
154
The system monitors whether the routes to the monitored network segment are updated and checks whether at least one route to the monitored network segment exists. If at least one route to the monitored network segment exists, and the route is originated from an interface with dynamic route backup disabled, the primary link is considered operating properly. If no route exists, the primary link is considered to be shut down and unavailable, and the backup link is activated. After the backup link is activated successfully, the data is transferred across it. During this process, the system periodically checks the primary link status. When the primary link recovers, the backup link can be brought down either immediately or when the timer expires, depending on the related configuration.
Creating a dynamic route backup group

Create a dynamic route backup group in one of the following two ways.
1.
Create multiple dynamic route backup groups, each of which monitors a network segment. The backup link is activated when the route to a network segment being monitored becomes invalid. Each dynamic route backup group can establish or tear down a link through a dialup interface. Create a dynamic route backup group to monitor multiple network segments. The backup link is activated when the routes to all the network segments being monitored becomes invalid. When you establish the backup link, the dynamic route backup group checks for dialup interfaces configured with the dialer route command. It tries to establish the backup link on the first such interface. Note that only one backup link is established.
2.
To create a dynamic route backup group: To do

1. Enter system view. 2. Create a dynamic route backup group and add a network segment to be monitored to the group.
Use the command

system-view standby routing-rule group-number ip ip-address { mask | mask-length }
Remarks
Required. By default, no dynamic route backup group is created.
The IP address specified in the standby routing-rule command must be the same as that specified in the dialer route command.
Enabling dynamic route backup on a backup interface

Before enabling dynamic route backup on a backup interface, make sure DCC is enabled on the interface. To enable dynamic route backup on a backup interface: To do
1. Enter system view. 2. Enter interface view. 3. Enable dynamic route backup.
Use the command

system-view interface interface-type interface-number standby routing-group group-number
Remarks
155
Configuring the delay for disconnecting a backup link

Normally, when the primary link recovers, the backup link is torn down. To prevent route instability, specify the backup link remains valid for a specific period after the primary link recovers by configuring the delay for disconnecting a backup link. To configure the delay for disconnecting a backup link: To do
Use the command

system-view interface interface-type interface-number standby timer routing-disable seconds
Remarks
Optional.
3. Configure the delay for disconnecting a backup link.
By default, the delay for disconnecting a backup link is 20 seconds.
Configuring the warm-up timer for dynamic route backup

For a device supporting this function, use the default setting. Usually, after a system reboot, configuration recovery is performed, during which the primary interface in a dynamic route backup group is down and thus the routes on the primary interface are unavailable. As a result, the backup link is dialed when configuration recovery is being performed. After the configuration recovers, the primary interface goes up and the routes on it become available. Thus, the backup link, if having been dialed up successfully, is brought down shortly after it goes up. To avoid the problem, set the warm-up timer for dynamic route backup to disable the system from dialing a backup link within a period of time after a reboot. To configure the warm-up timer for dynamic route backup: To do
1. Enter system view. 2. Configure the warm-up time for dynamic route backup.
Use the command

system-view dialer timer warmup seconds
Remarks
Configuring traffic statistics collecting interval

To configure traffic statistics collecting interval for DCC: To do...
1. Enter system view. 2. Set the traffic statistics collecting interval for DCC.
Use the command...

system-view dialer flow-interval interval
Remarks
Optional. The default is 20 seconds.
156
Displaying and maintaining DCC

To do
Display information about a specified or all dial interfaces.
Use the command

display dialer [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display interface dialer number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ dialer ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] dialer disconnect [ interface interface-type interface-number ] reset counters interface [ dialer [ number ] ]
Remarks
Display information about a dialer interface.
Tear down a dialup link. Clear the statistics on a dialer interface.
Available in any view Available in user view
DCC configuration examples

C-DCC application
In Figure 45, configure C-DCC to allow Router A to call Router B and Router C from multiple interfaces but disable Router B and Router C from calling each other. Figure 45 Network diagram
S2/0 Router B 100.1.1.2/24
Modem
8810048
8810052
Modem
S2/0
Router A
Dialer0 100.1.1.1/24 S2/1
PSTN
Modem
8810049
8810063
Modem
S2/0 100.1.1.3/24
Router C
1.
Configure Router A
# Configure a dial access control rule for dialer access group 1.

<RouterA> system-view
157
[RouterA] dialer-rule 1 ip permit
# Assign an IP address to interface Dialer0, associate dialer access group 1 with the interface, enable C-DCC, and configure dial strings for calling Router B and Router C.
[RouterA] interface dialer 0 [RouterA-Dialer0] dialer enable-circular [RouterA-Dialer0] ip address 100.1.1.1 255.255.255.0 [RouterA-Dialer0] dialer-group 1 [RouterA-Dialer0] dialer route ip 100.1.1.2 8810052 [RouterA-Dialer0] dialer route ip 100.1.1.3 8810063 [RouterA-Dialer0] quit
# Set interface Serial 2/0 to work in asynchronous protocol mode and assign it to dialer circular group 0.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol [RouterA-Serial2/0] dialer circular-group 0 [RouterA-Serial2/0] quit
# Configure interface Serial 2/1 to work in asynchronous protocol mode and assign it to dialer circular group 0.
[RouterA] interface serial 2/1 [RouterA-Serial2/1] physical-mode async [RouterA-Serial2/1] async mode protocol [RouterA-Serial2/1] dialer circular-group 0 [RouterA-Serial2/1] quit
# Enable modem dial-in and dial-out on user interfaces to be used.

[RouterA] user-interface tty1 [RouterA-ui-tty1] modem both [RouterA-ui-tty1] quit [RouterA] user-interface tty2 [RouterA-ui-tty2] modem both
2.
Configure Router B.

<RouterB> system-view [RouterB] dialer-rule 1 ip permit
# Configure interface Serial 2/0 to work in asynchronous protocol mode.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] physical-mode async [RouterB-Serial2/0] async mode protocol
# Assign an IP address to interface Serial 2/0, associate dialer access group 1 with the interface, enable C-DCC, and configure two dial strings for calling Router A.
[RouterB-Serial2/0] ip address 100.1.1.2 255.255.255.0 [RouterB-Serial2/0] dialer enable-circular [RouterB-Serial2/0] dialer-group 1 [RouterB-Serial2/0] dialer route ip 100.1.1.1 8810048 [RouterB-Serial2/0] dialer route ip 100.1.1.1 8810049 [RouterB-Serial2/0] quit
158
# Enable modem dial-in and dial-out on the user interface to be used.

[RouterB] user-interface tty1 [RouterB-ui-tty1] modem both
3.
Configure Router C

<RouterC> system-view [RouterC] dialer-rule 1 ip permit
# Configure interface Serial 2/0 to work in asynchronous protocol mode.

[RouterC] interface serial 2/0 [RouterC-Serial2/0] physical-mode async [RouterC-Serial2/0] async mode protocol
# Assign an IP address to interface Serial 2/0, associate dialer access group 1 with the interface, enable C-DCC, and configure two dial strings for calling Router A.
[RouterC-Serial2/0] ip address 100.1.1.3 255.255.255.0 [RouterC-Serial2/0] dialer enable-circular [RouterC-Serial2/0] dialer-group 1 [RouterC-Serial2/0] dialer route ip 100.1.1.1 8810048 [RouterC-Serial2/0] dialer route ip 100.1.1.1 8810049 [RouterC-Serial2/0] quit
# Enable modem dial-in and dial-out on the user interface to be used.

[RouterC] user-interface tty1 [RouterC-ui-tty1] modem both
RS-DCC application
As shown in Figure 46, interfaces Dialer 0 on Router A and Router B are on the same network segment, and interfaces Dialer 1 on Router A and Dialer 0 on Router C are on the same network segment. Configure RS-DCC to allow Router A to call Router B and Router C from multiple interfaces but disable Router B and Router C from calling each other. Figure 46 Network diagram
Router B
S2/0
Modem
Dialer0 100.1.1.1/24 S2/0
8810048
8810052
Modem
Dialer0 100.1.1.2/24
Router A
S2/1 Dialer1 122.1.1.1/24
PSTN
Modem
8810049
8810063
Modem
S2/0
Router C
Dialer0 122.1.1.2/24
159
1.
Configure Router A
# Configure a dial access control rule for dialer access group 1; create local user accounts userb and userc for Router B and Router C and configure PPP authentication for them.
<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] local-user userb [RouterA-luser-userb] password simple userb [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit [RouterA] local-user userc [RouterA-luser-userc] password simple userc [RouterA-luser-userc] service-type ppp [RouterA-luser-userc] quit
# Assign an IP address to interface Dialer0, enable RS-DCC, and configure the remote username allowed to call in.
[RouterA] interface dialer 0 [RouterA-Dialer0] ip address 100.1.1.1 255.255.255.0 [RouterA-Dialer0] dialer user userb [RouterA-Dialer0] dialer bundle 1
# Configure information for PPP authentication and the dial strings on interface Dialer0. (Assume that PAP is used at the local end.)
[RouterA-Dialer0] dialer-group 1 [RouterA-Dialer0] ppp authentication-mode pap [RouterA-Dialer0] ppp pap local-user usera password simple usera [RouterA-Dialer0] dialer number 8810052 [RouterA-Dialer0] quit
[RouterA] interface dialer 1 [RouterA-Dialer1] ip address 122.1.1.1 255.255.255.0 [RouterA-Dialer1] dialer user userc [RouterA-Dialer1] dialer bundle 2
# Configure information for PPP authentication and the dial strings on interface Dialer 1. (Assume that PAP is used at the local end.)
# Set interface Serial 2/0 to work in asynchronous protocol mode, configure information for PPP authentication, and assign the interface to dialer bundle 1 and dialer bundle 2.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol [RouterA-Serial2/0] dialer bundle-member 1
160
[RouterA-Serial2/0] dialer bundle-member 2 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp authentication-mode pap [RouterA-Serial2/0] ppp pap local-user usera password simple usera [RouterA-Serial2/0] quit
# Set interface Serial 2/1 to operate in asynchronous protocol mode, configure information for PPP authentication, and assign the interface to dialer bundle 1 and dialer bundle 2.
[RouterA] interface serial 2/1 [RouterA-Serial2/1] physical-mode async [RouterA-Serial2/1] async mode protocol [RouterA-Serial2/1] dialer bundle-member 1 [RouterA-Serial2/1] dialer bundle-member 2 [RouterA-Serial2/1] link-protocol ppp [RouterA-Serial2/1] ppp authentication-mode pap [RouterA-Serial2/1] ppp pap local-user usera password simple usera [RouterA-Serial2/1] quit
# Configure user interfaces to be used and enable modem dial-in and dial-out on them.
[RouterA] user-interface tty1 [RouterA-ui-tty1] modem both [RouterA-ui-tty1] quit [RouterA] user-interface tty2 [RouterA-ui-tty2] modem both
2.
Configure Router B
# Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it.
<RouterB> system-view [RouterB] dialer-rule 2 ip permit [RouterB] local-user usera [RouterB-luser-usera] password simple usera [RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit
# Assign an IP address to interface Dialer0, enable RS-DCC, and configure the remote username allowed to call in and the dial string for placing calls.
[RouterB] interface dialer 0 [RouterB-Dialer0] ip address 100.1.1.2 255.255.255.0 [RouterB-Dialer0] dialer user usera [RouterB-Dialer0] dialer bundle 1 [RouterB-Dialer0] dialer number 8810048
# Configure information for PPP authentication. (Assume that PAP is used at the local end.)
[RouterB-Dialer0] dialer-group 2 [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] quit
# Set interface Serial 2/0 to work in asynchronous protocol mode, configure information for PPP authentication, and assign the interface to dialer bundle 1.
[RouterB] interface serial 2/0
161
[RouterB-Serial2/0] physical-mode async [RouterB-Serial2/0] async mode protocol [RouterB-Serial2/0] dialer bundle-member 1 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap [RouterB-Serial2/0] ppp pap local-user userb password simple userb [RouterB-Serial2/0] quit
# Configure the user-interface to be used and enable modem dial-in and dial-out on it.
3.
Configure Router C
# Configure a dial access control rule for dialer access group 1; create a local user account usera and configure PPP authentication for it.
<RouterC> system-view [RouterC] dialer-rule 1 ip permit [RouterC] local-user usera [RouterC-luser-usera] password simple usera [RouterC-luser-usera] service-type ppp [RouterC-luser-usera] quit
# Assign an IP address to interface Dialer0, enable RS-DCC, and configure the remote username allowed to call in and the dial string for placing calls.
[RouterC] interface dialer 0 [RouterC-Dialer0] ip address 122.1.1.2 255.255.255.0 [RouterC-Dialer0] dialer user usera [RouterC-Dialer0] dialer bundle 1 [RouterC-Dialer0] dialer number 8810049
# Configure information for PPP authentication. (Assume that PAP is used at the local end.)
[RouterC-Dialer0] dialer-group 1 [RouterC-Dialer0] ppp authentication-mode pap [RouterC-Dialer0] ppp pap local-user userc password simple userc [RouterC-Dialer0] quit
# Set interface Serial 2/0 to work in asynchronous protocol mode, configure information for PPP authentication, and assign the interface to dialer bundle 1.
[RouterC] interface serial 2/0 [RouterC-Serial2/0] physical-mode async [RouterC-Serial2/0] async mode protocol [RouterC-Serial2/0] dialer bundle-member 1 [RouterC-Serial2/0] link-protocol ppp [RouterC-Serial2/0] ppp authentication-mode pap [RouterC-Serial2/0] ppp pap local-user userc password simple userc [RouterC-Serial2/0] quit
# Configure the user interface to be used and enable modem dial-in and dial-out on it.
[RouterC] user-interface tty1 [RouterC-ui-tty1] modem both
162
DCC application on ISDN

In Figure 47, interfaces BRI 1/0 on Router A, B, and C are located on the same network segment. In Figure 48, interfaces Dialer 0 on Router A and Router B are on the same network segment, and interface Dialer 1 on Router A and Dialer 0 on Router C are on the same network segment. Make configuration to allow Router A to call Router B and Router C from multiple interfaces but disable Router B and Router C from calling each other in both C-DCC and RS-DCC approaches. Figure 47 Network diagram for C-DCC application on ISDN
NT 1
BRI1/0 100.1.1.2/24
Router B
8810052
Router A
BRI1/0 100.1.1.1/24
NT 1
8810048
ISDN
8810063
NT 1
Router C
BRI1/0 100.1.1.3/24
Figure 48 Network diagram for RS-DCC application on ISDN

NT 1
BRI1/0 8810052 Dialer0
Router B
Dialer0 100.1.1.2/24
Router A 100.1.1.1/24
BRI1/0 Dialer1 122.1.1.1/24
NT 1
8810048
ISDN
8810063
NT 1
BRI1/0
Router C
Dialer0 122.1.1.2/24
Solution 1: Use C-DCC to set up a connection via ISDN BRI or PRI and configure DCC parameters on physical interfaces.
1.
Configure Router A

<RouterA> system-view [RouterA] dialer-rule 1 ip permit
163
# Assign an IP address to interface BRI 1/0, enable C-DCC, and configure the dial strings for calling Router B and Router C.
[RouterA] interface bri 1/0 [RouterA-Bri1/0] ip address 100.1.1.1 255.255.255.0 [RouterA-Bri1/0] dialer enable-circular [RouterA-Bri1/0] dialer-group 1 [RouterA-Bri1/0] dialer route ip 100.1.1.2 8810052 [RouterA-Bri1/0] dialer route ip 100.1.1.3 8810063
2.
Configure Router B

# Assign an IP address to interface BRI 1/0, enable C-DCC, and configure the dial string for calling Router A.
[RouterB] interface bri 1/0 [RouterB-Bri1/0] ip address 100.1.1.2 255.255.255.0 [RouterB-Bri1/0] dialer enable-circular [RouterB-Bri1/0] dialer-group 2 [RouterB-Bri1/0] dialer route ip 100.1.1.1 8810048
3.
Configure Router C

# Assign an IP address to interface BRI 1/0, enable C-DCC, and configure the dial string for calling Router A.
[RouterC] interface bri 1/0 [RouterC-Bri1/0] ip address 100.1.1.3 255.255.255.0 [RouterC-Bri1/0] dialer enable-circular [RouterC-Bri1/0] dialer-group 1 [RouterC-Bri1/0] dialer route ip 100.1.1.1 8810048
Solution 2: Use RS-DCC to set up a connection via ISDN BRI or PRI and configure DCC parameters on dialer interfaces.
4.
Configure Router A
# Configure a dial access control rule for dialer access group 1; create local user accounts userb and userc for Router B and Router C and configure PPP authentication for them.
<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] local-user userb [RouterA-luser-userb] password simple userb [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit [RouterA] local-user userc [RouterA-luser-userc] password simple userc [RouterA-luser-userc] service-type ppp [RouterA-luser-userc] quit
164
[RouterA] interface dialer 0 [RouterA-Dialer0] ip address 100.1.1.1 255.255.255.0 [RouterA-Dialer0] dialer user userb [RouterA-Dialer0] dialer bundle 1
# Configure information for PPP authentication and the dial strings on interface Dialer0.
[RouterA] interface dialer 1 [RouterA-Dialer1] ip address 122.1.1.1 255.255.255.0 [RouterA-Dialer1] dialer user userc [RouterA-Dialer1] dialer bundle 2
# Configure information for PPP authentication on interface BRI 1/0 and assign the interface to dialer bundle 1 and dialer bundle 2.
[RouterA] interface bri 1/0 [RouterA-Bri1/0] dialer bundle-member 1 [RouterA-Bri1/0] dialer bundle-member 2 [RouterA-Bri1/0] link-protocol ppp [RouterA-Bri1/0] ppp authentication-mode pap [RouterA-Bri1/0] ppp pap local-user usera password simple usera
5.
Configure Router B
[RouterB] interface dialer 0 [RouterB-Dialer0] ip address 100.1.1.2 255.255.255.0 [RouterB-Dialer0] dialer user usera
165
[RouterB-Dialer0] dialer bundle 1
# Configure information for PPP authentication and the dial string on interface Dialer0.
[RouterB-Dialer0] dialer-group 2 [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] dialer number 8810048 [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] quit
# Configure PPP authentication on interface BRI 1/0 and assign it to dialer bundle 1.
[RouterB] interface bri 1/0 [RouterB-Bri1/0] dialer bundle-member 1 [RouterB-Bri1/0] link-protocol ppp [RouterB-Bri1/0] ppp authentication-mode pap [RouterB-Bri1/0] ppp pap local-user usera password simple usera
6.
Configure Router C
<RouterC> system-view [RouterC] dialer-rule 1 ip permit [RouterC] local-user usera [RouterC-luser-usera] password simple usera [RouterC-luser-usera] service-type ppp [RouterC-luser-usera] quit
[RouterC] interface dialer 0 [RouterC-Dialer0] ip address 122.1.1.2 255.255.255.0 [RouterC-Dialer0] dialer user usera [RouterC-Dialer0] dialer bundle 1
[RouterC-Dialer0] dialer-group 1 [RouterC-Dialer0] dialer number 8810048 [RouterC-Dialer0] ppp authentication-mode pap [RouterC-Dialer0] ppp pap local-user userc password simple userc [RouterC-Dialer0] quit
# Configure information for PPP authentication on interface BRI 1/0 and assign the interface to dialer bundle 1.
[RouterC] interface bri 1/0 [RouterC-Bri1/0] dialer bundle-member 1 [RouterC-Bri1/0] link-protocol ppp [RouterC-Bri1/0] ppp authentication-mode pap [RouterC-Bri1/0] ppp pap local-user usera password simple usera
166
RS-DCC application with MP

As shown in Figure 49 Two ISDN BRI interfaces on Router A and an ISDN PRI interface on Router B are connected across ISDN. Interface Dialer0 on Router A is assigned an IP address 100.1.1.1/24, and interface Dialer0 on Router B is assigned an IP address 100.1.1.2/24.
Use RS-DCC on Router A to call Router B and C-DCC on Router B to call Router A. In addition, implement traffic distribution for the two interfaces on Router A by setting traffic thresholds and maximum bandwidth. Figure 49 Network diagram
Dialer0 100.1.1.1/24
NT 1
8810048 Dialer0 100.1.1.2/24 Router B E1 2/0
Router A BRI1/1
NT 1
ISDN
BRI1/0
8810052
NT 1
8810049
1.
Configure Router A
# Configure a dial access control rule for dialer access group 1; create a local user account userb for Router B and configure PPP authentication for it; and set the traffic statistics collecting interval to three seconds for DCC.
<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] local-user userb [RouterA-luser-userb] password simple userb [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit [RouterA] dialer flow-interval 3
# Assign an IP address to interface Dialer0, enable RS-DCC, and configure MP.

[RouterA] interface dialer 0 [RouterA-Dialer0] ip address 100.1.1.1 255.255.255.0 [RouterA-Dialer0] dialer bundle 1 [RouterA-Dialer0] ppp mp [RouterA-Dialer0] dialer threshold 50
# Configure information for PPP authentication, the remote user allowed to call in and the dial strings on interface Dialer0.
[RouterA-Dialer0] dialer user userb
167
# Configure PPP authentication on BRI 1/1 and assign it to dialer bundle 1.

[RouterA] interface bri 1/1 [RouterA-Bri1/1] dialer bundle-member 1 [RouterA-Bri1/1] ppp mp [RouterA-Bri1/1] link-protocol ppp [RouterA-Bri1/1] ppp authentication-mode pap [RouterA-Bri1/1] ppp pap local-user usera password simple usera
# Configure PPP authentication on BRI 1/0 and assign it to dialer bundle 1.

[RouterA-Bri1/0] interface bri 1/0 [RouterA-Bri1/0] dialer bundle-member 1 [RouterA-Bri1/0] ppp mp [RouterA-Bri1/0] link-protocol ppp [RouterA-Bri1/0] ppp authentication-mode pap [RouterA-Bri1/0] ppp pap local-user usera password simple usera
2.
Configure Router B
# Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it; and set the traffic statistics collecting interval to three seconds for DCC.
<RouterB> system-view [RouterB] dialer-rule 2 ip permit [RouterB] local-user usera [RouterB-luser-usera] password simple usera [RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit [RouterB] dialer flow-interval 3
# Assign an IP address to interface Dialer0; enable C-DCC; and configure the dial strings, MP, and information for PPP authentication.
[RouterB] interface dialer 0 [RouterB-Dialer0] ip address 100.1.1.2 255.255.255.0 [RouterB-Dialer0] dialer enable-circular [RouterB-Dialer0] dialer-group 2 [RouterB-Dialer0] dialer route ip 100.1.1.1 8810048 [RouterB-Dialer0] dialer route ip 100.1.1.1 8810049 [RouterB-Dialer0] ppp mp [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] quit
# Bundle timeslots on CE1/PRI interface E1 2/0 into a PRI group.

[RouterB] controller e1 2/0 [RouterB-E1 2/0] pri-set [RouterB-E1-2/0] quit
168
# Enable C-DCC on interface Serial 2/0:15 created on interface E1 2/0 and assign the serial interface to interface Dialer 0.
[RouterB] interface serial 2/0:15 [RouterB-Serial2/0:15] dialer enable-circular [RouterB-Serial2/0:15] dialer circular-group 0
Router-to-router callback with DCC (PPP approach)

As shown in Figure 50: Router A and Router B are interconnected through serial interfaces across PSTN. Interface Serial 2/0 on Router A is assigned the IP address of 100.1.1.1/24 and interface Serial 2/0 on Router B is assigned the IP address of 100.1.1.2/24.
Implement PPP callback between Router A and Router B, specifying Router A as the callback client and Router B as the callback server. Figure 50 Network for
Router A
S2/0 100.1.1.1/24
Modem
8810048
Modem
PSTN
8810052
S2/0 100.1.1.2/24
Router B
Call back client
Callback server
Solution 1: Use C-DCC to implement PPP callback, allowing the callback server to make callback decision based on usernames configured in the dialer route commands.
1.
Configure Router A

# Assign an IP address to interface Serial 2/0, configure its physical layer and C-DCC parameters.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 100.1.1.1 255.255.255.0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol [RouterA-Serial2/0] dialer enable-circular [RouterA-Serial2/0] dialer-group 1 [RouterA-Serial2/0] dialer route ip 100.1.1.2 8810052 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp pap local-user usera password simple usera
# Specify interface Serial 2/0 as the callback client.

[RouterA-Serial2/0] ppp callback client [RouterA-Serial2/0] dialer timer enable 15 [RouterA-Serial2/0] quit
[RouterA] user-interface tty1
169
[RouterA-ui-tty1] modem both
2.
Configure Router B
# Configure a dial access control rule for dialer access group 2; and create a local user account usera for Router A and configure PPP authentication for it.
[RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 100.1.1.2 255.255.255.0 [RouterB-Serial2/0] physical-mode async [RouterB-Serial2/0] async mode protocol [RouterB-Serial2/0] dialer enable-circular [RouterB-Serial2/0] dialer-group 2 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap
# Specify the local end as the callback server, and set the callback reference to user. DCC identifies the dial string for callback according to the username configured in the dialer route command.
[RouterB-Serial2/0] dialer callback-center user [RouterB-Serial2/0] dialer route ip 100.1.1.1 user usera 8810048 [RouterB-Serial2/0] ppp callback server [RouterB-Serial2/0] quit
Solution 2: Use C-DCC to implement PPP callback, allowing the callback server to identify the dial string for callback by comparing the remote username received in PPP authentication against the local user database for a match.
3.
Configure Router A

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 100.1.1.1 255.255.255.0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol [RouterA-Serial2/0] dialer enable-circular [RouterA-Serial2/0] dialer-group 1 [RouterA-Serial2/0] dialer route ip 100.1.1.2 8810052 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp pap local-user usera password simple usera
170
# Specify interface Serial 2/0 as the callback client.

[RouterA-Serial2/0] ppp callback client [RouterA-Serial2/0] dialer timer enable 15 [RouterA-Serial2/0] quit
[RouterA] user-interface tty1 [RouterA-ui-tty1] modem both
4.
Configure Router B
# Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it; and configure the dial string for callback.
<RouterB> system-view [RouterB] dialer-rule 2 ip permit [RouterB] local-user usera [RouterB-luser-usera] password simple usera [RouterB-luser-usera] service-type ppp [RouterB-luser-usera] authorization-attribute callback-number 8810048 [RouterB-luser-usera] quit
# Assign an IP address to interface Serial 2/0, and configure physical and C-DCC parameters.
[RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 100.1.1.2 255.255.255.0 [RouterB-Serial2/0] physical-mode async [RouterB-Serial2/0] async mode protocol [RouterB-Serial2/0] dialer enable-circular [RouterB-Serial2/0] dialer-group 2 [RouterB-Serial2/0] dialer route ip 100.1.1.1 user usera 8810048
# Specify the local end as the callback server, and set the callback reference to dial number. DCC identifies the dial string for callback by comparing the remote username obtained through PPP authentication against the local user database for a match.
[RouterB-Serial2/0] dialer callback-center dial-number [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp authentication-mode pap [RouterB-Serial2/0] ppp callback server [RouterB-Serial2/0] quit
Router-to-router callback with DCC (ISDN approach)

As shown in Figure 51: Router A and Router B are interconnected through ISDN BRI interfaces across an ISDN network. Configure ISDN caller identification callback with C-DCC between Router A and Router B, specifying Router A as the callback client and Router B as the callback server.
171

Router A
BRI1/0 100.1.1.1/24
NT 1
8810048
NT 1
ISDN
8810052
BRI1/0 100.1.1.2/24
Router B
Callback client
Callback server
1.
Configure Router A

# Assign an IP address to interface BRI 1/0, and configure C-DCC parameters and the dial string for placing calls to Router B.
[RouterA] interface bri 1/0 [RouterA-Bri1/0] ip address 100.1.1.1 255.255.255.0 [RouterA-Bri1/0] dialer enable-circular [RouterA-Bri1/0] dialer-group 1 [RouterA-Bri1/0] dialer route ip 100.1.1.2 8810052 [RouterA-Bri1/0] dialer timer enable 15
2.
Configure Router B

# Assign an IP address to interface BRI 1/0, and configure C-DCC parameters and the dial string for placing calls to Router A.
[RouterB] interface bri 1/0 [RouterB-Bri1/0] ip address 100.1.1.2 255.255.255.0 [RouterB-Bri1/0] dialer enable-circular [RouterB-Bri1/0] dialer-group 2 [RouterB-Bri1/0] dialer route ip 100.1.1.1 8810048
# Enable the local end to place return calls for ISDN calling number 8810048.
[RouterB-Bri1/0] dialer call-in 8810048 callback
Router-to-PC callback with DCC

As shown in Figure 52, the PC and Router are interconnected through modems across a PSTN network. PC accepts the address assigned by Router. Configure PPP callback with C-DCC between Router and PC, specifying PC as the callback client and Router as the callback server to make return calls according to dialer routes.
172

PC
100.1.1.2/24
Modem
8810048
Modem
PSTN
8810052
S2/0 100.1.1.1/24
Router
Callback client
Callback server
1.
Configure the PC (installed with Windows XP for example)
Do the following to create a dialup connection with callback capability enabled: # Place the modem connected to PC in auto answer mode. # Select Start > Programs > Accessories > Communications > Network and Dial-up Connections. In the Network and Dial-up Connections window, right-click on the Make New Connection icon; and, in the popup menu, select the New Connectionoption. The Network Connection Wizard window appears. Click Next. # In the Network Connection Type dialog box, select the Dial-up to the Internet option, and click Next. The Internet Connection Wizard dialog appears. Select to set up the Internet connection manually. Click Next. # In the Setting up your Internet connection dialog box, select the I connect through a phone line and a modem option. Click Next to set Internet account connection information. # Type in the phone number for dialing to the callback server. Click Next. # Type in the username and password that you want to use for PPP authentication when connecting to the server. Click Next. # Assign a name to your new connection and follow the instruction to complete the connection setup. # In the Network and Dial-up Connections window, right-click on the connection just created, and in the popup menu select the Properties option. # In the properties setting dialog box, select the Networking tab. In the Type of dial-up server I am calling drop-down list, select PPP: Windows 95/98/NT4/2000, Internet. Click Settings to do the following: Select the Enable LCP extensions check box. Unselect the Enable software compression check box. Unselect the Negotiate multi-link for single link connections check box.
Click OK. # Turn to the Network and Dial-up Connections window. Click on the connection icon you just created. Then, from the menu bar, select Advanced > Dial-up Preferences. In the Dial-up Preferences dialog box, select the Callback tab and do one of the following: Select the No callback option. After the PPP authentication is passed in a call, this option prevents the callback server from disconnecting the current connection and calling back. Instead, the server maintains the current connection and allows the client to access the LAN or the Internet. Select the Ask me during dialing when the server offers option. The callback server uses the callback number you input to place return calls. Select the Always call me back at the numbers below option. The callback server places return calls always at the number or numbers already set. Configure Router

2.
173
# Configure a dial access control rule for dialer access group 1; create a local user account userpc for PC and configure PPP authentication for the account.
<Router> system-view [Router] dialer-rule 1 ip permit [Router] local-user userpc [Router-luser-userc] password simple userpc [Router-luser-userc] service-type ppp [Router-luser-userc] quit
# Assign an IP address to interface Serial 2/0, and configure physical layer parameters.
[Router] interface serial 2/0 [Router-Serial2/0] ip address 100.1.1.1 255.255.255.0 [Router-Serial2/0] physical-mode async [Router-Serial2/0] async mode protocol
# Configure PPP encapsulation and other PPP parameters on the interface.

[Router-Serial2/0] link-protocol ppp [Router-Serial2/0] ppp authentication-mode pap [Router-Serial2/0] ppp pap local-user Router password simple Router
# Configure the interface to assign an IP address to the remote end.

[Router-Serial2/0] remote address 100.1.1.2
# Specify interface Serial 2/0 as the PPP callback server, and set the callback reference to user mode. DCC uses the dial string corresponding to the username configured in the dialer route command to place return calls.
[Router-Serial2/0] ppp callback server [Router-Serial2/0] dialer callback-center user
# Enable C-DCC on interface Serial 2/0 and configure C-DCC parameters.

[Router-Serial2/0] dialer enable-circular [Router-Serial2/0] dialer-group 1 [Router-Serial2/0] dialer route ip 100.1.1.2 user userpc 8810048 [Router-Serial2/0] quit
[Router] user-interface tty1 [Router-ui-tty1] modem both
NT server-to-router callback with DCC

As shown in Figure 53, Router and NT Server are interconnected through modems across a PSTN network. Router accepts the address assigned by NT Server. Configure PPP callback with C-DCC between Router and PC, specifying Router as the callback client and NT Server as the callback server to make return calls according to dialer routes.
174
Figure 53 Network diagram for NT server-to-router callback with DCC

NT server Router S2/0
100.1.1.1/24
Modem
8810048
Modem
PSTN
8810052
100.1.1.254/24
Callback client
Callback server
1.
Configure Router
# Configure a dial access control rule for dialer access group 1; create a local user account usernt for NT Server and configure PPP authentication for the account.
<Router> system-view [Router] dialer-rule 1 ip permit [Router] local-user usernt [Router-luser-userc] password simple usernt [Router-luser-userc] service-type ppp [Router-luser-userc] quit
# Configure physical layer parameters for interface Serial 2/0.

[Router] interface serial 2/0 [Router-Serial2/0] physical-mode async [Router-Serial2/0] async mode protocol
# Configure PPP encapsulation and other PPP parameters.

[Router-Serial2/0] link-protocol ppp [Router-Serial2/0] ppp authentication-mode pap [Router-Serial2/0] ppp pap local-user Router password simple Router
# Configure the interface to get an IP address through PPP negotiation.

[Router-Serial2/0] ip address ppp-negotiate
# Configure the interface as the PPP callback client.

[Router-Serial2/0] ppp callback client [Router-Serial2/0] dialer timer enable 15
# Enable C-DCC and configure C-DCC parameters on the interface.

[Router-Serial2/0] dialer enable-circular [Router-Serial2/0] dialer-group 1 [Router-Serial2/0] dialer route ip 100.1.1.254 8810052 [Router-Serial2/0] quit
[Router] user-interface tty1 [Router-ui-tty1] modem both
2.
Configure NT Server
Note that for Microsoft Windows users, the server must be Windows 2000 and a higher version such as Windows XP. For the purpose of this example, Windows XP is used. Do the following to create a dialup connection with callback capability enabled:
175
# Right-click on the My Network Places icon, and from the popup menu select the Properties option. The Network and Dial-up Connections window appears. # Right-click on the Make New Connection icon, and from the popup menu select the New Connectionoption. The Network Connection Wizard window appears. Click Next. # In the Network Connection Type dialog box, select the Accept incoming connections option, and click Next to set the device for incoming connections. Click Next. The Incoming Virtual Private Connection window appears. # Select the Allow virtual private connections option if the server is connected to the Internet to provide Internet access requests for the client. If otherwise, select the Do not allow virtual private connections. Then click Next. # In the Allowed Users dialog box, click Add. In the popup New User dialog box, add the username and password for the PPP callback client and click OK. An icon for the new user account appears in the box in the Allowed Users dialog box. # Select the new user and click Properties. The properties setting dialog appears. # Under the Callback tab, do one of the following: Select the Do not allow callback option. After the PPP authentication is passed in a call, this option prevents the callback server from disconnecting the current connection and calling back. Instead, the server maintains the current connection and allows the client to access the LAN or the Internet. Select the Allow the caller to set the callback number option. After the PPP authentication is passed in a call, the server disconnects and then calls back the client at the number configured in the ppp callback ntstring dial-number command. This option is almost the same as the last option except that the charges are paid by the server end instead of the client end. Select the Always use the following callback number option to set a callback number.
Click OK. The Networking Components dialog box appears. # Set the Networking components (use the default). Click Next. # Assign a name to your connection and Click Finish to complete the creation.
Circular dial string backup and internet access with DCC

As shown in Figure 54: Router A and Router B are connected across a PSTN network. Router B works as an access server and is configured with an IP address of 100.1.1.254/24. It uses the address range of 100.1.1.1/24 to 100.1.1.16/24 for address assignment. The PSTN dial strings available on it are 8810048 through 8810055, allowing the router to provide services to 16 online users. Router A accepts the IP address assigned by Router B.
Configure Router A on the dialup side to implement cyclic dial string backup with dialer routes. Configure Router B on the access side to use asynchronous serial interfaces to provide DCC dialup access and adopt PAP to authenticate the dialup side. As shown in Figure 55, Router C and Router D are connected across an ISDN network. The configurations of Router C and Router D are the same as those of Router A and Router B, except that Router D uses an ISDN dial string 8810048, rather than PSTN dial strings, to provide services. Configure Router C and Router D to implement DCC with one dial string and use CHAP for authentication.
176
Figure 54 Network diagram for dial string backup/access service with DCC (PSTN)
Modem 8810048 Router A
S2/0
Modem Modem 8810049 Modem

Async1/0 to Async1/7
...
Router B
PSTN
Modem
...
Internet
Host
Modem 8810054
Modem 8810055
Figure 55 Network diagram for dial string backup/access service with DCC (ISDN)
Router C
BRI1/0
NT 1
ISDN
S2/0:15 Router D 100.1.1.254/24 8810048
Internet
NT 1
Solution 1: Configure circular dial string backup on Router A on the dialup side. On Router B, configure C-DCC, allowing the router to set up connections on eight asynchronous serial interfaces; configure C-DCC parameters on a dialer interface.
1.
Configure Router A
# Configure a dial access control rule for dialer access group 1; create a local user account userb for Router B and configure PPP authentication for the account.
<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] local-user userb [RouterA-luser-userb] password simple userb [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit
# Configure physical layer parameters for interface Serial 2/0 and enable PPP address negotiation.
177
[RouterA] interface serial 2/0 [RouterA-Serial2/0] physical-mode async [RouterA-Serial2/0] async mode protocol [RouterA-Serial2/0] ip address ppp-negotiate
# Configure PPP encapsulation and authentication on the interface.

[RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp authentication-mode pap [RouterA-Serial2/0] ppp pap local-user user1 password simple user1
# On the interface, enable C-DCC, and configure C-DCC parameters and the dial strings for reaching Router B.
[RouterA-Serial2/0] dialer enable-circular [RouterA-Serial2/0] dialer-group 1 [RouterA-Serial2/0] dialer route ip 100.1.1.254 8810048 [RouterA-Serial2/0] dialer route ip 100.1.1.254 8810049 ... [RouterA-Serial2/0] dialer route ip 100.1.1.254 8810055 [RouterA-Serial2/0] quit
[RouterA] user-interface tty1 [RouterA-ui-tty1] modem both
2.
Configure Router B
# Configure a dial access control rule for dialer access group 2; create local user accounts user1 through user16 and configure PPP authentication for the accounts.
<RouterB> system-view [RouterB] dialer-rule 2 ip permit [RouterB] local-user user1 [RouterB-luser-user1] password simple user1 [RouterB-luser-user1] service-type ppp [RouterB-luser-user1] quit [RouterB] local-user user2 [RouterB-luser-user2] password simple user2 [RouterB-luser-user2] service-type ppp [RouterB-luser-user2] quit ... [RouterB] local-user user16 [RouterB-luser-user16] password simple user16 [RouterB-luser-user16] service-type ppp [RouterB-luser-user16] quit
# Assign an IP address to interface Dialer0 and configure it to assign IP addresses for PPP users.
[RouterB] interface dialer 0 [RouterB-Dialer0] link-protocol ppp [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] ip address 100.1.1.254 255.255.255.0 [RouterB-Dialer0] remote address pool 1
# Enable C-DCC and configure C-DCC parameters on the interface.

178
[RouterB-Dialer0] dialer enable-circular [RouterB-Dialer0] dialer-group 2 [RouterB-Dialer0] quit
# Configure physical and link layer parameters for interface Async 1/0.
[RouterB] interface async 1/0 [RouterB-Async1/0] async mode protocol [RouterB-Async1/0] dialer circular-group 0 [RouterB-Async1/0] link-protocol ppp [RouterB-Async1/0] ppp authentication-mode pap [RouterB-Async1/0] ppp pap local-user userb password simple userb [RouterB-Async1/0] quit
Repeat this step to configure physical and link layer parameters for interfaces Async 1/1 through Async 1/7. # Configure user interfaces TTY 1 through TTY 7 for interfaces Async 1/0 through Async 1/7 and enable modem dial-in and dial-out on them.
[RouterB] user-interface tty1 [RouterB-ui-tty1] modem both [RouterB-ui-tty1] quit [RouterB] user-interface tty2 [RouterB-ui-tty2] modem both ... [RouterB-ui-tty8] quit
# Configure the address for address assignment.

[RouterB] domain system [RouterB-isp-system] ip pool 1 100.1.1.1 100.1.1.16 [RouterB-isp-system] quit
3.
Configure the user PC
# Set the answering mode of the modem connected to the user PC (installed with Windows 2000 for example) to auto answer. # Select Start > Programs > Accessories > Communications > Network and Dial-up Connections. In the Network and Dial-up Connections window, create a new connection. # Select Start > Programs > Accessories > Communications > Network and Dial-up Connections. In the Network and Dial-up Connections window, right-click on the Make New Connection icon, and in the popup menu select the New Connectionoption. The Network Connection Wizard window appears. Click Next. # In the Network Connection Type dialog box, select the Dial-up to the Internet option, and click Next. The Internet Connection Wizard dialog box appears. Select to set up the Internet connection manually. Click Next. # In the Setting up your Internet connection dialog box, select the I connect through a phone line and a modem option. Click Next to set Internet account connection information. # Type in the phone number for dialing to the callback server. Click Next. # Type in the username (user16 for example) and password (user16 for example) that you want to use for PPP authentication when connecting to the server. Click Next. # Assign a name to the new connection and follow the instruction to complete the connection setup. # In the Network and Dial-up Connections window, right-click on the connection just created, and in the popup menu select the Properties option.
179
# In the properties setting dialog, select the Networking tab. In the Type of dial-up server I am calling drop-down list, select PPP: Windows 95/98/NT4/2000, Internet. Click Settings to do the following: Select the Enable LCP extensions check box. Unselect the Enable software compression check box. Unselect the Negotiate multi-link for single link connections check box.
Click OK. # Turn to the Network and Dial-up Connections window. Click on the connection icon you just created. Then, from the menu bar, select Advanced > Dial-up Preferences In the Dial-up Preferences dialog box, select the No callback option under the Callback tab. Double-click the created connection to dial. Solution 2: On Router C on the dialup side configure a single dial string. On Router D on the access side, use the C-DCC approach to set up a connection with Router C through an ISDN PRI interface; configure DCC parameters on a dialer interface.
4.
Configure Router C
# Configure a dial access control rule for dialer access group 1; create a local user account userd for Router D and configure PPP authentication for the account.
<RouterC> system-view [RouterC] dialer-rule 1 ip permit [RouterC] local-user userd [RouterC-luser-userd] password simple user1 [RouterC-luser-userd] service-type ppp [RouterC-luser-userd] quit
# Configure physical layer parameters for interface BRI 1/0 and enable PPP address negotiation.
[RouterC] interface bri 1/0 [RouterC-Bri1/0] ip address ppp-negotiate
# Configure PPP encapsulation and PPP CHAP authentication on the interface.

[RouterC-Bri1/0] link-protocol ppp [RouterC-Bri1/0] ppp authentication-mode chap [RouterC-Bri1/0] ppp chap user user1
# On the interface enable C-DCC, and configure C-DCC parameters and the dial string for reaching Router D.
[RouterC-Bri1/0] dialer enable-circular [RouterC-Bri1/0] dialer-group 1 [RouterC-Bri1/0] dialer route ip 100.1.1.254 8810048
5.
Configure Router D
# Configure a dial access control rule for dialer access group 2; create local user accounts user1 through user16 and configure PPP CHAP authentication for these accounts.
<RouterD> system-view [RouterD] dialer-rule 2 ip permit [RouterD] local-user user1 [RouterD-luser-user1] password simple user1 [RouterD-luser-user1] service-type ppp [RouterD-luser-user1] quit [RouterD] local-user user2
180
[RouterD-luser-user2] password simple user2 [RouterD-luser-user2] service-type ppp [RouterD-luser-user2] quit ... [RouterD] local-user user16 [RouterD-luser-user16] password simple user16 [RouterD-luser-user16] service-type ppp [RouterD-luser-user16] quit
# Bundle timeslots on CE1/PRI interface E1 2/0 into a PRI group.

[RouterD] controller e1 2/0 [RouterD-E1 2/0] pri-set [RouterD-E1 2/0] quit
# Enable C-DCC on interface Serial 2/0:15. (This interface is automatically created on CE1/PRI interface E1 2/0.)
[RouterD-E1 2/0] interface serial 2/0:15 [RouterD-Serial2/0:15] dialer enable-circular [RouterD-Serial2/0:15] dialer-group 2
# Assign an IP address to the serial interface.

[RouterD-Serial2/0:15] ip address 100.1.1.254 255.255.255.0
# Configure PPP encapsulation and other PPP parameters on the serial interface.
[RouterD-Serial2/0:15] link-protocol ppp [RouterD-Serial2/0:15] ppp authentication-mode chap [RouterD-Serial2/0:15] ppp chap user userd [RouterD-Serial2/0:15] remote address pool 1 [RouterD-Serial2/0:15] quit
# Configure an IP address pool for assigning addresses to PPP users.

[RouterD] domain system [RouterD-isp-system] ip pool 1 100.1.1.1 100.1.1.16 [RouterD-isp-system] quit
Dynamic route backup configuration example I

As shown in Figure 56: Router B is connected to Router A and Router C through serial interfaces connecting to two X.25 networks. Router A and Router C are connected to the same ISDN switched network through their ISDN BRI interfaces. Router A and Router C can call each other. The telephone number of Router C is 8810052. The serial interfaces are in network segment 10.0.0.0/8, and the BRI interfaces are in network segment 20.0.0.0/8. Use Router A as the master device of a dynamic route backup group to monitor network segment 30.0.0.0/8, which is connected to Router C.
181

Router B
X.25
S2/0 S2/1
X.25
S2/0 10.0.0.1/8
BRI3/0 20.0.0.1/8
BRI3/0 20.0.0.2/8
S2/1 10.0.0.2/8
Loop1 30.0.0.0/8
ISDN
Router A Router C
1.
Configure Router A
# Create a dialer access group rule.

# Configure dialup parameters for interface BRI 3/0.

[RouterA] interface bri 3/0 [RouterA-Bri3/0] ip address 20.0.0.1 8 [RouterA-Bri3/0] dialer enable-circular [RouterA-Bri3/0] dialer-group 1 [RouterA-Bri3/0] dialer route ip 30.0.0.1 8810052 [RouterA-Bri3/0] quit
# Configure interface Serial 2/0 and encapsulate the X.25 protocol on it.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte ietf [RouterA-Serial2/0] x25 x121-address 10 [RouterA-Serial2/0] x25 map ip 10.0.0.2 x121-address 15 broadcast [RouterA-Serial2/0] ip address 10.0.0.1 8 [RouterA-Serial2/0] quit
# Configure RIP.
[RouterA] rip [RouterA-rip-1] network 10.0.0.0 [RouterA-rip-1] network 20.0.0.0 [RouterA-rip-1] import-route direct [RouterA-rip-1] quit
# Create a dynamic route backup group.

[RouterA] standby routing-rule 1 ip 30.0.0.1 32
# Configure the routes used by the serial interface to adopt higher priorities over those used by the dialup interface.
[RouterA] interface bri 3/0 [RouterA-Bri3/0] rip metricin 2
# Enable dynamic route backup.

[RouterA-Bri3/0] standby routing-group 1
182
2.
Configure Router B
# Enable X.25 switching on Router B.

<RouterB> system-view [RouterB] x25 switching
# Configure Serial 2/0 and Serial 2/1 as X.25 interfaces.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce ietf [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol x25 dce ietf [RouterB-Serial2/1] quit
# Configure switching information for X.25.

[RouterB] x25 switch svc 10 interface serial 2/0 [RouterB] x25 switch svc 15 interface serial 2/1
3.
Configure Router C


[RouterC] interface bri 3/0 [RouterC-Bri3/0] ip address 20.0.0.2 8 [RouterC-Bri3/0] dialer enable-circular [RouterC-Bri3/0] dialer-group 1 [RouterC-Bri3/0] quit
[RouterC] interface serial 2/1 [RouterC-Serial2/1] link-protocol x25 dte ietf [RouterC-Serial2/1] x25 x121-address 15 [RouterC-Serial2/1] x25 map ip 10.0.0.1 x121-address 10 broadcast [RouterC-Serial2/1] ip address 10.0.0.2 8 [RouterC-Serial2/1] quit
# Configure interface Loopback 1.

[RouterC] interface loopback 1 [RouterC-Loopback1] ip address 30.0.0.1 32 [RouterC-Loopback1] quit
# Configure RIP.
[RouterC] rip [RouterC-rip-1] network 10.0.0.0 [RouterC-rip-1] network 20.0.0.0 [RouterC-rip-1] network 30.0.0.0 [RouterC-rip-1] import-route direct
183
Dynamic route backup configuration example II

As shown in Figure 57: Router A and Router B are directly connected through their serial interfaces. They are also connected to the same ISDN switched network through their ISDN BRI interfaces and can thus call each other. The telephone number of Router B is 8810052. The serial interfaces of the two routers are in network segment 10.0.0.0/8, and their BRI interfaces are in network segment 20.0.0.0/8. Use Router A as the master device of a dynamic route backup group to monitor network segment 40.0.0.0/8, which is connected to Router B.

Router A
S2/0 10.0.0.1/8 S2/0 10.0.0.2/8
Router B
Loop1 40.0.0.1/32
BRI3/0 20.0.0.1/8
BRI3/0 20.0.0.2/8
ISDN
1.
Configure Router A


[RouterA] interface bri 3/0 [RouterA-Bri3/0] ip address 20.0.0.1 8 [RouterA-Bri3/0] dialer enable-circular [RouterA-Bri3/0] dialer-group 1 [RouterA-Bri3/0] dialer route ip 40.0.0.1 8810052 [RouterA-Bri3/0] quit
# Configure interface Serial 2/0.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 10.0.0.1 8 [RouterA-Serial2/0] quit
# Configure OSPF.
[RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 [RouterA-ospf-1-area-0.0.0.0] network 20.0.0.0 0.255.255.255
184
[RouterA-ospf-1-area-0.0.0.0] import-route direct [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit

# Configure the routes used by the serial interface to adopt higher priorities than those used by the dialup interface.
[RouterA] interface bri3/0 [RouterA-Bri3/0] ospf cost 2000 [RouterA-Bri3/0] ospf network-type broadcast
# Enable the dynamic route backup function.

[RouterA-Bri3/0] standby routing-group 1
2.
Configure Router B


[RouterB] interface bri 3/0 [RouterB-Bri3/0] ip address 20.0.0.2 8 [RouterB-Bri3/0] dialer enable-circular [RouterB-Bri3/0] dialer-group 1 [RouterB-Bri3/0] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 10.0.0.2 8 [RouterB-Serial2/0] quit

[RouterB] interface loopback 1 [RouterB-Loopback1] ip address 40.0.0.1 32 [RouterB-Loopback1] quit
# Configure OSPF.
[RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 [RouterB-ospf-1-area-0.0.0.0] network 20.0.0.0 0.255.255.255 [RouterB-ospf-1-area-0.0.0.0] network 40.0.0.0 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] import-route direct
Dynamic route backup configuration example III

As shown in Figure 58: Router A and Router B are connected through an X.25 network.
185
Router A and Router B are connected to the same ISDN switched network through their ISDN BRI interfaces, each of which has two B channels bound in it. Router A and Router B can call each other through a RS-DCC. The telephone number of Router A is 8810010, and that of Router B is 8810052. Use Router A as the master device of a dynamic route backup group to monitor network segment 30.0.0.0/8, which is connected to Router B. Normally, the X.25 link functions as the primary link between Router A and Router B. When the route to network segment 30.0.0.0/8 becomes invalid (for example, when the X.25 network fails), Router A automatically establishes an ISDN BRI link to router B.

Router A BRI3/0
20.0.0.1/ 24 BRI3/0 20.0.0.2/24
Router B
Loop1 30.0.0.0/8 S2/0 10.0.0.2/8
ISDN BRI line

S2/0 10.0.0.1/8
X. 25
1.
Configure Router A
# Create a dialer access group rule and a local user database.

<RouterA> system-view [RouterA] dialer-rule 1 ip permit [RouterA] local-user userb [RouterA-luser-userb] password simple userb [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit

# Configure a RS-DCC on Dialer0.

[RouterA] interface dialer 0 [RouterA-Dialer0] link-protocol ppp [RouterA-Dialer0] ip address 20.0.0.1 24 [RouterA-Dialer0] dialer user userb [RouterA-Dialer0] dialer-group 1 [RouterA-Dialer0] dialer bundle 1 [RouterA-Dialer0] dialer number 8810052 [RouterA-Dialer0] ppp authentication-mode pap [RouterA-Dialer0] ppp pap local-user usera password simple usera [RouterA-Dialer0] standby routing-group 1 [RouterA-Dialer0] quit
# Bind BRI 3/0 to Dialer 0.

186
[RouterA] interface bri 3/0 [RouterA-Bri3/0] dialer bundle-member 1 [RouterA-Bri3/0] ppp authentication-mode pap [RouterA-Bri3/0] ppp pap local-user usera password simple usera [RouterA-Bri3/0] quit
[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte ietf [RouterA-Serial2/0] x25 x121-address 10 [RouterA-Serial2/0] x25 map ip 10.0.0.2 x121-address 20 broadcast [RouterA-Serial2/0] ip address 10.0.0.1 8 [RouterA-Serial2/0] quit
# Configure RIP.
[RouterA] rip [RouterA-rip-1] network 10.0.0.0 [RouterA-rip-1] network 20.0.0.0 [RouterA-rip-1] import-route direct [RouterA-rip-1] quit
[RouterA] interface bri 3/0 [RouterA-Bri3/0] rip metricin 2
2.
Configure Router B
# Create a dialer access group rule and configure a local user database.
# Configure a RS-DCC on Dialer 0.

[RouterB] interface dialer 0 [RouterB-Dialer0] link-protocol ppp [RouterB-Dialer0] ip address 20.0.0.2 24 [RouterB-Dialer0] dialer user usera [RouterB-Dialer0] dialer-group 1 [RouterB-Dialer0] dialer bundle 1 [RouterB-Dialer0] dialer number 8810010 [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] quit

[RouterB] interface bri 3/0 [RouterB-Bri3/0] dialer bundle-member 1 [RouterB-Bri3/0] ppp authentication-mode pap [RouterB-Bri3/0] ppp pap local-user userb password simple userb
187
[RouterB-Bri3/0] quit
[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dte ietf [RouterB-Serial2/0] x25 x121-address 20 [RouterB-Serial2/0] x25 map ip 10.0.0.1 x121-address 10 broadcast [RouterB-Serial2/0] ip address 10.0.0.2 8 [RouterB-Serial2/0] quit

[RouterB] interface loopback 1 [RouterB-Loopback1] ip address 30.0.0.1 32 [RouterB-Loopback1] quit
# Configure RIP.
[RouterB] rip [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 20.0.0.0 [RouterB-rip-1] network 30.0.0.0 [RouterB-rip-1] import-route direct
Dynamic route backup configuration example IV

As shown in Figure 59: Router A and Router B are connected through an FR network. They are also connected through an ISDN switched network and can thus call each other. The telephone number of Router A is 660330, and that of Router B is 660220. Use Router A as the master device of a dynamic route backup group to monitor three network segments 10.0.0.1/8, 1 1.0.0.1/8, and 12.0.0.1/8, which are all connected to Router B. Normally, the FR link functions as the primary link between Router A and Router B. When the routes to all the three network segments become invalid, Router A automatically establishes an ISDN BRI link to Router B.
188

Eth1/0 10.0.0.1/8
Router A S2/1:15
2.0.0.1/8
S2/1:15 Router B 2.0.0.2/8
Eth1/1 11.0.0.1/8 Eth1/2 12.0.0.1/8
ISDN PRI line

S2/0 1.0.0.1/8 DLCI:100 S2/0 1.0.0.2/8 DLCI:200
FR
This network diagram only illustrates a simple application where a dynamic route backup group is used to monitor multiple subnets. In actual use, the monitored network segments can be connected to multiple devices.
1.
Configure Router A

# Create a dynamic route backup group to monitor three network segments.

[RouterA] standby routing-rule 1 ip 10.0.0.0 255.0.0.0 [RouterA] standby routing-rule 1 ip 11.0.0.0 255.0.0.0 [RouterA] standby routing-rule 1 ip 12.0.0.0 255.0.0.0
# Bundle timeslots on the CE1 interface into a PRI group.

[RouterA] controller e1 2/1 [RouterA-E1 2/1] pri-set [RouterA-E1 2/1] quit
# Configure Serial 2/0 as an FR interface.

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 1.0.0.1 255.0.0.0 [RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] fr interface-type dte [RouterA-Serial2/0] fr inarp [RouterA-Serial2/0] fr map ip 1.0.0.2 100 [RouterA-Serial2/0] quit
# Configure C-DCC on the PRI interface.

[RouterA] interface serial 2/1:15 [RouterA-Serial2/1:15] ip address 2.0.0.1 255.0.0.0 [RouterA-Serial2/1:15] dialer enable-circular [RouterA-Serial2/1:15] dialer-group 1 [RouterA-Serial2/1:15] dialer route ip 10.0.0.0 mask 8 660220 [RouterA-Serial2/1:15] standby routing-group 1 [RouterA-Serial2/1:15] quit
189
# Configure RIP.
[RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] import-route direct
[RouterA] interface serial 2/1:15 [RouterA-Serial2/1:15] rip metricin 2
2.
Configure Router B
# Create a dialer access group rule for dialup.

[RouterB] system [RouterB] dialer-rule 1 ip permit
# Bundle timeslots on the CE1 interface into a PRI group.

[RouterB] controller e1 2/1 [RouterB-E1 2/1] pri-set [RouterB-E1 2/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.0.0.2 255.0.0.0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dte [RouterB-Serial2/0] fr inarp [RouterB-Serial2/0] fr map ip 1.0.0.1 200 [RouterB-Serial2/0] quit
# Configure C-DCC on PRI interface Serial 2/1:15.

[RouterB] interface serial 2/1:15 [RouterB-Serial2/1:15] ip address 2.0.0.2 255.0.0.0 [RouterB-Serial2/1:15] dialer enable-circular [RouterB-Serial2/1:15] dialer-group 1 [RouterB-Serial2/1:15] dialer route ip 2.0.0.1 mask 8 660330 [RouterB-Serial2/1:15] quit
# Configure the Ethernet interfaces with the network segments attached.

[RouterB] interface ethernet 1/0 [RouterB-Ethernet1/0] ip address 10.0.0.1 255.0.0.0 [RouterB-Ethernet1/0] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 11.0.0.1 255.0.0.0 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ip address 12.0.0.1 255.0.0.0 [RouterB-Ethernet1/2] quit
# Configure RIP.
[RouterB] rip [RouterB-rip-1] network 1.0.0.0
190
[RouterB-rip-1] network 2.0.0.0 [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 11.0.0.0 [RouterB-rip-1] network 12.0.0.0 [RouterB-rip-1] import-route direct
Troubleshooting
Symptom 1:
DCC dialup connection cannot be set up because the modem does not dial when the router forwards data.
Solution:
Check that: The modem and phone cable connections are correct, and the modem initialization process is correct. The dial interface, if it is synchronous/asynchronous, is set to work in asynchronous protocol mode. DCC is enabled on the dial interface. A dialer route or dialer number command is available for the packets.
Symptom 2:
The remote end cannot be pinged after the modem is connected.
Solution:
Check that: The same link layer encapsulation is used at the two ends, and correct PPP parameters are configured for authentication. You may use the debugging ppp all command to verify that. A correct IP address is assigned to the dial interface (physical or dialer). DCC is enabled on the dial interface. The correct dialer-group and dialer-rule commands are configured and associated to make sure that the packets can pass. Use the debugging dialer event and debugging dialer packet commands to locate the problem.
191
Modem management configuration

Modem is a network device widely used. It is important for a device to properly manage and control the use of modem in a network. However, many modem manufacturers and various modem models exist. Even though all of them support the AT command set and are compliant with the industry standard, each type of modem differs somewhat on the implementations and command details. The device provides the following functions for managing a modem:
1. 2. 3.
Intercommunicating with the equipment from other vendors. The asynchronous serial interfaces of the participating parties are working in flow mode interconnected via modems. Providing rich debugging information for modem maintenance and monitoring. Enabling the modem to get the caller number of the terminal.
Configuring modem management

To manage your modem: To do
Enter system view. Enter user interface view.
Use the command

system-view user-interface { first-num1 [ last-num1 ] | { aux | console | tty | vty } first-num2 [ last-num2 ] }
Remarks

Configure the call-in/call-out rights for the modem. Set the maximum interval allowed between picking up the handset and dialing when a user tries to establish a connection.
Required modem { both | call-in | call-out } Modem call-in and call-out are denied by default. Optional 60 seconds by default. Optional
modem timer answer time
Enable the modem to get the caller number of the terminal.
modem caller-number resolve [ ata-waiting-time time ]
By default, the modem does not get the caller number when accepting a call from the terminal. This feature applies to only the POS terminal connected to an AM interface. Optional Not recommended. Optional Optional Disabled by default.
Set modem answer mode. Return to system view. Configure modem through AT commands. Enable modem callback.
See Setting the modem answer mode. quit See Issuing an AT command to a modem. service modem-callback
192
Setting the modem answer mode

Set the modem answer mode according to the actual answer mode of the modem. If the modem is in auto-answer mode (a modem is in auto-answer mode if its AA LED lights), use the modem auto-answer command to prevent the device from issuing answer instructions. If the modem is in non-auto answer mode, use the undo modem auto-answer command to enable the device to issue answer instructions on the reaching of incoming calls.
Make sure that you set the same answer mode as on the modem. If a different answer mode is set, the modem might operate improperly. Do not perform the operation unless absolutely needed. To set modem answer mode: To do
Enter system view. Enter user interface view. Set the modem to work in auto-answer mode.
Use the command

system-view user-interface { first-num1 [ last-num1 ] | { aux | console | tty | vty } first-num2 [ last-num2 ] } modem auto-answer
Remarks
Optional Non-auto answer mode by default.
Issuing an AT command to a modem

To issue an AT command to a modem: To do
Enter system view. Enter interface view.
Use the command

Remarks
Required This command is applicable to asynchronous serial interfaces (including synchronous/asynchronous operating in the asynchronous mode), AUX interfaces, and AM interfaces.
Configure the modem by issuing an AT command to it.
sendat at-string
Modem management configuration example

As shown in Figure 60, a router is connected to a Cisco router. Establish a connection between the two routers through DCC dialup when data is to be transmitted between them. For more information about DCC dialup, see the chapter DCC configuration.
193

S2/0 1.1.1.1/16
PSTN
Modem Modem
S2/0 2.2.2.2/16
Router
Cisco Router
1.
Configure Router.
# Create dialer access group 1 and configure it to permit all IP packets.

# Configure interface Serial 2/0 to operate in asynchronous mode and then configure it to operate in protocol mode.
[Router] interface serial 2/0 [Router-Serial2/0] physical-mode async [Router-Serial2/0] async mode protocol
# Configure the link layer protocol of interface Serial 2/0 as PPP.

[Router-Serial2/0] link-protocol ppp

[Router-Serial2/0] ip address 1.1.1.1 255.255.0.0
# Enable C-DCC on interface Serial 2/0.

[Router-Serial2/0] dialer enable-circular
# Assign interface Serial 2/0 to dialer access group 1.

[Router-Serial2/0] dialer-group 1
# Set the link holddown timer to 5 seconds.

[Router-Serial2/0] dialer timer enable 5
# Configure the dial number for placing calls to a single remote end as 666666.
[Router-Serial2/0] dialer number 666666 [Router-Serial2/0] quit
# Enables both modem call-in and modem call-out on user-interface TTY 1.

[Router] user-interface tty 1 [Router-ui-tty1] modem both
For information about DCC commands, see Layer 2WAN Command Reference.
2.
Configure the Cisco router.
For more information, see Cisco documentation.
Troubleshooting
Symptom
Modem is in abnormal status (for example, the dial tone or busy tone keeps humming).
194
Solution
Use the shutdown command and undo shutdown command on the device physical interface connected to the modem to check whether the modem has been restored to normal status. If the modem is still in abnormal status, re-power the modem.
195
ATM configuration
Introduction to ATM technology
ATM is a technology based on packet transmission mode while incorporating the high speed of circuit transmission mode. ATM was adopted as the transmission and switching model for broadband ISDN by the ITU-T Standardization Sector in June 1992. Due to its flexibility and support for multi-media services, ATM is regarded as core broadband technology. As defined by the ITU-T, data is encapsulated in cells in ATM. Each ATM cell is 53 bytes in length, of which the first 5 bytes contain cell header information and the last 48 bytes contain payload. The major function of the cell header is to identify virtual connection. In addition, it can be used to carry limited flow control, congestion control and error control information.
ATM connections and ATM switching

ATM is connection-oriented and ATM connections are logical connections, or virtual circuits. In an ATM network, you can create logical connections called VPs and VCs on physical links. As shown in Figure 61, you can create multiple VPs on a physical link, and each VP can be demultiplexed into multiple VCs. Cells from different users are transmitted over different VPs and VCs, which are identified by VPI and VCI. Figure 61 Physical link, VP, and VC
VP
VP
VC
Physical link
VP VP
VC
ATM uses VPI/VCI pairs to identify a logical connection. When a connection is released, all the involved VPI/VCI pairs are reclaimed for new connections. As shown in Figure 62, an ATM switch forwards ATM cells by looking up the switching entries and changing the VPIs/VCIs. The ATM switching by changing VPIs only is VP switching, and the connection established through VP switching is VPC. The ATM switching by changing VCIs only or changing both VCIs and VPIs is VC switching, and the connection established through VC switching is VCC.
196
Figure 62 ATM switching

VCC VPC
ATM switch
ATM switch
ATM switch
VPI: 5 VCI: 40 ATM cell
ATM interfaces support only manually created PVCs and PVPs, not SVCs created through the exchange of signals.
ATM architecture
ATM has a three-dimensional architecture. It consists of three planes: user plane, control plane, and management plane. Both the user plane and the control plane are divided into four layers: physical layer, ATM layer, AAL, and upper layer, each of which are further divided into sub-layers. The control plane establishes and tears down connections with signaling protocols. The management plane consists of layer management and plane management. The former manages the layers in each plane and has a layered structure corresponding to other planes. The latter manages the system and the communications between different planes.
Figure 63 illustrates the relationships between layers and planes in ATM. Figure 63 ATM architecture
Management plane Control plane Upper layer protocol
Plane management
User plane
Layer management
Upper layer protocol
ATM adapter layer ATM layer Physical layer
These are the functions of the four ATM layers. The physical layer provides transmission channels for ATM cells. At this layer, cells received from the ATM layer are transferred into a continuous bit stream after transmission overheads are added to them.
197
Meanwhile, continuous bit streams received from physical media are restored to cells, which are then passed to the ATM layer. The ATM layer, which resides over the physical layer, implements cell-based communication with its peer layer by invoking the services provided by the physical layer. It is independent of physical media, implementation of the physical layer, and types of services being carried. Data passed to this layer takes the form of 48-byte payloads, which are SAR-PDUs; and data passed from this layer to the physical layer is 53-byte cells, with the 48-byte payload being encapsulated in a 5-byte header. Other functions of the ATM layer include VPI/VCI transmission, cell multiplexing/demultiplexing, and generic flow control. AAL provides interfaces between high-level protocols and the ATM Layer. It forwards information between the ATM layer and upper layer protocols. Four types of AAL are available: AAL1, AAL2, AAL3/4, and AAL5, each of which supports specific services provided in an ATM network. Most ATM equipment vendors adopt AAL5 for data communication services. ATM upper layer protocols are responsible for WAN interconnection, voice interconnection, Layer 3 interconnection, encapsulation, LAN emulation, multi-protocol over ATM, and traditional IP.
Overview of IPoA, IPoEoA, PPPoA and PPPoEoA

An ATM interface may implement IPoA, IPoEoA, PPPoA and PPPoEoA to carry data encapsulated in IP, PPP, or Ethernet across an ATM network.
IPoA
IPoA enables ATM to carry IP packets. In an IPoA implementation, ATM serves as the data link layer protocol for the IP hosts on the same network. To enable these hosts to communicate across an ATM network, IP packets must be encapsulated in ATM cells. By making full use of the advantages of ATM, IPoA delivers excellent network performance and ubiquitous mature QoS assurance.
IPoEoA
IPoEoA adopts a three-layer architecture, with IP encapsulation at the top layer, IPoE in the middle, and IPoEoA at the bottom. IPoEoA is suitable where Ethernet packets are to be forwarded through ATM interfaces. In IPoEoA applications, you can associate multiple PVCs with one Layer 3 VE interface and PVCs associated with the same VE interface are interconnected at Layer 2.
PPPoA
PPPoA enables ATM to carry PPP protocol packets. With PPPoA, PPP packets, in which IP packets or other protocols packets are encapsulated, are encapsulated in ATM cells. In this approach, ATM is simply the carrier of PPP packets and the communication process of PPPoA is managed by PPP. This allows for flexibility and rich applications. To transmit PPP packets across ATM, a VT interface is required.
PPPoEoA
PPPoEoA enables ATM to carry PPPoE protocol packets. With PPPoEoA, Ethernet packets are encapsulated in ATM cells, through which you can use a PVC to implement the functionality of Ethernet. To carry Ethernet
198
frames over ATM, the VE interface was introduced. The VE interface has Ethernet characteristics and can be dynamically created. The following is the protocol stack adopted by the VE interface: ATM PVC (the bottom layer) Ethernet (the link layer) Network layer and other upper layers (the same as those for common Ethernet interfaces)
ATM service types

ATM supports four service types: CBR, UBR, rt_VBR and nrt_VBR. They are used for the QoS purpose.
CBR
CBR provides ensured, constant bandwidth. The bandwidth assigned to the CBR service is decided by the PCR. With CBR service, a source station can send ATM cells at PCR constantly with assured QoS. Usually, CBR is suitable for jitter-sensitive real-time applications such as audio and video.
rt_VBR
The rt_VBR service is provided for applications that have strict restrictions on delay and jitter, such as audio and video. An rt_VBR connection is described by the PCR, SCR and MBS. A station using the rt_VBR service is allowed to send burst traffic at PCR with the maximum traffic size being MBS without packet loss and the average cell rate being SCR.
nrt_VBR
The nrt_VBR service supports non-real-time applications with burst traffic. An nrt_VBR connection is described by PCR, SCR and MBS. The nrt_VBR service is suitable for applications that are sensitive to cell loss but not to delay.
UBR
The UBR service does not make any service quality commitment, guaranteeing neither CLR nor cell delay. When traffic congestion occurs, cells of the UBR service are always dropped first. The UBR service is suitable for applications that have low requirements for delay and bandwidth.
Introduction to InARP
On an ATM PVC connection, use the InARP to get the IP address of the remote end connected to the PVC. Thus, you do not need to manually configure the IP address of the remote end. Figure 64 shows how InARP works.
199
Figure 64 Inverse address resolution procedure of InARP

InARP Request _
Source IP Address= 10.20.30.1 Destination IP Address= 0.0.0.0
InARP Reply _
Source IP Address = 10.20.30.2 Destination IP Address = 10.20.30.1
Source A IP Address=10.20.30.1
Source B IP Address=10.20.30.2
ATM OAM
OAM stands for Operation And Maintenance in the ITU-T I.610 recommendation (02/99) and Operation Administration and Maintenance in LUCENT APC User Manual (03/99). Whichever expansion is adopted, OAM provides a way of detecting faults, isolating faults, and monitoring network performance without interrupting ongoing services. By inserting OAM cells, which are constructed in the standard ATM cell format, in cell streams, you can get specific information about the network.
OAM F5 loopback
The OAM F5 loopback function of ATM works in the following workflow on a PVC: Each side of the PVC sends OAM cells to its peer periodically. On receiving an OAM cell from the sender, the receiver returns the OAM cell to the sender. If the sender receives the cell within the specified period, it considers the PVC as normal. If the sender fails to receive a certain number of consecutive OAM cells sent by it, the PVC is considered as faulty. Two approaches are available for implementing the OAM F5 Loopback function: manual (OAMPing) and auto (OAM Frequency). In the OAMPing approach, you must send OAM cells manually; this approach is usually used for diagnosis. In the OAM Frequency approach, you must configure an ATM interface to send OAM cells regularly at a certain interval; this approach is usually used for automatic link status checking.
OAM continuity check

When enabled, the OAM CC function periodically sends OAM cells to check whether a connection is idle or has failed. OAM CC works on a PVC like this: One side of the PVC sends OAM cells to its peer, which checks the connection status based on these OAM cells.
ATM configuration task list

Complete these tasks to configure ATM:
200
Task
Configuring an ATM interface Configuring an ATM subinterface Configuring an ATM subinterface Configuring PVCs and the maximum number of PVCs allowed on an interface
Remarks
Required
Checking PVC status to determine the protocol state of an ATM P2P subinterface
Optional
Configuring PVC parameters Setting the CLP bit for ATM cells Assigning a transmission priority to an ATM PVC Configuring PVC service mapping Configuring the maximum number of PVCs allowed on an ATM interface
Required Optional Optional Optional Optional Optional
Configuring an ATM class Configuring VP policing Configuring a Layer 3 VE interface Configuring applications carried by ATM Configuring IPoA Configuring IPoEoA Configuring PPPoA Configuring PPPoEoA
Required Use one of the approaches.
Configuring an ATM interface

Depending on the actual networking environment and system requirements, you may be required to modify certain parameters of an ATM interface. Except the mtu command, which can be configured on a subinterface, the ATM settings in this section must be modified in ATM main interface view, although they apply to both the main ATM interface and its subinterfaces. For more information about ATM interface configuration, see Interface Configuration Guide.
Configuring an ATM subinterface

CAUTION: The parameters p2mp and p2p are available with the interface atm interface-number.subnumber command only when you are creating an ATM subinterface. If you are entering an existing ATM subinterface, the two parameters are not available. To configure an ATM subinterface: To do
Use the command

system-view
Remarks
201
To do
2. Create an ATM subinterface and enter its view.
Use the command

interface atm interface-number.subnumber [ p2mp | p2p ]
Remarks
Required. By default, the connection type of a subinterface is point-to-multipoint (p2mp). Optional. 1500 bytes by default. Optional.
3. Set the MTU for the ATM subinterface. 4. Shut down the ATM subinterface.
mtu mtu-number
shutdown
By default, an ATM subinterface is up.
Checking PVC status to determine the protocol state of an ATM P2P subinterface
By default, the protocol state of an ATM P2P subinterface is consistent with the status of a physical interface. However, configure the system to check the status of the PVC on the subinterface in addition to the status of the physical interface when determining the protocol state of an ATM P2P subinterface. If both the PVC and the physical interface are up, the protocol state of the ATM P2P subinterface is up. If either of them is down, the protocol state of the ATM P2P subinterface is down. To configure the system to check PVC status in addition to physical interface status when determining the protocol state of an ATM P2P subinterface: To do
1. Enter system view. 2. Create an ATM P2P subinterface and enter its view.
Use the command

system-view interface atm interface-number.subnumber p2p
Remarks
Required. By default, the subinterface is configured as point-to-multipoint (p2mp). Required.
3. Check PVC status in addition to physical interface status when determining the protocol state of the ATM P2P subinterface.
atm-link check
By default, the protocol state of an ATM P2P subinterface is consistent with the status of the physical interface.
Configuring PVCs and the maximum number of PVCs allowed on an interface

Configuring PVC parameters
To configure PVC parameters: To do...
Use the command

system-view 202
Remarks
To do...
2. Enter ATM interface view or ATM subinterface view. 3. Create a PVC and enter PVC view. 4. Set the AAL5 encapsulation protocol type for the PVC.
Use the command

interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci }
Remarks
Required. By default, no PVC is created. Optional.
encapsulation aal5-encap
By default, aal5snap encapsulation is adopted. Optional.
5. Start transmission and retransmission detection of OAM F5 Loopback cells.
oam frequency frequency [ up up-count down down-count retry-frequency retry-frequency ]
By default, OAM F5 Loopback cell transmission is disabled. However, if an OAM F5 Loopback cell is received, a response is sent. By default, up-count is 3, down-count is 5 and retry-frequency is 1 second. Optional. This command enables AIS/RDI alarm cell detection, and specifies that:
The PVC goes down when the

number of successive AIS/RDI alarm cells received reaches down-count.
6. Set the parameters for AIS/RDI alarm cell detection.
oam ais-rdi up up-seconds down down-count
The PVC goes up if no AIS/RDI

alarm cells are received in a period specified by up-seconds (in seconds). By default, a PVC goes down when one AIS/RDI alarm cell is received and goes up if no AIS/RDI alarm cells are received in the last three seconds.
Set the PVCs service type to CBR. 7. Set the PVC service type and the rate-related parameters. Set the PVCs service type to UBR, and set the rate-related parameters. Set the PVCs service type to VBR-NRT, and set the rate-related parameters.
service cbr output-pcr [ cdvt cdvt-value ]
Optional By default, the service type of a PVC is UBR.
service ubr output-pcr
The CDVT is 500s by default. Use these four commands to set the service type and the parameters concerning transmission rate. Note that a newly configured service type overwrites the existing one.
service vbr-nrt output-pcr output-scr output-mbs
203
To do...
Set the PVCs service type to variable bit rate-real time (VBR-RT), and set the rate-related parameters. 8. Set the maximum number of BDs allowed.
Use the command
Remarks
service vbr-rt output-pcr output-scr output-mbs
Optional. tx-bd-limit value The value range for the value parameter varies with interface cards.
Setting the CLP bit for ATM cells

By setting the CLP bit in ATM cells, you can redefine the drop probability of ATM cells when the network becomes congested. To set the CLP bit for ATM cells: To do
1. Enter system view. 2. Create a class and enter class view. 3. Configure the match criteria. 4. Quit to system view. 5. Create a traffic behavior and enter traffic behavior view.
Use the command

system-view traffic classifier tcl-name [ operator { and | or } ] if-match [ not ] match-criteria quit traffic behavior behavior-name
Remarks
Optional. By default, the CLP bit is not marked for ATM cells.
6. Mark the CLP bit for ATM cells.
remark atm-clp atm-clp-value
The CLP bit of ATM cells is 0 or 1. When congestion occurs, ATM cells with CLP bit 1 are dropped preferentially. Required. By default, no PVC is created.
7. Quit to system view. 8. Create a policy and enter policy view. 9. Associate the class with the traffic behavior in the policy. 10. Quit to system view. 11. Enter ATM interface or subinterface view. 12. Create a PVC and enter PVC view.
quit qos policy policy-name classifier tcl-name behavior behavior-name quit interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci }
204
To do
13. Apply the QoS policy on the PVC.
Use the command

qos apply policy policy-name { inbound | outbound }
Remarks
Required.
For more information about classes, traffic behaviors, and policies, see ACL and QoS Configuration Guide.
Assigning a transmission priority to an ATM PVC

Assign transmission priorities to ATM PVCs associated with the UBR, rt_VBR, or nrt_VBR service. At the time of bandwidth allocation, the PVC with higher priority has priority over other PVCs. To assign a transmission priority to an ATM PVC: To do
1. Enter system view. 2. Enter ATM subinterface view. 3. Create a PVC and enter PVC view.
Use the command

system-view interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci }
Remarks
Optional.
4. Assign a transmission priority to the ATM PVC.
transmit-priority value
By default, the priority value is 0 for the UBR service, 5 for the VBR-NRT service and 8 for the VBR-RT.
Configuring PVC service mapping

PVC service mapping allows different PVCs from the same PVC-Group to carry IP packets of different priorities. To configure PVC service mapping: To do...
1. Enter system view. 2. Enter ATM subinterface view. 3. Create PVC, and enter its view. 4. Quit to ATM interface view. 5. Create a PVC group and enter PVC group view.
Use the command...

system-view interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci } quit pvc-group { pvc-name [ vpi/vci ] | vpi/vci } pvc { pvc-name [ vpi/vci ] | vpi/vci } ip-precedence { pvc-name [ vpi/vci ] | vpi/vci } { min [ max ] | default } 205
Remarks
Required. Make sure that the PVC specified by the pvc-name or vpi/vci parameter already exists. Optional.
6. Add a PVC to the PVC-Group. 7. Set the precedence of IP packets carried on a PVC.
Optional.
A primary PVC refers to the one based on which a PVC-group is created on an ATM interface. A secondary PVC refers to a PVC created in a PVC-group.
Configuring the maximum number of PVCs allowed on an ATM interface

To configure the maximum number of PVCs allowed on an ATM interface: To do
1. Enter system view. 2. Enter ATM interface view. 3. Configure the maximum number of PVCs allowed on the ATM interface.
Use the command

system-view interface atm interface-number
Remarks
Optional.
pvc max-number max-number
The maximum number of PVCs allowed on an ATM interface depends on the interface type.
This command applies to both a main ATM interface and its subinterfaces. However, you can configure this command only in main ATM interface view.
Configuring an ATM class

An ATM class facilitates ATM configuration. Configurations of PVC MAP, encapsulation type, OAM loopback, and service category can be implemented via an ATM-Class. First create an ATM class and set the parameters needed, and then call the ATM class in PVC view or ATM interface view. To configure an ATM class: To do
1. Enter system view. 2. Create an ATM class and enter ATM class view. 3. Specify ATM AAL5 encapsulation type for the PVC.
Use the command

system-view atm class atm-class-name
Remarks
Required. Optional.
encapsulation aal5-encap
By default, aal5snap encapsulation is adopted. Optional.
4. Start transmission of OAM F5 Loopback cells or retransmission check of OAM F5 Loopback.
oam frequency frequency [ up up-count down down-count retry-frequency retry-frequency ]
By default, OAM F5 Loopback cell transmission is disabled. However, if an OAM F5 Loopback cell is received, it should be responded. By default, up-count is 3, down-count is 5 and retry-frequency is 1 second. Optional. By default, the service type of a
5. Set the PVCs service type
Set the PVCs service type to CBR.
service cbr output-pcr
206
To do
and rate-related parameters . Set the PVCs service type to UBR, and set the rate-related parameters. Set the PVCs service type to VBR-NRT, and set the rate-related parameters. Set the PVCs service type to VBR-RT, and set the rate-related parameters.
Use the command
Remarks
PVC is UBR. Use these four commands to set the service type and the parameters concerning transmission rate. Note that a newly configured service type overwrites the existing one.
service ubr output-pcr
service vbr-nrt output-pcr output-scr output-mbs
service vbr-rt output-pcr output-scr output-mbs
Optional. By default, mapping is not configured. When a mapping is configured, pseudo-broadcast is not supported by default. map ip inarp [ minutes ] [ broadcast ] Before configuring InARP, make sure the aal5snap encapsulation is used. Though InARP is also supported when using aal5mux or aal5nlpid encapsulation, the system prompts a message indicating a failure when this ATM is configured and used on PVC. Optional.
6. Configure the service type (use different commands according to service types).
Configure IPoA and enable InARP for the PVC.
Establish PPPoA mapping for the PVC. Establish IPoEoA or PPPoEoA mapping for the PVC.
map ppp virtual-template vt-number
map bridge virtual-ethernet interface-number
Optional.
7. Quit to system view. 8. Enter ATM interface view or PVC view. Enter ATM interface view. Enter PVC view.
quit interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci } atm-class atm-class-name
Required.
Required.
9. Enable the ATM class on the interface or PVC.
Required.
When configuring a PVC, note the following:
207
The priorities of the same configurations performed to a PVC descend in this order: the configuration directly performed to the PVC, the configuration performed to the ATM class applied to the PVC, and the configuration performed to the ATM class applied to the ATM interface. For different configurations that conflict with each other, their priorities descend in this order: the configuration directly performed to the PVC, the configuration performed to the ATM class applied to the PVC, and the configuration performed to the ATM class applied to the ATM interface. All the configurations that are directly performed to the PVC, performed to the ATM class applied to the PVC, and performed to the ATM class applied to the ATM interface take effect if they do not conflict. For different configurations performed to a PVC, the ATM class applied to the PVC, and the ATM class applied to the ATM interface, if the configurations conflict with each other, those applied first take effect, and the conflict prompt appears when the rest are performed. When an ATM class is applied to a PVC, no message is prompted no matter whether or not the ATM class is successfully applied. Error messages appear when configurations performed to a PVC are invalid.
Configuring VP policing
VP policing is used to set the sustainable rate of a VPI. When applying VP policing, the parameters of PVC are still valid. The packets are transmitted or received only when the parameters of PVC and VP policing are satisfied. In calculating the traffic, the LLC/SNAP, MUX and NLPID headers are included, but the ATM cell header is not included. To set the parameters of VP policing: To do
1. Enter system view. 2. Enter ATM interface view. 3. Set the parameters of VP policing.
Use the command

system-view interface atm interface-number pvp limit vpi output-scr
Remarks
Required
Configuring applications carried by ATM

Although ATM can carry multiple protocols, a specific encapsulation type may not support ATM applications (such as IPoA, IPoEoA, PPPoA, and PPPoEoA), as listed in Table 3. Table 3 Support for ATM applications ATM application
IPoA IPoEoA PPPoA PPPoEoA
aal5snap
Supported Supported Supported Supported
aal5mux
Supported Supported Supported Supported
aal5nlpid
Supported Not supported Not supported Not supported
High MBS settings may result in the failure of the service vbr-rt and vbr-nrt commands because of hardware limitations. To avoid the situation, set MBS to a smaller value.
208
With aal5snap adopted, two or more protocols are supported. But for aal5nlpid, you cannot enable InARP on a PVC for an IPoA application.
Configuring a Layer 3 VE interface

To configure a PVC to carry PPPoEoA, IPoEoA, and EoA, you must first specify a VE interface for the channel. If not, the PVC cannot be created. To configure a Layer 3 VE interface: To do
Use the command

system-view
Remarks
Required.
2. Create a Layer 3 VE interface and enter the Layer 3 VE interface view.
interface virtual-ethernet interface-number
If a specified Layer 3 VE interface does not exist, use this command to first create one and then enter its view. You can create up to 1024 Layer 3 VE interfaces. Optional.
description text
By default, the description for a VE interface is interface name Interface, for example, Virtual-Ethernet0 Interface.
4. Configure the MAC address for the interface. 5. Set the intended bandwidth for the interface. 6. Restore the default settings for the interface. 7. Shut down the interface.
mac-address mac-address
Optional.
bandwidth bandwidth-value
Optional.
default
Optional. Optional. Up by default.
shutdown
Configuring IPoA
To configure IPoA: To do
1. Enter system view. 2. Enter ATM interface view. 3. Create a PVC, and enter PVC view.
Use the command

system-view interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci }
Remarks

209
To do
Use the command
Remarks
Required. By default, no mapping is configured. If a mapping is configured, pseudo-broadcast is not supported by default. Before configuring InARP, make sure that aal5snap encapsulation is used. InARP is not supported when aal5mux or aal5nlpid encapsulations is adopted.
4. Configure an IPoA mapping for the PVC, and enable the PVC to carry IP packets.
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]
If you execute the map ip command with the broadcast parameter, which specifies pseudo broadcast, any broadcast packets received by the port on which the PVC is created are duplicated to the PVC. Therefore, to propagate broadcast/multicast packets on an ATM PVC with a broadcast or multicast protocol enabled, you must specify the broadcast parameter. On PVCs created on P2P ATM subinterfaces, you must configure the map ip default broadcast command. Configure PVC mapping in PVC view. For more information, see MPLS Configuration Guide.
Configuring IPoEoA
To configure IPoEoA on a PVC: To do
Use the command

system-view
Remarks
Required.
2. Create a VE interface.
interface virtual-ethernet interface-number
The IP address has to be configured on a VE interface (It is invalid to configure the IP address on the ATM interface). Optional. Required. Required.
3. Quit to system view. 4. Enter ATM interface view. 5. Enable packet padding on the ATM interface. 6. Create PVC and enter its view. 7. Configure IPoEoA mapping on the PVC.
quit interface atm { interface-number | interface-number.subnumber } eoapad enable pvc { pvc-name [ vpi/vci ] | vpi/vci } map bridge virtual-ethernet interface-number
When multiple Layer 3 VE interfaces are connected through PVCs to a DHCP server that assigns IP addresses to the interfaces through static address binding, you must configure different MAC addresses for the interfaces by using the mac-address command. In an IPoEoA application, CBQ should be configured on PVCs. Configure PVC mapping in PVC view. For information about the configuration, see MPLS Configuration Guide.
210
Configuring PPPoA
When two routers are connected using DSL interfaces through a dial-up connection, configure them as PPPoA server and client, respectively. The two are different in that, with the PPPoA server, you should configure an address pool to allocate an IP address for the remote node; with the PPPoA client, you should configure address negotiation to accept the IP address allocated by the server end. For more information, see the chapter PPP and MP configuration. The following configurations enable the PVC to carry PPP and configure a PPP mapping for the PVC. To configure PPPoA: To do
Use the command

system-view
Remarks
Required.
2. Create a VT interface.
interface virtual-template vt-number
You must configure PPP authentication and IP address on the VT interface (the IP address is invalid if configured on the ATM interface).
3. Set the PPP authentication mode and IP address; with the PPPoE server, an address pool should be configured to allocate an IP address for the remote end; with the PPPoE client, address negotiation should be configured to accept the IP address allocated by the server end. 4. Quit to system view. 5. Enter ATM interface view. 6. Create PVC, and enter PVC view. 7. Configure PPPoA mapping for the PVC.
Required.
quit interface atm { interface-number | interface-number.subnumber } pvc { pvc-name [ vpi/vci ] | vpi/vci } map ppp virtual-template vt-number
Required. Required.
When you configure a static route for a virtual-template interface, specify the next hop rather than the outgoing interface. If you want to specify the outgoing interface, make sure the physical interface bound to the virtual-template is valid to ensure correct transmission.
Configuring PPPoEoA
PPPoE adopts the Client/Server model. It encapsulates PPP packets into Ethernet frames and provides point-to-point connection on Ethernet. The following configurations enable the PVC to carry PPPoE and configure a PPPoE mapping for the PVC. To configure PPPoEoA:
211
To do...
Use the command...

system-view
Remarks
Required.
2. Create a VT interface.
interface virtual-template vt-number
You must configure PPP authentication and an IP address on the VT interface (the IP address is invalid if configured on the ATM interface).
3. Set the PPP authentication mode and IP address; with the PPPoE server, an address pool should be configured to allocate IP address for the peer end; with the PPPoE client, address negotiation should be configured to accept the IP address allocated by the server end. 4. Quit to system view. 5. Create a VE interface. 6. Configure PPPoE parameters on VE interface (the configuration differs when with a PPPoE server and when with a PPPoE client). 7. Quit to system view. 8. Enter ATM interface view. 9. Enable packet padding on the ATM interface. 10. Create PVC, and enter PVC view. 11. Create PPPoEoA mapping for PVC.
Required.
quit interface virtual-ethernet interface-number
Required.
See the chapter PPPoE configuration.
Required.
quit interface atm { interface-number | interface-number.subnumber } eoapad enable pvc { pvc-name [ vpi/vci ] | vpi/vci } map bridge virtual-ethernet interface-number
Optional. Required. Required. The interface-number parameter refers to the VE interface created in the steps.
When you configure a static route for a virtual-template interface, specify the next hop rather than the outgoing interface. If you want to specify the outgoing interface, make sure the physical interface bound to the virtual-template is valid to ensure correct transmission. When multiple Layer 3 VE interfaces are connected through PVCs to a DHCP server that assigns IP addresses to the interfaces through static address binding, you must configure different MAC addresses for the interfaces with the mac-address command.
212
Displaying and maintaining ATM

To do
Display the configuration and status information of an ATM interface.
Use the command

display atm interface [ atm interface-number ] [ | { begin | exclude | include } regular-expression ] display atm pvc-info [ interface interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] display atm map-info [ interface interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] display atm pvc-group [ interface interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] display atm class [ atm-class-name ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display information about PVCs.
Display information about PVC mappings.
Display PVC-group information.
Display information about an ATM class. Send OAM cells on the specified PVC on the interface to test connectivity of the link depending on whether response is returned before the specified timeout time. Display the information about Layer 3 VE interfaces. Clear the statistics of Layer 3 VE interfaces.
oamping interface atm interface-number pvc { pvc-name | vpi /vci } [ number timeout ]
Available in ATM interface view
display interface [ virtual-ethernet ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] reset counters interface [ virtual-ethernet interface-number ]
ATM configuration examples

IPoA configuration example
As shown in Figure 65, Router A, B and C are connected to the ATM network for intercommunication. In the ATM network, the VPI/VCI of Router A is 0/40 and 0/41, connecting to Router B and Router C, respectively. The VPI/VCI of Router B is 0/50 and 0/51, connecting to Router A and C, respectively. The VPI/VCI of Router C is 0/60 and 0/61, connected with Router A and B, respectively; All the PVCs on ATM interfaces of the three routers work in IPoA application mode.
213

Router B
Router A
ATM1/0 202.38.160.2/24 VPI/VCI: To Router A:0/50 To Router C:0/51
ATM network
ATM1/0 202.38.160.1/24 VPI/VCI: To Router B:0/40 To Router C:0/41
Router C
ATM1/0 202.38.160.3/24 VPI/VCI: To Router A:0/60 To Router B:0/61
1.
Configure Router A
# Enter the view of the ATM 1/0 interface and configure an IP address for it.
<RouterA> system-view [RouterA] interface atm 1/0 [RouterA-Atm1/0] ip address 202.38.160.1 255.255.255.0
# Establish a PVC and enable it to carry IP.

[RouterA-Atm1/0] pvc to_b 0/40 [RouterA-atm-pvc-Atm1/0-0/40-to_b] map ip 202.38.160.2 [RouterA-atm-pvc-Atm1/0-0/40-to_b] quit [RouterA-Atm1/0] pvc to_c 0/41 [RouterA-atm-pvc-Atm1/0-0/41-to_c] map ip 202.38.160.3
2.
Configure Router B
<RouterB> system-view [RouterB] interface atm 1/0 [RouterB-Atm1/0] ip address 202.38.160.2 255.255.255.0

[RouterB-Atm1/0] pvc to_a 0/50 [RouterB-atm-pvc-Atm1/0-0/50-to_a] map ip 202.38.160.1 [RouterB-atm-pvc-Atm1/0-0/50-to_a] quit [RouterB-Atm1/0] pvc to_c 0/51 [RouterB-atm-pvc-Atm1/0-0/51-to_c] map ip 202.38.160.3
3.
Configure Router C
<RouterC> system-view [RouterC] interface atm 1/0 [RouterC-Atm1/0] ip address 202.38.160.3 255.255.255.0

214
[RouterC-Atm1/0] pvc to_a 0/60 [RouterC-atm-pvc-Atm1/0-0/60-to_a] map ip 202.38.160.1 [RouterC-atm-pvc-Atm1/0-0/60-to_a] quit [RouterC-Atm1/0] pvc to_b 0/61 [RouterC-atm-pvc-Atm1/0-0/61-to_b] map ip 202.38.160.2
IPoEoA configuration example

As shown in Figure 66, the hosts in the two Ethernets are connected to the ATM network through an ADSL Router, and they communicate with Router C via DSLAM. The VPI/VCI value of two PVCs connecting Router C and DSLAM are 0/60 and 0/61, pointing to Router A and Router B, respectively. Both the WAN port of Router C and the DSL interfaces of the ADSL Routers adopt IPoEoA. Figure 66 Network diagram
ADSL Router A Host A
Ethernet
Router A Host B DSLAM
VE1 202.38.160.1/24
Router B Host C
Ethernet
ATM1/0.1 VPI/VCI: To Router A:0/60 To Router B:0/61
Router C
ADSL Router B Host D
Configure Router C: # Create a VE interface and configure an IP address for it.
<RouterC> system-view [RouterC] interface virtual-ethernet 1 [RouterC-Virtual-Ethernet1] ip address 202.38.160.1 255.255.255.0 [RouterC-Virtual-Ethernet1] quit
# Create a PVC and enable IPoEoA on it.

[RouterC] interface atm 1/0.1 [RouterC-Atm1/0.1] pvc to_adsl_a 0/60 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] map bridge virtual-ethernet 1 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] quit [RouterC-Atm1/0.1] pvc to_adsl_b 0/61 [RouterC-atm-pvc-Atm1/0.1-0/61-to_adsl_b] map bridge virtual-ethernet 1
215
PPPoA configuration example

As shown in Figure 67, two hosts dial into the ATM network through an ADSL Router, and communicate with Router C through DSLAM. Create VT for multi-user on Router C, and configure PPP mapping on VT. The VPI/VCI value of two PVCs connecting Router C and DSLAM are 0/60 and 0/61, pointing to ADSL Router A and ADSL Router B, respectively. Both the WAN port of Router C and the DSL interfaces of the two ADSL routers adopt PPPoA. The authentication mode of ADSL Router is PAP. The IP addresses of the two ADSL Routers are assigned by Router C. Figure 67 Network diagram
ADSL Router A
Host A
Router A
Router C Router B DSLAM

VT10 202.38.160.1/24 VT11 202.38.161.1/24
Host B
ADSL Router B
CAUTION: If the client cancels the IP address it has received through address negotiation, or the client is configured with a fixed IP address, the communication between the server and the client will fail. You must shut down the ATM interface first by using the shutdown command, and delete the IP address pool on the server.
1.
Configure Router C (PPPoA Server)
# Create users for PPP authentication, and establish a local IP address pool.
<RouterC> system-view [RouterC] local-user user1 [RouterC-luser-user1] service-type ppp [RouterC-luser-user1] password simple pwd1 [RouterC-luser-user1] quit [RouterC] local-user user2 [RouterC-luser-user2] service-type ppp [RouterC-luser-user2] password simple pwd2 [RouterC-luser-user2] quit [RouterC] domain system [RouterC-isp-system] authentication ppp local [RouterC-isp-system] ip pool 1 202.38.162.1 202.38.162.100
216
[RouterC-isp-system] quit
# Create a VT interface, configure PAP authentication and an IP address, and allocate an IP address for the remote end from the IP address pool.
[RouterC] interface virtual-template 10 [RouterC-Virtual-Template10] ip address 202.38.160.1 255.255.255.0 [RouterC-Virtual-Template10] ppp authentication-mode pap [RouterC-Virtual-Template10] remote address pool 1 [RouterC-Virtual-Template10] quit [RouterC] interface virtual-template 11 [RouterC-Virtual-Template11] ip address 202.38.161.1 255.255.255.0 [RouterC-Virtual-Template11] ppp authentication-mode pap [RouterC-Virtual-Template11] remote address pool 1 [RouterC-Virtual-Template11] quit
# Create a PVC, and specify it to carry PPP.

[RouterC] interface atm 1/0.1 [RouterC-Atm1/0.1] pvc to_adsl_a 0/60 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] map ppp virtual-template 10 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] quit [RouterC-Atm1/0.1] pvc to_adsl_b 0/61 [RouterC-atm-pvc-Atm1/0.1-0/61-to_adsl_b] map ppp virtual-template 11
2.
Configure ADSL Router A (PPPoA Client)
# Create a VT interface, and configure PAP authentication and IP address negotiation.

<RouterA> system-view [RouterA] interface virtual-template 0 [RouterA-Virtual-Template0] ppp pap local-user user1 password simple pwd1 [RouterA-Virtual-Template0] ip address ppp-negotiate [RouterA-Virtual-Template0] quit
# Create a PVC, and specify it to run PPP.

[RouterA] interface atm 1/0 [RouterA-Atm1/0] pvc pppoa 0/37 [RouterA-atm-pvc-Atm1/0-0/37-pppoa] map ppp virtual-template 0
The configuration of ADSL Router B is similar to that of Router A.
PPPoEoA server configuration example

As shown in Figure 68, the hosts dial into ATM network through an ADSL router, and communicate with the router through DSLAM. The VPI/VCI values of two PVCs connecting Router C with DSLAM are 0/60 and 0/61, pointing to ADSL Router A and ADSL Router B, respectively. Both the WAN port of Router C and the DSL interface of ADSL Router adopt PPPoEoA. Each host within the two Ethernets uses pre-installed PPPoE Client program to make interactive PAP authentication with routers, and gets an IP address from the router.
217

ADSL Router Host A
Ethernet
Router A Host B
Router C DSLAM Router B Host C

Ethernet
VT10 202.38.160.1/24 VT11 202.38.161.1/24
ADSL Router Host D
Configure Router C: # Configure the users in the domain to use the PPP authentication scheme, and create a local IP address pool.
<RouterC> system-view [RouterC] local-user user1 [RouterC-luser-user1] service-type ppp [RouterC-luser-user1] password simple pwd1 [RouterC-luser-user1] quit [RouterC] local-user user2 [RouterC-luser-user2] service-type ppp [RouterC-luser-user2] password simple pwd2 [RouterC-luser-user2] quit [RouterC]domain system [RouterC-isp-system] authentication ppp local [RouterC-isp-system] ip pool 1 202.38.162.1 202.38.162.100 [RouterC-isp-system] quit
# Create the VT interface to encapsulate the PPP protocol and configure PAP authentication parameters.
[RouterC] interface virtual-template 10 [RouterC-Virtual-Template10] ip address 202.38.160.1 255.255.255.0 [RouterC-Virtual-Template10] ppp authentication-mode pap [RouterC-Virtual-Template10] quit [RouterC] interface virtual-template 11 [RouterC-Virtual-Template11] ip address 202.38.161.1 255.255.255.0 [RouterC-Virtual-Template11] ppp authentication-mode pap [RouterC-Virtual-Template11] quit
# Create the VE interface to encapsulate the PPP protocol.

[RouterC] interface virtual-ethernet 1 [RouterC-Virtual-Ethernet1] pppoe-server bind virtual-template 10 [RouterC-Virtual-Ethernet1] quit [RouterC] interface virtual-ethernet 2 [RouterC-Virtual-Ethernet2] pppoe-server bind virtual-template 11
218
[RouterC-Virtual-Ethernet2] quit
# Establish a PVC and specify it to carry PPPoE.

[RouterC] interface atm 1/0.1 [RouterC-Atm1/0.1] pvc to_adsl_a 0/60 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] map bridge virtual-ethernet 1 [RouterC-atm-pvc-Atm1/0.1-0/60-to_adsl_a] quit [RouterC-Atm1/0.1] pvc to_adsl_b 0/61 [RouterC-atm-pvc-Atm1/0.1-0/61-to_adsl_b] map bridge virtual-ethernet 2
For more information about configuring a RADIUS scheme, see Security Configuration Guide.
PPPoEoA client configuration example

As shown in Figure 69, the Ethernet interface IP address of Router A serves as the gateway of all PCs in LAN. Router A is directly connected to the ADSL accessing end of public network via the ADSL card to serve as the client of PPPoEoA (ATM1/0 is the port number of the ADSL card). The Server, PPPoEoA authentication server of public network, is used to authenticate user information via CHAP. Figure 69 Network diagram
ATM1/0
ATM network
Router A L2 switch Server
Host A
Host B
1.
Configure Router A:
# Configure user name and password:

<RouterA> system-view [RouterA] local-user Sysname [RouterA-luser-Sysname] password simple hello [RouterA-luser-Sysname] service-type ppp [RouterA-luser-Sysname] quit
# Configure dialing access control list:

[RouterA] dialer-rule 10 ip permit
# Create dialer port and configure the dial-up and PPP authentication:
[RouterA] interface dialer0 [RouterA-Dialer0] link-protocol ppp [RouterA-Dialer0] ppp chap password hello [RouterA-Dialer0] ppp chap user user1 [RouterA-Dialer0] ip address ppp-negotiate
219
[RouterA-Dialer0] dialer user ABC [RouterA-Dialer0] dialer-group 10 [RouterA-Dialer0] dialer bundle 12 [RouterA-Dialer0] quit
# Create a VE interface:
[RouterA] interface virtual-ethernet 2 [RouterA-Virtual-Ethernet2] quit
# Configure the ATM interface of ADSL card:

[RouterA] interface atm1/0 [RouterA-Atm1/0] pvc 0/32 [RouterA-atm-pvc-Atm1/0-0/32] map bridge virtual-ethernet 2 [RouterA-atm-pvc-Atm1/0-0/32] quit
# Configure a VE interface:
[RouterA] interface virtual-ethernet 2 [RouterA-Virtual-Ethernet2] pppoe-client dial-bundle-number 12
# Configure the default route:

[RouterA] ip route-static 0.0.0.0 0.0.0.0 Dialer 0
2.
If the PPPoEoA Server is of the same type of router, its PPPoEoA can be configured as follow:
# Configure user features.

<Sysname> system-view [Sysname] local-user user1 [Sysname-luser-user1] password simple hello [Sysname-luser-user1] service-type ppp
# Create a virtual-template, set the authentication mode to CHAP, and configure the IP address.
[Sysname] interface virtual-template 0 [Sysname-Virtual-Template0] ppp authentication-mode chap [Sysname-Virtual-Template0] ppp chap user Sysname [Sysname-Virtual-Template0] ip address 10.1.1.1 255.255.0.0 [Sysname-Virtual-Template0] remote address pool 80 [Sysname-Virtual-Template0] quit
# Configure the users in the domain to use the local authentication scheme, and create a local IP address pool.
[Sysname] domain system [Sysname-isp-system] scheme local [Sysname-isp-system] ip pool 80 10.1.1.2 10.1.1.100
# Configure a VE interface.
[Sysname] interface virtual-ethernet 1
# Enable PPPoE Server on the VT specified on the VE interface.

[Sysname-Virtual-Ethernet1] pppoe-server bind virtual-template 0 [Sysname-Virtual-Ethernet1] mac-address 0022-0022-00C1 [Sysname-Virtual-Ethernet1] quit
# Configure ATM interface 1/0.

[Sysname] interface atm1/0 [Sysname-Atm1/0] pvc 0/32
220
[Sysname-atm-pvc-Atm1/0-0/32] map bridge virtual-ethernet 1
After the configuration, the link layer is able to work normally, and the PCs can communicate with the server via the ATM upper layer protocols.
ATM PVC transmit priority configuration example

As shown in Figure 70, create PVC 1 and PVC 2 on the same ATM 155 Mbps interface, each assigned 100 Mbps of bandwidth and associated with the UBR service. Set the transmission priority of PVC 1 to 1 and that of PVC 2 to 3. Configure Router A to distribute equal amount of traffic to Router B on two PVCs and observe the statistics about received/sent/dropped packets. Figure 70 Network diagram
Router A PVC1 Router B
ATM1/0 202.38.160.1/24
PVC2
ATM1/0 202.38.160.2/24
Configure Router A: # Configure the ATM interface.
<RouterA> system-view [RouterA] interface atm 1/0 [RouterA-Atm1/0] ip address 202.38.160.1 255.255.255.0
# Create two PVCs and assign them different transmission priority values.
[RouterA-Atm1/0] pvc 1 0/33 [RouterA-atm-pvc-Atm1/0-0/33-1] map ip 202.38.160.2 [RouterA-atm-pvc-Atm1/0-0/33-1] service ubr 100000 [RouterA-atm-pvc-Atm1/0-0/33-1] transmit-priority 1 [RouterA-atm-pvc-Atm1/0-0/33-1] quit [RouterA-Atm1/0] pvc 2 0/32 [RouterA-atm-pvc-Atm1/0-0/32-2] map ip 202.38.160.3 [RouterA-atm-pvc-Atm1/0-0/32-2] service ubr 100000 [RouterA-atm-pvc-Atm1/0-0/33-1] transmit-priority 3
After two equal traffics that exceed the ATM bandwidth are sent to Router B, use the display atm pvc-info interface atm 1/0/0 pvc command on Router B to view statistical results for each PVC (make several tests and observe the average statistical value). You can see that the PVC with higher priority receives more packets than that with lower priority. The PVC with the higher priority takes preference in getting bandwidth and other PVCs (if there are many and with different priority values), regardless of their priority values, are treated equally in terms of bandwidth allocation.
221
Troubleshooting ATM
Link state error in IPoA application
Symptom
When IPoA is used, the link state is down.
Solution
Make sure that the optical fiber is plugged in correctly. Make sure that the local IP address has been configured. Make sure that the PVC is successful created and communication between cards is normal.
Link report error in PPPoA application

Symptom
When PPPoA is used, the link does not report UP.
Solution
See Link state error in IPoA application.
Ping failure
Symptom
The physical layer of the interfaces and the line protocol are both UP, but when tested with the ping command, the two ends are mutually unreachable.
Solution
If IPOA is used, make sure that the IP protocol address mapping is configured correctly. If the interfaces of two routers are connected back-to-back, the local PVC mapped to the remote IP must have the same VPI/VCI value as the remote PVC mapped to the local IP. In addition, the IP addresses of the two ends must also be in the same network segment. If two routers are connected back-to-back, make sure that at least one of interfaces uses internal transmission clock (master). On the other hand, if the routers are connected to the ATM network, the transmission clock should be set to line clock. Check the ATM interfaces of the two sides to make sure that they are of the same type, for example, both are multimode fiber interfaces or both are single mode fiber interfaces, or both are multimode fiber interfaces but connected using single mode. If a multimode fiber interface and a single mode fiber interface are directly connected, they can communicate in most cases, but sometimes with frequent packet dropping and CRC errors. If the two ends are PPPoA, make sure that their IP addresses (should be in the same network segment) and authentication parameters are correctly configured. If, according to the ping command, small packets can pass but big packets cannot, make sure that the mtu configurations of the two router interfaces are the same.
222
ATM interface state error

Symptom
The interface state of ATM is DOWN.
Solution
Make sure that the optical fibers are correctly plugged to ATM interface. There should be two optical fibers, one for receiving information and one for sending information. The two are not exchangeable. If they are wrongly plugged, the interface state of ATM cannot be UP. If two routers are connected back-to-back, check if neither of the two ATM interfaces enables internal transmission clock. By default, routers use line clock. If two routers are connected back-to-back, one of them should be configured as internal transmission clock with the clock master command.
PVC state is down while ATM interface state is up

Symptom
The PVC state is down but its ATM interface is up.
Solution
Check if this fault results from enabling OAM F5 Loopback cell transmission and retransmission detection or OAM continuity check. When two ATM devices are connected, the VPI/VCI value of the PVCs on the two devices must be the same. Provided that OAM F5 cell transmission and retransmission detection or OAM continuity check is enabled, and the VPI/VCI value of the remote node (connected directly with the local node) is not the same as the local node, the local PVC state cannot change into UP.
Ping failure after PPPoA configuration

Symptom
The PVC state is UP, but after applications like IPoA are configured, the remote node cannot be successfully pinged.
Solution
Make sure that the remote node supports the same application as configured on the local node. For example, if the local node uses PPPoA, the remote node should also use PPPoA. If the remote node supports the same application configured on the local node, make sure that the two sides use the same type of AAL5 encapsulation protocol. For example, if one side uses SNAP whereas the other uses MUX, they cannot communicate. You can enable the packet debugging function of ATM to get some clues.
Packet loss and CRC errors and changes of interface state

Symptom
Two routers are connected back-to-back, and a ping between them is successful, but sometimes there are large amount of packets lost and frequent CRC errors, or the interface state alternates between UP and DOWN.
223
Solution
Check the ATM interfaces of the two nodes to see if their types are the same (both are multimode fiber interface or both are single mode fiber interface). If their types are different, you should change one of them. In most cases, when a multimode fiber interface and a single mode fiber interface are directly connected, they can communicate, but sometimes with the mentioned faults.
224
HDLC configuration
The HP A-MSR900 series routers do not support serial interfaces or HDLC. HDLC is a bit-oriented link layer protocol. Its most prominent feature is that it can transmit any type of bit stream transparently. HDLC supports point-to-point link only and does not support point-to-multipoint link. HDLC supports neither IP address negotiation nor authentication. It uses keepalive messages to check link status. HDLC works only on synchronous interfaces or synchronous/asynchronous interfaces in synchronous mode. This protocol applies to the Serial interface and POS interface that work in synchronous mode.
HDLC frame format and frame type

HDLC frames fall into the following types: information frame (I frame), supervision frame (S frame), and unnumbered frame (U frame). Information frame is responsible for transmitting useful data or information. Supervision frame is responsible for error control and flow control. Unnumbered frame is responsible for the link establishment, teardown, and so on. The flag field, 01 1 1 marks the beginning and end of an HDLC frame. Each frame begins with a 7E 1 1 10, and ends with a 7E. The 7E between two neighboring frames functions both as the end of the frame in the front and as the beginning of the following frame. The address field is eight bits; it identifies the source or destination where the frame is sent or received. The control field is eight bits; it identifies the control type and defines the frame type (control or data). The information field can be an arbitrary binary bit set. The minimum length can be zero and the maximum length is decided by the FCS field or the buffer size of the communicating node. The maximum length is between 1000 and 2000 bits. The checksum field can use a 16-bit CRC to check the content of a frame.
An HDLC frame is composed of flag field, address field, control field, information field, and checksum field.
Enabling HDLC encapsulation on an interface

To enable HDLC encapsulation on an interface: To do
1. Enter system view. 2. Enter interface view. 3. Enable HDLC encapsulation on the interface.
Use the command

system-view interface interface-type interface-number link-protocol hdlc
Remarks
Required. PPP is encapsulated by default.
225
Configuring an IP address for an interface

To configure an IP address for an interface: To do
Use the command

system-view interface interface-type interface-number Assign an IP address to the interface
Remarks
Use either approach. By default, no IP address is assigned to an interface, and an interface does not borrow the IP address of any other interface.
3. Configure an IP address for the interface.
ip address ip-address { mask | mask-length } [ sub ] Configure the interface as an IP unnumbered interface to borrow the IP address of the specified interface ip address unnumbered interface interface-type interface-number
You must make sure that an IP unnumbered HDLC interface has a route to the remote end. When configuring the route, following these guidelines: If you use a routing protocol, make sure that the learned route has a mask longer than the borrowed IP address, because route lookup is based on longest match. If you configure a static route and the borrowed IP network mask is 32 bits long, the static route must use a mask shorter than the borrowed IP address. If you configure a static route, and the mask of the borrowed IP address is shorter than 32 bits, the static route must use a mask longer than the borrowed IP address.
For more information about interface IP address configuration, see Layer 3IP Services Configuration Guide.
Configuring the link status polling interval

HDLC can regularly check link status. The link status polling interval is user configurable. It is a good practice to set the same interval for the two ends of a link. Setting the link status polling interval to 0 disables link status check. If the network has a long delay or is experiencing congestion, increase the polling interval to avoid network flappings. To configure the link status polling interval: To do
1. Enter system view. 2. Enter interface view. 3. Configure the link status polling interval.
Use the command

system-view interface interface-type interface-number timer hold seconds
Remarks
226
Configuring HDLC compression

The STAC-LZ compression compresses the payload of packets on an HDLC link. Because it does not rely on history packet information, it can achieve a smaller compression ratio. The STAC-LZ compression increases data transmission efficiency on low-speed links, saves network bandwidth, and reduces network load. To configure HDLC compression: To do
1. Enter system view. 2. Enter interface view. 3. Enable HDLC encapsulation on the interface.
Use the command

system-view interface interface-type interface-number link-protocol hdlc
Remarks
Required. PPP by default. Required.
4. Enable HDLC compression.
hdlc compression stac
By default, HDLC links do not support compression.
Displaying and maintaining HDLC

To do
Display the HDLC compression statistics.
Use the command

display hdlc compression stac [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] reset hdlc compression stac [ interface interface-type interface-number ]
Remarks
Clear the HDLC compression statistics.
Use the display interface command to display the configuration result. Use the reset counters interface command to clear the traffic statistics of an HDLC interface and restart traffic statistics collecting on the HDLC interface.
HDLC configuration examples

Basic HDLC configuration example
As shown in Figure 71, run HDLC on the link between Router A and Router B.
227

POS5/0 12.1.1.1/24 POS5/0 12.1.1.2/24
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] interface pos 5/0 [RouterA-Pos5/0] clock master [RouterA-Pos5/0] link-protocol hdlc [RouterA-Pos5/0] ip address 12.1.1.1 24 [RouterA-Pos5/0] quit
2.
Configure Router B.
<RouterB> system-view [RouterB] interface pos 5/0 [RouterB-Pos5/0] link-protocol hdlc [RouterB-Pos5/0] ip address 12.1.1.2 24
After the configuration, Router A and Router B should be able to ping each other. Take the output on Router A as an example.
[RouterA] ping 12.1.1.2 PING 12.1.1.2: 56 data bytes, press CTRL_C to break Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=126 ms Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=10 ms --- 12.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/27/126 ms
HDLC in conjunction with IP unnumbered interface configuration example

As shown in Figure 72, Router A and Router B are connected through their POS ports with HDLC enabled. POS 5/0 of Router A borrows the IP address of the local loopback interface. The IP address of the loopback interface is with a 32-bit mask. Router A learns the routing information of Router B through static routes. Router A can reach the network segment 12.1.2.0/24.
228

Loop1 12.1.1.2/32
Router B
POS5/0 POS5/0 12.1.1.1/24 12.1.2.0/24
Router A
1.
Configure Router A.
<RouterA> system-view [RouterA] interface loopback 1 [RouterA-LoopBack1] ip address 12.1.1.2 32 [RouterA-LoopBack1] quit [RouterA] interface pos 5/0 [RouterA-Pos5/0] clock master [RouterA-Pos5/0] link-protocol hdlc [RouterA-Pos5/0] ip address unnumbered interface loopback 1 [RouterA-Pos5/0] quit
2.
Configure Router B.
<RouterB> system-view [RouterB] interface pos 5/0 [RouterB-Pos5/0] link-protocol hdlc [RouterB-Pos5/0] ip address 12.1.1.1 24
3.
Configure a static route on Router A.
[RouterA] ip route-static 12.1.1.0 24 pos 5/0 [RouterA] ip route-static 12.1.2.0 24 12.1.1.1
4.
Verify that Router A can ping network segment 12.1.2.0/24.

PING 12.1.2.1: 56 data bytes, press CTRL_C to break
[RouterA] ping 12.1.2.1 Reply from 12.1.2.1: bytes=56 Sequence=1 ttl=255 time=35 ms Reply from 12.1.2.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 12.1.2.1: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 12.1.2.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 12.1.2.1: bytes=56 Sequence=5 ttl=255 time=1 ms --- 12.1.2.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/9/35 ms
# Execute the display ip routing-table command on Router A to see that the routing table information is correct.
[RouterA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5
229
Destination/Mask 12.1.1.0/24 12.1.1.2/32 12.1.2.0/24 127.0.0.0/8 127.0.0.1/32
Proto
Pre
Cost 0 0 0 0 0
NextHop 12.1.1.2 127.0.0.1 12.1.1.1 127.0.0.1 127.0.0.1
Interface POS5/0 InLoop0 POS5/0 InLoop0 InLoop0
Static 60 Direct 0 Static 60 Direct 0 Direct 0
230
DLSw configuration
The AIW developed DLSw for tunneling unroutable, non-IP based protocol such as IBM SNA over a TCP/IP network. Figure 73 shows the DLSw mechanism. Figure 73 DLSw mechanism
LAN LLC2 Terminal Router A TCP/IP SSP Router B LAN LLC2 Terminal
1. 2. 3.
The local DLSw router converts the LLC2 frames from the local SNA device into Switch-to-Switch Protocol (SSP) frames that can be encapsulated in TCP packets. The local DLSw router forwards the SSP frames across the WAN over a TCP connection to the remote router. The remote router converts the SSP frames back into LLC2 frames and sends them to the peer SNA device.
DLSw enables the SNA devices to communicate with each other as if they were on the same network. Different from transparent bridging, DLSw does not forward LLC2 frames transparently to the peer. Instead, it converts LLC2 frames into SSP frames for data encapsulation in TCP packets. The local termination mechanism of DLSw eliminates the requirement for link layer acknowledgments and keepalive messages to flow across a WAN. It also solves the data link control timeout problem. DLSw also enables transmission of SDLC traffic across a TCP/IP WAN by first converting SDLC frames to LLC2 frames, and then transporting them to the remote end through DLSw. DLSw can interconnect LAN and SDLC media. the following DLSw versions are available: version 1.0 and version 2.0. DLSw v1.0 is implemented based on RFC 1795, and DLSw v2.0 is implemented based on RFC 2166 and is intended to improve product maintainability and to reduce network cost. In addition, DLSw v2.0 provides enhancements by means of UDP explorer frames sent in multicast and unicast modes. When the peer is also running DLSw v2.0, the two ends can use UDP packets to explore reachability, and a TCP connection is established only when data transmission is required. SDLC is an IBM data link layer protocol, for use in IBM SNA networks. For more information on LLC, see IEEE 802.2.
Differences between DLSw v1.0 and DLSw v2.0

Problems with DLSw v1.0
TCP connection In DLSw v1.0, immediately after a pair of peers is configured, the local peer attempts to establish a TCP connection with the remote peer (by first establishing two TCP connections and then bringing down one of them after capabilities exchange), regardless whether a connection is needed. All packets, including
231
explorer frames, circuit setup requests and data packets, are transmitted over the TCP connection. This wastes network resources. Excessive broadcasts Although a local acknowledgement mechanism is provided in DLSw v1.0, explorer frames may flood the WAN over the established TCP connections if the reachability table of DLSw contains a small number of entries or no entries. Low maintainability When a circuit is disconnected, DLSw v1.0 uses two types of messages to notify the peer but cannot tell the disconnection cause. This adds to difficulty in locating the reason for an abnormal circuit disconnection.
Enhancements in DLSw v2.0

DLSw v2.0 provides enhancements to address the above-mentioned problems and it remains compatible with DLSw v1.0. The components on a DLSw network are defined are shown in Figure 74. Figure 74 DLSw v2.0 network
Origin station Target station
LAN
LAN
Origin DLSw station
UDP, TCP/ IP SSP message
Target DLSw station
In Figure 74, the origin station is the end station that originates communication, the target station is the end station that accepts communication, the origin DLSw router is a DLSw-enabled router connected to the origin station, and the target DLSw router is a DLSw-enabled router connected to the target station. In this document, an origin DLSw v2.0 router is a DLSw v2.0capable router. Using UDP packets to explore peer addresses To prevent unnecessary TCP connection setups, DLSw v2.0 sends explorer frames by using UDP packets instead of over TCP connection, unless a TCP connection is present. These UDP packets can be sent in two ways: multicast and unicast (depending on the specific situation). Using UDP packets reduces, to some degree, the TCP connections required, and saves network resources. Setting up a single TCP connection when required A TCP connection is set up after the origin and target DLSw v2.0 routers get reachability information using UDP packets and when both the origin and target stations want to set up a circuit between them. A DLSw circuit establishment process is simplified into two stages: first, establishment of a single TCP connection; then, capabilities exchange. If capabilities negotiation fails, the source-end DLSw v2.0 router sends a reject packet to the peer and then the TCP connection is taken down. In DLSw v2.0, as a TCP connection is established only when a circuit is required between two ends, the overheads of establishing and maintaining TCP connections are reduced, resulting in better system resource utilization.
232
In case the origin and target DLSw routers use different versions of DLSw, for backward compatibility, the one uses DLSw v2.0 works as a DLSw v1.0 router and follows RFC 1795 when setting up a TCP connection with its peer. Enhanced maintainability To enable a DLSw router to notify its peer about the reason for dropping a connection, DLSw v2.0 defines five generic circuit halt reason codes: unknown error, received DISC from end-station, detected DLC error with end-station, circuit-level protocol error, and operator-initiated. The halt reason codes are sent to the peer in SSP messages.
Protocols and standards

DLSw is documented in: RFC 1795: Data Link Switching: Switch-to-Switch Protocol AIW DLSw RIG: DLSw Closed Pages, DLSw Standard Version 1.0. RFC 2166: APPN Implementer's Workshop Closed Pages Document DLSw V2.0 Enhancements.
Configuring DLSw in an Ethernet environment

To configure DLSw in an Ethernet environment: To do...
1. Enter system view. 2. Enable bridging. 3. Enable a bridge set. 4. Enable DLSw. 5. Create a local DLSw peer. 6. Map a bridge set to DLSw. 7. Add an Ethernet interface to the bridge set. 8. Set DLSw timers. 9. Configure LLC2 parameters. 10. Configure the multicast function of DLSw v2.0. 11. Configure the maximal attempts of sending an explorer frame in DLSw v2.0. 12. Apply an ACL in DLSw so that DLSw handles only Ethernet frames that match the ACL. 13. Configure local reachable MAC or SAP addresses.
Use the command...

system-view bridge enable bridge bridge-set enable dlsw enable See Creating DLSw peers. See Mapping a bridge set to DLSw. See Adding an Ethernet interface to a bridge set. See Setting DLSw timers. See Configuring LLC2 parameters. See Configuring the multicast function of DLSw v2.0. See Configuring the maximum number of DLSw v2.0 explorer retries. See Applying an ACL in DLSw. See Configuring local reachable MAC or SAP addresses.
Remarks
Required Required Optional Enabled by default Required Required Required Optional Optional Optional
Optional
Optional
Optional
233
To do...
14. Configure the remote reachability information for the router.
Use the command...

See Configuring remote reachability information.
Remarks
Optional
For more information on bridge and bridge set configuration, see the chapter Bridging configuration.
Creating DLSw peers

Establishing a TCP connection is the first step in establishing a DLSw circuit. To establish a TCP connection, you must specify the IP addresses of both ends of the TCP connection. Before the local router can initiate or accept a TCP connection request, you must create a local DLSw peer and specify the IP address of the local end of the TCP connection. A router can only have one local peer. After creating a local peer is created, you must create a remote DLSw peer to establish a TCP connection. The following command specifies the IP address of the remote router with which a TCP connection is to be established. After the configuration, the router keeps trying to establish a TCP connection with the remote router. A router can have multiple remote peers. Create a local DLSw peer before creating a remote DLSw peer for it. To create DLSw peers: To do
Use the command

system-view dlsw local ip-address [ init-window init-window-size | keepalive keepalive-interval | keepcount keepcount-number | max-frame max-frame-size | max-window max-window-size | permit-dynamic | vendor-id vendor-id ] * dlsw remote ip-address [ backup backup-address [ immediately ] | keepalive keepalive-interval | linger seconds | max-frame max-frame-size | max-queue max-queue-length | priority priority ] *
Remarks
Required. The IP address specified with ip-address must be a reachable IP address of the local host.
2. Create a local DLSw peer.
Required. The IP address specified with ip-address must be a reachable IP address of the remote DLSw router.
3. Create a remote DLSw peer.
Deleting a local DLSw peer deletes all its remote DLSw peers at the same time.
Mapping a bridge set to DLSw

DLSw was developed based on the bridging technology. Bridging between different Ethernet interfaces is possible if these interfaces are configured in the same bridge set. To enable forwarding frames of a bridge set to a remote end system over a TCP connection, use the dlsw bridge-set command to map the bridge set to DLSw. This command can be used repeatedly to map multiple bridge sets to DLSw. To map a bridge set connected to DLSw:
234
To do...
Use the command...

system-view
Remarks
Required. By default, no bridge set is mapped to DLSw.
2. Map a bridge set to DLSw.
dlsw bridge-set bridge-set
This command should be used in conjunction with the bridge bridge-set enable command, with the same bridge-set value in both commands.
Adding an Ethernet interface to a bridge set

By adding an Ethernet interface to a bridge set and mapping the bridge set to DLSw, you can enable transmission of LLC2 frames from the Ethernet interface to a remote end over a TCP connection. For more information about bridge set configuration, see the chapter Bridging configuration.
Setting DLSw timers

Configure the timers used in creating DLSw circuits as per your actual needs. To set DLSw timers: To do...
Use the command...

system-view
Remarks
Required Defaults:
2. Configure DLSw timer parameters.
dlsw timer { cache | connected | explorer | explorer-wait | local-pending | remote-pending } seconds
cache: 120 seconds connected: 300 seconds explorer: 30 seconds explorer-wait: 30 seconds local-pending: 30 seconds remote-pending: 30 seconds
Note that the timer values should be modified only when necessary.
Configuring LLC2 parameters

SNA was designed to transmit LLC2 frames over Ethernet. Modify some LLC2 parameters by using LLC2 related commands. To configure LLC2 parameters: To do...
Use the command...

Remarks

To do...
3. Configure the maximum number of information frames the router can receive before it must send an acknowledgement. 4. Configure the maximum number of consecutive information frames the router can send before receiving an acknowledgement from the peer. 5. Configure the LLC2 output queue length. 6. Configure the modulus value of LLC2. 7. Configure the number of LLC2 transmission retries. 8. Configure the maximum LLC2 PDU. 9. Configure the LLC2 local acknowledgment delay time. 10. Configure LLC2 acknowledgment waiting time. 11. Configure the LLC2 busy-station polling interval. 12. Configure the LLC2 P/F waiting time. 13. Configure the LLC2 REJ status time. 14. Configure the LLC2 POLL timer.
Use the command...
Remarks
Required 3 by default
llc2 max-ack length
llc2 receive-window length
Optional 7 by default
llc2 max-send-queue length
Optional 50 by default Optional 128 by default Optional 3 by default Optional 1493 bytes by default Optional 100 ms by default Optional 200 ms by default Optional 300 ms by default Optional 5000 ms by default Optional 500 ms by default Optional 30,000 ms by default
llc2 modulo { 8 | 128 }
llc2 max-transmission retries
llc2 max-pdu length
llc2 timer ack-delay mseconds
llc2 timer ack mseconds
llc2 timer busy mseconds
llc2 timer poll mseconds
llc2 timer reject mseconds
llc2 timer detect mseconds
Configuring the multicast function of DLSw v2.0

By default, the DLSw multicast function is disabled on devices running DLSw v2.0. To enable this function, use the dlsw multicast command. Before enabling the DLSw multicast function, you must configure the outbound multicast interface specified with interface interface-type interface-number in the above-mentioned command on the same interface as the local DLSw peer. To enable the DLSw multicast function, you must execute the related multicast command first. Before configuring the multicast function of DLSw v2.0, you must first configure the multicast function of the device, and configure the local DLSw peer. After DLSw v2.0 multicast is enabled, the origin DLSw v2.0
236
device can multicast SOCKET messages (with explorer frames encapsulated) to a specific multicast address, so that all target DLSw v2.0 routers listening to the multicast address can receive the SOCKET messages and get the explorer frames. To configure the multicast function of DLSw v2.0: To do...
1. Enter system view. 2. Enable the multicast function of DLSw v2.0.
Use the command...

system-view dlsw multicast [ multicast-ip-address ] interface interface-type interface-number
Remarks
Configuring the maximum number of DLSw v2.0 explorer retries

Each time the origin DLSw v2.0 router sends an explorer frame in a UDP multicast, it starts an explorer timer. If no response is received before the explorer timer times out, the router sends another explorer frame and resets the explorer timer. This process continues until a response is received or the maximum number of explorer transmission retries is reached. To configure the maximum number of explorer transmission retries: To do...
1. Enter system view. 2. Set the maximum number of explorer transmission retries.
Use the command...

system-view dlsw max-transmission retries
Remarks
Optional 5 by default
Applying an ACL in DLSw

To apply an ACL in DLSw: To do...
Use the command...

system-view acl number acl-number [ match-order { auto | config } ]
Remarks
2. Create a MAC-based Layer 2 ACL.
rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-name | vpn-instance vpn-instance-name ] * quit dlsw ethernet-frame-filter acl-number inbound dlsw ethernet-frame-filter acl-number outbound
Required. No Layer 2 ACL is configured by default.
3. Return to system view.
Required. By default, no ACL is applied. ACLs for inbound and outbound traffic can be configured at the same time.
4. Apply a MAC-based ACL to inbound traffic, outbound traffic, or both.
For more information about creating a Layer 2 ACL, see ACL and QoS Configuration Guide.
237
Configuring DLSw in an SDLC environment

To configure DLSw: To do...
1. Enter system view. 2. Enable DLSw. 3. Create a local DLSw peer. 4. Configure an SDLC interface. 5. Enable DLSw forwarding on an SDLC interface. 6. Configure SDLC roles. 7. Configure an SDLC address for a secondary station. 8. Configure an SDLC peer. 9. Configure the XID of SDLC. 10. Configure an SDLC virtual MAC address. 11. Configure the properties of a synchronous serial interface. 12. Configure optional SDLC parameters. 13. Configure the multicast function of DLSw v2.0. 14. Configure the maximal number of DLSw v2.0 explorer retries. 15. Configure local reachable MAC or SAP addresses. 16. Configure the remote reachability information.
Use the command...

system-view dlsw enable See Creating DLSw peers. See Enabling SDLC encapsulation on an interface. See Enabling DLSw forwarding on an SDLC interface. See Configuring SDLC roles. See Configuring an SDLC address for a secondary station. See Configuring an SDLC peer. See Configuring an SDLC XID. See Configuring an SDLC virtual MAC address. See Configuring the properties of a synchronous serial interface. See Configuring optional SDLC parameters. See Configuring the multicast function of DLSw v2.0. See Configuring the maximum number of DLSw v2.0 explorer retries. See Configuring local reachable MAC or SAP addresses. See Configuring remote reachability information.
Remarks
Optional Enabled by default Required Required Required Required Required Required Optional (required for PU2.0 devices) Optional Optional Optional Optional
Optional
Optional Optional
Enabling SDLC encapsulation on an interface

The SDLC is a link layer protocol relative to the SNA. Its working principle is similar to HDLC. In order to make DLSw work properly, you must enable SDLC encapsulation on the synchronous serial interface. To enable SDLC encapsulation on an interface: To do...
Use the command...

system-view
Remarks
238
To do...
2. Enter interface view. 3. Enable SDLC encapsulation on the interface.
Use the command...

interface interface-type interface-number link-protocol sdlc
Remarks
Required PPP encapsulation by default
Note that the SDLC link layer protocol cannot underlie the IP protocol, so all the IP-related configurations on the interface must be removed before you enable SDLC encapsulation on the interface. For example, you must delete the IP address of the interface.
Enabling DLSw forwarding on an SDLC interface

With DLSw forwarding enabled on the SDLC interface, all local SNA devices connected to the interface are able to communicate with the remote device through DLSw. To enable DLSw forwarding on an SDLC interface: To do...
1. Enter system view. 2. Enter interface view. 3. Enable DLSw forwarding on the interface.
Use the command...

system-view interface interface-type interface-number sdlc enable dlsw
Remarks
Configuring SDLC roles

In contrast with HDLC, SDLC is an unbalanced link layer protocol. The ends of a TCP connection are not equal in the positions: one is primary and the other is secondary. The primary station, whose role is primary, plays a dominant role and controls the whole connection process. The secondary station, whose role is secondary, is controlled by the primary station. You must configure a role for an SDLC interface. The role of an interface should be determined by the role of the SDLC device to which this router is connected: If the SDLC device connected with the local router has a role of primary, the local interface should be configured to have a role of secondary; If the SDLC device connected with the local router has a role of secondary, the local interface should be configured to have a role of primary.
An IBM mainframe has a role of primary, and a terminal device such as a UNIX host or an ATM has a role of secondary. To configure an SDLC role: To do...
Use the command...

Remarks

239
To do...
3. Configure an SDLC role.
Use the command...

sdlc status { primary | secondary }
Remarks
Required. By default, no SDLC role is configured.
Configuring an SDLC address for a secondary station

The SDLC protocol allows multiple virtual circuits to run on an SDLC physical link, with one end connected to the primary station and the other end to a secondary station. In order to distinguish different virtual circuits, you must specify an SDLC address for each virtual circuit. SDLC is an unbalanced protocol, a primary station can be connected with multiple secondary devices through a multi-user system or an SDLC switch, and the secondary devices cannot be connected with one another. The communication between the primary station and each secondary station can be guaranteed as long as each secondary device is identified with an SDLC address. The following commands are used to specify an SDLC address for a virtual circuit, which is unique on a physical interface. The configured SDLC address on a synchronous serial interface is actually the address of the secondary SDLC station. On the serial interface of the DLSw router connected with the primary SDLC station, you must configure the address of each secondary SDLC station that communicates with the primary station. On the serial interface of the DLSw router connected with a secondary SDLC station, you must configure the address of each secondary SDLC station connected with the serial interface. An SDLC address ranges from 0x01 to 0xFE. The SDLC address of a router is valid on only one physical interface. The SDLC addresses configured on different interfaces may be identical. To configure an SDLC address: To do...
1. Enter system view. 2. Enter interface view. 3. Configure the address of a secondary SDLC station.
Use the command...

system-view interface interface-type interface-number sdlc controller sdlc-address
Remarks
Required. By default, no secondary SDLC station address is configured.
Configuring an SDLC peer

Specify the MAC address for the peer end of an SDLC virtual circuit, and the MAC address is used as the destination MAC address of the LLC2 frames converted from SDLC frames. In DLSw configuration, a peer should be configured for each SDLC address. The MAC address of the peer should be the MAC address of the remote SNA device (physical address in the Ethernet or Token Ring format), or the compound MAC address derived from the SDLC virtual MAC address of the peer end and the SDLC address of the local end. To configure the SDLC peer: To do...
1. Enter system view. 2. Configure MAC address conversion between Ethernet and token ring formats.
Use the command...

system-view dlsw reverse mac-address
Remarks
Optional.
240
To do...
3. Enter interface view.
Use the command...

interface interface-type interface-number sdlc mac-map remote mac-addr sdlc-addr
Remarks
Required. By default, no SDLC peer is configured.
4. Configure an SDLC peer.
When specifying an SDLC peer MAC address for an SDLC virtual circuit, pay attention to the following situations: If the remote SNA device uses a token ring address, use its token ring address directly; If the remote SNA device uses an Ethernet address, convert the Ethernet address to a token ring address, for example, convert 00e0.fc03.a548 to 0007.3fc0.5a12, by using the dlsw reverse command; If the remote SNA device uses an SDLC link, specify a compound MAC address, where the first five bytes are from the virtual MAC address configured in the sdlc mac-map local command on the remote router, and the last byte is the SDLC address of the local router.
Configuring an SDLC XID

An XID identifies a device in an SNA system. When configuring an SDLC connection, pay attention to the types of the connected SNA devices. Devices in an SNA system fall into the following types: PU2.0 and PU2.1. An XID has been configured on PU2.1 devices, so they can announce their identity by exchanging the XID. A PU2.0 device does not come with an XID. An XID is not required on a PU2.1 device, but required on a PU2.0 device. To configure an SDLC XID: To do...
Use the command...

Remarks
Optional.
3. Configure an SDLC XID.
sdlc xid sdlc-address xid-number
By default, no SDLC XID is configured on a synchronous serial interface.
Configuring an SDLC virtual MAC address

Initially designed for LLC2 protocols, DLSw establishes mappings with virtual circuits through MAC addresses. A MAC address must be specified for an SDLC virtual circuit so that SDLC frames can be forwarded. Use the following command to assign the current interface a virtual MAC address, which serve as the source MAC address during the conversion of SDLC frames to LLC2 frames. To configure an SDLC virtual MAC address: To do...
Use the command...

Remarks

To do...
3. Configure an SDLC virtual MAC address.
Use the command...

sdlc mac-map local mac-address
Remarks
Optional No virtual MAC address by default
Note that the sixth byte of the MAC address should be set to 0x00. The system combines the first five bytes of this virtual MAC address with the SDLC address into a new MAC address, which serves as the source MAC address in SDLC-to-LLC2 frame format conversion.
Configuring the properties of a synchronous serial interface

In practice, many types of SNA devices which differ from one another significantly exist. To ensure the compatibility among different devices, tune some commonly used parameters. Configure the encoding scheme of the synchronous serial interface Two encoding schemes, NRZI and NRZ, are available for synchronous serial interface. The NRZ encoding scheme is used for synchronous serial interfaces of routers. However, the serial interfaces of some SNA devices use the NRZI encoding scheme. The encoding scheme of synchronous serial interfaces should be changed according to the encoding schemes used on the connected devices. Configure the idle-time encoding scheme of the synchronous serial interface Most SDLC devices use 0x7E (flags) to indicate idle space between frames, but some other SDLC devices use 0xFF (marks) for this indication. For compatibility with different types of devices, configure the router to send either flags (default) or marks to indicate its idle state. To configure the properties of the synchronous serial interface: To do...
1. Enter system view. 2. Enter interface view. 3. Configure the baud rate of the synchronous serial interface. 4. Configure the synchronous serial interface to use NRZI encoding. 5. Configure the synchronous serial interface to send 0xFF (marks) during idle state.
Use the command...

system-view interface interface-type interface-number baudrate baudrate
Remarks
Optional 9600 bps by default Optional NRZ encoding by default Optional 0x7E by default
code { nrz | nrzi }
idle-mark
It is not required to change the idle-time encoding scheme of a synchronous serial interface, except when the synchronous serial interface is connected to an AS/400 device.
Configuring optional SDLC parameters

To configure optional SDLC parameters: To do...
Use the command...

Remarks

To do...
3. Configure the length of the SDLC output queue. 4. Configure the maximum number of consecutive frames the device can send before receiving an acknowledgement from the peer. 5. Configure the modulus value of SDLC.
Use the command...

sdlc max-send-queue length
Remarks
Optional. 50 by default. Optional. 7 by default. Optional. 8 by default. Optional. 265 bytes by default. The maximum PDU size of some PU2.0 devices is 265 bytes, and that of an IBM AS/400 is 521 bytes. This maximum PDU size should be configured to be the same as on the peer SDLC device. Optional. 20 by default. Optional. 0x04 by default. Optional.
sdlc window length
sdlc modulo { 8 | 128 }
6. Configure the maximum SDLC PDU size.
sdlc max-pdu number
7. Configure the maximum number of SDLC transmission retries. 8. Configure the local and remote SAP addresses for SDLC-to-LLC2 frame conversion. 9. Enable SDLC simultaneous mode.
sdlc max-transmission retries sdlc sap-map local lsap sdlc-addr sdlc sap-map remote dsap sdlc-addr
sdlc simultaneous
Alternate mode by default. Generally, this configuration is not required. Optional. 1000 ms by default. Optional 3000 ms by default.
10. Configure the SDLC polling interval. 11. Configure the amount of time the primary SDLC station waits for an acknowledgment from the receiving secondary station. 12. Configure the amount of time a secondary SDLC station waits for an acknowledgment from the receiving primary station.
sdlc timer poll mseconds
sdlc timer ack mseconds
sdlc timer lifetime mseconds
Optional 500 ms by default
A SAP address refers to the address of one or more application processes running on a computer or network device.
Configuring local reachable MAC or SAP addresses

When network topology is stable, to reduce the exploring time before the routers send information frames, manually configure the local reachable MAC addresses or SAP addresses.
243
To configure the local reachable MAC addresses or SAP addresses: To do...

1. Enter system view. 2. Specify a local reachable MAC address or SAP address.
Use the command...

system-view dlsw reachable { mac-address mac-address [ mask mask ] | mac-exclusivity | saps saps-list }
Remarks
Required. No local reachable MAC or SAP addresses are configured by default.
Configuring remote reachability information

To reduce the exploring time before the routers send information frames when network topology is stable, manually configure the reachability information of the remote end for the router. To configure the remote reachability information: To do...
1. Enter system view. 2. Configure the reachability information of the remote end.
Use the command...

system-view dlsw reachable-cache mac-address remote ip-address
Remarks
Required. No remote reachability information is configured by default.
Displaying and maintaining DLSw

To do...
Display capabilities exchange information.
Use the command...

display dlsw information [ ip-address | local ] [ | { begin | exclude | include } regular-expression ] display dlsw circuits [circuit-Id ] [ verbose ] [ | { begin | exclude | include } regular-expression ] display dlsw remote [ ip-address ] [ | { begin | exclude | include } regular-expression ] display dlsw reachable-cache [ | { begin | exclude | include } regular-expression ] display llc2 [ circuit circuit-id ] [ | { begin | exclude | include } regular-expression ] reset dlsw tcp [ ip-address ]
Remarks
Display information about a virtual circuit or all virtual circuits. Display information about a remote peer or all remote peers. Display the reachability information list of DLSw.
Display LLC2 statistics. Reset the TCP connection between the DLSw router and a remote peer or all remote peers. Clear information about a virtual circuit or all virtual circuits.
reset dlsw circuits [ circuit-id ]
244
To do...
Clear the reachability information list of DLSw.
Use the command...

reset dlsw reachable-cache
Remarks
DLSw configuration examples

Configuring LAN-to-LAN DLSw
As shown in Figure 75, DLSw works in a LAN-LAN environment. Configure DLSw on Router A and Router B to enable communication between an IBM host and an SNA host over the Internet. Figure 75 Network diagram
Router A
1.1.1.1/24
Router B
Internet
2.2.2.2/24
Eth1/0
Eth1/0
LAN LLC2 LLC2
LAN
IBM AS/400
Host
1.
Configure Router A.
# Configure interfaces on Router A to make sure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 can reach each other. (Details not shown) # Configure DLSw on Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 5 enable [RouterA] dlsw local 1.1.1.1 [RouterA] dlsw remote 2.2.2.2 [RouterA] dlsw bridge-set 5 [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] bridge-set 5
2.
Configure Router B.
# Configure interfaces on Router B to make sure that the local DLSw peer 2.2.2.2 and remote peer 1.1.1.1 can reach each other. (Details not shown) # Configure DLSw on Router B.
245
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 7 enable [RouterB] dlsw local 2.2.2.2 [RouterB] dlsw remote 1.1.1.1 [RouterB] dlsw bridge-set 7 [RouterB] interface ethernet 1/0 [RouterB-Ethernet1/0] bridge-set 7
After this configuration, the two SNA LANs across the Internet are interconnected.
Configuring SDLC-to-SDLC DLSw

As illustrated in Figure 76, DLSw works in an SDLC-to-SDLC environment. Configure DLSw on Router A and Router B to enable communication between the two SDLC LANs over the Internet. Figure 76 Network diagram
Router A
1.1.1.1/24 S2/0
Router B
Internet
SDLC address: 0xC1
2.2.2.2/24 S2/0
SDLC
SDLC
IBM AS/400
Host(SNA)
SDLC address: 0xC1
1.
Configure Router A.
Configure interfaces on Router A to make sure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 can reach each other. (Details not shown) # Configure DLSw on Router A.
<RouterA> system-view [RouterA] dlsw local 1.1.1.1 [RouterA] dlsw remote 2.2.2.2 [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol sdlc [RouterA-Serial2/0] sdlc enable dlsw [RouterA-Serial2/0] sdlc status secondary [RouterA-Serial2/0] sdlc controller c1 [RouterA-Serial2/0] sdlc mac-map remote 0000-2222-00c1 c1 [RouterA-Serial2/0] sdlc mac-map local 0000-1111-0000 [RouterA-Serial2/0] baudrate 9600 [RouterA-Serial2/0] code nrzi
246
2.
Configure Router B.
Configure interfaces on Router B to make sure that the local DLSw peer 2.2.2.2 and remote peer 1.1.1.1 can reach each other. (Details not shown) # Configure DLSw on Router B.
<RouterB> system-view [RouterB] dlsw local 2.2.2.2 [RouterB] dlsw remote 1.1.1.1 [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol sdlc [RouterB-Serial2/0] sdlc enable dlsw [RouterB-Serial2/0] sdlc status primary [RouterB-Serial2/0] sdlc controller c1 [RouterB-Serial2/0] sdlc mac-map remote 0000-1111-00c1 c1 [RouterB-Serial2/0] sdlc mac-map local 0000-2222-0000 [RouterB-Serial2/0] baudrate 9600 [RouterB-Serial2/0] code nrzi
After this step, the SDLC LANs across the WAN are interconnected.
Configuring DLSw for SDLC-LAN remote media translation

As shown in Figure 77, Host A and Host B are PU2.0 nodes ATM, and Host C is a PU2.1 node OS2. Configure DLSw on Router A and Router B, using NRZ encoding on the port connected with the multiplexer and NRZI encoding on the port connected with Host C, so that the IBM host can communicate with all the SNA PCs over the Internet. Figure 77 Network diagram
Router A
1.1.1.1/24
Router B
Internet
2.2.2.2/24 S2/0
S2/1
Eth1/0
LAN LLC2
SDLC
SDLC
IBM AS/400
MAC address: 0028-3300-2af5
Host A(SNA )
SDLC address: 0xC1
Host B(SNA )
SDLC address: 0xC2
Host C(SNA )
SDLC address: 0xC3
1.
Configure Router A.
# Configure interfaces on Router A to make sure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 can reach each other. (Details not shown) # Configure DLSw on Router A.
<RouterA> system-view
247
[RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] dlsw local 1.1.1.1 [RouterA] dlsw remote 2.2.2.2 [RouterA] dlsw bridge-set 1 [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] bridge-set 1
2.
Configure Router B.
# Configure interfaces on Router B to make sure that the local DLSw peer 2.2.2.2 and remote peer 1.1.1.1 can reach each other. (Details not shown) # Configure DLSw on Router B.
<RouterB> system-view [RouterB] dlsw local 2.2.2.2 [RouterB] dlsw remote 1.1.1.1 [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol sdlc [RouterB-Serial2/0] sdlc enable dlsw [RouterB-Serial2/0] sdlc status primary [RouterB-Serial2/0] sdlc mac-map local 0000-1234-5600 [RouterB-Serial2/0] sdlc controller c1 [RouterB-Serial2/0] sdlc xid c1 03e00001 [RouterB-Serial2/0] sdlc mac-map remote 0014-cc00-54af c1 [RouterB-Serial2/0] sdlc controller c2 [RouterB-Serial2/0] sdlc xid c2 03e00002 [RouterB-Serial2/0] sdlc mac-map remote 0014-cc00-54af c2 [RouterB-Serial2/0] baudrate 9600 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol sdlc [RouterB-Serial2/1] baudrate 9600 [RouterB-Serial2/1] code nrzi [RouterB-Serial2/1] sdlc status primary [RouterB-Serial2/1] sdlc mac-map local 0000-2222-0000 [RouterB-Serial2/1] sdlc controller c3 [RouterB-Serial2/1] sdlc mac-map remote 0014-cc00-54af c3 [RouterB-Serial2/1] sdlc enable dlsw [RouterB-Serial2/1] quit
# If the local and remote networks are stable, configure the following commands to save the polling process.
[RouterB] dlsw reachable mac-exclusivity [RouterB] dlsw reachable-cache 0014-cc00-54af remote 1.1.1.1
In the configuration file of router B, the MAC address in the sdlc mac-map remote and dlsw reachable-cache commands is the MAC address of the Ethernet card of the AS/400 device, which is connected to Router A. Because an Ethernet MAC address appears in the reverse bit order of a Token-Ring MAC address, bit order reversal is required in MAC address configuration (for example, a MAC address 0028-3300-2af5 appears to be 0014-cc00-54af after bit order reversal). If the peer end is Token-Ring, bit order reversal is not required.
248
Configuring DLSw with VLAN support

As shown in Figure 78, perform the following configuration so that the IBM host can communicate with the SNA host over the Internet: Assign Ethernet 1/1 to VLAN 2, configure Ethernet 1/0 as a trunk port and assign it to VLAN 2. Configure a sub-interface Ethernet 1/1.1 on Ethernet 1/1 of Router A and assign this sub-interface to VLAN 2.
Configure DLSw on Router A and Router B. Figure 78 Network diagram

Eth1/1 Eth1/1.1 Eth1/0 Eth1/0 1.1.1.1/24
Internet
Eth1/0 2.2.2.2/24
Eth1/1
LSW
Router A
Router B
IBM AS/400
Host(SNA )
1.
Configure Router A.
# Configure interfaces on Router A to make sure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 can reach each other. (Details not shown)
<RouterA> system-view [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] ip address 1.1.1.1 255.255.255.0 [RouterA-Ethernet1/0] quit [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] quit
# Configure DLSw on Router A.

[RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] dlsw local 1.1.1.1 [RouterA] dlsw remote 2.2.2.2 [RouterA] dlsw bridge-set 1 [RouterA] interface ethernet 1/1.1 [RouterA-Ethernet1/1.1] bridge-set 1
2.
Configure Router B.
# Configure DLSw on Router B.

<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable
249
[RouterB] dlsw local 2.2.2.2 [RouterB] dlsw remote 1.1.1.1 [RouterB] dlsw bridge-set 1 [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1
# Configure interfaces on Router B to make sure that the local DLSw peer 2.2.2.2 and remote peer 1.1.1.1 can reach each other. (Details not shown)
[RouterB-Ethernet1/1] ip address 2.2.2.2 255.255.255.0 [RouterB-Ethernet1/1] quit [RouterB] rip [RouterB-rip-1] network 2.0.0.0 [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] quit
3.
Configure LSW.
# Create VLAN 2, and assign Ethernet 1/1 to it.

<LSW> system-view [LSW] vlan 2 [LSW-vlan2] port ethernet 1/1 [LSW-vlan2] quit
# Set Ethernet 1/0 to trunk mode and allow VLAN 2 to pass.

[LSW] interface ethernet1/0 [LSW-Ethernet1/0] port link-type trunk [LSW-Ethernet1/0] port trunk permit vlan 2
DLSw v2.0 configuration example

As shown in Figure 79, Router A is DLSw v2.0 capable, connected with an IBM host. Router B and Router C are DLSw v1.0 or DLSw v2.0 capable, respectively, connected with PC1 and PC2; CISCO is a DLSw-capable router of Cisco, connected with PC3. All the DLSw routers listen to the multicast address 224.0.10.0. Enable the IBM host to communicate with all SNA hosts. Figure 79 Network diagram
Router B
Eth1/1 Eth1/0 1.1.1.1/24
Host A(SNA )
Internet
Router C Host B(SNA )
Router A
Muticast address: 224.0.10.0
IBM AS/400
CISCO
Host C(SNA )
250
1.
Configure Router A.
# Configure bridge set 1.

<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable
# Add Ethernet 1/1 to bridge set 1.

[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit
# Enable multicast.
[RouterA] multicast routing-enable [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] pim dm [RouterA-Ethernet1/0] igmp enable [RouterA-Ethernet1/0] igmp static-group 224.0.10.0 [RouterA-Ethernet1/0] quit
# Configure local DLSw peers, and allow a remote peer that is not preconfigured to initiate a TCP connection and establish dynamic peer relationship.
[RouterA] dlsw local 1.1.1.1 permit-dynamic
# Enable DLSw multicast, set the maximum number of explorer retries and specify a local bridge set.
[RouterA] dlsw multicast interface ethernet 1/0 [RouterA] dlsw max-transmission 3 [RouterA] dlsw bridge-set 1
2.
Configure Router B and Router C.
Before configuring Router B and Router C, first make sure of which DLSw version they support. If they are DLSw v2.0 capable, the configuration is similar as on Router A; if they are DLSw v1.0 capable, remove the multicast and explorer frame retransmission part from the configuration. For the configuration on the Cisco router, see Cisco documentation.
Troubleshooting DLSw
Proper communication of the DLSw requires sound cooperation between involved SNA devices and DLSw-capable routers. A fault in the cooperation between any two nodes may cause connection failure.
Unable to establish a TCP connection

Symptom
A TCP connection cannot be established between the local peer and any remote peer. In the output of the display dlsw remote command, the status is DISCONNECT.
Analysis
TCP connection establishment is the first step in successful DLSw connection. Failure in establishing a TCP connection is usually caused by problems between the two routers, such as incorrect IP routing configuration.
251
Solution
Check whether the remote peer is reachable by using the ping command. Alternatively, use the display ip routing-table command to check whether a route to the network segment exists. After both sides have established a correct route, the TCP connection can be created.
Unable to establish a DLSw circuit

Symptom
A DLSw circuit cannot be correctly established. The display dlsw circuit command output shows that the virtual circuit is not in CONNECTED state.
Analysis
Many reasons can cause circuit establishment failure. A TCP connection with the peer end must be successfully established first. If a TCP connection can be successfully established but circuit establishment fails, the problem is usually caused by abnormal cooperation between the router and the SNA device, most likely from some incorrect SDLC configuration.
Solution
1.
First enable the SDLC debugging, and check whether the SDLC interface can receive/forward frames properly by executing the display interface command. If the interface cannot receive/forward frames correctly, possible causes are incorrect encoding scheme, baud rate or clock configuration on the interface. Modify the interface configuration of the router or adjust the configuration parameters of the SDLC device. If frames can be received and forwarded correctly, examine whether the configuration of the PU type is correct. Use the sdlc xid command to configure the XID and change the PU type. If the PU type is correct, use the display dlsw circuit verbose command to check whether the virtual circuit can enter the CIRCUIT_EST state. If not, the MAC address of the SDLC peer is not correctly configured. Use the sdlc mac-map remote command to modify the configuration parameters. If the circuit can reach the CIRCUIT_EST state but cannot reach the CONNECTED state, the configuration of the SDLC on the router does not match that of the SNA devices. Check the configuration of the SDLC devices on both sides and the router. For example, check whether the XID of the SNA device is properly configured (PU2.1), and whether the XID of the router is properly configured (PU2.0). If all these configurations are correct, check whether the SDLC line on the primary SDLC device side (such as the AS/400 or S390) is activated. Sometimes the SDLC line needs to be activated manually.
2. 3.
4.
252
L2TP configuration
A VPDN is a VPN that uses the dial-up function of public networks such as ISDN or PSTN networks to provide access services for enterprises, small ISPs, and telecommuters. VPDN provides an economical and effective point-to-point method for remote users to connect to their home LANs. VPDN technology uses a tunneling protocol to build secure VPNs for enterprises across public networks. Branch offices and traveling staff can remotely access the headquarters Intranet resources through a virtual tunnel over public networks. Other users on the public networks are not permitted access. Main VPDN tunneling protocols include: PPTPPoint-to-Point Tunneling Protocol L2FLayer 2 Forwarding L2TPLayer 2 Tunneling Protocol
L2TP is the most widely-used VPDN tunneling protocol.
Typical L2TP networking application

Figure 80 VPDN built by using L2TP
Remote user LAC LNS
PPPoE/ISDN
Internet L2TP tunnel
Remote branch
Internal server
A VPDN built by using L2TP comprises three components: Remote system A remote system is usually a remote users host or a remote branchs routing device that needs to access the VPDN network. LAC An L2TP access concentrator is a device that has PPP and L2TP capabilities. An LAC is usually a NAS located at a local ISP, which provides access services mainly for PPP users. An LAC is an endpoint of an L2TP tunnel and lies between an LNS and a remote system. It encapsulates packets received from a remote system using L2TP and then sends the resulting packets to the LNS. It de-encapsulates packets received from the LNS and then sends the resulting packets to the intended remote system. Usually, a PPP link is used in a VPDN application.
253
LNS
An LNS functions as both the L2TP server and the PPP end system. It is usually an edge device on an enterprise network. An LNS is the other endpoint of an L2TP tunnel and is a peer to the LAC. It is the logical termination point of a PPP session tunneled by the LAC. The L2TP extends the termination point of a PPP session from a NAS to an LNS, logically.
Basic concepts of L2TP

Background of L2TP
PPP defines an encapsulation mechanism that allows a point-to-point link to carry packets of various protocols. When PPP runs between a user and an NAS, the PPP session and the Layer 2 link both terminates at the same physical devicethe NAS. L2TP tunnels PPP packets and extends the PPP model by enabling the Layer 2 link endpoint and the PPP session endpoint to reside on different devices (LAC and NAS, respectively) that are interconnected by a packet-switched network, such as the Internet. Combining the advantages of L2F and PPTP, L2TP is now the Layer 2 tunneling industry standard of the IETF.
L2TP architecture
Figure 81 shows the relationship between the PPP frame, control channel, and data channel. PPP frames are transferred over unreliable L2TP data channels. Control messages are transferred within reliable L2TP control channels. Figure 81 L2TP architecture
PPP frames L2TP data messages L2TP data channel (unreliable) L2TP control messages L2TP control channel (reliable)
Packet transmission network
Figure 82 L2TP packet encapsulation structure

IP header (Public network) UDP header L2TP header PPP header IP header (Private network) Data
Figure 82 depicts the encapsulation structure of an L2TP data packet between the LAC and the LNS. Usually, L2TP data is transferred as (UDP packets. The well-known UDP port for L2TP is 1701, though this is only used in the tunnel creation stage. The L2TP tunnel initiator selects an idle port (not necessarily 1701) to send a packet to port 1701 of the receiver. After receiving the packet, the receiver also selects an idle port (not necessarily 1701 either) to return a packet to the specified port of the initiator. Then, the two parties use the negotiated ports to communicate until the tunnel is disconnected.
Tunnel and session

Two types of connections are present between an LNS and an LAC: Tunnel and session. A tunnel corresponds to a LNS-LAC pair, and comprises a control connection and one or more sessions.
254
A session corresponds to one PPP data stream between an LNS and a LAC and is multiplexed on a tunnel. A session can be set up only after the tunnel is created.
Multiple L2TP tunnels can be established between an LNS and an LAC. Both control messages and PPP frames are transferred on the tunnel. L2TP uses hello packets to check a tunnels connectivity. The LAC and the LNS regularly send hello packets to each other. If no response packet is received within a given amount of time, the tunnel is torn down.
Control message and data message

L2TP supports two types of messages: Control messages and data messages. Control messages are used in establishment, maintenance, and clearing of tunnels and sessions. Control messages are transmitted over a reliable control channel, which supports flow control and congestion control. Data messages encapsulate PPP frames to be tunneled. Data messages are transmitted over an unreliable data channel that lacks flow control and congestion control, and retransmission mechanisms.
Control messages and data messages share the same header structure. The Type field in the L2TP header identifies whether a message is a control message or a data message. The tunnel ID and session ID fields in the L2TP header identify the tunnel and session, respectively. Packets with the same tunnel ID but different session IDs are multiplexed to the same tunnel. The tunnel ID and the session ID in a header are the intended receivers, not those of the sender.
L2TP tunneling modes and tunnel establishment process

Three typical L2TP tunneling modes
The typical L2TP tunneling modes are NAS-initiated, client-initiated, and LAC-auto-initiated. NAS-initiated See Figure 83. In this mode, a remote system dials in to the LAC through a PPPoE/ISDN network, and the LAC initiates a tunneling request to the LNS over the Internet. The LNS assigns a private IP address to the remote system. Authentication and accounting of the remote system can be implemented on the LAC or on the LNS. Figure 83 NAS-initiated tunneling mode
Internet
LAC LNS
PPPoE/ISDN
Remote system
L2TP tunnel
Internal server
Client-initiated
In this mode, after being permitted to access the Internet, a remote system running the L2TP client application (LAC client) directly initiates a tunneling request to the LNS without any dedicated LAC device. The LNS assigns the LAC client a private IP address. In this mode, a LAC client needs a public network address to communicate with the LNS through the Internet.
255
Figure 84 Client-initiated tunneling mode

LAN
LAC client
Internet
LNS
L2TP tunnel
Internal server
LAC-auto-initiated
In NAS-initiated mode, a remote system must successfully dial in to the LAC through PPPoE or ISDN to trigger the LAC to initiate a tunneling request to the LNS. In LAC-auto-initiated mode, create a virtual PPP user and execute the l2tp-auto-client enable command on the LAC. Then, the LAC automatically initiates a tunneling request to the LNS to establish an L2TP tunnel for the virtual PPP user. Then, when a remote system accesses the internal network, the LAC forwards data through the L2TP tunnel. In this mode, the connection between a remote system and the LAC is not confined to a dial-up connection and can be any IP-based connection. Figure 85 LAC-auto-initiated tunneling mode
Internet
LAC LNS
LAN
Remote system
L2TP tunnel
Internal server
L2TP tunnel establishment process

Figure 86 shows a typical L2TP network. Figure 86 Typical L2TP network
RADIUS server RADIUS server
IP network
IP network
PPPoE/ISDN
Host A Remote system Router A LAC
WAN
Router B LNS
Host B
Host C
Figure 87 depicts the setup procedure of an L2TP call in NAS-initiated mode.
256
Figure 87 L2TP call setup procedure

Remote system Host A LAC Router A LAC RADIUS server LNS Router B LNS RADIUS server
(1) Call setup (2) PPP LCP setup (3) PAP or CHAP authenticaion (4) Access request (5) Access accept (6) Tunnel setup (7) CHAP authentication (challenge/response) (8) Authentication passes (9) User CHAP response, PPP negotiation parameter (10) Access request (11) Acesss accept (12) CHAP authentication twice (challenge/response) (13) Access request (14) Acesss accept (15) Authentication passes
An L2TP call is set up in the following procedure:

1. 2. 3. 4. 5. 6. 7.
A remote user on Host A places a PPP call. Host A and the LAC (Router A) perform PPP LCP negotiation. The LAC authenticates the remote user by using the PAP, CHAP, or MS-CHAP. The LAC sends the authentication information (the username and password) to its RADIUS server for authentication. The LAC RADIUS server authenticates the user. If the user passes authentication, the LAC initiates a tunneling request to the LNS. If tunnel authentication is required, the LAC sends a CHAP challenge to the LNS. The LNS returns a CHAP response and sends its CHAP challenge to the LAC. Accordingly, the LAC returns a CHAP response to the LNS. The tunnel passes authentication. The LAC sends the CHAP response, response identifier, and PPP negotiation parameters of the user to the LNS. The LNS sends an access request to its RADIUS server for authentication. The RADIUS server authenticates the access request and returns a response if the user passes authentication. If the LNS is configured to perform a mandatory CHAP authentication for the user, the LNS sends a CHAP challenge to the user and the user returns a CHAP response. The LNS resends the access request to its RADIUS server for authentication.
8. 9. 10. 11. 12. 13.
257
14. 15.
The RADIUS server authenticates the access request and returns a response if the user passes authentication. The LNS assigns an internal IP address to the remote user. The user can now access the internal resources of the enterprise network.
L2TP features
1.
Flexible identity authentication mechanism and high security
L2TP itself does not provide security for connections. However, it has all the security features of PPP and allows for PPP authentication (CHAP or PAP). L2TP can also cooperate with IPsec to guarantee data security, strengthening the resistance of tunneled data to attacks. Tunnel encryption, end-to-end data encryption, and end-to-end application-layer data encryption technologies can be used together with L2TP for higher data security as required.
2.
Multi-protocol transmission RADIUS authentication
L2TP tunnels PPP frames, which can be used to encapsulate packets of multiple network layer protocols.
3.
An LAC and LNS can send the username and password of a remote user to a RADIUS server for authentication.
4.
Private address allocation
An LNS can reside behind the firewall of a corporate network and dynamically allocates private addresses to remote users, facilitating corporate private address management (RFC 1918) and improving the security.
5.
Accounting flexibility
Accounting can be simultaneously carried out on the LAC and LNS, allowing bills to be generated on the ISP side and charging and auditing to be processed on the enterprise gateway. The L2TP can provide accounting data, such as inbound and outbound traffic statistics (in packets and bytes) and the connections start time and end time. These features enable flexible accounting.
6.
Reliability
L2TP supports LNS backup. When the connection to the primary LNS is torn down, an LAC can establish a new one to a secondary LNS. This redundancy enhances the reliability and fault tolerance of VPN services.
Protocols and standards

RFC 1661: The PPP RFC 1918: Address Allocation for Private Internets RFC 2661: Layer Two Tunneling Protocol, or L2TP
L2TP configuration task list

When configuring L2TP, perform the following operations:
1.
Determine the network devices needed according to the networking environment. For NAS-initiated mode and LAC-auto-initiated mode, you need to configure both the LAC and the LNS. For client-initiated mode, you only need to configure the LNS. Configure the devices accordingly based on the intended role (LAC or NAS) on the network.
2.
To configure a device as an LAC in NAS-initiated or LAC-auto-initiated mode, complete the following tasks:
258
Task
Enable L2TP Configuring basic L2TP capability Create an L2TP group Specify the local name of the tunnel Configuring an LAC to initiate tunneling requests for specified users Configuring an LAC to transfer AVP data in hidden mode Configuring an LAC Configuring AAA authentication for VPN users on LAC side Configuring an LAC to establish an L2TP tunnel Configuring L2TP tunnel authentication Configuring L2TP connection parameters Setting the hello interval Enabling tunnel flow control Disconnecting tunnels by force
Remarks
Required
Required
Optional Required Required in LAC-auto-initiated mode. No need to configure in NAS-initiated mode.
Optional
To configure a device as an LNS in NAS-initiated, client-initiated, or LAC-auto-initiated mode, complete the following tasks: Task
Enable L2TP Configuring basic L2TP capability Create an L2TP group Specify the local name of the tunnel Creating a virtual template interface Configuring the local address and the address pool for allocation Configuring an LNS to grant certain L2TP tunneling requests Configuring an LNS Configuring user authentication on an LNS Configuring AAA authentication for VPN users on an LNS Enabling L2TP multi-instance Specifying to send ACCM Configuring L2TP connection parameters Configuring L2TP tunnel authentication Setting the hello interval Required Required Required Optional Optional Optional Optional Optional Required
Remarks
259
Task
Enabling tunnel flow control Disconnecting tunnels by force
Remarks
Configuring basic L2TP capability

An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one group of VPN users. This enables not only flexible L2TP configuration on devices, but also one-to-one and one-to-many networking applications for LACs and LNSs. An L2TP group only has local significance. However, you must make sure that the relevant settings of the L2TP groups on the LAC and LNS match. For example, the local tunnel name configured on the LAC must match the remote tunnel name configured on the LNS. L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel negotiation between an LAC and an LNS. To configure basic L2TP capability: To do
1. Enter system view. 2. Enable L2TP. 3. Create an L2TP group and enter its view. 4. Specify the local name of the tunnel.
Use the command

system-view l2tp enable
Remarks
Required. Disabled by default. Required. By default, no L2TP group exists. Optional.
l2tp-group group-number
tunnel name name
The system name of the device is used by default.
Configuring an LAC
An LAC is responsible for establishing tunnels with LNSs for users and sends user packets to LNSs through the tunnels. Before configuring an LAC, enable L2TP and create an L2TP group.
Configuring an LAC to initiate tunneling requests for specified users

An LAC initiates tunneling requests only to specified LNSs for specified users. Specify to connect the users to be serviced and the LNSs to be connected. Users can be specified by their fully qualified name or the domain name. To configure the LAC: To do
1. Enter system view. 2. Enter L2TP group view.
Use the command

system-view l2tp-group group-number
Remarks

260
To do
3. Enable the device to initiate tunneling requests to one or more IP addresses for one or more specified VPN users.
Use the command

start l2tp { ip ip-address }&<1-5> { domain domain-name | fullusername user-name }
Remarks
Required
Up to five LNSs can be configured. The LAC initiates an L2TP tunneling request to its specified LNSs consecutively in their configuration order until it receives an acknowledgement from an LNS, which then becomes the tunnel peer.
Configuring an LAC to transfer AVP data in hidden mode

With L2TP, some parameters are transferred as AVP data. To improve security, configure an LAC to transfer AVP data in hidden modeto encrypt AVP data before transmission. To configure an LAC to transfer AVP data in hidden mode: To do
1. Enter system view. 2. Enter L2TP group view. 3. Specify that AVP data be transferred in hidden mode.
Use the command

system-view l2tp-group group-number tunnel avp-hidden
Remarks
Optional. By default, AVP data is transferred in plain text.
Configuring AAA authentication for VPN users on LAC side

Configure an LAC to perform AAA authentication for VPN users and initiate a tunneling request only for qualified users. No tunnel is established for unqualified users. The device supports both local AAA authentication and remote AAA authentication: For local AAA authentication, create a local user and configure a password for each remote user on the LAC. The LAC authenticates a remote user by matching the provided username and password against those configured locally. For remote AAA authentication, configure the username and password of each user on the RADIUS/HWTACACS server. The LAC sends the remote users username and password to the server to authenticate.
To configure local authentication, authorization, and accounting: To do

1. Enter system view. 2. Create a local user and enter its view. 3. Configure a password for the local user. 4. Authorize the user to use the PPP service. 5. Return to system view.
Use the command

system-view local-user username password { simple | cipher } password service-type ppp quit
Remarks
Required. By default, no local user or password is configured on an LAC. Required.
261
To do
6. Create an ISP domain and enter its view. 7. Configure the domain to use local authentication/authorization/ accounting for its PPP users.
Use the command

domain isp-name authentication ppp local authorization ppp local accounting ppp local
Remarks
Required. Optional. Local. Authentication/authorization/acc ounting is used by default.
For successful user authentication, configure PPP on the LACs corresponding interface, for example, the asynchronous serial interface that connects with users. For PPP configuration information, see the chapter PPP and MP configuration. Configure the authentication type of PPP users as PAP, CHAP, or MS-CHAP on the user access interfaces. For information about AAA configuration commands and remote AAA authentication method configuration, see Security Configuration Guide.
Configuring an LAC to establish an L2TP tunnel

To establish an L2TP tunnel in LAC-auto-initiated mode, you need to create a virtual PPP user on the LAC. LAC performs PPP authentication for the virtual PPP user, that is, LAC is both the side that performs PPP authenticator and the side that is authenticated by PPP. To configure an LAC to establish an L2TP tunnel, you need to: Create a virtual template interface and configure an IP address for the interface. In virtual template interface view, configure the side that performs PPP authentication: use the ppp authentication-mode command to specify the authentication method that the LAC uses to authenticate the virtual PPP user. In virtual template interface view, configure the side that is authenticated by PPP: use the ppp pap command or the ppp chap command to specify the PPP authentication method supported by the virtual PPP user, and the username and password of the virtual PPP user. The authentication method to be used by the LAC and that supported by the virtual PPP user must be consistent. Configure AAA authentication for VPN users on the LAC. The configured username and password for AAA authentication must be the same as those of the virtual PPP user configured on the virtual template interface. Trigger the LAC to establish an L2TP tunnel.
To trigger an LAC to establish an L2TP tunnel: To do

1. Enter system view. 2. Create a virtual template interface and enter its view. 3. Assign an IP address to the virtual template interface. 4. Enable IP address negotiation so that the virtual template interface accepts the IP address negotiated with the peer.
Use the command

system-view interface virtual-template virtual-template-number ip address address mask
Remarks
Required. By default, no virtual template interface exists. Required. Use either command. Not assigned an IP address by default.
ip address ppp-negotiate
262
To do
5. Configure the authentication method for the LAC to use to authenticate the virtual PPP user.
Use the command

ppp authentication-mode { chap | pap } * [ domain isp-name ]
Remarks
Required. By default, no authentication is performed for PPP users. Required.
6. Configure the username and password for PAP authentication.
ppp pap local-user username password { cipher | simple } password
No PAP username and password are configured for PPP users. Required No CHAP username and password are configured for PPP users. Required. Required.
7. Configure the username for CHAP authentication. 8. Configure the password for CHAP authentication.
ppp chap password { cipher | simple } password See Configuring AAA authentication for VPN users on LAC side. l2tp-auto-client enable
Use one approach according to the authentication method configured on the LAC for virtual PPP users
9. Configure AAA authentication for VPN users on the LAC side. 10. Trigger the LAC to establish an L2TP tunnel with the LNS.
By default, an LAC does not establish an L2TP tunnel.
For more information about commands interface virtual-template, ppp authentication-mode, ppp pap, and ppp chap, see Layer 2WAN Command Reference. An L2TP tunnel established in LAC-auto-initiated mode exists until you remove the tunnel by using the undo l2tp-auto-client enable command.
Configuring an LNS
An LNS responds the tunneling requests from an LAC, authenticates users, and assigns IP addresses to users. Before configuring an LNS, enable L2TP and create an L2TP group.
Creating a virtual template interface

A virtual template interface is intended to provide parameters for virtual access interfaces to be dynamically created by the device, such as logical MP interfaces and logical L2TP interfaces. After an L2TP session is established, a virtual access interface is needed for data exchange with the peer. An LNS can use different VA interfaces to exchange data with different LACs. You need to specify the virtual template interface for receiving calls. The system dynamically creates a VA interface based on the configuration parameters in the specified virtual template interface. To create a virtual template interface: To do
Use the command

system-view
Remarks
263
To do
2. Create a virtual template interface and enter its view.
Use the command

interface virtual-template virtual-template-number
Remarks
Required. By default, no virtual template interface exists.
Configuring the local address and the address pool for allocation
After an L2TP tunnel is set up between an LAC and an LNS, the LNS needs to assign an IP address to a VPN user. For this purpose, directly specify an IP address, or specify an address pool. Before specifying an address pool, use the ip pool command in system view or ISP domain view to define the address pool. For a VPN user to be authenticated, an IP address is selected from the address pool configured in ISP domain view. For a VPN user not requiring authentication, the IP address is selected from the global address pool defined in system view. For details about the ip pool command, see Security Command Reference. To configure a local address and address pool: To do
1. Enter system view. 2. Enter virtual template interface view. 3. Configure the local IP address.
Use the command

system-view interface virtual-template virtual-template-number ip address ip-address { mask | mask-length } [ sub ] ppp authentication-mode { chap | ms-chap | pap } * [ [ call-in ] domain isp-name ] remote address { pool [ pool-number ] | ip-address }
Remarks

Required. Optional. By default, no authentication is performed for PPP users. Optional. By default, address pool 0 (the default address pool) is used.
4. Configure the authentication mode for PPP users. 5. Specify the address pool for allocating an IP address to a PPP user, or assign an IP address to the user directly.
Configuring an LNS to grant certain L2TP tunneling requests

When receiving a tunneling request, an LNS determines whether to grant the tunneling request by checking whether the tunnel name of the LAC matches the one configured, and determines the virtual template interface to be used to create the VA interface. To configure an LNS to grant certain L2TP tunneling requests: To do
1. Enter system view. 2. Enter L2TP group view. 3. Specify the virtual template interface for If the L2TP group number is 1 (the default).
Use the command

system-view l2tp-group group-number allow l2tp virtual-template virtual-template-number [ remote remote-name ] [ domain domain-name ]
Remarks
Required. Use either command. By default, an LNS denies all
264
To do
receiving calls, the tunnel name on the LAC, and the domain name.
Use the command

allow l2tp virtual-template virtual-template-number remote remote-name [ domain domain-name ]
Remarks
incoming calls. If the L2TP group number is 1, you do not need to specify the LAC side tunnel name. In L2TP group 1, the LNS allows the LAC to initiate a tunneling request by using any tunnel name.
If the L2TP group number is not 1.
The start l2tp command and the allow l2tp command are mutually exclusive. Configuring one of them automatically disables the other one. The LAC side tunnel name configured on the LNS must be consistent with the local tunnel name configured on the LAC.
Configuring user authentication on an LNS

An LNS may be configured to authenticate a user that has passed authentication on the LAC to increase security. In this case, the user is authenticated twice, once on the LAC and once on the LNS. Only when the two authentications succeed can an L2TP tunnel be set up. This helps raise security. An LNS authenticates users by using one of the following methods: Proxy authentication: The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all user authentication information from users and the authentication mode configured on the LAC itself. The LNS then checks the user validity according to the received information and the locally configured authentication method. Mandatory CHAP authentication: The LNS uses CHAP authentication to re-authenticate users who have passed authentication on the LAC. LCP re-negotiation: The LNS ignores the LAC proxy authentication information and performs a new round of LCP negotiation with the user.
The three authentication methods have different priorities, where LCP re-negotiation has the highest priority and proxy authentication has the lowest priority. Which method the LNS uses depends on your configuration: If you configure both LCP re-negotiation and mandatory CHAP authentication, the LNS uses LCP re-negotiation. If you configure only mandatory CHAP authentication, the LNS performs CHAP authentication of users. If you configure neither LCP re-negotiation nor mandatory CHAP authentication, the LNS uses the LAC for proxy authentication of users.
Configuring mandatory CHAP authentication

With mandatory CHAP authentication configured, a VPN user that depends on a NAS to initiate tunneling requests is authenticated twice: once by the NAS and once through CHAP on the LNS. To configure mandatory CHAP authentication: To do
1. Enter system view. 2. Enter L2TP group view.
Use the command

Remarks

265
To do
3. Configure mandatory CHAP authentication.
Use the command

mandatory-chap
Remarks
Required. By default, CHAP authentication is not performed on an LNS.
Some PPP clients may not support re-authentication, in which case LNS side CHAP authentication will fail.
Configuring LCP re-negotiation

In an NAS-initiated dial-up VPDN, a user first negotiates with the NAS at the start of a PPP session. If the negotiation succeeds, the NAS initiates an L2TP tunneling request and sends user information to the LNS. The LNS then determines whether the user is valid according to the proxy authentication information received. Under some circumstances, for example, when authentication and accounting are needed on the LNS, a new round of LCP negotiation is required between the LNS and the user, and the LNS authenticates the user by using the authentication method configured on the corresponding virtual template interface. If you enable LCP re-negotiation but configure no authentication for the corresponding virtual template interface, the LNS does not perform an additional authentication of users. Instead, the LNS directly allocates addresses from the global address pool to PPP users authenticated by the LAC. To specify the LNS to perform LCP re-negotiation with users: To do
1. Enter system view. 2. Enter L2TP group view. 3. Specify the LNS to perform LCP re-negotiation with users.
Use the command

Remarks
Required.
mandatory-lcp
By default, an LNS does not perform LCP re-negotiation with users.
Configuring AAA authentication for VPN users on an LNS

Configure AAA on the LNS in the following cases: Proxy authentication is configured on the LNS Mandatory CHAP authentication is configured on the LNS Mandatory LCP re-negotiation authentication is configured on the LNS and the virtual template interface requires PPP user authentication.
After you configure AAA on the LNS, the LNS can authenticate the identities (usernames and passwords) of VPN users for a second time. If a user passes AAA authentication, the user can communicate with the LNS. Otherwise, the L2TP session is removed. LNS side AAA configurations are similar to those on an LAC (see Configuring AAA authentication for VPN users on LAC side).
Enabling L2TP multi-instance

If multiple enterprises share the same LNS device and use the same name for the tunnel peers (LAC devices), the LNS device is unable to differentiate which users belong to which enterprises. The L2TP multi-instance
266
function can solve this problem. With this function, an LNS can differentiate multiple VPN domains and service users of different enterprises simultaneously. In an L2TP multi-instance application, specify the domain to which VPN users belong by using the domain parameter in the allow l2tp virtual-template command. After an L2TP tunnel is established, the LNS gets the domain name from the session negotiation packet and searches for the same domain among those locally configured for VPN users. If an L2TP groups tunnel peer name and domain name match, the LNS establishes a session according to the group configuration. Thus, different sessions can be established for VPN users of different domains. To enable the L2TP multi-instance function: To do
1. Enter system view. 2. Enable the L2TP multi-instance function.
Use the command

system-view l2tpmoreexam enable
Remarks
If multiple L2TP groups on the LNS are configured with the same remote tunnel name, make sure that their tunnel authentication settings are the same. Mismatching tunnel authentication passwords result in tunnel establishment failure.
Specifying to send ACCM

According to RFC 2661, the ACCM AVP enables an LNS to inform the LAC of the ACCM that the LNS has negotiated with the PPP peer. Not every LAC supports ACCM. Therefore, an LNS needs to know whether it should send ACCM. By default, an LNS sends ACCM. If the LAC does not support ACCM, configure the LNS not to send ACCM. To configure an LNS to send ACCM: To do
1. Enter system view. 2. Specify to send ACCM.
Use the command

system-view l2tp sendaccm enable
Remarks
Required. By default, an LNS sends ACCM.
Configuring L2TP connection parameters

These L2TP connection parameter configuration tasks apply to both LACs and LNSs and are optional.
Configuring L2TP tunnel authentication

You can enable tunnel authentication to allow the LAC and LNS to authenticate each other. Either the LAC or the LNS can initiate a tunnel authentication request. To implement tunnel authentication, enable tunnel authentication on both the LAC and LNS, and configure the same non-null password on them. To configure L2TP tunnel authentication: To do
Use the command

system-view
Remarks
267
To do
2. Enter L2TP group view. 3. Enable L2TP tunnel authentication. 4. Configure the tunnel authentication password.
Use the command

l2tp-group group-number tunnel authentication tunnel password { simple | cipher } password
Remarks
Optional. Enabled by default. Required. The password is null by default.
To ensure tunnel security, enable tunnel authentication. To change the tunnel authentication password, do so after tearing down the tunnel. Otherwise, your change does not take effect.
Setting the hello interval

To check the connectivity of a tunnel, the LAC and LNS regularly send each other hello packets. On receipt of a hello packet, the LAC or LNS returns a response packet. If the LAC or LNS receives no hello response packet from the peer within a specific period of time, it retransmits the hello packet. If it receives no response packet from the peer after transmitting the hello packet three times, it considers the L2TP tunnel is down and tries to re-establish a tunnel with the peer. To set the hello interval: To do
1. Enter system view. 2. Enter L2TP group view. 3. Set the hello interval.
Use the command

system-view l2tp-group group-number tunnel timer hello hello-interval
Remarks
Enabling tunnel flow control

The L2TP tunnel flow control function controls data packet transmission by buffering and adjusting data packets that arrive out of order. To enable tunnel flow control: To do
1. Enter system view. 2. Enter L2TP group view. 3. Enable the tunnel flow control function.
Use the command

system-view l2tp-group group-number tunnel flow-control
Remarks
Optional Disabled by default
Disconnecting tunnels by force

Either the LAC or the LNS can initiate a tunnel disconnection request. You can also disconnect a tunnel when no users are online or a network failure occurs. Once a tunnel is disconnected, the control connection and all the sessions within the tunnel are removed. When a user dials in, a new tunnel is established.
268
To disconnect tunnels by force: To do Disconnect tunnels by force. Use the command

reset l2tp tunnel { id tunnel-id | name remote-name }
Remarks
Displaying and maintaining L2TP

To do
Display information about L2TP tunnels. Display information about L2TP sessions.
Use the command

display l2tp tunnel [ | { begin | exclude | include } regular-expression ] display l2tp session [ | { begin | exclude | include } regular-expression ]
Remarks
L2TP configuration examples

Configuration example for NAS-initiated VPN
A VPN user accesses the corporate headquarters in the following procedure:
1. 2. 3. 4. 5.
The user dials in to the NAS (LAC). The NAS determines whether the user is a valid VPN client. If so, it initiates a tunneling request to the LNS. After a tunnel is set up between the NAS and the LNS, the NAS transfers the results of its negotiation with the VPN user to the LNS. The LNS decides whether to accept the connection request according to the negotiated results. The user communicates with the headquarters over the tunnel between the NAS and the LNS.

Async1/0 1.1.1.1/24 Eth1/1 1.1.2.1/24 Eth1/1 1.1.2.2/24
PSTN/ISDN
VPN user LAC

LNS
Corporate network
1.
LAC side configuration. Configure the NAS
# Configure IP addresses for interfaces. (Details not shown) # Create a local user named vpdnuser, set the password, and enable the PPP service.
<LAC> system-view [LAC] local-user vpdnuser
269
[LAC-luser-vpdnuser] password simple Hello [LAC-luser-vpdnuser] service-type ppp [LAC-luser-vpdnuser] quit
# Configure interface Async 1/0.

[LAC] interface async 1/0 [LAC-Async1/0] ip address 1.1.1.1 255.255.255.0 [LAC-Async1/0] ppp authentication-mode chap [LAC-Async1/0] quit
# Enable L2TP.
[LAC] l2tp enable
# Create an L2TP group and configure its attributes.

[LAC] l2tp-group 1 [LAC-l2tp1] tunnel name LAC [LAC-l2tp1] start l2tp ip 1.1.2.2 fullusername vpdnuser
# Enable tunnel authentication and specify the tunnel authentication password.

[LAC-l2tp1] tunnel authentication [LAC-l2tp1] tunnel password simple aabbcc
2.
Configure the LNS.
# Configure IP addresses for the interfaces. (Details not shown) # Create a local user named vpdnuser, set the password, and enable the PPP service. The username and password must match those configured on the client.
<LNS> system-view [LNS] local-user vpdnuser [LNS-luser-vpdnuser] password simple Hello [LNS-luser-vpdnuser] service-type ppp [LNS-luser-vpdnuser] quit
# Configure local authentication for the VPN user.

[LNS] domain system [LNS-isp-system] authentication ppp local [LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100 [LNS-isp-system] quit
# Enable L2TP.
[LNS] l2tp enable
# Configure the virtual template interface.

[LNS] interface virtual-template 1 [LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0 [LNS-virtual-template1] ppp authentication-mode chap domain system [LNS-virtual-template1] remote address pool 1 [LNS-virtual-template1] quit
# Create an L2TP group, specify the virtual template interface for receiving calls and specify the name of the tunnel on the peer.
[LNS] l2tp-group 1 [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC
270
# Enable tunnel authentication and specify the tunnel authentication password.

[LNS-l2tp1] tunnel authentication [LNS-l2tp1] tunnel password simple aabbcc
3.
Configure the user side Verify the configuration.
In the dial-up network window, enter vpdnuser as the username, and Hello as the password.
4.
# After the dial-up connection is established, the user host can get an IP address (for example, 192.168.0.2) and can ping the private IP address of the LNS (192.168.0.1). # On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.
[LNS] dis l2tp tunnel Total tunnel = 1 LocalTID RemoteTID RemoteAddress 1 1 1.1.2.1 Port 1701 Sessions RemoteName 1 LAC
# On the LNS, use the display l2tp session command to check the established L2TP sessions.
[LNS] display l2tp session Total session = 1 LocalSID 23142 RemoteSID 729 LocalTID 1
Configuration example for client-initiated VPN

As shown in Figure 89, a VPN user accesses the corporate headquarters in the following procedure:
1. 2. 3. 4.
Configure an IP address and route for the user host, making sure that the host can reach the LNS. The user initiates a tunneling request to the LNS. After the LNS accepts the connection request, an L2TP tunnel is set up between the LNS and the VPN user. The VPN user communicates with the headquarters over the tunnel.

2.1.1.1/24
Internet
VPN user
Eth1/1 1.1.2.2/24
Corporate network
LNS
L2TP tunnel
1.
Configure the LNS.
# Configure IP addresses for the interfaces. (Details not shown) # Configure the route between the LNS and the user host. (Details not shown)
271
# Create a local user named vpdnuser, set the password, and enable the PPP service. The username and password must match those configured on the client.
# Configure local authentication for the VPN user.

# Enable L2TP.
[LNS] l2tp enable
# Configure the virtual template interface.

[LNS] interface virtual-template 1 [LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0 [LNS-virtual-template1] ppp authentication-mode chap domain system [LNS-virtual-template1] remote address pool 1 [LNS-virtual-template1] quit
# Create an L2TP group and specify the virtual template interface for receiving calls.
[LNS] l2tp-group 1 [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1
2.
Configure the VPN user host. Configure the IP address of the user host as 2.1.1.1, and configure a route to the LNS (1.1.2.2). Create a virtual private network connection by using the Windows system, or install the L2TP client software, such as WinVPN Client. Complete the following configuration procedure (the procedure depends on the client software):
# Specify the VPN username as vpdnuser and the password as Hello. # Specify the Internet interface address of the security gateway as the IP address of the LNS. In this example, the Ethernet interface for the tunnel on the LNS has an IP address of 1.1.2.2. # Modify the connection attributes, setting the protocol to L2TP, the encryption attribute to customized and the authentication mode to CHAP.
3.
# On the user host, initiate the L2TP connection. After the connection is established, the user host can get the IP address 192.168.0.2 and ping the private IP address of the LNS (192.168.0.1). # On the LNS, use the display l2tp session command to check the established L2TP session.
[LNS-l2tp1] display l2tp session Total session = 1 LocalSID 647 RemoteSID 1 LocalTID 1
272
# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnel.
[LNS-l2tp1] display l2tp tunnel Total tunnel = 1 LocalTID RemoteTID RemoteAddress 1 5 2.1.1.1 Port 1701 Sessions RemoteName 1 l2tpuser
Configuration example for LAC-auto-initiated VPN

Create a virtual PPP user on the LAC and configure the LAC to initiate a tunneling request to the LNS to establish an L2TP tunnel for the virtual PPP user. When a VPN user accesses the corporate network, all packets between the VPN user and the corporate network are transmitted through the L2TP tunnel. A VPN user accesses the corporate network in the following procedure:
1. 2.
The VPN user sends a packet to the LAC through the LAN. The LAC encapsulates the packet and then forwards the packet through the L2TP tunnel to the LNS.

10.2.0.1 Eth1/1 3.3.3.1/24 Eth1/1 3.3.3.2/24 10.1.0.1
LAN 10.2.0.0/16
VPN user LAC

LNS
Corporate 10.1.0.0/16
Configuraton procedure
1.
Configure the LNS.
# Configure IP addresses for interfaces. (Details not shown) # Create a local user, configure a username and password for the user, and specify the service type as PPP.
# Configure a virtual template interface.

[LNS] interface virtual-template 1 [LNS-virtual-template1] ip address 192.168.0.20 255.255.255.0 [LNS-virtual-template1] remote address pool 1 [LNS-virtual-template1] ppp authentication-mode pap [LNS-virtual-template1] quit
# Configure local authentication for VPN users.

# Enable L2TP and create an L2TP group.

[LNS] l2tp enable
273
[LNS] l2tp-group 1
# Configure the local tunnel name and specify the virtual template interface for receiving packets and the tunnel name on the LAC.
[LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC
# Enable tunnel authentication and configure the authentication password.

[LNS-l2tp1] tunnel authentication [LNS-l2tp1] tunnel password simple aabbcc [LNS-l2tp1] quit
# Configure a static route so that packets destined for the VPN are forwarded through the L2TP tunnel.
[LNS] ip route-static 10.2.0.0 16 virtual-template 1
2.
Configure the LAC.
# Configure IP addresses for the interfaces. (Details not shown) # Enable L2TP and create an L2TP group.
<LAC> system-view [LAC] l2tp enable [LAC] l2tp-group 1
# Configure the local tunnel name and specify the IP address of the tunnel peer (LNS).
[LAC-l2tp1] tunnel name LAC [LAC-l2tp1] start l2tp ip 3.3.3.2 fullusername vpdnuser
# Enable tunnel authentication and configure the authentication password.

[LAC-l2tp1] tunnel authentication [LAC-l2tp1] tunnel password simple aabbcc [LAC-l2tp1] quit
# Configure the PPP authentication method PAP, authentication username vpdnuser, and password Hello for the virtual PPP user.
[LAC] interface virtual-template 1 [LAC-Virtual-Template1] ip address ppp-negotiate [LAC-Virtual-Template1] ppp pap local-user vpdnuser password simple Hello [LAC-Virtual-Template1] ppp authentication-mode pap [LAC-Virtual-Template1] quit
# Configure a static route so that packets destined for the corporate are forwarded through the L2TP tunnel.
[LAC] ip route-static 10.1.0.0 16 virtual-template 1
# Create a local user, configure the username and password, and specify the service type as PPP.
[LAC] local-user vpdnuser [LAC-luser-vpdnuser] password simple Hello [LAC-luser-vpdnuser] service-type ppp
# Trigger the LAC to establish an L2TP tunnel with the LNS.

[LAC] interface virtual-template 1 [LAC-virtual-template1] l2tp-auto-client enable
On each host connected to the LAC or LNS, configure the gateway as the LAC or LNS.
3.
# On the LNS, perform the display l2tp session command to view the established L2TP session.
274
[LNS] display l2tp session Total session = 1 LocalSID 8279 RemoteSID 6822 LocalTID 1
# On the LNS, perform the display l2tp tunnel command to view the established L2TP tunnel.
[LNS] display l2tp tunnel Total tunnel = 1 LocalTID RemoteTID RemoteAddress 1 1 3.3.3.1 Port 1701 Sessions RemoteName 1 LAC
# On the LNS, you should be able to ping 10.2.0.1, a private network address on the LAC side. This indicates that hosts on 10.2.0.0/16 and those on 10.1.0.0/16 can communicate with each other through the L2TP tunnel.
[LNS] ping -a 10.1.0.1 10.2.0.1 PING 10.2.0.1: 56 data bytes, press CTRL_C to break Reply from 10.2.0.1: bytes=56 Sequence=1 ttl=255 time=2 ms Reply from 10.2.0.1: bytes=56 Sequence=2 ttl=255 time=2 ms Reply from 10.2.0.1: bytes=56 Sequence=3 ttl=255 time=2 ms Reply from 10.2.0.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.2.0.1: bytes=56 Sequence=5 ttl=255 time=2 ms --- 10.2.0.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms
Configuration example for L2TP multi-domain application

Multiple enterprises share an LNS and use the same tunnel name for the LAC end. Users of different enterprises access their corporate servers through L2TP VPDNs. Host A is a user from enterprise 1, which has the domain name aaa.net. Host B is a user from enterprise 2, which has the domain name bbb.net.
275

Corporate network 1
Host A
Eth1/3 1.1.1.1/24 Eth1/2 1.1.2.1/24 Eth1/1 1.1.2.2/24
Eth1/1 1.1.1.2/24
WAN L2TP tunnel
LAC
LNS
Corporate network 2
Host B
1.
Configure the LAC.
In this example, Ethernet 1/1 and Ethernet 1/3 on the LAC are both user access interfaces. The IP address of Ethernet 1/2 through which the LAC connects to the tunnel is 1.1.2.1. The IP address of Ethernet 1/1 through which the LNS connects to the tunnel is 1.1.2.2. # Create two local users, set the passwords, and enable the PPP service.
<LAC> system-view [LAC] local-user vpdn1 [LAC-luser-vpdn1] password simple 11111 [LAC-luser-vpdn1] service-type ppp [LAC-luser-vpdn1] quit [LAC] local-user vpdn2 [LAC-luser-vpdn2] password simple 22222 [LAC-luser-vpdn2] service-type ppp [LAC-luser-vpdn2] quit
# Configure local authentication for the users.

[LAC] domain aaa.net [LAC-isp-aaa.net] authentication ppp local [LAC-isp-aaa.net] quit [LAC] domain bbb.net [LAC-isp-bbb.net] authentication ppp local [LAC-isp-bbb.net] quit
# Configure PPPoE servers on interface Ethernet 1/1 and Ethernet 1/3.

[LAC] interface ethernet 1/3 [LAC-Ethernet1/3] pppoe-server bind virtual-template 100 [LAC-Ethernet1/3] quit [LAC] interface ethernet 1/1 [LAC-Ethernet1/1] pppoe-server bind virtual-template 101 [LAC-Ethernet1/1] quit
# Configure an IP address for interface Ethernet 1/2.

[LAC] interface ethernet 1/2 [LAC-Ethernet1/2] ip address 1.1.2.1 255.255.255.0 [LAC-Ethernet1/2] quit
276
# Create the virtual template interfaces and configure CHAP authentication.

[LAC] interface virtual-template 100 [LAC-Virtual-Template100] ppp authentication-mode chap domain aaa.net [LAC-Virtual-Template100] quit [LAC] interface virtual-template 101 [LAC-Virtual-Template101] ppp authentication-mode chap domain bbb.net [LAC-Virtual-Template101] quit
# Create two L2TP groups and configure the related attributes.

[LAC] l2tp enable [LAC] l2tp-group 1 [LAC-l2tp1] tunnel name LAC-1 [LAC-l2tp1] start l2tp ip 1.1.2.2 domain aaa.net [LAC-l2tp1] quit [LAC] l2tp-group 2 [LAC-l2tp2] tunnel name LAC-1 [LAC-l2tp2] start l2tp ip 1.1.2.2 domain bbb.net
# Enable the tunnel authentication and specify a tunnel authentication password.

[LAC-l2tp2] tunnel authentication [LAC-l2tp2] tunnel password simple 12345 [LAC-l2tp2] quit [LAC] l2tp-group 1 [LAC-l2tp1] tunnel authentication [LAC-l2tp1] tunnel password simple 12345
2.
Configure the LNS.
# Enable L2TP.
<LNS> system-view [LNS] l2tp enable
# Enable L2TP multi-instance.

[LNS] l2tpmoreexam enable
# Create two local users, set the passwords, and enable the PPP service.
[LNS] local-user vpdn1 [LNS-luser-vpdn1] password simple 11111 [LNS-luser-vpdn1] service-type ppp [LNS-luser-vpdn1] quit [LNS] local-user vpdn2 [LNS-luser-vpdn2] password simple 22222 [LNS-luser-vpdn2] service-type ppp [LNS-luser-vpdn2] quit
# Specify the IP address of Ethernet 1/1 through which the LNS connects to the tunnel as 1.1.2.2.
[LNS] interface ethernet 1/1 [LNS-Ethernet1/1] ip address 1.1.2.2 255.255.255.0 [LNS-Ethernet1/1] quit
# Create two address pools.

[LNS] domain aaa.net [LNS-isp-aaa.net] authentication ppp local
277
[LNS-isp-aaa.net] ip pool 1 10.0.1.10 10.0.1.100 [LNS-isp-aaa.net] quit [LNS] domain bbb.net [LNS-isp-bbb.net] authentication ppp local [LNS-isp-bbb.net] ip pool 1 10.0.2.10 10.0.2.100 [LNS-isp-bbb.net] quit
# Create two virtual template interfaces.

[LNS] interface virtual-template 1 [LNS-Virtual-Template1] ip address 10.0.1.1 255.255.255.0 [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] ppp authentication-mode chap domain aaa.net [LNS-Virtual-Template1] quit [LNS] interface virtual-template 2 [LNS-Virtual-Template2] ip address 10.0.2.1 255.255.255.0 [LNS-Virtual-Template2] remote address pool 1 [LNS-Virtual-Template2] ppp authentication-mode chap domain bbb.net [LNS-Virtual-Template2] quit
# Create two L2TP groups.

[LNS] l2tp-group 3 [LNS-l2tp3] tunnel name LNS [LNS-l2tp3] tunnel authentication [LNS-l2tp3] allow l2tp virtual-template 1 remote LAC-1 domain aaa.net [LNS-l2tp3] tunnel password simple 12345 [LNS-l2tp3] quit [LNS] l2tp-group 4 [LNS-l2tp4] tunnel name LNS [LNS-l2tp4] tunnel authentication [LNS-l2tp4] allow l2tp virtual-template 2 remote LAC-1 domain bbb.net [LNS-l2tp4] tunnel password simple 12345
If RADIUS authentication is required on the LNS, modify the AAA configurations as needed. For AAA configuration details, see Security Configuration Guide.
3.
Configure the users. On Host A, enter vpdn1@aaa.net as the username and 1 1 1 as the password in the dial-up terminal 11 window. On Host B, enter vpdn2@aaa.net as the username and 22222 as the password in the dial-up terminal window. Verify the configuration.
Create a dial-up connection on each host.

4.
# After Host A establishes a dial-up connection with enterprise 1, Host A gets the IP address 10.0.1.10 and can ping the private address of the LNS (10.0.1.1). # After Host B establishes a dial-up connection with enterprise 2, Host B gets the IP address 10.0.2.10 and can ping the private address of the LNS (10.0.2.1). # On the LNS, use the display l2tp session command to check the established L2TP sessions.
[LNS-l2tp1] display l2tp session Total session = 2
278
LocalSID 17345 23914
RemoteSID 4351 10923
LocalTID 1 2
# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.
[LNS-l2tp1] display l2tp tunnel Total tunnel = 2 LocalTID RemoteTID RemoteAddress 1 2 1 2 1.1.2.1 1.1.2.1 Port 1701 1701 Sessions RemoteName 1 1 LAC-1 LAC-1
Complicated network application

A security gateway can simultaneously serve as an LAC and an LNS. Also, it can support more than one incoming call. If memory and physical lines are enough, L2TP can receive and make multiple calls at the same time. For such a complicated network, you can see through the previous configuration examples and consider them comprehensively to find a configuration solution. Pay attention to static route configuration. Many L2TP applications rely on routes to initiate connection requests.
Troubleshooting L2TP
The VPN connection setup process is complex. The following presents an analysis of some common faults that may occur in the process. Before troubleshooting the VPN, make sure that the LAC and LNS are connected properly across the public network.
Symptom 1
Users cannot log in.
Analysis and solution

Possible reasons for login failure include:
1.
Tunnel setup failure, which may occur in the following cases: The address of the LNS is set incorrectly on the LAC. No L2TP group is configured on the LNS (usually a router) to receive calls from the tunnel peer. For details, see the description of the allow command. Tunnel authentication fails. Tunnel authentication must be enabled on both the LAC and LNS and the tunnel authentication passwords configured on the two sides must match. If the tunnel is torn down by force on the local end but the remote end has not received the notification packet for reasons such as network delay, a new tunnel cannot be set up. PPP negotiation failure, which may occur because: Usernames, passwords, or both are incorrectly configured on the LAC or are not configured on the LNS. The LNS cannot allocate addresses. This may be because the address pool is too small or no address pool is configured.

2.
279
The authentication type is inconsistent. For example, if the default authentication type for a VPN connection created on Windows 2000 is MS-CHAP but the remote end does not support MSCHAP, the PPP negotiation will fail. In this case, CHAP is recommended.
Symptom 2
Data transmission fails. A connection is setup but data cannot be transmitted. For example, the LAC and LNS cannot ping each other.
Analysis and solution

Possible reasons for data transmission failure include:
1.
No route is available. The LAC (or LAC client) must have a route to the private network behind the LNS and the LNS must have a route to the private network behind the LAC. Otherwise, data transmission fails. Use the display ip routing-table command on the LAC (LAC client) and LNS to check whether the expected routes are present. If not, configure a static route or configure a dynamic routing protocol. Congestion occurs on the Internet backbone and packet loss ratio is high. L2TP data transmission is based on UDP, which does not provide the packet error control function. If the line is unstable, the LAC and LNS may be unable to ping each other and L2TP applications may fail.
2.
280
L2TP-based EAD configuration

When EAD is used, a PPP user that has passed access authentication must also pass security authentication on the EAD server before accessing network resources. If the security authentication fails, the user can access only the resources in the quarantined area. The following describes the detailed procedure:
1.
The iNode client (the user host) connects to the LNS device through L2TP. After the client passes PPP authentication, the IMC server issues the isolation ACL to the device, which then filters packets from the client using the firewall function. After the IPCP negotiation, the IMC server notifies its IP address (this IP address is permitted by the isolation ACL) to the iNode client through the device. The IMC server performs EAD authentication and security checks on the iNode client. After the client passes the security authentication, the IMC server issues a security ACL to the device to allow the client to access network resources normally.
2. 3.
Make sure that the ACLs to be assigned by the authentication server are configured appropriately on the LNS device. An empty ACL or incorrect ACL rules can cause EAD authentication to fail. Configure different ACLs for different hosts. The device filters packets of a host according to the configured ACL. L2TP-based EAD is usually used for remote users. For LAN users, deploy portal authentication. For information about packet filtering firewalls, AAA and RADIUS, and portal authentication, see Security Configuration Guide.
Configuration prerequisites
Complete the AAA, RADIUS, L2TP, packet filtering firewall, and PPP related configurations.
To configure the L2TP-based EAD function: To do
1. Enter system view. 2. Create a VT interface and enter VT interface view. 3. Enable the L2TP-based EAD function. 4. Specify the fragment match mode for all packet filtering firewalls on the VA interfaces created on the VT interface.
Use the command

system-view interface virtual-template virtual-template-number ppp access-control enable ppp access-control match-fragments { exactly | normally }
Remarks
Required Required Disabled by default Optional Standard mode applies by default
281
Displaying and maintaining L2TP-based EAD

To do
Display statistics about dynamic firewalls on the VA interfaces created on the specified VT interface.
Use the command

display ppp access-control { interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ]
Remarks
L2TP-based EAD configuration example

As shown in Figure 92, in the public network, the host communicates with the LNS at Layer 3 through an L2TP tunnel. Both the security policy server and the RADIUS server are hosted by the IMC platform, whose IP address is 10.1 10.91.146/24. Assign IP addresses in subnet 10.200.1.0/24 to remote users on the host. The host must pass identity authentication and security check to access network resources. If the host fails security check, it can access only the virus and patch server. Figure 92 Network diagram
LAN
10.100.0.0/24
Host Router LNS

Eth1/3 10.22.2.10/24 Eth1/2 172.21.1.1/16
Eth 10 1/1 .11 0.9 1.1 /24

172.22.1.1/16
Quarantined area Client agent 10.22.2.1/24 Virus and patch server 10.22.2.2/24
IMC platform RADIUS server Security policy server Portal server

10.110.91.146/24
1.
Configure the router.
# Assign an IP address to Ethernet 1/1, which is connected to the IMC server.

<Router> system-view [Router] interface ethernet1/1
282
[Router-Ethernet1/1] ip address 10.110.91.1 255.255.255.0 [Router-Ethernet1/1] quit
# Assign an IP address to Ethernet 1/2, which is connected to the iNode client.

[Router] interface ethernet1/2 [Router-Ethernet1/2] ip address 172.21.1.1 255.255.0.0 [Router-Ethernet1/2] quit
# Assign an IP address to Ethernet 1/3.

[Router] interface ethernet1/3 [Router-Ethernet1/3] ip address 10.22.2.10 255.255.255.0 [Router-Ethernet1/3] quit
# Configure a RADIUS scheme that uses the IMC server, setting the IP address to 10.1 10.91.146/24, and the keys to sysname.
[Router] radius scheme imc [Router-radius-imc] server-type extended [Router-radius-imc] primary authentication 10.110.91.146 [Router-radius-imc] primary accounting 10.110.91.146 [Router-radius-imc] key authentication sysname [Router-radius-imc] key accounting sysname [Router-radius-imc] quit
# Configure domain system to use the RADIUS scheme for PPP user authentication and accounting, and use the IP address pool 10.200.1.0/24 to assign IP addresses to remote hosts.
[Router] domain system [Router-isp-system] authentication ppp radius-scheme imc [Router-isp-system] ip pool 1 10.200.1.2 10.200.1.254 [Router-isp-system] quit
# Configure the IP address of the virtual template interface, enable PAP authentication on this interface, specify the address pool to be used to assign addresses for PPP users, enable L2TP access based EAD, and set the fragment match mode to exactly.
[Router] interface virtual-template 1 [Router-Virtual-Template1] ip address 10.200.1.1 255.255.255.0 [Router-Virtual-Template1] ppp authentication-mode pap [Router-Virtual-Template1] remote address pool 1 [Router-Virtual-Template1] ppp access-control enable [Router-Virtual-Template1] ppp access-control match-fragments exactly [Router-Virtual-Template1] quit
# Enable the L2TP service, configure an L2TP group, configure the local tunnel name as LNS, and disable tunnel authentication.
[Router] l2tp enable [Router] l2tp-group 1 [Router-l2tp1] tunnel name LNS [Router-l2tp1] undo tunnel authentication [Router-l2tp1] allow l2tp virtual-template 1 [Router-l2tp1] quit
# Enable firewall, specify the default filtering action as denying packets, and enable fragment inspection.
[Router] firewall enable [Router] firewall default deny
283
[Router] firewall fragments-inspect
# Configure security ACL 2000 so that users passing security authentication can access the Internet.
[Router] acl number 2000 [Router-acl-basic-2000] rule 0 permit [Router-acl-basic-2000] quit
# Configure isolation ACL 3000 so that users failing security authentication can access only the quarantine area 10.22.2.0/24.
[Router] acl number 3000 [Router-acl-adv-3000] rule 0 permit ip destination 10.22.2.0 0.0.0.255
2.
Configure the IMC server.
Specify ACL 2000 as the security ACL and ACL 3000 as the isolation ACL in the security policy for the user. See the related IMC documentation for detailed configurations.
284
Bridging configuration
The HP A-MSR series routers support only transparent bridging, so this document provides information about transparent bridging only. The HP A-MSR series routers do not support inter-VLAN transparent bridging but support VLAN ID transparent transmission across Ethernet. For interface modules like MIM-16FSW/DMIM-24FSW/FIC-16FSW/DFIC-24FSW, you cannot configure the function of dropping unknown multicast packets in a VLAN whose VLAN interface has joined a bridge set.
Introduction to bridging
A bridge is a store-and-forward device that connects and transfers traffic between LAN segments at the data-link layer. In some small-sized networks, especially those with dispersed distribution of users, bridges can reduce the network maintenance costs, without requiring the end users to perform special configurations on the devices. Major bridging technologies include transparent bridging, SRB, translational bridging, and SR/TLB. HP devices support only transparent bridging. Transparent bridging bridges LAN segments of the same physical media type, primarily in Ethernet environments. A transparent bridging device keeps a bridge table, which contains mappings between destination MAC addresses and outbound interfaces. Transparent bridging on a device provides the following features: Bridging over Ethernet Bridging over PPP and HDLC links Bridging over X.25 links Bridging over FR links VLAN transparency Support for both routing and bridging
Major functionalities of bridges

Obtaining the bridge table
A bridge relies on its bridge table to forward data. A bridge table consists of two parts: MAC address list and interface list. Once connected to a physical LAN segment, a bridge listens to all Ethernet frames on the segments. When it receives an Ethernet frame, it extracts the source MAC address of the frame and creates a mapping entry between this MAC address and the interface on which the Ethernet frame was received. As shown in Figure 93, Hosts A, B, C and D are attached to two LAN segments. Host A and Host B are connected to bridge interface 1. When Host A sends an Ethernet frame to Host B, both bridge interface 1 and Host B receive this frame.
285
Figure 93 Host A sends an Ethernet frame to Host B on LAN segment 1

MAC address: 00e0.fcaa.aaaa MAC address: 00e0.fcbb.bbbb
Host A
Source address
00e0.fcaa.aaaa
Host B
Destination address
00e0. fcbb.bbbb
LAN segment 1
Bridge interface 1 Bridge Bridge interface 2
LAN segment 2
Host C
MAC address: 00e0.fccc.cccc
Host D
MAC address: 00e0.fcdd.dddd
As the bridge receives the Ethernet frame on bridge interface 1, it determines that Host A is attached to bridge interface 1 and creates a mapping between the MAC address of Host A and bridge interface 1 in its bridge table, as shown in Figure 94. Figure 94 The bridge determines that Host A is attached to interface 1
Host A
Source address Destination address
00e0.fcaa.aaaa 00e0.fcbb.bbbb
Host B
Bridge table MAC address

00e0. fcaa. aaaa
LAN segment 1
Interface
LAN segment 2
Host C
MAC address: 00e0.fccc. cccc
Host D
When Host B responds to Host A, the bridge also hears the Ethernet frame from Host B. As the frame is received on bridge interface 1, the bridge determines that Host B is also attached to bridge interface 1, and creates a mapping between the MAC address of Host B and bridge interface 1 in its bridge table, as shown in Figure 95.
286
Figure 95 The bridge determines that Host B is also attached to interface 1

Host A
Source address
00e0.fcbb. bbbb
Host B
Destination address
00e0.fcaa.aaaa

00e 0.fcaa.aaaa 00e 0.fcbb.bbbb
LAN segment 1
Interface
1 1
LAN segment 2
Host C
Host D
Finally, the bridge gets all the MAC-interface mappings (assume that all hosts are in use), as shown in Figure 96. Figure 96 The final bridge table
Host A
Host B

00e0.fcaa.aaaa 00e0.fcbb.bbbb 00e0.fccc.cccc 00e0.fcdd.dddd
LAN segment 1
Interface
1 1 2 2
LAN segment 2
Host C
Host D
Forwarding and filtering

The bridge makes data forwarding or filtering decisions based on the following scenarios: When Host A sends an Ethernet frame to Host C, the bridge searches its bridge table and finds out that Host C is attached to bridge interface 2, and forwards the Ethernet frame out of bridge interface 2, as shown in Figure 97.
287
Figure 97 Forwarding
MAC address: 00e0. fcaa.aaaa MAC address: 00e0.fcbb.bbbb
Host A
00e0.fcaa.aaaa 00e0. fccc. cccc
Host B

00e0.fcaa.aaaa 00e0.fcbb.bbbb 00e0.fccc.cccc 00e0.fcdd.dddd
LAN segment 1
Interface
1 1 2 2
LAN segment 2

00e0.fcaa.aaaa 00e0.fccc.cccc
Host C
MAC address: 00e0.fccc .cccc
Host D
MAC address: 00e 0.fcdd.dddd
When Host A sends an Ethernet frame to Host B, as Host B is on the same LAN segment as Host A, the bridge filters the Ethernet frame instead of forwarding it, as shown in Figure 98.
Figure 98 Filtering
MAC address: 00e0.fcaa.aaaa MAC address: 00e0.fcbb. bbbb
Host A
Source address
00e0.fcaa.aaaa
Host B
Destination address
00e0. fcbb. bbbb
LAN segment 1
Bridge table MAC address Interface
00e 0.fcaa. aaaa 00e 0.fcbb. bbbb 00e 0.fccc. cccc 00e 0.fcdd. dddd
1 1 2 2
LAN segment 2
Host C
Host D
When Host A sends an Ethernet frame to Host C, if the bridge does not find a MAC-to-interface mapping about Host C in its bridge table, the bridge forwards the Ethernet frame to all interfaces except the interface on which the frame was received, as shown in Figure 99.
288
Figure 99 The proper MAC-to-interface mapping is not found in the bridge table
MAC address: 00e0. fcaa.aaaa MAC address: 00e0.fcbb.bbbb
Host A
Source address
00 e0.fcaa .aaaa
Host B
Destination address
00e0. fcbb.bbbb
LAN segment 1
Bridge table MAC address Interface
00e0.fcaa .aaaa 00e0. fcbb.bbbb
1 1
LAN segment 2
Host C
MAC address : 00e0.fccc. cccc
Host D
MAC address: 00e0.fcdd. dddd
When a bridge receives a broadcast or multicast frame, it forwards the frame to all interfaces other than the receiving interface.
Bridging configuration task list

Complete these tasks to configure bridging: Task
Configuring basic bridging functionalities Configuring bridge table entries Configuring bridge routing Enabling VLAN transparency
Remarks
Required Optional Optional Optional
Configuring basic bridging functionalities

When configuring transparent bridging over ATM, you must enable transmission and receiving of bridged frames on the PVC. When configuring transparent bridging over PPP, you must configure PPP on the interface as the link layer protocol for interface encapsulation. When configuring transparent bridging over MP, you must configure PPP on the interface as the link layer protocol for interface encapsulation, create a virtual template interface and associate the physical interface with the virtual template interface. When configuring transparent bridging over FR, you must configure FR on the interface as the link layer protocol for interface encapsulation, configure the FR interface type (optional, DTE by default) and configure a virtual circuit. When establishing transparent bridging over FR, you must configure mappings between bridge addresses and DLCI addresses.
289
When configuring transparent bridging over X.25, you must configure X.25 on the interface as the link layer protocol for interface encapsulation and configure the work mode and datagram format of the interface. When establishing transparent bridging over X.25, you must configure mappings between bridge addresses and X.25 addresses defined in X.121. When configuring transparent bridging HDLC, you must configure HDLC as the link layer protocol for interface encapsulation. When configuring inter-VLAN transparent bridging, you must configure the encapsulation format of the Ethernet subinterfaces and the VLAN IDs. When establishing inter-VLAN transparent bridging, you must add the configured Ethernet subinterfaces into a bridge set. To configure basic bridging functionalities: To do...
1. Enter system view. 2. Enable bridging.
Use the command...

system-view bridge enable
Remarks
Required. Disabled by default. Required.
3. Enable a bridge set.
bridge bridge-set enable interface interface-type interface-number bridge-set bridge-set
No bridge set is enabled by default. Required. An interface is not in any bridge set by default. Optional.
4. Enter interface view. 5. Add the current interface into a bridge set.
6. Configure an FR-to-bridging mapping.
fr map bridge dlci broadcast
This step configures transparent bridging over FR Optional. This step configures transparent bridging over X.25 Optional.
7. Configure an X.25 to bridging mapping.
x25 map bridge x121-address x.121-address broadcast
8. Enable bridged traffic over a PVC.
interface atm { interface-number | interface-number.subnumber }
This step configures transparent bridging over ATM If you configure both the map bridge virtual-ethernet and map bridge-group commands, only the map bridge virtual-ethernet takes effect.
pvc { pvc-name [ vpi/vci ] | vpi/vci } map bridge-group broadcast
For more information about ATM configuration, see the chapter ATM configuration.
Configuring bridge table entries

A bridge dynamically creates and maintains a bridge table based on the correlations between the MAC addresses it has learned and the interfaces. However, the administrator can configure some bridge table entries manually. These never age out.
290
The aging time of a dynamic bridge table entry refers to the lifetime of the entry before it is deleted from the table. When the aging timer of a dynamic table entry expires, the system deletes the entry from the table. To configure a bridge table: To do...
1. Enter system view. 2. Enable dynamic address learning. 3. Configure a static bridge table entry. 4. Configure aging time of dynamic bridge table entries.
Use the command...

system-view bridge bridge-set learning bridge bridge-set mac-address mac-address { deny | permit } [ dlsw | interface interface-type interface-number ] bridge aging-time seconds
Remarks
Optional. Enabled by default. Optional. No static table entry is configured by default. Optional. 300 seconds by default.
Configuring bridge routing

Bridge routing provides a forwarding capability that combines bridging and routing. When data of a given protocol is exchanged between bridge interfaces, bridging occurs; when data of a given protocol is exchanged between a bridge set and a non-bridge-set network, the protocol can be routed. Before the built-in routing and bridging functionalities are activated, all protocol data can only be bridged. With the built-in routing and bridging functionalities activated, datagrams of the specified protocol can be either bridged or routed, and switching between bridging and routing can be implemented flexibly through configuration commands. A bridge-template interface is a virtual route-selecting interface, on which various network layer properties can be configured. By configuring a bridge-template interface, you can connect the bridge set to a routed network. A bridge set can have only one bridge-template interface. The number of a bridge-template interface is the number of the bridge set it represents. By default, if a bridge set contains Ethernet interfaces, its bridge-template interface uses the MAC address of a random Ethernet interface. If the bridge set contains no Ethernet interfaces, its bridge-template interface uses the system default MAC address, of which the first 5 bytes depend on the device model and the last byte is the number of the bridge set. If bridge sets by the same bridge set number are enabled on two or more devices, and a bridge-template interface is created for each of these bridge sets when no Ethernet interfaces have been added into these bridge sets, these bridge-template interfaces use exactly the same default MAC address. This causes MAC address conflict. To avoid this situation, configure different MAC addresses for different bridge-template interfaces. To configure bridge routing: To do...
1. Enter system view. 2. Enable bridge routing.
Use the command...

system-view bridge routing-enable
Remarks
291
To do...
Use the command...
Remarks
3. Configure routing or bridging of a specific network layer protocol on a bridge set.
Configure routing.
bridge bridge-set routing { ip | ipx }
Optional. By default, routing of all network layer protocols is disabled.
Configure bridging.
bridge bridge-set bridging { ip | ipx | others }
Optional. By default, bridging of all network layer protocols is enabled.
4. Create a bridge-template interface and enter bridge-template interface view.
interface bridge-template bridge-set
Required. No bridge-template interfaces exist by default. Optional.
5. Configure a description for the bridge-template interface.
description text
By default, the description of an interface uses the format interface name Interface. Required. By default, an interface does not have an IP address. Optional. By default:
6. Configure an IP address for the bridge-template interface.
ip address ip-address { mask | mask-length } [ sub ]
If some Ethernet interfaces have

joined the bridge set of the bridge-template interface, the bridge-template interface borrows the MAC address of a random Ethernet interface in the bridge set.
7. Configure a MAC address for the bridge-template interface.
mac-address mac-address
If no Ethernet interface has

joined the bridge set of the bridge-template interface, the bridge-template interface uses the system default MAC address. 8. Set the intended bandwidth for the bridge-template interface. 9. Restore the default settings for the bridge-template interface. 10. Bring up the bridge-template interface. bandwidth bandwidth-value default undo shutdown Optional. Optional. Optional. Enabled by default.
292
Enabling VLAN transparency

VLAN transparency enables a bridge to forward VLAN-tagged packets without processing their VLAN tags. If your device does not support VLAN tags, enable VLAN transparency on any interfaces that may receive VLAN-tagged packets to avoid dropping of VLAN tags. To enable VLAN transparency: To do...
1. Enter system view. 2. Enable bridging.
Use the command...

system-view bridge enable
Remarks
Required. Disabled by default. Required. Disabled by default. Required.
3. Enable a bridge-set. 4. Enter interface view. 5. Add the interface to the bridge-set.
bridge bridge-set enable interface interface-type interface-number bridge-set bridge-set
No interface is in any bridge-set by default. Required. Disabled by default.
6. Enable VLAN transparency.
bridge vlanid-transparent-transmit enable
Avoid enabling VLAN transparency on subinterfaces. This function is not applicable to DLSw. This function is not applicable to VLAN interfaces. Before configuring VLAN transparency on an interface, you must add the interface to a bridge-set.
Displaying and maintaining bridging configurations

To do...
Display bridge set information.
Use the command...

display bridge information [ bridge-set bridge-set ] [ | { begin | exclude | include } regular-expression ] display interface bridge-template interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ bridge-template ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]
Remarks
Display information about bridge-template interfaces.
293
To do...
Use the command...

display bridge address-table [ bridge-set bridge-set | dlsw | interface interface-type interface-number | mac mac-address] [ dynamic | static ] [ | { begin | exclude | include } regular-expression ] display bridge traffic [ bridge-set bridge-set | dlsw | interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] reset bridge address-table [ bridge-set bridge-set | dlsw | interface interface-type interface-number ] reset bridge traffic [ bridge-set bridge-set | dlsw | interface interface-type interface-number ] reset counters interface [ bridge-template [ interface-number ] ]
Remarks
Display bridge table information.
Display bridged traffic statistics.
Clear dynamic bridge table entries.
Clear bridged traffic statistics.
Clear statistics for bridge-template interfaces.
Transparent bridging configuration examples

Transparent bridging over ATM
As shown in Figure 100, configure the two routers to enable transparent bridging over ATM between the two LAN segments. Figure 100 Network diagram
LAN 1
Eth1/1 ATM5/0
ATM5/0
Eth1/1
Router A
Router B
1.
Configure Router A.
[RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] interface atm 5/0
294
LAN 2
[RouterA-Atm5/0] pvc 32/50 [RouterA-atm-pvc-Atm5/0-32/50] map bridge-group broadcast [RouterA-atm-pvc-Atm5/0-32/50] quit [RouterA-Atm5/0] bridge-set 1
2.
Configure Router B.
[RouterB] bridge enable [RouterB ]bridge 1 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] interface atm 5/0 [RouterB-Atm5/0] pvc 32/50 [RouterB-atm-pvc-Atm5/0-32/50] map bridge-group broadcast [RouterB-atm-pvc-Atm5/0-32/50] quit [RouterB-Atm5/0] bridge-set 1
Transparent bridging over PPP

As shown in Figure 101, configure the two routers to enable transparent bridging over PPP between the two LAN segments. Figure 101 Network diagram
LAN 1
Eth1/1 S2/0
Eth1/1
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] bridge-set 1
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface Serial 2/0
295
LAN 2
S2/0
[RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] bridge-set 1
Transparent bridging over MP

As shown in Figure 102, configure the two routers to enable transparent bridging over MP between the two LAN segments. Figure 102 Network diagram
LAN 1
Eth1/1 S2/0 S2/0
Eth1/1
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] bridge-set 1 [RouterA-Virtual-Template1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol ppp [RouterA-Serial2/1] ppp mp virtual-template 1 [RouterA-Serial2/1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol ppp [RouterA-Serial2/0] ppp mp virtual-template 1
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] bridge-set 1 [RouterB-Virtual-Template1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol ppp [RouterB-Serial2/1] ppp mp virtual-template 1
296
LAN 2
S2/1
S2/1
[RouterB-Serial2/1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol ppp [RouterB-Serial2/0] ppp mp virtual-template 1
Transparent bridging over FR

As shown in Figure 103, configure the two routers to enable transparent bridging over FR between the two LAN segments. Figure 103 Network diagram
LAN 1
Eth1/1 S2/0
Eth1/1
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] fr interface-type dce [RouterA-Serial2/0] fr dlci 50 [RouterA-Serial2/0] bridge-set 1 [RouterA-Serial2/0] fr map bridge 50 broadcast
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dte [RouterB-Serial2/0] bridge-set 1 [RouterB-Serial2/0] fr map bridge 50 broadcast
297
LAN 2
S2/0
Transparent bridging over X.25

As shown in Figure 104, configure the two routers to enable transparent bridging over X.25 between the two LAN segments. Figure 104 Network diagram
LAN 1
Eth1/1 S2/0
Eth1/1
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dce [RouterA-Serial2/0] x25 x121-address 100 [RouterA-Serial2/0] x25 map bridge x121-address 200 broadcast [RouterA-Serial2/0] bridge-set 1
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 [RouterB-Serial2/0] x25 x121-address 200 [RouterB-Serial2/0] x25 map bridge x121-address 100 broadcast [RouterB-Serial2/0] bridge-set 1
Transparent bridging over HDLC

As shown in Figure 105, configure the two routers to enable transparent bridging over HDLC between the two LAN segments.
298
LAN 2
S2/0
LAN 1
Eth1/1 S2/0
Eth1/1
Router A
Router B
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol hdlc [RouterA-Serial2/0] bridge-set 1
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface Serial 2/0 [RouterB-Serial2/0] link-protocol hdlc [RouterB-Serial2/0] bridge-set 1
Bridging with FR sub-interface support

As shown in Figure 106, Router A and Router B are interconnected through an FR link. Enable bridging on the FR subinterfaces Serial 2/0.1 and Serial 2/0.2 so that traffic between Host A and Host B can be bridged through bridge set 1 and traffic between Host C and Host D can be bridged through bridge set 2. In this example, Router B is a DCE device.
299
LAN 2
S2/0

Host A Host B
Eth1/1
Eth1/1 S2/0 S2/0 Eth1/2
Router A
Eth1/2
Router B
Host C
Host D
1.
Configure Router A.
<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] bridge 2 enable [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 1 [RouterA-Ethernet1/1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] bridge-set 2 [RouterA-Ethernet1/2] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr [RouterA-Serial2/0] quit [RouterA] interface serial 2/0.1 [RouterA-Serial2/0.1] fr map bridge 50 broadcast [RouterA-Serial2/0.1] bridge-set 1 [RouterA-Serial2/0.1] quit [RouterA] interface serial 2/0.2 [RouterA-Serial2/0.2] fr map bridge 60 broadcast [RouterA-Serial2/0.2] bridge-set 2
2.
Configure Router B.
<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 1 enable [RouterB] bridge 2 enable [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 1 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] bridge-set 2 [RouterB-Ethernet1/2] quit
300
[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dce [RouterB-Serial2/0] quit [RouterB] interface serial 2/0.1 [RouterB-Serial2/0.1] fr dlci 50 [RouterB-Serial2/0.1] fr map bridge 50 broadcast [RouterB-Serial2/0.1] bridge-set 1 [RouterB-Serial2/0.1] quit [RouterB] interface serial 2/0.2 [RouterB-Serial2/0.2] fr dlci 60 [RouterB-Serial2/0.2] fr map bridge 60 broadcast [RouterB-Serial2/0.2] bridge-set 2
In this example, the subinterfaces can also be configured as P2P FR subinterfaces, and then it is not necessary to use the fr map command on the point-to-point FR subinterfaces. However, you must configure the same DLCI on both the DCE and DTE sides by using the fr dlci command. This is an alternative method of configuring bridging over FR. For more information about frame relay, see the chapter Frame relay configuration.
Bridge routing
As shown in Figure 107, Ethernet 1/1 and Ethernet 1/2 belong to the same bridge set. Configure bridge routing so that traffic passing each interface in the bridge set can be routed. Figure 107 Network diagram
Bridge-Template 1 1.1.1.1/16
Eth1/1
Eth1/3 2.1.1.1/ 16
Eth1/2
Bridge set 1
Router
<Router> system-view [Router] bridge enable [Router] bridge routing-enable [Router] bridge 1 enable [Router] bridge 1 routing ip [Router] interface ethernet 1/1 [Router-Ethernet1/1] bridge-set 1 [Router-Ethernet1/1] quit [Router] interface ethernet 1/2 [Router-Ethernet1/2] bridge-set 1 [Router-Ethernet1/2] quit
301
[Router] interface bridge-template 1 [Router-Bridge-template1] ip address 1.1.1.1 255.255.0.0 [Router-Bridge-template1] quit [Router] interface ethernet 1/3 [Router-Ethernet1/3] ip address 2.1.1.1 255.255.0.0
Bridging over dialer interface

As shown Figure 108, configure the two routers to enable transparent bridging over dialer interfaces between the two LAN segments. Figure 108 Network diagram
Eth1/1 BRI2/0 Eth1/1
LAN 1
ISDN
BRI2/0
Router A
Router B
1.
Configure Router A.
# Enable bridging globally.

[RouterA] bridge enable [RouterA] bridge 1 enable
# Configure a dialup access control list.

[RouterA] dialer-rule 1 bridge permit
# Configure dialing on the ISDN BRI interface BRI 2/0.

[RouterA] interface bri2/0 [RouterA-Bri2/0] link-protocol ppp [RouterA-Bri2/0] dialer enable-circular [RouterA-Bri2/0] dialer-group 1 [RouterA-Bri2/0] dialer circular-group 2 [RouterA-Bri2/0] quit
# Add Dialer 2 to bridge set 1.

[RouterA] interface dialer2 [RouterA-Dialer2] link-protocol ppp [RouterA-Dialer2] bridge-set 1 [RouterA-Dialer2] dialer enable-circular [RouterA-Dialer2] dialer-group 1 [RouterA-Dialer2] dialer number 660208 [RouterA-Dialer2] quit

[RouterA] interface ethernet1/1 [RouterA-Ethernet1/1] bridge-set 1
2.
Configure Router B.
302
LAN 2
# Enable bridging globally.

[RouterB] bridge enable [RouterB] bridge 1 enable
# Configure a dialup access control list.

[RouterB] dialer-rule 1 bridge permit
# Configure dialing on the ISDN BRI interface BRI 2/0.

[RouterB] interface bri2/0 [RouterB-Bri2/0] link-protocol ppp [RouterB-Bri2/0] dialer enable-circular [RouterB-Bri2/0] dialer-group 1 [RouterB-Bri2/0] dialer circular-group 2 [RouterB-Bri2/0] quit
# Add Dialer 2 to bridge set 1.

[RouterB] interface dialer2 [RouteBr-Dialer2] link-protocol ppp [RouterB-Dialer2] bridge-set 1 [RouterB-Dialer2] dialer enable-circular [RouterB-Dialer2] dialer-group 1 [RouterB-Dialer2] dialer number 660206 [RouterB-Dialer2] quit

[RouterB] interface ethernet1/1 [RouterB-Ethernet1/1] bridge-set 1
VLAN transparency configuration example

As shown in Figure 109, the trunk interfaces of Switch A and Switch B are assigned to the same VLAN. Enable VLAN transparency on interfaces Ethernet 1/1 and ATM 5/0 on both Router A and Router B, so the two office areas can communicate within the same VLAN. Figure 109 Network diagram
Office area A
Switch A Switch B
Office area B
Eth1/1 TRUNK Eth1/1
Eth1/1 TRUNK Eth1/1
ATM5/0 Router A
ATM5/0 Router B
1.
Configure Router A.
303
# Enable the bridging function.

<RouterA> system-view [RouterA] bridge enable [RouterA] bridge 2 enable
# Add Ethernet 1/1 to bridge set 2 and enable VLAN transparency on Ethernet 1/1. Add ATM 5/0 to bridge-set 2 and enable VLAN transparency.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] bridge-set 2 [RouterA-Ethernet1/1] bridge vlanid-transparent-transmit enable [RouterA-Ethernet1/1] quit [RouterA] interface atm5/0 [RouterA-Atm5/0] bridge-set 2 [RouterA-Atm5/0] bridge vlanid-transparent-transmit enable [RouterA-Atm5/0] pvc to_r2 1/100 [RouterA-Atm5/0-1/100-to_r2] map bridge-group broadcast
2.
Configure Router B.
# Enable the bridging function.

<RouterB> system-view [RouterB] bridge enable [RouterB] bridge 2 enable
# Add Ethernet 1/1 to bridge set 2 and enable VLAN transparency on Ethernet 1/1. Add ATM 5/0 to bridge-set 2 and enable VLAN transparency.
[RouterA] interface ethernet 1/1 [RouterB-Ethernet1/1] bridge-set 2 [RouterB-Ethernet1/1] bridge vlanid-transparent-transmit enable [RouterB-Ethernet1/1] quit [RouterB] interface atm5/0 [RouterB-Atm5/0] bridge-set 2 [RouterB-Atm5/0] bridge vlanid-transparent-transmit enable [RouterB-Atm5/0] pvc to_r1 1/100 [RouterB-Atm5/0-1/100-to_r1] map bridge-group broadcast
304
EtoPPP and EtoFR configuration

EtoPPP converts on the data link layer between Ethernet and PPP for IP packets. Similarly, EtoFR converts on the link layer between Ethernet and Frame Relay for IP packets. With EtoPPP or EtoFR, a device encapsulates an Ethernet-encapsulated IP packet with PPP or FR encapsulation, and then forwards the packet rather than routes the packet. Thus, high-performance Layer-2 switching between different types of links is achieved.
How EtoPPP and EtoFR work

EtoPPP/EtoFR translation table
EtoPPP/EtoFR is implemented through an EtoPPP/EtoFR translation table. This table is manually configured for forwarding IP packets.
How EtoPPP and EtoFR handle IP packets

EtoPPP handles an IP packet in the following steps.
1.
When an Ethernet interface in the EtoPPP translation table receives an IP packet, the device finds the outgoing interface by looking up the EtoPPP translation table, encapsulates the IP packet with PPP, and then forwards the PPP-encapsulated IP packet out the PPP interface. When a PPP interface in the EtoPPP translation table receives an IP packet, the device finds the outgoing Ethernet interface by looking up the EtoPPP translation table, encapsulates the IP packet with Ethernet, and then forwards the Ethernet-encapsulated IP packet out the Ethernet interface.
2.
EtoFR works in the same way as EtoPPP does except that the link layer encapsulation is converted between Ethernet and FR. EtoPPP and EtoFR only apply to IP packets. Configuring an interface to participate in EtoPPP or EtoFR translation can result in dropping of non-IP data packets on the interface. It is not recommended to assign IP addresses to the interfaces used in the EtoPPP or EtoFR translation table, because the IP address configuration not take effect. To get the statistics about IP packets on a virtual or logical interface in the EtoPPP or EtoFR translation table, use the display command for the EtoPPP or EtoFR translation table rather than that for the virtual or logical interface. The interfaces in the EtoPPP or EtoFR translation table do not support QoS in the inbound direction. In the outbound direction, they support only rate limiting on the physical interfaces.
Configuring EtoPPP and EtoFR

Creating an EtoPPP translation mapping
The interface specified by interface-type1 interface-number1 can only be a Layer 3 Ethernet interface, Ethernet subinterface, or VLAN interface. The interface specified by interface-type2 interface-number2 must be configured with PPP encapsulation. This interface can only be an MP group interface, synchronous serial interface, POS interface, or POS subinterface.
305
You cannot change the link layer protocol of a PPP interface in the EtoPPP translation table or assign the interface to an MP group. For an interface, create only one entry in the EtoPPP translation table. The remote IP addresses of the interfaces in an EtoPPP translation entry, or ip-address1 and ip-address2 must be located on the same network segment. To create an EtoPPP translation mapping: To do...
1. Enter system view. 2. Create an EtoPPP mapping.
Use the command...

system-view etoppp translate interface interface-type1 interface-number1 interface-type2 interface-number2 ip-address ip-address1 ip-address2
Remarks
Required. No EtoPPP mapping exists by default.
Creating an EtoFR translation mapping

The interface specified by interface-type1 interface-number1 can only be a Layer 3 Ethernet interface, Ethernet subinterface, or VLAN interface. The interface specified by interface-type2 interface-number2 can only be an FR interface/subinterface or MFR interface/subinterface. You cannot change the link layer protocol of an FR interface in the EtoFR translation table. In the EtoFR translation table, create only one entry for an Ethernet interface, and one entry for each DLCI on an FR interface. The remote IP addresses of the interfaces in an EtoFR translation entry, or ip-address1 and ip-address2 must be located in the same network segment. To create an EtoFR translation mapping: To do...
1. Enter system view. 2. Create an EtoFR translation mapping.
Use the command

system-view etofr translate interface interface-type1 interface-number1 interface-type2 interface-number2 dlci dlci-number ip-address ip-address1 ip-address2
Remarks
Required. No EtoFR translation mapping exists by default.
Displaying and maintaining EtoPPP and EtoFR

To do...
Display EtoPPP translation mapping entries and translation statistics. Clear the statistics about the EtoPPP translation mapping entry for an interface or all EtoPPP translation mapping entries if no interface is specified.
Use the command...

display etoppp translate [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]
Remarks
reset etoppp translate [ interface interface-type interface-number ]
306
To do...
Display EtoFR translation mapping entries and translation statistics. Clear the translation statistics for the EtoFR translation mapping entry for an interface or all EtoFR translation entries if no interface is specified.
Use the command...

display etofr translate [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] reset etofr translate [ interface interface-type interface-number ]
Remarks
EtoPPP and EtoFR configuration examples

EtoPPP configuration example
As shown in Figure 1 Router A (the CE) is the gateway for a LAN and is connected to Router B (the EtoPPP 10, device) through an Ethernet interface. Router B is connected to Router C (the PE) through a PPP-encapsulated serial interface formed by bundling timeslots on a T1 line. Map the Ethernet interface to the PPP interface on Router B through EtoPPP to forward traffic between the two interfaces at Layer 2. Figure 110 Network diagram
Internet
EtoPPP device CE
Eth1/1 1.1.1.1/24 Eth1/1 Serial 2/0:0
PE Router C
Router A
Router B
Serial 2/0:0 1.1.1.2/24
Host A
Host B
1.
Configure the CE (Router A)
# Configure the IP address of interface Ethernet 1/1 on Router A.

<RouterA> system-view [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 1.1.1.1 24
2.
Configure the PE (Router C)
# Configure the IP address of the synchronous serial interface formed by timeslot bundling on interface T1 2/0.
<RouterC> system-view
307
[RouterC] controller t1 2/0 [RouterC-T1 2/0] channel-set 0 timeslot-list 1-24 [RouterC-T1 2/0] quit [RouterC] interface serial 2/0:0 [RouterC-Serial2/0:0] ip address 1.1.1.2 24
3.
Configure the EtoPPP device (Router B)
# Create the EtoPPP mapping for forwarding the traffic between the CE and the PE.
<RouterB> system-view [RouterB] controller t1 2/0 [RouterB-T1 2/0] channel-set 0 timeslot-list 1-24 [RouterB-T1 2/0] quit [RouterB] etoppp translate interface ethernet 1/1 serial 2/0:0 ip-address 1.1.1.1 1.1.1.2
EtoFR configuration example

As shown in Figure 1 1, Router A (the CE) is the gateway for a LAN and is connected to Router B (the EtoFR 1 device) through an Ethernet interface. Router B is connected to Router C (the PE) through an FR-encapsulated serial interface formed by bundling timeslots on a T1 line. Map the Ethernet interface to the FR interface on Router B through EtoFR to forward traffic between the two interfaces at Layer 2. Figure 111 Network diagram
Internet
EtoFR device CE
Eth 1/1 1.1.1.1/24 Eth 1/1 Serial 2/0:0 DLCI = 20
PE
Router A
Router B
Serial 2/0:0 1.1.1.2/24 Router C DLCI = 20
Host A
Host B
1.
Configure the CE (Router A)
# Configure the IP address of interface Ethernet 1/1 on Router A.

<RouterA> system-view [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 1.1.1.1 24
2.
Configure the PE (Router C)
# Configure the IP address of the synchronous serial interface formed by timeslot bundling on interface T1 2/0.
308
<RouterC> system-view [RouterC] controller t1 2/0 [RouterC-T1 2/0] channel-set 0 timeslot-list 1-24 [RouterC-T1 2/0] quit [RouterC] interface serial 2/0:0 [RouterC-Serial2/0:0] link-protocol fr [RouterC-Serial2/0:0] fr interface-type dce [RouterC-Serial2/0:0] fr dlci 20 [RouterC-Serial2/0:0] ip address 1.1.1.2 24
3.
Configure the EtoFR device (Router B)
# Create the EtoFR mapping for forwarding the traffic between the CE and the PE.
<RouterB> system-view [RouterB] controller t1 2/0 [RouterB-T1 2/0] channel-set 0 timeslot-list 1-24 [RouterB-T1 2/0] quit [RouterB] interface serial 2/0:0 [RouterB-Serial2/0:0] link-protocol fr [RouterB-Serial2/0:0] fr dlci 20 [RouterB-Serial2/0:0] quit [RouterB] etofr translate interface ethernet 1/1 serial 2/0:0 dlci 20 ip-address 1.1.1.1 1.1.1.2
If InARP is disabled on interface Serial 2/0:0 on the PE, you must manually configure an FR address mapping for the Serial 2/0:0 interfaces with the fr map ip command on the PE and the EtoFR device.
309
LAPB and X.25 configuration

The HP A-MSR900 series routers do not support LAPB or X.25.
X.25 and LAPB protocols

X.25
X.25 is an ITU-T standard protocol suite for packet switched WAN communications. It defines how connections are established and maintained between user devices and network devices. The first draft of X.25 was released in 1974. It incorporated the experience and recommendations from Telenet and Tymnet in the USA and the Datapac packet-switched network in Canada. It has since then evolved to include more feature options and facilities. An X.25 network comprises three types of devices: DTE, DCE, and PSE. DTEs are user devices that communicate across the X.25 network. They are usually terminals, personal computers, or network hosts. DCEs are communications devices, such as modems and packet switches. PSEs are switches in the carrier's network cloud. They transfer data from one DTE device to another through the X.25 network. Figure 1 12 shows the relationships among the three types of X.25 devices. Figure 112 X.25 network model
DTE PSE DTE DCE PSE PSN PSE DCE DTE DCE
DTE DCE PSE PSN
Data terminal equipment Data circuit-terminating equipment Packet switching exchange Packet switched network
X.25 defines three layers identical to the lowest three layers of the OSI reference model, as shown in Figure 1 13.
310
Figure 113 Layers of X.25 protocol

OSI reference model 7 6 5 4 3 2 1 X.25 packet layer X.25 data link layer X.25 physical layer DTE Packet layer interface Data link interface Physical layer interface X.25 packet layer X.25 data link layer X.25 physical layer DCE X.25
The X.25 physical layer defines the physical and electrical specifications between DTE and DCE. The X.25 data link layer defines the format and specifications of the frames exchanged between DTE and DCE. LAPB is the data link protocol of X.25. The X.25 packet layer defines the packet format and rules for Layer 3 packet switching.
The X.25 packet layer can multiplex multiple virtual circuits over the Layer 2 link between DTE and DCE to provide separate point-to-point connections for subscribers. Figure 1 shows the data forms at different X.25 layers. 14 Figure 114 X.25 packet and LAPB frame
X.25 Layer 3 Packet layer X.25 Layer 2 Data link layer X.25 Layer 1 Physical layer Packet header
Frame delimiter Frame header
User data
Data
Frame check sequence
Frame delimiter
Bit stream
LAPB
LAPB is the data link layer protocol of X.25. It manages communication and packet framing between DTE and DCE. From the perspective of layering, the link layer is like a bridge, across which the packet layers of DTE and DCE exchange packets continuously. The link layer functions to: Transmit data effectively between DTE and DCE Ensure the synchronization of information between receiver and sender Detect and correct errors during transmission Identify and report procedural errors to the higher layer protocols Inform the packet layer of the link layer state
311
LAPB adopts the framing structure of HDLC and is a subset of HDLC. LAPB uses the SABM command to initiate link setup. Two devices establish a two-way link after one of them sends an SABM command and the other replies with a UA response. Although initially defined for X.25, as an independent link layer protocol, LAPB can directly carry non-X.25 upper layer protocols. Set the link layer protocol of a serial interface as LAPB for local data transmission.
Virtual circuit
X.25 enables two DTEs to communicate across a telephone network. The following describes how the communication goes on:
1. 2. 3.
One DTE sends a connection request call to another DTE. The called DTE accepts or rejects the request. Once the connection is set up, the DTEs can transmit data in full duplex mode, and either end can disconnect the connection at any time.
The connection established by X.25 between a pair of DTEs is called a virtual circuit. It provides a virtual channel for communication between the two ends. X.25 virtual circuits are logical links rather than physical links as in circuit switching networks. They fall into two categories: PVCs, which are suitable for frequent, constant data transmission. SVCs, which are suitable for bursty data transmission.
Each virtual circuit is uniquely identified by a virtual circuit ID. Each packet sent by a DTE carries a virtual circuit ID, which enables the DCEs in the switched network to forward the packet correctly to its destination.
X.25 switching
Use devices that support X.25 switching as small-sized X.25 PSEs to protect the investment in X.25. Figure 1 15 describes the relationships among LAPB, X.25, and X.25 switching. Figure 115 Relation between LAPB, X.25 and X.25 switching
IP
X.25 switching
X.25 LAPB
In addition to X.25, LAPB can carry IP when two devices are directly connected without an X.25 network in between. With an X.25 switching module, a device can work as a small-sized PSE to directly forward packets without using the upper layer service.
312
Configuring LAPB
LAPB parameters
LAPB frame numbering modulos
Two LAPB frame numbering modes are available: modulo 8 and modulo 128. Data frames (I frames) are numbered cyclically in sequence in the range of 0 to modulo 1. All standard LAPB implementations support modulo 8 (the basic mode), which is sufficient for most links.
LAPB window size K

LAPB window size K indicates the maximum number of outstanding frames for acknowledgement on the DTE or DCE within any period.
LAPB N1 parameter
The LAPB N1 parameter specifies the maximum number of bits that an I frame can hold. The maximum N1 value is calculated by using the following formula: (hardware MTU + protocol header) 8
LAPB N2 parameter
N2 sets the maximum number of times a data frame can be sent from DCE to DTE or vice versa.
LAPB timers
LAPB defines four timers: T1 is the retransmission timer. It determines how long a transmitted frame can remain unacknowledged before LAPB polls for an acknowledgement. When the T1 timer expires, the DTE or DCE retransmits the frame. T2 is the explicit acknowledge deferral timer. It determines the time that the DTE or DCE waits before sending an explicit acknowledgement. The acknowledgement is piggybacked with data, unless no data exists and then an explicit acknowledgement is sent when the timer expires. T1 must be no smaller than 2 T2. T3 is the idle channel state timer. It is set on the DCE. When the T3 timer expires, the DCE reports an excessively long idle channel state condition to the packet layer. T3 must be greater than the DCE T1 timer. To disable the T3 timer, set it to zero. T4 is the timer to detect unsignaled link failures. The T4 timer is reset every time a frame is received from the partner on the link. If the T4 timer expires, a Receiver Ready frame with the Poll bit set is sent to the partner, which is required to respond. If the partner does not respond, the standard polling mechanism determines whether the link is down. You must set T4 to be greater than T1, the LAPB retransmission timer. When the number of transmission attempts exceeds the LAPB N2 parameter, the link is re-negotiated. To disable the T4 timer, set it to zero.
To configure LAPB: To do
Use the command

system-view
Remarks
313
To do
2. Enter interface view.
Use the command

Remarks
Required.
3. Configure the link layer protocol as LAPB.
link-protocol lapb [ dce | dte ] [ ip | multi-protocol ]
By default, the link layer protocol is PPP. When LAPB is configured, the interface works as a DTE with the upper layer protocol as IP. Optional. 8 by default.
4. Configure the modulo.
lapb modulo { 8 | 128 }
To make the configuration take effect, re-enable the interface by using the shutdown and then undo shutdown commands. Optional. 7 by default. Optional.
5. Configure LAPB window parameter K.
lapb window-size k-value
6. Configure LAPB parameter N1.
lapb max-frame n1-value
The default N1 is calculated according to the MTU, the upper layer protocol, and the modulus value. Optional. 10 by default. Optional. By default:
7. Configure LAPB parameter N2.
lapb retry n2-value
8. Configure the system timers T1, T2, T3, and T4 for LAPB.
lapb timer { t1 t1-value | t2 t2-value | t3 t3-value | t4 t4-value }
T1 is 3000 milliseconds T2 is 1500 milliseconds T3 is 0 seconds T4 is 0 seconds
Optional. By default, LAPB does not initiate link re-negotiation when receiving unsolicited response frames with the Final bit set to 1. lapb pollremote As likelihood exists that some response frames received with the Final bit set to 1 may be falsely treated as unsolicited response frames, HP recommends that you use the default setting to prevent link flapping caused by false link re-negotiations that result.
9. Configure LAPB to initiate link re-negotiation when receiving an unsolicited response frame with the Final bit set to 1.
314
Configuring an X.25 interface

Configuring the basic parameters of an X.25 interface
Introduction to basic X.25 interface parameters
1.
X.121 address
If the device is used for X.25 switching, this task can be skipped. If it is connected to an X.25 public packet network, you must set an X.121 address for the connected X.25 interface according to the requirements of the ISP. As defined in ITU-T recommendation X.121, an X.121 address is a string of 1 to 15 numbers.
2.
X.25 operating mode
Layer 3 of X.25 supported by your device can work in either DTE mode or DCE mode. The format of the datagram is alternative, either IETF or nonstandard. An X.25 public packet switching network requires the device to access the network as a DTE and datagrams to be encapsulated with the IETF format generally. The operating mode of X.25 should be DTE and the encapsulation format should be IETF. When two routers are connected back to back through serial interfaces, make sure that they are using the same encapsulation format and are working as the DTE and DCE.
3.
X.25 virtual circuit range
The X.25 protocol can create multiple logical virtual connections over a physical link between DTE and DCE. These virtual connections are called virtual circuits or logical channels. Up to 4095 virtual circuits can be established by X.25, and their numbers range from 1 to 4095. The number used to differentiate each virtual circuit (or logical channel) is called LCI or VCN. Strictly speaking, virtual circuits and logical channels are different. However, at the user end, they are not distinguished strictly. An important part of X.25 operation is how to manage the total 4,095 virtual circuits. All the virtual circuit numbers are divided into four ranges (listed here in ascending order): A-PVCs range B-Incoming-only channel range C-Two-way channel range D-Outgoing-only channel range
The numbers of the virtual circuits established by an X.25 call must be set in the ranges of B, C, and D. The permanent virtual circuits must be set in the A range. According to ITU-T Recommendation X.25, the idle channel allocation rules in initiating calls are as follows: Only the DCE can initiate a call using a channel in the incoming-only channel range. Only the DTE can initiate a call using a channel in the outgoing-only channel range. Both the DCE and the DTE can initiate a call using a channel in the two-way channel range. DCE always uses the lowest available logical channel. DTE always uses the highest available logical channel.
You can avoid the case that one side of the communication occupies all the channels, and minimize the possibility of call collision. In the X.25 protocol, six parameters are employed to define the four ranges, as shown in Figure 1 16.
315
Figure 116 X.25 channel delimitation

1 PVC range LIC HIC LTC HTC LOC HOC 4095 Incoming-only channel range unused Two-way channel range Unused Outgoing-only channel range Unused
Table 4 Description of X.25 channel range delimitation parameters Parameter

LIC HIC LTC HTC LOC HOC
Description
Lowest Incoming-only Channel Highest Incoming-only Channel Lowest Two-way Channel Highest Two-way Channel Lowest Outgoing-only Channel Highest Outgoing-only Channel
Each range (except PVC range) is defined by two parameters working as the upper limit and lower limit. The parameters are in the range of 1 to 4095 (including 1 and 4095), but they are regarded correct only if they satisfy the following conditions: In strict ascending order, 1 lic hic< ltc htc < loc hoc 4095. If the upper limit (or lower limit) of a range is 0, then the lower limit (or upper limit) must also be 0, (which indicates this range is disabled from use). At the two sides (DTE and DCE) of a physical connection, these six parameters of X.25 must be equal in a symmetric way, because different settings at the two sides are very likely to result in an improper procedure and result in transmission failures. Take the default of each parameter into consideration. The new configuration cannot take effect immediately on a connection in use unless you reset the interface by using the commands shutdown and undo shutdown. X.25 packet numbering modulo
Finally, the following should be noted:

4.
The implementation of X.25 supports both modulo 8 and modulo 128 in packet numbering, with modulo 8 being the default. The X.25 protocol requires DTE and DCE have the same packet sequence numbering mode. The new configuration is not effective unless you reset the interface by using the shutdown command and the undo shutdown command. Besides, the packet sequence numbering mode of X.25 layer 3 is different from the frame sequence numbering mode of LAPB (X.25 layer 2). When modulo 128 numbering mode is employed in the DTE/DCE
316
interface with high throughput rate, for LAPB, only the efficiency of local DTE/DCE interface is affected, and point-to-point efficiency increases. For X.25 layer 3, the efficiency of end-to-end is affected, and the efficiency between the two DTEs increases.
5.
Traffic control parameters
X.25 protocol is a reliable transport protocol with powerful traffic control capability due to the window size and maximum packet size. However, it cannot perform traffic control effectively and correctly unless correctly configured. Any inappropriate configuration causes CLEAR and RESET events of X.25. Because most public X.25 packet networks use the default window size and maximum packet size specified in the ITU-T X.25 Recommendation, the device also adopts the same default values. You do not need to set the two parameters unless requested by the access service providers. After the default window size and the default maximum packet size are set, the SVC, which can be established only via calling, uses these default values if related parameters are not negotiated in the call process. (Parameter negotiation is described in the later sections). The PVC, which can be established directly without calling, also uses these default values if no window size or packet size option is appended when it is specified. (See the later sections for PVC configuration). An X.25 sender fragments the oversize data packets at the upper layer based on the maximum packet size, and mark the final fragment packet (M bit not set). After the packets reach the receiver, X.25 reassembles the fragment packets, and determine whether a piece of complete upper layer packet is received based on the M bit flag. Too small value of the maximum packet size consumes too much router resources on message fragmenting and reassembling, and lower efficiency. The maximum packet size < MTU*8 < N1 of LAPB Reset an interface by using the shutdown and undo shutdown commands to make new configuration take effect
To configure an X.25 interface: To do
Use the command

Remarks
Required.
3. Enable X.25 encapsulation on the interface.
link-protocol x25 [ dce |dte ] [ ietf | nonstandard ]
PPP by default. With X.25 encapsulation enabled, the default operation mode is DTE IETF. Optional.
4. Set an X.121 address for the interface.
x25 x121-address x.121-address
If the device is used for the purpose of X.25 switching, this task can be skipped. If it is connected to X.25 public packet network, you must set an X.121 address for the connected X.25 interface.
317
To do
Use the command
Remarks
Optional. By default, lower and upper limits of a two-way channel are 1 and 1024, respectively; those of incoming-only channel are both 0, and those of outgoing-only channel are both 0. To make the configuration take effect, re-enable the interface by using the shutdown and then undo shutdown commands. Optional. 8 by default.
5. Set the X.25 virtual circuit range.
x25 vc-range { bi-channel ltc htc [ out-channel loc hoc ] | in-channel lic hic [ bi-channel ltc htc ] [ out-channel loc hoc ] | out-channel loc hoc }
6. Set the modulo.
x25 modulo { 8 | 128 }
To make the configuration take effect, re-enable the interface by using the shutdown and then undo shutdown commands. Optional.
7. Set the sizes of virtual circuit input window and output window.
x25 window-size input-window-size output-window-size
By default, input-window-size is 2 and output-window-size is 2. To make the configuration take effect, re-enable the interface by using the shutdown and then undo shutdown commands. Optional.
8. Set the maximum sizes for input and output packets on the interface.
x25 packet-size input-packet output-packet
By default, input-packet is 128 bytes and output-packet is 128 bytes. To make the configuration take effect, re-enable the interface by using the shutdown and then undo shutdown commands.
Configuring X.25 interface supplementary parameters

Introduction to X.25 interface supplementary parameters
It is necessary to configure certain supplementary X.25 parameters in some special network environments. The following sections are related to these supplementary parameters.
1.
X.25 layer 3 delay timer
X.25 protocol defines a series of timers to facilitate its procedure. After X.25 sends a control message, if it does not receive the response before the timer expires, X.25 protocol takes measures to handle this abnormal event. The names and procedures of these timers are shown in Table 5.
318
Table 5 X.25 Layer 3 timer Procedure name

Restart Call Reset Clear Register
Timer name DTE side

T20 T21 T22 T23 T28
DCE side
T10 T11 T12 T13
T28 is Registration request sending timer which is only defined on DTE for dynamically requesting the network for optional services or stopping these services. Its default value is 300 seconds, which cannot be changed.
2.
Attributes related to X.25 address
To establish an SVC with a call, X.25 address is needed, which adopts the address format specified in ITU-T Recommendation X.121. An X.121 address is a string of 1 to 15 digits. Some attributes related to X.121 address are as follows: Alias of interface When an X.25 call is forwarded across multiple networks, different networks likely make some modifications on the called address as needed, such as adding or deleting the prefix. In such cases, the destination address of a call that reaches X.25 interface may be inconsistent with X.121 address of the destination interface (because the destination address of this call is modified within the network); still the interface should accept this call. For this purpose, one or more alias names must be specified for this interface. To meet the requirements of different networks, X.25 defines nine match types and their relevant alias string formats, as shown in Table 6. Table 6 Alias match modes and meanings Matching mode
free
Description
Free matching, the alias string is in the form of 1234 Extended free matching, in which the alias string is in the form of 1234.. Left-most matching mode, in which the alias string is in the form of $1234 Extended left-most matching mode, in which the alias string is in the form of $1234 Rightmost matching mode, in which the alias string is in the form of 1234$
Example
1234 will match 561234, 1234567 and 956123478, but will not match 12354. 1234 .. will match 678123459, but will not match 68123459, 67812345 and 6781234591. $1234 will match 1234567 and 12346790, but will not match 3123478 and 123784. $1234 will match 1234679 and 1234872, but will not match 123468 and 12346890. 1234$ will match 791234 and 6901234, but will not match 7912345 and 6212534.
free-ext
left
left-ext
right
319
Matching mode
right-ext
Description
Extended rightmost matching mode, the alias string is in the form of .1234$ Strict matching mode, in which the alias string is in the form of $1234$ Whole matching mode, in which the alias string is in the form of ........ Extended whole matching mode, in which the alias string can only be *
Example
.1234$ will match 79001234 and 86901234, but will not match 7912345 and 506212534. $1234$ can only match 1234. .. will match all the valid X.121 addresses of 8 digits in length. "* will match all the valid X.121 addresses.
strict
whole
whole-ext
Attributes related to the address code block in calling or called packets
As defined in the X.25 protocol, a call packet must carry the information set of both the calling DTE address (source address) and the called DTE address (destination address). This address information set is called address code block. In a call accept packet, some networks require that both (the calling DTE address and the called DTE address) be carried, some networks require that only one of the two be carried, and some others require that neither should be carried. To adapt to the differences between various networks, make selections as required. Default upper layer protocol that X.25 bears An X.25 call request packet includes a CUD (Call User Data) field that indicates the upper layer protocol type carried over the X.25 protocol. When receiving an X.25 call, the device checks the CUD field in the packet. If receiving a call carrying an unidentifiable CUD field, the router will deny it. However, an upper layer protocol can be specified as the default protocol on the X.25. When X.25 receives a call with an unrecognizable CUD, it treats it with the customized default upper layer protocol.
3.
The user facility adding/removing function
The user facility adding and removing functions are applicable to only main interfaces. They work as follows on a main interface: The user facility adding function is applicable to only the incoming packets. With the function, the main interface checks incoming call setup negotiation packets for the window size and maximum packet size fields. If the two fields are carried, the packets are not processed; if not, the two fields are added to the packets. The user facility removing function is applicable to only the outgoing packets. With the function, the main interface checks outgoing call-setup negotiation packets for the window size and maximum packet size fields. If the two fields are not carried, the packets are not processed; if the two fields are carried, they are removed before the packets are sent out.
To configure X.25 interface supplementary parameters: To do
Use the command

Remarks

To do
3. Set the restart timer delay value.
Use the command
Remarks
Optional. By default, the value for DTE is 180 seconds, and the value for DCE is 60 seconds. Optional.
x25 timer tx0 seconds
4. Set the call request timer for DTE or the call indication timer for DCE.
By default, the value for DTE is 200 seconds, and the value for DCE is 180 seconds. Optional.
5. Set the reset request timer for DTE or the reset indication timer for DCE.
By default, the value for DTE is 180 seconds, and the value for DCE is 60 seconds. Optional.
6. Set the clearing request timer for DCE or the clearing request timer for DTE.
By default, the value for DTE is 180 seconds, and the value for DCE is 60 seconds. Optional. Not specified by default Optional. Carried by default Optional. Carried by default Optional. Not carried by default Optional. Not carried by default Optional. Not specified by default Optional. Disabled by default Optional. Disabled by default
7. Specify an alias for the interface. 8. Carry no X.121 address of the called DTE in each call packet. 9. Carry no X.121 address of the calling DTE in each call packet. 10. Carry the address of the called DTE in each call-acceptance packet. 11. Carry the address of the calling DTE in each call-acceptance packet. 12. Specify the default upper layer protocol. 13. Enable the user facility adding function. 14. Enable the user facility removing function.
x25 alias-policy match-type alias-string x25 ignore called-address
x25 ignore calling-address
x25 response called-address
x25 response calling-address x25 default-protocol protocol-type x25 add-facility
x25 remove-facility
Configuring an X.25 subinterface

An X.25 subinterface is a virtual interface that has a separate protocol address and virtual circuit. Create multiple subinterfaces on a physical interface to connect multiple networks. All subinterfaces on the main interface share an X.121 address with the main interface. X.25 subinterfaces fit into point-to-point subinterfaces and point-to-multipoint subinterfaces. A point-to-point subinterface connects a single remote end, and a point-to-multipoint subinterface connects multiple ones, which must be on the same network segment.
321
To configure an X.25 subinterface: To do

1. Enter system view. 2. Enter main interface view. 3. Enable X.25. 4. Return to system view. 5. Create an X.25 subinterface.
Use the command

system-view interface serial interface-number link-protocol x25 quit interface serial interface-number.subnumber [ p2mp | p2p ]
Remarks
Required. Required. Point-to-multipoint (p2mp) applies by default.
If the link layer protocol of an interface is LAPB, HDLC, or PPP, no subinterface can be created on it.
Configuring X.25 datagram transmission

Configuring basic X.25 datagram transmission functionality
Introduction to X.25 datagram transmission
X.25 service enables two remote X.25 hosts to communicate across an X.25 packet switching network. As shown in Figure 1 LAN 1 and LAN 2 communicate remotely across an X.25 packet switching network. 17, Figure 117 Interconnect LANs via X.25
LAN 1
LAN 2
X.25 packet switching network

Router A Router B
LAN 1 and LAN 2 communicate with each other by sending datagrams that use IP addresses, and X.25 uses X.121 addresses. To correctly tunnel IP datagrams across an X.25 network, the routers must have an IP-to-X.121 address mapping table. This section describes how to establish an IP-to-X.121 mapping.
1.
Mapping a protocol address to an X.121 address
An X.25 interface has its own X.121 address and internetworking protocol (such as IP protocol) address. When X.25 initiates a call through this interface, the source address (calling DTE address) in the call request packet is the X.121 address of this interface. Then, how can the router target the destination of the call, or how can the router determine the X.121 address for the IP address destination? For this purpose, the router looks up the protocol-address-to-X.121 address mappings that have been configured on the router. A direct call destination has its own protocol address and X.121 address. In this case, a destination protocol-address-to-X.121 address mapping must be created on the source. Through the mapping, X.25 can find the destination X.121 address according to the destination protocol address to initiate a call successfully. This is why the address mapping shall be established for X.25. Such a mapping should be created for every destination.
2.
Creating a PVC
A PVC can be created for the data transmission which features large but stable traffic size and requires the service quality of a leased line. A PVC does not need any call process and will always exist once set up.
322
Before creating a PVC, it is unnecessary to create an address mapping, because an address mapping is created implicitly when a PVC is created.
To configure the basic X.25 datagram transmission functionality: To do
1. Enter system view. 2. Enter interface view. 3. Create a mapping of the destination protocol address to X.121 address.
Use the command

system-view interface interface-type interface-number x25 map protocol-type protocol-address x121-address x.121-address [ option ] x25 vc-range { bi-channel ltc htc [ out-channel loc hoc ] | in-channel lic hic [ bi-channel ltc htc ] [ out-channel loc hoc ] | out-channel loc hoc } x25 pvc pvc-number protocol-type protocol-address x121-address x.121-address [ option ]
Remarks
Required Not created by default
4. Specify the virtual circuit range.
Required for PVC creation
5. Create a PVC.
Because the default two-way channel range (LTC=1, HTC=1024) does not support PVC configuration, you must specify a virtual circuit range by using the x25 vc-range command to create a PVC. If a PVC has no related parameters configured, its traffic control parameters are the same as its X.25 interface set by using the x25 packet-size and x25 window-size commands.
Configuring additional parameters for X.25 datagram transmission

X.25 allows the addition of some characteristics, including a series of optional user facilities provisioned in ITU-T Recommendation X.25, for the sake of improving performance and broadening application ranges. This section describes how to configure such additional features, including the options in the commands x25 map and x25 pvc. Select and configure these additional features according to the X.25 network structure, and the services provided by the service provider. Complete the following tasks to configure additional parameters for X.25 datagram transmission: Task
Setting the maximum SVC idle interval Setting the maximum number of SVCs that can be associated to one address mapping Setting the packet acknowledgement threshold Configuring X.25 user facilities Setting the queue length for all the virtual circuits on an interface Enabling the sending of broadcast packets through X.25 323
Remarks
Optional Optional Optional Optional Optional Optional
Task
Restricting the use of address mapping
Remarks
Optional
Setting the maximum SVC idle interval

For the sake of cost saving, specify an SVC idle time on the expiration of which the SVC is disconnected. Enabling this feature does not affect the data transmission because the SVC can be set up again if new packets are waiting for transmission. To set the maximum SVC idle interval: To do
1. Enter system view. 2. Enter interface view. 3. Set the maximum idle interval for all the SVCs on the interface.
Use the command

system-view interface interface-type interface-number x25 timer idle minutes
Remarks
Optional. 0 minutes by default, where no SVC cleared automatically. Optional.
4. Set the maximum idle interval for an SVC associated with an address mapping.
x25 map protocol-type protocol-address x121-address x.121-address idle-timer minutes
No mapping is created by default. If created, the value defaults to 0 minutes, where no SVC cleared automatically.
Setting the maximum number of SVCs that can be associated to one address mapping
Specify the maximum number of SVCs allowed to set up for the same address mapping. By default, an X.25 address mapping can only be associated with one virtual circuit. In case of busy traffic and slow line speed, increase this number properly to reduce data loss. Up to eight SVCs can be associated with an X.25 address mapping. To set the maximum number of SVCs that can be associated to the same address mapping: To do
1. Enter system view. 2. Enter interface view. 3. Set the maximum number of SVCs that can be associated for all the address mappings on the X.25 interface. 4. Set the maximum number of SVCs that can be associated to an address mapping.
Use the command

Remarks

x25 vc-per-map count Optional. x25 map protocol-type protocol-address x121-address x.121-address vc-per-map count The count defaults to 1.
Setting the packet acknowledgement threshold

By setting the packet acknowledgement threshold (also called receive-threshold), you enable the receiving router to send acknowledgement packets before the input-window gets full. According to the X.25 protocol, the receiver sends an acknowledgement when the input window (set with the window-size input-window-size command) gets full. If the delay on your X.25 network is intolerable, set the
324
packet acknowledgement threshold to enable the receiver sends acknowledgement before the input window gets full. Set the acknowledgement threshold in the range of 0 to the input window size: If it is set to 1, the receiver acknowledges every packet. If it is set to 0 or the input window size, the receiver acknowledges packets only when the input window gets full. To do
To set the packet acknowledgement threshold: Use the command

Remarks
Optional.
3. Set the packet acknowledgement threshold.
x25 receive-threshold count
By default, the threshold is 0. The device acknowledges incoming packets when the input window gets full.
For information about input window size, see Traffic control parameters.
Configuring X.25 user facilities

X.25 stipulates various user facilities and you can select and configure them. These configurations can be modified in two ways: X.25 interface-based configuration (by using the x25 call-facility command) address-mapping-based configuration (by using the x25 map command)
The configuration based on X.25 interface takes effect in every call originating from this X.25 interface, and the configuration based on address mapping takes effect only in the calls originating from this address mapping. If both configurations are made, the configuration based on address mapping takes priority.
1.
X.25 interface-based configuration
To configure X.25 user facility on X.25 interface basis: To do

1. Enter system view. 2. Define ROA list. 3. Enter interface view. 4. Specify CUG number.
Use the command

system-view x25 roa-list roa-name roa-id&<1-10> interface interface-type interface-number x25 call-facility closed-user-group number
Remarks
Optional Not defined by default Optional Not specified by default
325
To do
Use the command
Remarks
5. Perform max packet negotiation when initiating a call.
x25 call-facility packet-size input-packet output-packet
Optional Not configured by default
6. Perform window size negotiation when initiating a call.
x25 call-facility window-size input-window-size output-window-size
7. Request reverse charging when initiating a call. 8. Receive calls with reverse charging requests. 9. Request throughput-level negotiation when initiating a call. 10. Carry transmission delay request when initiating a call. 11. Specify ROA.
x25 call-facility reverse-charge-request x25 reverse-charge-accept
Optional Not configured by default Optional Not configured by default Optional Not configured by default Optional Not configured by default Optional Not configured by default
x25 call-facility threshold in out x25 call-facility send-delay milliseconds x25 call-facility roa-list name
To configure X.25 user facility on address mapping basis: To do

1. Enter system view. 2. Define ROA list. 3. Enter interface view.
Use the command

system-view x25 roa-list roa-name roa-id&<1-10> interface interface-type interface-number x25 map protocol-type protocol-address x121-address x.121-address closed-user-group number
Remarks
Optional Not defined by default
4. Specify the CUG number.
Optional Not specified by default
326
To do
Use the command
Remarks
5. Perform max packet negotiation when initiating a call.
x25 map protocol-type protocol-address x121-address x.121-address packet-size input-packet output-packet
6. Perform window size negotiation when initiating a call.
x25 map protocol-type protocol-address x121-address x.121-address window-size input-window-size output-window-size
7. Request reverse charging when initiating a call.
x25 map protocol-type protocol-address x121-address x.121-address reverse-charge-request x25 map protocol-type protocol-address x121-address x.121-address reverse-charge-accept x25 map protocol-type protocol-address x121-address x.121-address threshold in out x25 map protocol-type protocol-address x121-address x.121-address send-delay milliseconds x25 map protocol-type protocol-address x121-address x.121-address roa-list name
8. Receive calls with reverse charging requests. 9. Request throughput-level negotiation when initiating a call. 10. Carry transmission delay request when initiating a call.
Optional Not configured by default Optional Not configured by default Optional Not configured by default Optional Not configured by default
11. Specify ROA.
For CUG configuration, see Configuring X.25 closed user group.
Setting the queue length for all the virtual circuits on an interface
Specify the sending and receiving queue lengths of virtual circuit for X.25 to adapt to different network environments. The default queue length can contain 200 packets, but you can increase the number for the sake of preventing accidental packet loss in case of large traffic size or low X.25 network transmission rate. To set the queue length for all the virtual circuits on an interface: To do
Use the command

Remarks

To do
3. Set the queue length of X.25 virtual circuit.
Use the command

x25 queue-length queue-size
Remarks
Optional Defaults to 200
Enabling the sending of broadcast packets through X.25

Internetworking protocols must send some broadcast datagrams for specific purposes. On the broadcasting physical networks (such as Ethernet), such requirements are naturally supported. However, for non-broadcasting networks like X.25, how to realize the broadcasting? Determine whether to copy and send a broadcast to a destination. This is very important. For example, you must enable X.25 to send broadcast datagrams so that broadcast-based application layer routing protocols can exchange route information on an X.25 network. You can enable a virtual circuit to send broadcasting datagrams, regardless whether it is an SVC or PVC. To enable the sending of broadcast packets through X.25: To do
1. Enter system view. 2. Enter interface view. 3. Enable to send broadcasting packets to the peer of the SVC associated with this address mapping. 4. Enable to send broadcasting packets to the peer of this PVC.
Use the command

system-view interface interface-type interface-number x25 map protocol-type protocol-address x121-address x.121-address broadcast x25 pvc pvc-number protocol-type protocol-address x121-address x.121-address broadcast
Remarks

Required
Restricting the use of address mapping

Before a destination is called, this destination must be found in the address mapping table. Before a call is received, the source of this call must also be found in the address mapping table. However, in some cases, some address mappings are used for outgoing calls only, and others are used for incoming calls only. To restrict the use of an address mapping: To do
1. Enter system view. 2. Enter interface view. 3. Disable initiating calls using an address mapping. 4. Disable accepting calls using an address map.
Use the command

system-view interface interface-type interface-number x25 map protocol-type protocol-address x121-address x.121-address no-callout x25 map protocol-type protocol-address x121-address x.121-address no-callin
Remarks

Required
Required
328
Configuring X.25 switching

Configuring the basic X.25 switching functionality
A packet network consists of many interconnecting nodes based on a specific topology. A packet is sent from source to destination via a large number of nodes, of which each node needs to have packet switching capability. Simply speaking, X.25 packet switching means that, after receiving a packet from an X.25 port or Annex G DLCI, a switch selects a certain X.25 port or Annex G DLCI to send the packet according to the related destination information contained in the packet. Introducing X.25 switching enables the system to implement packet switching function at the packet layer. The device can act as a packet switch. Figure 118 X.25 switching
X.25 host
X.25 host
To configure the basic X.25 switching functionality: To do

1. Enter system view. 2. Enable X.25 switching.
Use the command

system-view x25 switching interface interface-type interface-number x25 vc-range { bi-channel ltc htc [ out-channel loc hoc ] | in-channel lic hic [ bi-channel ltc htc ] [ out-channel loc hoc ] | out-channel loc hoc } x25 switch pvc pvc-number1 interface interface-type interface-number [ dlci dlci-number ] pvc pvc-number2 [ option ] x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * interface interface-type interface-number [ dlci dlci-number ]
Remarks
Add a PVC. 3. Add a switching route.
Required
Add an SVC.
Required
Enabling/Disabling X.25 switching only affects call establishment, and does not affect the established links. The switching routes can be configured only after X.25 switching is enabled. If you disable the switching (by using the undo x25 switching command) after configuring some switching routes, then All static SVC routes are invisible in the related display command, and PVC routes are visible in the related display command.
329
If you execute the x25 switching command again without restart, SVC routes is restored and visible on using the display command. If you execute the save command and restart, all SVC and PVC routes are lost.
Because the default two-way channel range (LTC=1, HTC=1024) does not support PVC configuration, you must specify a virtual circuit range by using the x25 vc-range command to create a PVC.
Configuring flow control negotiation of X.25 switching

X.25 network X.25 network
Router A
Router B
Router C
As shown in Figure 1 Router A and Router C communicate through Router B. You can enable or disable on 19, Router B flow control negotiation between Router A and Router C. With flow control negotiation enabled between the two ends, if the flow control parameters on the connecting links at the two ends of Router B are inconsistent, the two ends negotiate to use the smaller parameters. Then, when Router B receives packets with M-bit 1, which indicates that subsequent fragments exist, Router B forwards the packets directly without processing them. With flow control negotiation disabled between the two ends, the flow control parameters of the links at the two ends of Router B can be different. When Router B receives packets with M-bit 1, it reassembles the fragments and then forwards the assembled packets instead of forwarding the fragments directly. When Router B forwards packets to Router C, Router B may re-fragment the packets depending on the flow control parameters of the link between Router B and Router C.
By default, flow control negotiation is enabled for X.25 switching. To configure flow control negotiation on an X.25 interface: To do
1. Enter system view. 2. Enter interface view. 3. Enable flow control negotiation for X.25 switching.
Use the command

system-view interface interface-type interface-number x25 flowcontrol
Remarks
Required Enabled by default
Configuring X.25 load sharing

With the X.25 hunt group feature, network providers can load balance traffic across DTEs or links on a DTE to prevent a link from being overwhelmed by excessive accesses. In an X.25 network, load sharing is provided by DCEs. Skip this section, if your device is working as a DTE. The following shows how X.25 load sharing is implemented: Configure a set of DTE/DCE interfaces (synchronous serial interfaces or XOT channels) as a hunt group on the remote DCE, and assign an X.121 address for this hunt group. When a device accesses a DTE in the hunt group, the device calls the hunt group address.
330
After receiving the call request, the remote DCE selects a line from the hunt group in the round-robin or VC-number approach, and send the incoming call. The DCE distributes calls across the lines in the hunt group to implement load sharing.
X.25 load sharing is available only for SVCs, because PVCs do not have the call setup or clearing phase. Line selection in an X.25 hunt group occurs only at the virtual circuit establishment phase. After a virtual circuit is established, the DCE follows the normal procedure to transfer data on the virtual circuit. All DTEs in an X.25 hunt group use the same X.121 address. They can call DTEs outside the hunt group in the normal call procedure. When a device accesses a hunt group, it does not know which device it is accessing. Line selection is controlled by the DCE. The address of the DTEs in a hunt group can be the same as the hunt group address. X.25 hunt groups support source address and destination address substitution. With destination address substitution, you can hide the DTE address in a hunt group from DTEs outside the hunt group for security. In this approach, the DTEs outside the hunt group know only the hunt group address. With source address substitution, you can hide the DTE addresses outside the hunt group from the DTEs inside the hunt group for user privacy protection. In this approach, the DTEs inside the hunt group know only the substitution address. Figure 120 X.25 load sharing scenario
HG 1 8888 Terminal A
9999
Server A

Terminal B Router A
9999
Server B Terminal C
In Figure 120, server A and server B, which are providing identical services, are assigned to hunt group HG 1. Server A and server B use the address 9999, and the hunt group uses the address 8888. Enable destination address substitution on Router A to replace the address 8888 with the address 9999. When a user calls the destination address 8888, Router A redirects the call to the address 9999 and then transmits it to server A or server B. Router A processes all calls to the address 8888 in this way to load balance the calls between server A and server B, preventing a single server from being overloaded when the other is idle. Configure an X.25 hunt group to select lines in either round-robin mode or vc-number mode: The round-robin mode uses a cyclic selection method to select the next interface or XOT channel inside the hunt group for each call. For example, in Figure 120, if hunt group HG 1 uses the round-robin mode, the call is sent in turn to server A or server B. The vc-number mode selects the interface with the maximum idle logical channels inside the hunt group for each call. For example, in Figure 120, if the hunt group HG 1 uses the vc-number mode, the remaining logical channels of the lines between server A and DCE are 500, and those of the lines between server B and DCE are 300. The first 200 calls are sent to server A, and the subsequent calls are sent in turn to server A or server B.
331
An X.25 hunt group can comprise both synchronous serial interfaces and XOT channels. It can select a line from them indiscriminately. However, you cannot assign XOT channels to a hunt group in vc-number mode, because the device cannot calculate the number of logical channels.
A hunt group can contain up to 10 synchronous serial interfaces, Annex G DLCIs, or XOT channels. You cannot add XOT channels to a hunt group configured with the vc-number mode. If your device is working as a DCE, you can configure it to perform load sharing. To perform load sharing, you must set the call destination on the source DTE as a hunt group address. To configure X.25 load sharing on a DCE: To do
1. Enter system view. 2. Enable X.25 switching. 3. Create an X.25 hunt group and enter its view. 4. Add an interface or Annex G DLCI to the hunt group. 5. Add an XOT channel to the hunt group. 6. Exit to system view.
Use the command

system-view x25 switching x25 hunt-group hunt-group-name { round-robin | vc-number } channel interface interface-type interface-number [ dlci dlci-number ] channel xot ip-address quit x25 switch svc x.121-address [ sub-dest destination-address | sub-source source-address ] * hunt-group hunt-group-name [ xot-source interface-type interface-number ]
Remarks
Required Not enabled by default Required
Required
7. Create an X.25 switching route to the hunt group.
Configuring X.25 closed user group

CUG is a call restriction service provided by X.25 among all its optional services. It governs call receiving and initiating capabilities of users (DTEs), allowing users in the same CUG to call each other and forbidding users in different CUGs to do so. This allows a private data communication subnet to form over public X.25 data communications networks for an organization. A user may belong to multiple CUGs. When the user calls another user in a CUG, the CUG number is included in its capability negotiation message. The user may also be set not to belong to any CUG, in which case the capability message does not carry CUG information. When used as DCE, the CUG function is shown in Figure 121.
332
Figure 121 CUG function implementation

Call 1 Bar outgoing Release call
X.25 network
Call 2 Bar incoming Release call
Call 1: DTE originates a call, but outgoing capability is barred, so the call is removed by DCE with CUG enabled. Call 2: DCE receives a call request and requests a connection with DTE. CUG function is enabled on DCE and the incoming capability is barred, so the call is removed by DCE.
1.
CUG function
You must enable CUG function first before configuring it, which by default is not enabled. After CUG function is enabled, all calls, including those with or without CUG facilities are suppressed. You can also define some suppression policies for CUG to process calls in different ways. Two types of CUG suppression policies are available. One is to suppress all incoming calls, where the system removes the CUG facilities of all incoming calls with CUG facilities. The other is to suppress the incoming calls matching the mapping specified as the preference rule, where the system removes the CUG facilities only of those incoming calls matching the mapping specified as preference rule, but allows other incoming calls with CUG facilities pass through. The details are: Incoming suppression policy, in which the system lets the incoming calls without CUG facilities pass through, but suppresses the incoming calls with CUG facilities but without access configuration configured by the CUG mapping rule. Outgoing suppression policy, in which the system lets the outgoing calls without CUG facilities pass through, but suppresses the outgoing calls with CUG facilities but without access configuration configured by the CUG mapping rule. All suppression policy, in which the system removes CUG facilities (if any) and makes call processing for all incoming calls. This policy is ineffective to outgoing calls. Preference mapping suppressing policy, in which the system removes CUG facilities and makes call processing for the incoming calls with CUG facilities and with preference mapping rule, but lets the incoming calls without preference mapping rule pass through. This policy is ineffective to outgoing calls.
You can only configure the CUG function on an X.25 interface working as DCE, and you must specify the serial interface as DCE when specifying the X.25 protocol on it.
2.
CUG mapping and suppression rule
CUG mapping refers to CUG number conversation from local end (DTE) to network end (X.25) during CUG call processing. For example, when processing the call from the DTE with CUG 10 to DTE with CUG 20, the system first searches the mapping table for this mapping entry: if the table has this entry, it forwards the packets, if not, it denies the forwarding. Define suppression rules in configuring CUG mapping, including the following types: Outgoing call restriction Incoming call restriction Specifying as the preference rule
333
Specifying as the preference rule depends on the CUG suppression policy. If the suppression policy is configured as only suppressing the CUG of preference mapping, the system removes the CUG facilities in the incoming call packet of this mapping and makes call processing. You must configure CUG function on X.25 DCE interface, and you must specify it as DCE end when enabling X.25 encapsulation on serial interface.
To configure CUG: To do
1. Enter system view. 2. Enter interface view. 3. Enable CUG function and configure the suppression policy. 4. Configure a local CUG to network CUG mapping and define suppression rule.
Use the command

system-view interface interface-type interface-number x25 cug-service [ incoming-access | outgoing-access | suppress { all | preferential } ] * x25 local-cug local-cug-number network-cug network-cug-number [ no-incoming | no-outgoing | preferential ]*
Remarks
Required Disabled by default Required Not configured by default
The x25 cug-service and x25 local-cug commands are supported only on the X.25 DCE interface. You must specify the interface as DCE when enabling X.25 encapsulation on the serial interface.
Configuring X.25 PAD remote access service

Introduction to X.25 PAD
PAD is an X.25 specific concept. Traditionally, only X.25 terminals could connect to an X.25 network. These terminals must be packet terminals that support X.25 procedures in terms of hardware and software. However, many terminals in common use are non-X.25 terminals. They either have no intelligence available with packet terminals or have intelligence but do not support X.25 procedures. Examples of such terminals are keyboards, monitors, and printers. To allow these devices to communicate on X.25 networks, X.25 PAD was developed. X.25 PAD provides a mechanism to connect non-X.25 terminals to an X.25 network. As shown in Figure 122, a PAD facility is placed between non-X.25 terminals and an X.25 network, allowing them to communicate with other terminals across the X.25 network. Figure 122 Interfacing function of PAD
Non-X.25 terminal
X.25 network
X.25 procedure
Non-X.25 procedure
X.25 PAD functions to provide: X.25 procedures support for connectivity and communication with X.25 networks. Non-X.25 procedures support for connectivity with non-X.25 terminals.
334
Capabilities allowing non-X.25 terminals to set up calls, transmit data, and clear calls. Capabilities allowing non-X.25 terminals to observe and modify interface parameters to accommodate to different terminals.
X.25 PAD facilities are regarded as procedure translators or network servers, helping different terminals access X.25 networks. The system implements X.29 and X.3 protocols in the X.25 PAD protocol suite. In addition, it implements X.29-based Telnet. This allows you to telnet to a remote router through X.25 PAD when IP-based Telnet is not preferred for security sake, as shown in Figure 123. Figure 123 Log in to a remote router through X.25 PAD
S2/0 S2/0
X.25 network
Router A Router B
Configuring X.25 PAD

Placing an X.25 PAD call to log in to a remote device
If two routers on an X.25 network support X.25 PAD, use the pad command to place an X.25 PAD call on one router (the client) to log in to the other router (the server). If authentication is configured, the server authenticates the client before allowing it to log in. After logging onto the server, access the configuration interface of the server and then configure the server. Nest a pad command within another pad command or a telnet command. By nesting commands, you can do the following on your router: Place an X.25 PAD call to log in to another router; and from that router, place another X.25 PAD call to log in to a third router, and so on. Telnet to another router; and from that router, place an X.25 call to log in to a third router, and so on. Place an X.25 PAD call to log in to another router; and from that router, telnet to a third router, and so on.
To ensure transmission, limit nesting operations within three. Logout operations are done in the reverse direction. Execute the quit command multiple times to log out of the logged-in router and all the in-between routers one by one.
Setting the delay waiting for the response to an Invite Clear message
The server end of X.25 PAD may send an Invite Clear message to the client, for example, after receiving an exit request from client or in order to release the link. At the same time, a timer is started. If no response is received on expiration of the timer, the server clears the link.
To configure X.25 PAD: To do
1. Enter system view. 2. Set the delay waiting for the response to an Invite Clear message.
Use the command

system-view x29 timer inviteclear-time seconds
Remarks
Optional Defaults to 5 seconds
335
To do
3. Exit to user view. 4. Place an X.25 PAD call to the specified X.121 address.
Use the command

quit pad x.121-address
Remarks
Required
Configuring X.25 over TCP (XOT)

XOT
XOT carries X.25 packets over TCP to connect two X.25 networks across an IP network. Figure 124 presents an XOT application environment. Figure 124 Typical XOT application
IP network
Router B Router C
X.25 network
X.25 network
Router A
Router D
X.25 depends on its link layer protocol LAPB to provide reliable links. To ensure link reliability within the IP network, XOT uses TCP, which offers reliable transmission and window flow control mechanisms, to tunnel X.25 packets across the IP network as application payload. In this case, TCP works at the link layer for X.25 and the IP network is analogous to a big X.25 switch. See Figure 124. The following describes how XOT works to forward X.25 packets from Router A to Router D (this example uses SVCs): Router A sends a call request to Router D for setting up a virtual circuit. Router B receives the request and decides that this is an XOT application. It sets up a TCP connection with Router C, adds an XOT header to the X.25 call packet, and encapsulates the packet in a TCP packet, and transmits the TCP packet to Router C. Router C receives the TCP packet, removes the TCP and XOT headers, and forwards the call request to Router D by performing X.25 local switching. After receives the X.25 call request, Router D sends back a call acknowledgement to Router A through Router C and Router B. After receiving the call acknowledgement, Router A and Router D establishes a link for data transmission.
During this process, the TCP connection establishment between Router B and Router C is transparent to Router A and Router D, which do not care whether data is forwarded via an IP or X.25 network.
336
HP implements XOT in compliance with RFC 1613, delivering these features: Supports SVCs. Two devices can dynamically establish an SVC by sending call packets. When no data is present, the SVC is cleared automatically. Supports PVCs. Once you configure a PVC between two devices, it enters the data transmission state directly without going through the call establishment process. Even if no data is present, the PVC remains. Supports the TCP keepalive function. If TCP keepalive is configured, TCP checks link availability regularly. If TCP fails to receive responses from its peer for several times, it considers that the link has failed and disconnects the TCP connection automatically. If TCP keepalive is not configured, TCP connection may remain for a long time after the link fails.
Configuring XOT
To configure XOT: To do
1. Enter system view. 2. Enable X.25 switching. 3. Enter interface view.
Use the command

system-view x25 switching interface interface-type interface-number ip address ip-address { mask | mask-length } or ip address unnumbered interface interface-type interface-number quit x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * xot ip-address&<1-6> [ xot-option ] x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * interface interface-type interface-number
Remarks
Required due to X.25 extension. Not enabled by default.
4. Specify an IP address for the IP side interface.
Required. Make sure the IP network operates properly.
5. Exit to system view.
Required.
6. Configure an XOT route to route X.25 packets via the IP network.
Configure a SVC XOT route.
Required. Use this command to specify the local switching interface that forwards received packets for SVC application.
Configure PVC XOT route in interface view.
interface interface-type interface-number Required. x25 vc-range { bi-channel ltc htc [ out-channel loc hoc ] | in-channel lic hic [ bi-channel ltc htc ] [ out-channel loc hoc ] | out-channel loc hoc } 337
To do
Use the command

x25 xot pvc pvc-number1 ip-address interface interface-type interface-number pvc pvc-number2 [ xot-option | packet-size input-packet output-packet | window-size input-window-size output-window-size ] *
Remarks
7. Configure XOT optional attributes.
See Configuring XOT optional attributes.
Optional.
In SVC mode, X.25 routes are required. Because the default two-way channel range (LTC=1, HTC=1024) does not support PVC configuration, you must specify a virtual circuit range by using the x25 vc-range command to create a PVC. For more information about IP address configuration, see Layer 3IP Services Command Reference.
Configuring XOT optional attributes

After a TCP link is established, TCP also is not cleared easily even if the link is interrupted. However, after the Keepalive attribute is configured, the router periodically sends the detection packet to check the availability of the link. If it has not received the acknowledgement after sending packets for many times, the router deems the link fault and initiatively clears the TCP connection. To configure XOT optional attributes: To do
Use the command

system-view x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * xot ip-address&<1-6> [ xot-option ] interface interface-type interface-number
Remarks
2. Configure the SVC Keepalive and source attributes.
Optional
3. Configure the PVC Keepalive and source attributes.
x25 xot pvc pvc-number1 ip-address interface interface-type interface-number pvc pvc-number2 [ xot-option | packet-size input-packet output-packet | window-size input-window-size output-window-size ] *
Optional
Table 7 Options of the xot-option parameter Option

timer seconds
Indicates
Keepalive timer for the XOT connection, in the range 1 to 3600 seconds. On its timeout the router begins to send keepalive messages to test availability of the connection
338
Option
retry times
Indicates
The maximum number of Keepalive packet sending attempts, in the range 3 to 3600. When the number of keepalive packet sending attempts exceeds the limit, the XOT connection is disconnected Interface where the XOT connection is initiated
source interface-type interface-number
Configuring X.25 over FR

X.25 over FR
X.25 over FR carries X.25 packets over FR to interconnect two X.25 networks across an FR network, as shown in Figure 125. Figure 125 X.25 Over FR network diagram
FR network
Router B Router C
X.25 network
X.25 network
Router A
Router D
Configuring an SVC application of X.25 over FR

X.25 over FR is an extension to X.25 switching, so you must enable X.25 switch first. To configure SVC application of X.25 over FR: To do
1. Enter system view. 2. Enable X.25 switching. 3. Enter interface view. 4. Specify the link layer protocol as FR. 5. Specify the FR interface type.
Use the command

system-view x25 switching interface interface-type interface-number link-protocol fr [ ietf | nonstandard ] fr interface-type { dce | dte | nni }
Remarks
Required. Not enabled by default. Required. PPP by default. Required. DTE by default.
339
To do
6. Configure an FR DLCI and enter its view. 7. Configure the FR DLCI as Annex G DLCI.
Use the command

fr dlci dlci-number annexg { dce | dte } x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * interface interface-type interface-number x25 switch svc [ -number ] x.121-address [ sub-dest destination-address | sub-source source-address ] * interface interface-type interface-number dlci dlci-number
Remarks
Required. Required. Required. After receiving a packet on the SVC, the packet is forwarded via a local interface. Use this command to configure the local forward interface.
8. Configure the SVC route.
9. Configure the X.25 over FR SVC route.
Required.
Configuring a PVC application of X.25 over FR

X.25 over FR is an extension to X.25 switching, so you must enable X.25 switch first. To configure PVC application of X.25 over FR: To do
1. Enter system view. 2. Enable X.25 switching. 3. Create an X.25 template.
Use the command

system-view x25 switching x25 template { name } x25 vc-range { bi-channel ltc htc [ out-channel loc hoc ] | in-channel lic hic [ bi-channel ltc htc ] [ out-channel loc hoc ] | out-channel loc hoc } x25 switch pvc pvc-number1 interface interface-type interface-number [ dlci dlci-number ] pvc pvc-number2 [ option ] quit interface interface-type interface-number link-protocol fr [ ietf | nonstandard ] fr interface-type { dce | dte | nni }
Remarks
Required Not enabled by default Required
4. Specify the virtual circuit range.
Required
5. Configure a PVC route under the X.25 template.
Required
6. Return to system view. 7. Enter interface view. 8. Configure the link layer protocol as FR. 9. Configure the FR interface type.
Required PPP by default Required DTE by default
340
To do
10. Configure an FR DLCI and enter its view. 11. Configure the FR DLCI as Annex G DLCI. 12. Apply the X.25 Template to the Annex G DLCI. 13. Return to system view. 14. Enter interface view. 15. Configure the link layer protocol as X.25.
Use the command

fr dlci dlci-number annexg { dce | dte } x25-template name quit interface interface-type interface-number link-protocol x25 [ dce |dte ] [ ietf | nonstandard ] x25 switch pvc pvc-number1 interface interface-type interface-number [ dlci dlci-number ] pvc pvc-number2 [ option ]
Remarks
Required Required Required Required PPP by default
16. Configure a PVC route.
Required
Configuring X2T
The X2T switch connects X.25 to TCP/IP networks, allowing the access between X.25 and IP hosts. Figure 126 shows a typical X2T application scenario. Figure 126 Typical X2T application scenario
X.25 terminal
Router TCP
IP host TCP IP Data Link Layer Physical Layer
X.25
X.25
X2T IP Data Link Layer
LAPB Physical Layer
LAPB
The X.25 terminal has an X.121 address to the IP host. Whenever the router receives an X.25 call request packet, it checks the destination address of X.121 in the packet and looks up in the X2T routing table for a match. If a matching route is found, the router is set up a TCP connection with the host at the destination IP address of the X2T route. After that, the router extracts the pure data from the X.25 packet and sends it to the IP host through the TCP connection. The IP host can go through the IP address on the interface of the IP network to access the X.25 host. Whenever the router receives a TCP connection request, it checks the destination IP address and TCP port number of the TCP connection and looks up in the X2T routing table for a match. If a match is found, the router sets up an X.25 SVC destined to the host at the associated destination X.121 address of the X2T route. After that, the router extracts the pure data from the TCP packet and sends them to the X.25 host through the X.25 SVC. If the router sets up a PVC connection with the X.25 host, it transmits the data directly to X.25 host through X.25 PVC.
341
Number of X2T mapping entries varies by device. The maximum number of entries is 100 by default, including both entries configured by using the translate ip and translate x25 commands. When specifying a port number by using the translate ip command, for an IP address using one port, specify port 102; for an IP address using multiple ports, specify port numbers from 1024 to 5000 instead of well-known port numbers such as 21, 23 to avoid network failures. To configure X2T: To do
1. Enter system view. 2. Enable X.25 switching. 3. Configure an X.25 interface.
Use the command

system-view x25 switching See Configuring the basic parameters of an X.25 interface. See Layer 3IP Services Configuration Guide. translate x25 x.121-address ip ip-address port port-number translate ip ip-address port port-number pvc interface-type interface-number pvc-number
Remarks
Required Required Unnecessary to specify an X.121 address for the interface Required Required
4. Configure an IP interface.. 5. Configure an X.25-to-IP X2T forwarding route. Configure a PVC forwarding route for a PVC link.
Required
6. Configure an IP-to-X.25 X2T forwarding route.
Configure an SVC route and a forwarding route for an SVC link.
translate ip ip-address port port-number x25 x.121-address x25 switch svc [ -number ] x.121-address [ sub-dest destination-address ] [ sub-source source-address ] * interface interface-type interface-number [ dlci dlci-number ]
Required
Required
Displaying and maintaining LAPB and X.25

To do
Display the X.25 alias table.
Use the command

display x25 alias-policy [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] display x25 map [ | { begin | exclude | include } regular-expression ]
Remarks
Display the X.25 address mapping table.
342
To do
Use the command

display x25 cug { local-cug [ local-cug-number ] | network-cug [ network-cug-number ] } [ | { begin | exclude | include } regular-expression ] display x25 pad [ pad-id ] [ | { begin | exclude | include } regular-expression ] display x25 switch-table svc { dynamic | static } [ | { begin | exclude | include } regular-expression ] display x25 switch-table pvc [ | { begin | exclude | include } regular-expression ] display x25 vc [ lci-number ] [ | { begin | exclude | include } regular-expression ] display x25 xot [ | { begin | exclude | include } regular-expression ] display x25 x2t switch-table [ | { begin | exclude | include } regular-expression ] display x25 hunt-group-info [ hunt-group-name ] [ | { begin | exclude | include } regular-expression ] reset x25 { counters interface interface-type interface-number | vc interface interface-type interface-number [ vc-number ] } reset xot local local-ip-address local-port remote remote-ip-address remote-port reset lapb statistics
Remarks
Display CUG configurations.
Display X.25 PAD connection information.
Display the X.25 switching table.
Display the X.25 PVC switching table. Display the specified X.25 virtual circuit. Display X.25 XOT connection information. Display the X2T dynamic switching table.
Display X.25 hunt group information.
Clear X.25 interface statistics or virtual circuits.
Clear (reset) an XOT connection. Clear the LAPB statistic information.
Available in interface view
LAPB configuration example

As shown in Figure 127, two routers are connected back to back by LAPB-enabled serial interfaces. Run IP on the interfaces to transmit IP datagrams.
343

S2/0 10.1.1.2/8 S2/0 10.1.1.1/8
Router A
Router B
1.
Configure Router A.
# Enter interface view.

<RouterA> system-view [RouterA] interface serial 2/0
# Assign an IP address for the interface.

# Configure the link layer protocol of the interface as LAPB, and specify it to work in DTE mode.
[RouterA -Serial2/0] link-protocol lapb dte
# Configure other LAPB parameters.

[RouterA-Serial2/0] lapb modulo 128 [RouterA-Serial2/0] lapb window-size 127 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown
2.
Configure Router B.

<RouterB> system-view [RouterB] interface serial 2/0

# Configure the link layer protocol of the interface as LAPB, and specify it to work in DCE mode.
[RouterB-Serial2/0] link-protocol lapb dce
# Configure other LAPB parameters.

[RouterB-Serial2/0] lapb modulo 128 [RouterB-Serial2/0] lapb window-size 127 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown
The IP addresses of the two connected interfaces must be on the same network segment. If they are not on the same network segment, you must configure a static route in between and make sure the traffic control parameters of both sides are the same.
Verifying the configuration

# Display information about interface Serial 2/0 on Router A.
[RouterA-Serial2/0] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
344
Internet Address is 10.1.1.2/8 Primary Link-protocol is LAPB LAPB DTE, module 128, window-size 127, max-frame 12032, retry 10 Timer: T1 3000, T2 1500, T3 0 , T4 0 (milliseconds), IP-protocol state CONNECT, VS 6, VR 0, Remote VR 6 IFRAME 0/6, RR 6/0, RNR 0/0, REJ 0/0 FRMR 0/1, SABM 3/19, DM 0/1, UA 0/1 DISC 0/0, invalid ns 0, invalid nr 0, link resets 0 Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) 0/100/0 0/500/0 0/75/0
Physical layer is synchronous, Virtual baudrate is 64000 bps Interface is DTE, Cable type is V24, Clock mode is DTECLK1 Last clearing of counters: Never Last 300 seconds input rate 2.26 bytes/sec, 18 bits/sec, 0.19 packets/sec Last 300 seconds output rate 2.54 bytes/sec, 20 bits/sec, 0.22 packets/sec Input: 627 packets, 7462 bytes 0 broadcasts, 0 multicasts 0 errors, 0 runts, 0 giants 0 CRC, 0 align errors, 0 overruns 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:633 packets, 7737 bytes 0 errors, 0 underruns, 0 collisions 0 deferred DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
# Display information about interface Serial 2/0 on Router B.

[RouterB-Serial2/0] display interface serial 2/0 Serial2/0 current state: UP Line protocol current state: UP Description: Serial2/0 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.1.1.1/8 Primary Link-protocol is LAPB LAPB DCE, module 128, window-size 127, max-frame 12032, retry 10 Timer: T1 3000, T2 1500, T3 0 , T4 0 (milliseconds), IP-protocol state CONNECT, VS 66, VR 112, Remote VR 66 IFRAME 240/194, RR 1/44, RNR 0/0, REJ 0/0 FRMR 1/0, SABM 0/3, DM 1/0, UA 1/0 DISC 0/0, invalid ns 0, invalid nr 0, link resets 1 Output queue : (Urgent queuing : Size/Length/Discards) Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Physical layer is synchronous, Baudrate is 64000 bps Interface is DCE, Cable type is V24, Clock mode is DCECLK Last clearing of counters: Never Last 70 seconds input rate 6.69 bytes/sec, 53 bits/sec, 0.10 packets/sec Last 70 seconds output rate 0.30 bytes/sec, 2 bits/sec, 0.10 packets/sec 0/100/0 0/500/0 0/75/0
345
Input: 865 packets, 20440 bytes 0 broadcasts, 0 multicasts 0 errors, 0 runts, 0 giants 0 CRC, 0 align errors, 0 overruns 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:861 packets, 17678 bytes 0 errors, 0 underruns, 0 collisions 0 deferred DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
X.25 configuration examples

Direct connection of two routers connecting through serial interfaces (one address mapping)
As shown in Figure 128, IP packets can be transmitted between serial interfaces over the X.25 link layer protocol. Only one IP to X.121 mapping is available on Router A. Figure 128 Network diagram
Router A
Router B
1.
Configure Router A.


# Configure the link layer protocol of the interface as X.25, and configure the interface to operate in DTE mode.
[RouterA-Serial2/0] link-protocol x25 dte
# Assign an X.121 address to the interface.

[RouterA-Serial2/0] x25 x121-address 20112451
# Configure the address mapping to the peer.

[RouterA-Serial2/0] x25 map ip 202.38.60.2 x121-address 20112452
# Configure the maximum packet size allowed and the window size.
[RouterA-Serial2/0] x25 packet-size 1024 1024 [RouterA-Serial2/0] x25 window-size 5 5 [RouterA-Serial2/0] shutdown
346
[RouterA-Serial2/0] undo shutdown
2.
Configure Router B.

# Assign an IP address to the interface.

# Configure the link layer protocol of the interface as X.25, and specify it to operate in DCE mode.
[RouterB-Serial2/0] link-protocol x25 dce
#Assign an X.121 address for the interface.

[RouterB-Serial2/0] x25 x121-address 20112452
# Configure address mapping to the peer.

[RouterB-Serial2/0] x25 map ip 202.38.60.1 x121-address 20112451
[RouterB-Serial2/0] x25 packet-size 1024 1024 [RouterB-Serial2/0] x25 window-size 5 5 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown
Because the IP to X.121 mapping is available, IP addresses of both ends can be on different network segments and no static route is needed.

The virtual circuit configured in this example is an SVC. The routers establish it only when they need to communicate. # Ping Router B from Router A.
[RouterA-Serial2/0] ping 202.38.60.2 PING 202.38.60.2: 56 data bytes, press CTRL_C to break Reply from 202.38.60.2: bytes=56 Sequence=1 ttl=255 time=33 ms Reply from 202.38.60.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 202.38.60.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 202.38.60.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 202.38.60.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 202.38.60.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 26/27/33 ms
The output shows that the SVC has been established between the two routers. # Display the X.25 address mapping table on Router A.
[RouterA-Serial2/0] display x25 map Interface: Serial2/0(protocol status is UP) ip 202.38.60.2 X.121 address:20112452 VC-number: 1 Map-type: SVC_MAP
347
Facility:
# Display X.25 virtual circuit information on Router A.

[RouterA-Serial2/0] display x25 vc Interface: Serial2/0 SVC 1024 State: P4(transmit) Map: ip 202.38.60.2 to 20112452 Window size: input 5 Local PS: 5 output 5 output 1024 Remote PS: 4 Remote PR: 5 Packet Size: input 1024 Local PR: 5 Local Busy: FALSE Input/Output: DATA 5/5 RR 0/0 INTERRUPT 0/0 RNR 0/0 REJ 0/0
Reset times: 0
Bytes 420/420 Send Queue(Current/Max): 0/200
Direct connection of two routers connecting through serial interfaces (two address mappings)
As shown in Figure 129, IP packets can be transmitted between serial interfaces over the X.25 link layer protocol. Two IP to X.121 mappings are available on Router A. Figure 129 Network diagram
Router A
Router B
1.
Configure Router A.


# Configure the link layer protocol as X.25 and the interface to operate in DTE mode.
[RouterA-Serial2/0] link-protocol x25 dte
# Assign an X.121 address for the interface.

# Configure address mappings to the peer.

[RouterA-Serial2/0] x25 map ip 202.38.161.2 x121-address 20112452 [RouterA-Serial2/0] x25 map ip 202.38.160.2 x121-address 20112452
348
[RouterA-Serial2/0] x25 packet-size 1024 1024 [RouterA-Serial2/0] x25 window-size 5 5 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown
2.
Configure Router B.

# Assign an IP address to the interface.

# Configure the link layer protocol of the interface as X.25 and specify the interface to operate in DCE mode.
[RouterB-Serial2/0] link-protocol x25 dce

[RouterB-Serial2/0] x25 x121-address 20112452
# Configure an address mapping to the peer.

[RouterB-Serial2/0] x25 map ip 202.38.160.1 x121-address 20112451
[RouterB-Serial2/0] x25 packet-size 1024 1024 [RouterB-Serial2/0] x25 window-size 5 5 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown
# Because the peer (Router A) has two IP addresses corresponding to the X.121 address at the local end (Router B) and the local IP address is not in the first mapping, two virtual circuits are created when connection is being established. You must specify the maximum number of virtual circuits in the mapping as 2.
[RouterB-Serial2/0] x25 vc-per-map 2

The virtual circuit configured in this example is an SVC. The routers establish it only when they must communicate. # Ping Router B from Router A.
[RouterA-Serial2/0] ping 202.38.160.2 PING 202.38.160.2: 56 data bytes, press CTRL_C to break Reply from 202.38.160.2: bytes=56 Sequence=1 ttl=255 time=33 ms Reply from 202.38.160.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 202.38.160.2: bytes=56 Sequence=3 ttl=255 time=27 ms Reply from 202.38.160.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 202.38.160.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 202.38.160.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 26/27/33 ms
The output shows that the SVC has been established between the two routers.
349
# Display the X.25 address mapping table of Router A.

[RouterA-Serial2/0] display x25 map Interface: Serial2/0(protocol status is UP) ip 202.38.160.2 Facility: ip 202.38.161.2 Facility: X.121 address:20112452 VC-number: 0 Map-type: SVC_MAP X.121 address:20112452 VC-number: 1 Map-type: SVC_MAP
# Display the X.25 virtual circuit information of Router A.

[RouterA-Serial2/0] display x25 vc Interface: Serial2/0 SVC 1024 State: P4(transmit) Map: ip 202.38.160.2 to 20112452 Window size: input 5 Local PS: 5 output 5 output 1024 Remote PS: 4 Remote PR: 5 Packet Size: input 1024 Local PR: 5 Local Busy: FALSE Input/Output: DATA 5/5 RR 0/0 INTERRUPT 0/0 RNR 0/0 REJ 0/0
Reset times: 0
Connecting the router to X.25 public packet network

As shown in Figure 130, perform configurations to satisfy the following requirements: The IP addresses of the interfaces Serial 2/0 of the three routers are 168.173.24.1/24, 168.173.24.2/24, and 168.173.24.3/24. The X.121 addresses assigned to the three routers are 30561001, 30561002, and 30561003. The standard window size supported by the packet network: both receiving window and sending window are 5. The standard maximum packet size: both the maximum receiving packet size and the maximum sending packet size are 512. Channel range: permanent virtual circuit range, incoming-only channel range and outgoing-only channel range are disabled, and two-way channel range is 1 to 32.
350

S2/0 168.173.24.2/24 X121 address: 30561002
Router B
X.25 network
Router A X121 address: 30561001
S2/0 168.173.24.1/24 S2/0 168.173.24.3/24 X121 address: 30561003
Router C
1.
Configure Router A.

# Access the public packet network, and configure the router to operate in DTE mode.
[RouterA-Serial2/0] link-protocol x25 dte [RouterA-Serial2/0] x25 x121-address 30561001 [RouterA-Serial2/0] x25 window-size 5 5 [RouterA-Serial2/0] x25 packet-size 512 512 [RouterA-Serial2/0] x25 vc-range bi-channel 1 32 [RouterA-Serial2/0] x25 map ip 168.173.24.2 x121-address 30561002 [RouterA-Serial2/0] x25 map ip 168.173.24.3 x121-address 30561003 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown
2.
Configure Router B.

[RouterB-Serial2/0] link-protocol x25 dte [RouterB-Serial2/0] x25 x121-address 30561002 [RouterB-Serial2/0] x25 window-size 5 5 [RouterB-Serial2/0] x25 packet-size 512 512 [RouterB-Serial2/0] x25 vc-range bi-channel 1 32 [RouterB-Serial2/0] x25 map ip 168.173.24.1 x121-address 30561001 [RouterB-Serial2/0] x25 map ip 168.173.24.3 x121-address 30561003 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown
3.
Configure Router C.
351

<RouterC> system-view [RouterC] interface serial 2/0 [RouterC-Serial2/0] ip address 168.173.24.3 255.255.255.0
[RouterC-Serial2/0] link-protocol x25 dte [RouterC-Serial2/0] x25 x121-address 30561003 [RouterC-Serial2/0] x25 window-size 5 5 [RouterC-Serial2/0] x25 packet-size 512 512 [RouterC-Serial2/0] x25 vc-range bi-channel 1 32 [RouterC-Serial2/0] x25 map ip 168.173.24.1 x121-address 30561001 [RouterC-Serial2/0] x25 map ip 168.173.24.2 x121-address 30561002 [RouterC-Serial2/0] shutdown [RouterC-Serial2/0] undo shutdown

Ping Router B and Router C from Router A. Check that Router A can reach Router B and Router C. # Display the X.25 address mapping table on Router A, for example.
[RouterA-Serial2/0] display x25 map Interface: Serial2/0(protocol status is UP) ip 168.173.24.2 Facility: ip 168.173.24.3 Facility: X.121 address:30561003 VC-number: 1 Map-type: SVC_MAP X.121 address:30561002 VC-number: 1 Map-type: SVC_MAP
Configuring virtual circuit range

The link layer protocol of the router interface Serial 2/0 is X.25, and virtual circuit ranges are as follows: PVC range 1 to 8, incoming-only channel range is 9 to 16, two-way channel range is 17 to 1024, and outgoing-only channel range is disabled.
<Router> system-view [Router] interface serial 2/0 [Router-Serial2/0] link-protocol x25 [Router-Serial2/0] x25 vc-range in-channel 9 16 bi-channel 17 1024 [Router-Serial2/0] shutdown [Router-Serial2/0] undo shutdown

# Display the configuration of interface Serial2/0.
[Router-Serial2/0] display this # interface Serial2/0 link-protocol x25
352
x25 vc-range in-channel 9 16 bi-channel 17 1024 # return
Transmitting IP datagrams through X.25 PVCs

As shown in Figure 131, The PVC range that the packet network allows is 1 to 8. The PVC numbers assigned to Router A and Router B are 3 and 4. The IP addresses of LAN 1 and LAN 2 are 202.38.165.0/24 and 196.25.231.0/24. Exchange route information between LAN 1 and LAN 2 by using RIP, so that Host A and Host B can exchange information without any static route.
X.25 network
PVC 3
S2/0 192.149.13.1/24 X121 address: 1004358901
PVC 4
S2/0 192.149.13.2/24 X121 address: 1004358902
Router A
Eth1/1 202.38.165.1/24
Router B
Eth1/1 196.25.231.1/24
LAN 1
LAN 2
Host A
Host B
1.
Configure Router A.
# Configure interface Ethernet 1/1.

<RouterA> system-view [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 202.38.165.1 255.255.255.0 [RouterA-Ethernet1/1] quit

[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 192.149.13.1 255.255.255.0 [RouterA-Serial2/0] link-protocol x25 [RouterA-Serial2/0] x25 x121-address 1004358901 [RouterA-Serial2/0] x25 vc-range bi-channel 9 1024
353
[RouterA-Serial2/0] x25 pvc 3 ip 192.149.13.2 x121-address 1004358902 broadcast packet-size 512 512 window-size 5 5 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown [RouterA-Serial2/0] quit
# Enable RIP.
[RouterA] rip [RouterA-rip-1] network 192.0.0.0 [RouterA-rip-1] network 202.0.0.0
2.
Configure Router B.

<RouterB> system-view [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 196.25.231.1 255.255.255.0 [RouterB-Ethernet1/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 192.149.13.2 255.255.255.0 [RouterB-Serial2/0] link-protocol x25 [RouterB-Serial2/0] x25 x121-address 1004358902 [RouterB-Serial2/0] x25 vc-range bi-channel 8 1024 [RouterB-Serial2/0] x25 pvc 4 ip 192.149.13.1 x121-address 1004358901 broadcast packet-size 512 512 window-size 5 5 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown [RouterB-Serial2/0] quit
# Enable RIP.
[RouterB] rip [RouterB-rip-1] network 192.0.0.0 [RouterB-rip-1] network 196.0.0.0
When you go through the configuration procedure, you may be probably puzzled due to different PVC numbers (3 and 4 in this scenario) on Router A and Router B. You should distinguish between virtual circuits and logical channels. A virtual circuit refers to the end-to-end logical link between the calling DTE and the called DTE. A logical channel refers to the logical link between two directly connected devices (either between DTE and DCE, or between the ports of two PSEs).
A virtual circuit consists of several logical channels, and each logical channel has a separate number. A virtual circuit between Router A and Router B can be the one shown in Figure 132 (suppose this virtual circuit passes four packet switches in the network).
354
Figure 132 One virtual circuit consisting of several logical channels

X.25 network LC 24
LC 243 LC 3
LC 3 LC 4
Router A
Router B
The PVC 3 and PVC 4 mentioned in the example actually refer to the numbers of the logical channels between the routers and the PBXs directly connected. However, the two sides of the PVC can identify the same PVC by using their logical channel numbers without the likelihood of causing any mistake. This is why no strict distinction is made between virtual circuit and --logical channel.

Ping Router B from Router A to verify that Router A can reach Router B. # Display the X.25 address mapping table on Router A.
[RouterA] display x25 map Interface: Serial2/0(protocol status is UP) ip 192.149.13.2 Facility: BROADCAST; PACKET_SIZE: I 512 WINDOW_SIZE: I 5 O 512 ; O 5 ; X.121 address:1004358902 VC-number: 1 Map-type: PVC_MAP
X.25 subinterface configuration example

As shown in Figure 133, Router A is configured with two subinterfaces, which are connected with Router B and Router C. Router D operates as an X.25 switch. Configure Router A to communicate with Router B and Router C, respectively. Figure 133 Network diagram
Router A
S2/0.1 S2/0 10.1.1.2/16 S2/0.2 20.1.1.2/16 X121 address:100
Router D
S2/0 20.1.1.1/16 Router C X121 address:300 S2/2
S2/1
S2/0 10.1.1.1/16 X121 address:200
Router B
355
1.
Configure Router A.
<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte [RouterA-Serial2/0] x25 x121-address 100 [RouterA-Serial2/0] quit
# Configure subinterface Serial 2/0.1, and X.25 mapping to Router B.

[RouterA] interface serial 2/0.1 [RouterA-Serial2/0.1] ip address 10.1.1.2 255.255.0.0 [RouterA-Serial2/0.1] x25 map ip 10.1.1.1 x121-address 200 [RouterA-Serial2/0.1] quit
# Configure subinterface serial 2/0.2, and X.25 mapping to Router C.

[RouterA] interface serial 2/0.2 [RouterA-Serial2/0.2] ip address 20.1.1.2 255.255.0.0 [RouterA-Serial2/0.2] x25 map ip 20.1.1.1 x121-address 300 [RouterA-Serial2/0.2] quit
2.
Configure Router B.
<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dte [RouterB-Serial2/0] x25 x121-address 200 [RouterB-Serial2/0] x25 map ip 10.1.1.2 x121-address 100 [RouterB-Serial2/0] ip address 10.1.1.1 255.255.0.0
3.
Configure Router C.
<RouterC> system-view [RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dte [RouterC-Serial2/0] x25 x121-address 300 [RouterC-Serial2/0] x25 map ip 20.1.1.2 x121-address 100 [RouterC-Serial2/0] ip address 20.1.1.1 255.255.0.0
4.
Configure Router D as an X.25 switch.
<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dce [RouterD-Serial2/0] quit [RouterD] interface serial 2/1 [RouterD-Serial2/1] link-protocol x25 dce [RouterD-Serial2/1] quit [RouterD] interface serial 2/2 [RouterD-Serial2/2] link-protocol x25 dce [RouterD-Serial2/2] quit
# Configure SVC switching routes.

[RouterD] x25 switching [RouterD] x25 switch svc 100 interface serial 2/0 [RouterD] x25 switch svc 200 interface serial 2/1
356
[RouterD] x25 switch svc 300 interface serial 2/2

The virtual circuit configured in this example is an SVC. The routers establish it only when they must communicate. # Ping Router B from Router A.
[RouterA] ping 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=64 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=53 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=52 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 52/54/64 ms
The output shows that the SVC has been established between the two routers. # Display the X.25 address mapping table on Router A.
[RouterA] display x25 map Interface: Serial2/0.2(protocol status is UP) ip 20.1.1.1 Facility: Interface: Serial2/0.1(protocol status is UP) ip 10.1.1.1 Facility: X.121 address:200 VC-number: 0 Map-type: SVC_MAP X.121 address:300 VC-number: 0 Map-type: SVC_MAP
# Display X.25 virtual circuit information on Router A.

[RouterA] display x25 vc Interface: Serial2/0.1 SVC 1024 State: P4(transmit) Map: ip 10.1.1.1 to 200 Window size: input 2 Packet Size: input 128 Local PS: 5 Local PR: 5 Local Busy: FALSE Input/Output: DATA 5/5 RR 0/0 INTERRUPT 0/0 RNR 0/0 REJ 0/0 output 2 output 128 Remote PS: 4 Remote PR: 5
Reset times: 0
# Display the X.25 SVC switching table of Router D.

357
[RouterD] display x25 switch-table svc static Number Destination 1 2 3 100 200 300 Substitute-src Substitute-dst CUD SwitchTo(type/name) I/Serial2/0 I/Serial2/1 I/Serial2/2
Total of static svc is 3. The item type of SwitchTo meaning: I: interface H: hunt-group T: xot
[RouterD] display x25 switch-table svc dynamic #1 (In: Serial2/0 - SVC1024) <--> (Out: Serial2/1 - SVC1 )
SVC application of XOT

As shown in Figure 134, set up a TCP connection between Router B and Router C to deliver data between Serial 2/0 of Router A and Serial 2/0 of Router D. Configure SVCs and XOT. Figure 134 Network diagram
Router B
Eth1/1 10.1.1.1/8
XOT
Eth1/1 10.1.1.2/8
Router C
S2/0
S2/0
S2/0 1.1.1.1/8 X121 address:1
S2/0 1.1.1.2/8 X121 address:2
Router A
Router D
1.
Configure Router A.
# Configure basic X.25.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte ietf [RouterA-Serial2/0] x25 x121-address 1 [RouterA-Serial2/0] x25 map ip 1.1.1.2 x121-address 2 [RouterA-Serial2/0] ip address 1.1.1.1 255.0.0.0
2.
Configure Router D.

<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dte ietf [RouterD-Serial2/0] x25 x121-address 2 [RouterD-Serial2/0] x25 map ip 1.1.1.1 x121-address 1 [RouterD-Serial2/0] ip address 1.1.1.2 255.0.0.0
358
3.
Configure Router B.
# Enable X.25 switching.

# Configure local X.25 switching, specifying packets to X.121 address 1 to pass through Serial 2/0.
[RouterB] x25 switch svc 1 interface serial 2/0
# Configure XOT switching, specifying an X.25 switching route to the XOT channel.
[RouterB] x25 switch svc 2 xot 10.1.1.2

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce ietf [RouterB-Serial2/0] quit

[RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 10.1.1.1 255.0.0.0
4.
Configure Router C.

<RouterC> system-view [RouterC] x25 switching
# Configure local X.25 switching, specifying packets to X.121 address 2 to pass through Serial 2/0.
[RouterC] x25 switch svc 2 interface serial 2/0
# Configure XOT switching, specifying an X.25 switching route to the XOT channel.
[RouterC] x25 switch svc 1 xot 10.1.1.1

[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dce ietf [RouterC-Serial2/0] quit

[RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ip address 10.1.1.2 255.0.0.0
PVC application of XOT

As shown in Figure 135, set up a TCP connection between Router B and Router C to deliver data between Serial 2/0 of Router A and Serial 2/0 of Router D. Configure PVCs and XOT.
359

Router B
Eth1/1 10.1.1.1/8
XOT
Eth1/1 10.1.1.2/8
Router C
S2/0
S2/0
PVC 1
S2/0 1.1.1.1/8 X121 address:1111 S2/0 1.1.1.2/8 X121 address:2222
PVC 2
Router A
Router D
1.
Configure Router A.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte ietf [RouterA-Serial2/0] x25 x121-address 1111 [RouterA-Serial2/0] x25 vc-range in-channel 10 20 bi-channel 30 1024 [RouterA-Serial2/0] x25 pvc 1 ip 1.1.1.2 x121-address 2222 [RouterA-Serial2/0] ip address 1.1.1.1 255.0.0.0
2.
Configure Router D.

<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dte ietf [RouterD-Serial2/0] x25 x121-address 2222 [RouterD-Serial2/0] x25 vc-range in-channel 10 20 bi-channel 30 1024 [RouterD-Serial2/0] x25 pvc 2 ip 1.1.1.1 x121-address 1111 [RouterD-Serial2/0] ip address 1.1.1.2 255.0.0.0
3.
Configure Router B.

# Configure Serial 2/0 and an XOT route.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce ietf [RouterB-Serial2/0] x25 vc-range in-channel 10 20 bi-channel 30 1024 [RouterB-Serial2/0] x25 xot pvc 1 10.1.1.2 interface serial 2/0 pvc 2
# Configure Ethernet 1/1.

[RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 10.1.1.1 255.0.0.0
4.
Configure Router C.

360
# Configure Serial 2/0 and XOT route.

[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dce ietf [RouterC-Serial2/0] x25 vc-range in-channel 10 20 bi-channel 30 1024 [RouterC-Serial2/0] x25 xot pvc 2 10.1.1.1 interface serial 2/0 pvc 1
# Configure Ethernet 1/1.

[RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ip address 10.1.1.2 255.0.0.0
SVC application of X.25 over FR

In Figure 136, Router A is connected to Router B and Router C is connected to Router D through X.25, and Router B is connected to Router C through FR. Configure FR Annex G DLCI 100 on Router B and Router C to interconnect the two X.25 networks, enabling Host A and Host B to communicate with each other. Figure 136 Network diagram
Router A
S2/0 Eth1/1 S2/0 1.1.1.1/24 X121 address:1
Router B
S2/1 S2/1
Router C
S2/0 S2/0 1.1.1.2/24 X121 address:2
Router D
Eth1/1
Host A
Host B
1.
Configure Router A.
# Configure X.25 basic functions.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte [RouterA-Serial2/0] x25 x121-address 1 [RouterA-Serial2/0] x25 map ip 1.1.1.2 x121-address 2 [RouterA-Serial2/0] ip address 1.1.1.1 255.0.0.0
2.
Configure Router D.

<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dte [RouterD-Serial2/0] x25 x121-address 2 [RouterD-Serial2/0] x25 map ip 1.1.1.1 x121-address 1
361
[RouterD-Serial2/0] ip address 1.1.1.2 255.0.0.0
3.
Configure Router B.

# Configure Serial 2/0 as an X.25 interface.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce

# Configure the FR Annex G DLCI.

[RouterB-Serial2/1] fr dlci 100 [RouterB-fr-dlci-Serial2/1-100] annexg dce
# Configure X.25 local switching.

[RouterB] x25 switch svc 1 interface serial 2/0
# Configure X.25 over FR switching.

[RouterB] x25 switch svc 2 interface serial 2/1 dlci 100
4.
Configure Router C.

# Configure Serial 2/0 as X.25 interface.

[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dce
# Configure Serial 2/1 as FR interface.

[RouterC] interface serial 2/1 [RouterC-Serial2/1] link-protocol fr

[RouterC-Serial2/1] fr dlci 100 [RouterC-fr-dlci-Serial2/1-100] annexg dte
# Configure X.25 local switching.

[RouterC] x25 switch svc 2 interface serial 2/0
# Configure X.25 over FR switching.

[RouterC] x25 switch svc 1 interface serial 2/1 dlci 100
PVC application of X.25 over FR

In Figure 137, Router A is connected to Router B and Router C is connected to Router D through X.25, and Router B is connected to Router C through FR.
362
Configure FR Annex G DLCI 100 on Router B and Router C to interconnect the two X.25 networks, enabling Host A and Host B to communicate with each other. Figure 137 Network diagram
Router A
S2/0 Eth1/1 S2/0 1.1.1.1/24 X121 address:1
Router B
S2/1 S2/1
Router C
S2/0 S2/0 1.1.1.2/24 X121 address:2
Router D
Eth1/1
Host A
Host B
1.
Configure Router A.

<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte [RouterA-Serial2/0] x25 x121-address 1 [RouterA-Serial2/0] x25 vc-range bi-channel 10 20 [RouterA-Serial2/0] x25 pvc 1 ip 1.1.1.2 x121-address 2 [RouterA-Serial2/0] ip address 1.1.1.1 255.255.255.0
2.
Configure Router D.

<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dte [RouterD-Serial2/0] x25 x121-address 2 [RouterD-Serial2/0] x25 vc-range bi-channel 10 20 [RouterD-Serial2/0] x25 pvc 1 ip 1.1.1.1 x121-address 1 [RouterD-Serial2/0] ip address 1.1.1.2 255.255.255.0
3.
Configure Router B.

# Configure the PVC switching route on X.25 interface Serial 2/0.

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce [RouterB-Serial2/0] x25 vc-range bi-channel 10 20 [RouterB-Serial2/0] x25 switch pvc 1 interface serial 2/1 dlci 100 pvc 1
# Configure X.25 template.

[RouterB] x25 template switch [RouterB-x25-switch] x25 vc-range bi-channel 10 20
# Configure the PVC switching route for the template.

363
[RouterB-x25-switch] x25 switch pvc 1 interface serial 2/0 pvc 1
# Configure FR interface Serial 2/1.


[RouterB-Serial2/1] fr dlci 100 [RouterB-fr-dlci-Serial2/1-100] annexg dce
# Apply the X.25 template to the FR Annex G DLCI.

[RouterB-fr-dlci-Serial2/1-100] x25-template switch
4.
Configure Router C.

# Configure the PVC switching route on the X.25 interface Serial 2/0.
[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dce [RouterC-Serial2/0] x25 vc-range bi-channel 10 20 [RouterC-Serial2/0] x25 switch pvc 1 interface serial 2/1 dlci 100 pvc 1
# Configure an X.25 template.

[RouterC] x25 template switch [RouterC-x25-switch] x25 vc-range bi-channel 10 20
# Configure the PVC switching route for the template.

[RouterC-x25-switch] x25 switch pvc 1 interface serial 2/0 pvc 1
# Configure FR interface Serial 2/1.


# Apply the X.25 template to the FR Annex G DLCI.

[RouterC-fr-dlci-Serial2/1-100] x25-template switch
X.25 load sharing application

As shown in Figure 138, Configure a hunt group on Router A used as an X.25 switch, and enable destination address and source address substitution function, so that the calls from X.25 terminal can be sent to Router B, Router C, and Router E via the load sharing function. As an X.25 switch, Router D that connects with Router A and Router E implements the XOT function. As DTEs in hunt group, Router B, Router C, and Router E provide the same service for X.25 terminal. Routers B and A use X.25, and Routers C and A use FR.
364
Apply Annex G on DLCI to make the two routers communicate with each other.
Hg 1 X121 address:2222 Router B X.25 terminal X121 address:1111

S2/3 S2/4 S2/0 S2/2 S2/1 Eth1/1 10.1.1.1/24 S2/0 X121 address:8888 S2/0 X121 address:8888
X.25 terminal X121 address:1112
Router C
Router A
Router D
Eth1/1 10.1.1.2/24 S2/0
S2/0 X121 address:8888
Router E X.25 terminal X121 address:1113
1.
Configure Router A.
# Configure the link layer protocol of interface Serial 2/0 as X.25, and configure it to operate in DCE mode.
<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dce
# In the same way, configure the link layer protocol of the interface Serial 2/2, Serial 2/3, and Serial 2/4 as X.25 and configure them to operate in DCE mode. # Configure Serial 2/1 as an FR DCE.
[RouterA] interface serial 2/1 [RouterA-Serial2/1] link-protocol fr [RouterA-Serial2/1] fr interface-type dce
# Configure an FR Annex G DLCI.

[RouterA-Serial2/1] fr dlci 100 [RouterA-fr-dlci-Serial2/1-100] annexg dce [RouterA-fr-dlci-Serial2/1-100] quit [RouterA-Serial2/1] quit

[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 10.1.1.1 255.255.255.0 [RouterA-Ethernet1/1] quit

[RouterA] x25 switching
# Create X.25 hunt group hg1.

365
[RouterA] x25 hunt-group hg1 round-robin
# Add interfaces Serial 2/2, Serial 2/1, and XOT channel to the hunt group.
[RouterA-hg-hg1] channel interface serial 2/2 [RouterA-hg-hg1] channel interface serial 2/1 dlci 100 [RouterA-hg-hg1] channel xot 10.1.1.2 [RouterA-hg-hg1] quit
# Configure a X.25 switching route forwarded towards the hunt group hg1, and enable destination address and source address substitution, substituting 3333 and 8888 for source and destination addresses of packets destined to hunt group address 2222.
[RouterA] x25 switch svc 2222 sub-dest 8888 sub-source 3333 hunt-group hg1
# Configure X.25 switching route forwarded to the X.25 terminal.

[RouterA] x25 switch svc 1111 interface serial 2/3 [RouterA] x25 switch svc 1112 interface serial 2/4 [RouterA] x25 switch svc 1113 interface serial 2/0
2.
Configure Router B.
# Configure the link layer protocol of interface Serial 2/0 as X.25, and configure it to operate in DTE mode.
<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dte [RouterB-Serial2/0] x25 x121-address 8888
3.
Configure Router C.

<RouterC> system-view [RouterC] x25 template vofr [RouterC-x25-vofr] x25 x121-address 8888 [RouterC-x25-vofr] quit
# Enable FR on Serial 2/0.

# Configure FR Annex G DLCI.

# Apply the X.25 template to the DLCI.

[RouterC-fr-dlci-Serial2/0-100] x25-template vofr
4.
Configure Router E.
# Configure the link layer protocol on Serial 2/0 as X.25 and configure it to operate in DTE mode.
<RouterE> system-view [RouterE] interface serial 2/0 [RouterE-Serial2/0] link-protocol x25 dte [RouterE-Serial2/0] x25 x121-address 8888
5.
Configure Router D.

<RouterD> system-view [RouterD] x25 switching
366
# Configure the link layer protocol of the interface Serial 2/0 as X.25, and configure it to operate in DCE mode.
<RouterD> system-view [RouterD] interface serial 2/0 [RouterD-Serial2/0] link-protocol x25 dce [RouterD-Serial2/0] quit
# Assign an IP address for interface Ethernet 1/1.

[RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] ip address 10.1.1.2 255.255.255.0 [RouterD-Ethernet1/1] quit
# Configure an X.25 switching route to an XOT channel.

[RouterD] x25 switch svc 3333 xot 10.1.1.1
# Configure an X.25 switching route to Router E.

[RouterD] x25 switch svc 8888 interface serial 2/0

# Display the X.25 SVC switching table on Router A.
[RouterA] display x25 switch-table svc static Number Destination 1 2 3 4 2222 1111 1112 1113 Substitute-src Substitute-dst CUD 3333 8888 SwitchTo(type/name) H/hg1 I/Serial2/3 I/Serial2/4 I/Serial2/0
Total of static svc is 4. The item type of SwitchTo meaning: I: interface H: hunt-group T: xot
The output shows that the packets destined for 8888 are loaded-balanced on Router B, Router C, and Router E.
Implementing X.25 load sharing function for IP datagram transmission

IP networks in different regions are connected via an X.25 packet switching network to carry data over X.25 network. The network providers provide X.25 network load sharing function, and a user can perform the relative settings in conjunction with it on local terminal to implement the line load sharing when different clients access the server.
367

Eth1/1 10.1.1.1/16 S2/0 1.1.1.1/24 X121 address:1111
Host A
10.1.1.2/16
Router A
S2/0 1.1.1.3/24 X121 address:3333
Eth1/1 10.2.1.1/16

S2/0 1.1.1.2/24 X121 address:2222
Eth1/1 10.3.1.1/24 Server A 10.3.1.2/24
S2/1 Router C 2.1.1.3/24 X121 address:3333
Host B
10.2.1.2/16
Router B
Server B
10.3.1.3/24
In this example, because the network providers have configured load sharing on the packet switch, you only need to configure X.25 switching. Two lines have been connected to the same peer on Router C, so you must configure a virtual IP address and two static routes on interface Serial 2/1 to cheat the router. In this way, Router C deems that two routes to network segment 10.1.1.0 exist to implement load sharing.
1.
Configure Router A.

<RouterA> system-view [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 10.1.1.1 255.255.255.0 [RouterA-Ethernet1/1] quit

[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte [RouterA-Serial2/0] x25 x121-address 1111 [RouterA-Serial2/0] ip address 1.1.1.1 255.255.255.0 [RouterA-Serial2/0] x25 map ip 1.1.1.3 x121-address 3333 [RouterA-Serial2/0] x25 vc-per-map 2
# Configure a static route to Router C.

[RouterA] ip route-static 10.3.1.0 24 1.1.1.3
2.
Configure Router B.

<RouterB> system-view [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 10.2.1.1 255.255.255.0 [RouterB-Ethernet1/1] quit

[RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dte [RouterB-Serial2/0] x25 x121-address 2222 [RouterB-Serial2/0] ip address 1.1.1.2 255.255.255.0 [RouterB-Serial2/0] x25 map ip 1.1.1.3 x121-address 3333 [RouterB-Serial2/0] x25 vc-per-map 2
368
# Configure a static route to Router C.

[RouterB] ip route-static 10.3.1.0 24 1.1.1.3
3.
Configure Router C.

<RouterC> system-view [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ip address 10.3.1.1 255.255.255.0 [RouterC-Ethernet1/1] quit

[RouterC] interface serial 2/0 [RouterC-Serial2/0] link-protocol x25 dte [RouterC-Serial2/0] x25 x121-address 3333 [RouterC-Serial2/0] ip address 1.1.1.3 255.255.255.0 [RouterC-Serial2/0] x25 map ip 1.1.1.1 x121-address 1111 [RouterC-Serial2/0] x25 map ip 2.1.1.1 x121-address 1111 [RouterC-Serial2/0] x25 map ip 1.1.1.2 x121-address 2222 [RouterC-Serial2/0] x25 map ip 2.1.1.2 x121-address 2222

[RouterC] interface serial 2/1 [RouterC-Serial2/1] link-protocol x25 dte [RouterC-Serial2/1] x25 x121-address 3333 [RouterC-Serial2/1] ip address 2.1.1.3 255.255.255.0 [RouterC-Serial2/1] x25 map ip 1.1.1.1 x121-address 1111 [RouterC-Serial2/1] x25 map ip 2.1.1.1 x121-address 1111 [RouterC-Serial2/1] x25 map ip 1.1.1.2 x121-address 2222 [RouterC-Serial2/1] x25 map ip 2.1.1.2 x121-address 2222
# Configure static routes to Router A and Router B.

[RouterC] ip route-static 10.1.1.0 24 1.1.1.1 [RouterC] ip route-static 10.1.1.0 24 2.1.1.1 [RouterC] ip route-static 10.2.1.0 24 1.1.1.2 [RouterC] ip route-static 10.2.1.0 24 2.1.1.2

# Display the X.25 address mapping table of Router C.
[RouterC] display x25 map Interface: Serial2/1(protocol status is UP) ip 1.1.1.1 Facility: ip 2.1.1.1 Facility: ip 1.1.1.2 Facility: ip 2.1.1.2 X.121 address:2222 X.121 address:2222 VC-number: 0 Map-type: SVC_MAP X.121 address:1111 VC-number: 0 Map-type: SVC_MAP X.121 address:1111 VC-number: 0 Map-type: SVC_MAP
369
Map-type: SVC_MAP Facility:
VC-number: 0
Interface: Serial2/0(protocol status is UP) ip 1.1.1.1 Facility: ip 2.1.1.1 Facility: ip 1.1.1.2 Facility: ip 2.1.1.2 Facility: X.121 address:2222 VC-number: 0 Map-type: SVC_MAP X.121 address:2222 VC-number: 0 Map-type: SVC_MAP X.121 address:1111 VC-number: 0 Map-type: SVC_MAP X.121 address:1111 VC-number: 0 Map-type: SVC_MAP
TCP/IP header compression protocol application

As shown in Figure 140, enable TCP/IP header compression on the two routers. Figure 140 Network diagram
S2/0 16.16.16.1/16 X121 address:1001 S2/0 16.16.16.2/16 X121 address:1002
Router A
Router B
1.
Configure RouterA.
# Configure the link layer protocol of Serial 2/0 as X.25, and configure the interface to operate in DTE mode.
<RouterA> system-view [RouterA] interface serial 2/0 [RouterA-serial2/0] link-protocol x25 dte ietf
# Assign an x121 address for the interface.

[RouterA-serial2/0] x25 x121-address 1001

[RouterA-serial2/0] ip address 16.16.16.1 255.255.0.0
# Enable TCP/IP header compression.

[RouterA-serial2/0] x25 map compressedtcp 16.16.16.2 x121-address 1002
2.
Configure Router B.
# Configure the link layer protocol of Serial 2/0 as X.25, and configure the interface to operate in DCE mode.
<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-serial2/0] link-protocol x25 dce ietf
370

[RouterB-serial2/0] x25 x121-address 1002

[RouterB-serial2/0] ip address 16.16.16.2 255.255.0.0
# Enable TCP/IP header compression.

[RouterB-serial2/0] x25 map compressedtcp 16.16.16.1 x121-address 1001

Ping Router B from Router A to verify that the two routers can reach each other.
[RouterA-serial2/0] ping 16.16.16.2 PING 16.16.16.2: 56 data bytes, press CTRL_C to break Reply from 16.16.16.2: bytes=56 Sequence=1 ttl=255 time=36 ms Reply from 16.16.16.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 16.16.16.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 16.16.16.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 16.16.16.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 16.16.16.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 26/28/36 ms
X.25 PAD configuration example

As shown in Figure 141, make configurations so that Router B could place X.25 PAD calls to log in to Router A and then configure Router A. Figure 141 Network diagram
S2/0 X121 address:1
X.25 network
S2/0 X121 address:2
Router A
Router B
1.
Configure Router A.
# Add a PAD user.

<RouterA> system-view [RouterA] local-user pad1 [RouterA-luser-pad1] password simple pad1 [RouterA-luser-pad1] service-type pad [RouterA-luser-pad1] quit
# Access a user interface, and on it configure authentication mode and protocol type.
[RouterA] user-interface vty 0 4 [RouterA-ui-vty0-4] authentication-mode scheme [RouterA-ui-vty0-4] protocol inbound pad
371
[RouterA-ui-vty0-4] quit
# Configure domain user X.25 to use the local authentication scheme.

[RouterA] domain x25 [RouterA-isp-x25] authentication ppp local [RouterA-isp-x25] quit
# Configure the link layer protocol of the interface Serial 2/0 as X.25. Configure the interface to operate in DTE mode.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dte

2.
Configure Router B.
# Configure the link layer protocol of the interface Serial 2/0 as X.25. Configure the interface to operate in DCE mode.
<RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce

[RouterB-Serial2/0] x25 x121-address 2 [RouterB-Serial2/0] quit [RouterB] quit
# Place an X.25 PAD call to Router A.

<RouterB> pad 1 Calling 1 ... OK * * * ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. Login authentication Username:pad1 Password: <Input password pad1
******************************************************************************
X2T SVC configuration example

As shown in Figure 142, the router connects X.25 and IP networks together. In this connection, the X.25 terminal communicates with the router through SVC and the X2T technology applied on the router enables the communication between X.25 terminal and IP host. Figure 142 Network diagram
S2/0 X121 address:1111 Eth1/1 10.1.1.1/24 10.1.1.2/24
X.25 network X.25 terminal

X121 address:2222
IP network Router Host
372
<Router> system-view [Router] x25 switching

[Router] interface serial 2/0 [Router-Serial2/0] link-protocol x25 dce [Router-Serial2/0] x25 x121-address 1111 [Router-Serial2/0] quit

[Router] interface ethernet 1/1 [Router-Ethernet1/1] ip address 10.1.1.1 255.255.255.0 [Router-Ethernet1/1] quit
# Configure an X.25 route.

[Router] x25 switch svc 2222 interface serial 2/0
# Configure an X2T route.

[Router] translate ip 10.1.1.1 port 102 x25 2222 [Router] translate x25 1111 ip 10.1.1.2 port 102
X2T PVC configuration example

As shown in Figure 143, the router connects X.25 and IP networks together. In this connection, the X.25 terminal communicates with the router through PVC and the X2T technology applied on the router enables the communication between the IP host and the X.25 terminal. Figure 143 Network diagram
S2/0 Eth1/1 10.1.1.1/24 10.1.1.2/24
X.25 network PVC 1 X.25 terminal
IP network Router Host
<Router> system-view [Router] x25 switching

[Router] interface serial 2/0 [Router-Serial2/0] link-protocol x25 dce [Router-Serial2/0] x25 vc-range in-channel 10 20 bi-channel 30 1024 [Router-Serial2/0] quit

[Router] interface ethernet 1/1 [Router-Ethernet1/1] ip address 10.1.1.1 255.255.255.0 [Router-Ethernet1/1] quit
373
# Configure an X2T route.

[Router] translate ip 10.1.1.1 port 102 pvc serial2/0 1
Troubleshooting LAPB configuration

LAPB (or X.25) of two sides always being down
Symptom
Link layer protocol LAPB (or X.25) of two sides is always down.
Analysis
A possible reason is that the two sides are working in the same mode (DTE or DCE).
Solution
Enable the debugging on both sides. If one side sends SABM frames and the other sends FRMR frames cyclically, the two sides are working in the same mode (DTE or DCE). Change the working mode of one side to solve it.
Failed to ping the other side with X.25 on both sides being up
Symptom
Despite X.25 is up on both sides, the other side cannot be pinged.
Analysis
The maximum length of frames set at one side is too small.
Solution
Enable the debugging on both sides. If one side discards incoming frames without delivering them to the upper layer, it indicates the maximum length of frames set for this side is too small. Change the frame length configuration of this side.
Troubleshooting X.25 configuration

Assume that the layer 2 LAPB of X.25 is up.
X.25 of two sides always being down with LAPB of two sides being up
Symptom
X.25 of two sides is always down although LAPB of two sides is up.
Analysis
A possible reason is that the two sides are working in the same mode (DTE or DCE).
374
Solution
Change the working mode of one side, and make sure that one side works in DTE mode and the other in DCE mode.
Failed to ping the other side with X.25 on both sides being up
Symptom
Despite X.25 is up on both sides, the other side cannot be pinged.
Analysis
The following are possible causes: The local X.121 address is not configured. The address mapping of the two sides is not configured on the local end. The peers X.121 address is not configured. The address mapping of the two sides is not configured on the remote end. The channel range is not correct. Some wrong user facilities are carried.
Solution
If addresses are not correct, change them to the correct ones. For the last two causes, you must contact the network administration to get the correct channel range and user facilities.
Continuous resets and clears of the virtual circuit established

Symptom
The virtual circuit can be set up, but is frequently reset or cleared during data transmission.
Analysis
The symptom may be caused by erroneous flow control parameter settings.
Solution
If the two sides are connected directly, verify the output window and input window of the local match the input window and output window of the remote. If both sides are connected to the public packet network, consult the network administration for the correct flow control parameters.
PVC setup request rejected

Symptom
The PVC setup requests are always rejected.
Analysis
Check that the PVC range configured on the device is correct. X.25 refuses all PVC setup requests beyond the configured PVC range.
375
Solution
To re-configure the PVC range: Re-configure the PVC range with the x25 vc-range command. Execute the shutdown command and then the undo shutdown command.
Troubleshooting X.25 PAD

Symptom
Failed to log in to a remote device after placing an X.25 PAD call to the remote device. The system prompted the destination address was unreachable.
Solution
Check the following items: The two ends of the X.25 PAD call are connected through an X.25 network and the physical connection is normal. The serial interfaces used for connection are enabled with X.25 encapsulation and both of them support X.25 PAD. One end is DCE, and the other is DTE, both using the same encapsulation type (IETF or nonstandard). The destination X.121 address is correct. It must be the one assigned to the intended serial interface at the server end. Check that X.25 switching is disabled, or a route is available to the server end when X.25 switching is enabled. In the former case, the default route is used to route the call. In the second case, at least one route must be configured for routing the call.
Failed to ping XOT SVCs

Symptom
XOT SVCs cannot be pinged.
Analysis
The physical status and protocol status of the interface are not up, or the SVC/XOT configuration is not correct.
Solution
Perform the following procedure to remove the fault. First verify that the physical connection status and protocol status of the interface are UP. If the interface status is DOWN, check whether the physical connections and lower layer configurations are correct. If the interface configuration is correct, check whether SVC is configured properly. If the SVC configuration is also correct, check whether XOT is configured properly.
Failed to ping XOT PVCs

Symptom
XOT PVCs cannot be pinged.
376
Analysis
The physical status and protocol status of the interface are not up, or the PVC/XOT configuration is not correct.
Solution
Check that the physical connection status and protocol status of the interface are UP. If the interface status is DOWN, check for physical connection and lower layer configuration errors. If the interface configuration is correct, check for PVC configuration errors. If the PVC configuration is correct, check for XOT configuration errors.
377
Support and other resources

Contacting HP
For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers Technical support registration number (if applicable) Product serial numbers Error messages Operating system type and revision level Detailed questions
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website: http://www.hp.com/go/wwalerts After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.
Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP A-Series Acronyms.
Websites
HP.com http://www.hp.com HP Networking http://www.hp.com/go/networking HP manuals http://www.hp.com/support/manuals HP download drivers and software http://www.hp.com/support/downloads HP software depot http://www.software.hp.com
378
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention
Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n> #
Description
Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk-marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. Asterisk-marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Boldface >
Description
Window names, button names, field names, and menu items are in bold text. For example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention
WARNING CAUTION IMPORTANT NOTE TIP
Description
An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information.
379
Network topology icons

Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your device.
380
Index
AAA authentication for VPN users on an LNS, 266 AAA authentication for VPN users on LAC side, 261 accessing the internet through an ADSL interface, 61 ACCM, 267 ACCM negotiation, 18 ACFC negotiation, 19 ACL in DLSw, 237 adding an Ethernet interface to a bridge set, 235 additional parameters for X.25 datagram transmission, 323 advanced DCC functions, 151 Annex G, 97, 103 Annex G interface, 98 applications carried by ATM, 208 approaches to DCC, 129 assigning a transmission priority to an ATM PVC, 205 assigning physical interfaces to the dialer bundle, 143 associating a DCC dial ACL with the dial interface, 134 ATM
connections and ATM switching, 196 displaying and maintaining, 213 examples, 213 InARP introduction, 199 introduction to ATM technology, 196 IPoA, 198 IPoEoA, 198 Layer 3 VE interface, 209 maximum number of PVCs allowed on an ATM interface, 206 nrt_VBR, 199 OAM, 200 OAM continuity check, 200 OAM F5 loopback, 200 overview of IPoA, IPoEoA, PPPoA and PPPoEoA, 198 PPPoA, 198 PPPoEoA, 198 PVC parameters, 202 PVC service mapping, 205 PVCs and the maximum number of PVCs allowed on an interface, 202 rt_VBR, 199 service types, 199 setting the CLP bit for ATM cells, 204 task list, 200
applications carried by ATM, 208 architecture, 197 assigning a transmission priority to an ATM PVC, 205 ATM class, 206 ATM interface, 201 ATM subinterface, 201 CBR, 199 checking PVC status to determine the protocol state of an ATM P2P subinterface, 202 configuration, 196 configuring IPoA, 209 configuring IPoEoA, 210 configuring PPPoA, 211 configuring PPPoEoA, 211
381
troubleshooting, 222 UBR, 199 VP policing, 208

ATM ATM ATM ATM ATM ATM architecture, 197 class, 206 configuration, 196 connections, 196 connections and ATM switching, 196 examples, 213
ATM PVC transmit priority example, 221 IPoA example, 213 IPoEoA example, 215 network requirements, 213, 215, 216, 217, 219, 221 PPPoA example, 216 PPPoEoA client example, 219 PPPoEoA server example, 217
ATM ATM ATM ATM ATM ATM ATM ATM ATM ATM interface, 201 interface state error, 223 OAM, 200 PVC transmit priority example, 221 service types, 199 subinterface, 201 switching, 196 task list, 200 technology, 196 troubleshooting, 222
authenticator, 10 auto-dial, 151 basic bridging functionalities, 289 basic concepts of L2TP, 254 basic DCC features, 131 basic DCE side frame relay, 100 basic DTE side frame relay, 95 basic settings for DCC, 133 basic X.25 datagram transmission functionality, 322 basic X.25 interface parameters introduction, 315 bridge routing, 291 bridge routing example, 301 bridge table, 285 bridge table entries, 290 bridging
basic bridging functionalities, 289 bridge routing, 291 bridge table, 285 bridge table entries, 290 configuration, 285 displaying and maintaining, 293 forwarding and filtering, 287 introduction, 285 major functionalities of bridges, 285 task list, 289 transparent examples, 294 VLAN transparency, 293
bridging bridging bridging bridging configuration, 285 over dialer interface example, 302 task list, 289 transparent examples, 294
ATM interface state error, 223 link report error in PPPoA application, 222 link state error in IPoA application, 222 packet loss and CRC errors and changes of interface state, 223 ping failure, 222 ping failure after PPPoA configuration, 223 PVC state is down while ATM interface state is up, 223
authenticatee, 10
382
bridge routing, 301 bridging over dialer interface, 302 bridging with FR sub-interface support, 299 network requirements, 294, 295, 296, 297, 298, 299, 301, 302, 303 transparent bridging over ATM, 294
transparent bridging over FR, 297 transparent bridging over HDLC, 298 transparent bridging over MP, 296 transparent bridging over PPP, 295 transparent bridging over X.25, 298 VLAN transparency example, 303
bridging with FR sub-interface support example, 299 callback through DCC, 131 CBR, 199 C-DCC, 129, 134 C-DCC application, 157 CHAP authentication, 4, 1 1 CHAP authentication when no authenticator name is configured, 12 CHAP authentication when the authenticator name is configured, 1 1 checking PVC status to determine the protocol state of an ATM P2P subinterface, 202 circular dial string backup, 152 circular dial string backup and internet access with DCC, 176 client-initiated VPN example, 271 collecting statistics about ISDN message receiving and sending, 75 complicated network application example, 279 configuring an interface to check the calling number when an incoming call comes, 76 configuring an interface to place calls to a remote end, 135 configuring an interface to place calls to multiple remote ends, 137 configuring an interface to receive calls from a remote end, 136 configuring an interface to receive calls from multiple remote ends, 138 configuring an LAC to establish an L2TP tunnel, 262 configuring an LAC to initiate tunneling requests for specified users, 260 configuring an LAC to transfer AVP data in hidden mode, 261 configuring an LNS to grant certain L2TP tunneling requests, 264 configuring an MP through an MP-group, 24 configuring EtoPPP and EtoFR, 305 configuring frame relay compression, 1 10 configuring IPoA, 209 configuring IPoEoA, 210
383
configuring ISDN to carry the Calling-Name field in outgoing packets, 77 configuring ISDN to carry the Connected-Name field in outgoing packets, 77 configuring LAPB, 313 configuring modem management, 192 configuring MP, 21 configuring MP by using a VT interface, 21 configuring MPoFR, 125 configuring multilink frame relay, 1 17 configuring multiple interfaces to place calls to one or multiple remote ends, 139 configuring multiple interfaces to receive calls from one or multiple remote ends, 140 configuring PPP, 9 configuring PPPoA, 21 1 configuring PPPoEoA, 21 1 configuring PPPoFR, 123 configuring SLIP, 1 configuring the authenticatee, 10 configuring the authenticator, 10 configuring the interface to send out Alerting messages that do not carry the Channel-ID field, 78 configuring the service type in the ISDN bearer compatibility signaling, 77 configuring X.25 PAD, 335 configuring XOT, 337 connecting a LAN to the internet using an ADSL modem, 58 connecting LANs through a frame relay network, 105 connecting LANs through an Annex G DLCI, 107 connecting LANs with a dedicated line, 106 connecting routers through ISDN BRI lines running NI, 83 connecting routers through ISDN PRI lines, 82 connecting the router to X.25 public packet network, 350 contacting HP, 378 continuous resets and clears of the virtual circuit established, 375 control message and data message, 255 creating a dynamic route backup group, 155 data link connection identifier, 92 DCC
advanced DCC functions, 151 approaches to DCC, 129 assigning physical interfaces to the dialer bundle, 143
associating a DCC dial ACL with the dial interface, 134 auto-dial, 151 basic DCC features, 131 basic settings for DCC, 133 callback through DCC, 131 C-DCC, 129, 134 circular dial string backup, 152 configuration, 129, 132 configuring an interface to place calls to a remote end, 135 configuring an interface to place calls to multiple remote ends, 137 configuring an interface to receive calls from a remote end, 136 configuring an interface to receive calls from multiple remote ends, 138 configuring multiple interfaces to place calls to one or multiple remote ends, 139 configuring multiple interfaces to receive calls from one or multiple remote ends, 140 creating a dynamic route backup group, 155 DCC overlap receiving, 152 DCC parameters, 132 DCC timers and buffer queue length, 153 delay for disconnecting a backup link, 156 dial authentication for RS-DCC, 143 dial string for the dialer interface, 143 displaying and maintaining, 157 dynamic route backup achieved through DCC, 154
384
dynamic route backup on a backup interface, 155 examples, 157 features, 131 features of ISDN caller identification callback, 149 identifying the topology of DCC application, 132 implementing DCC with MP, 144 introduction to dynamic route backup, 154 ISDN caller identification callback, 149 ISDN caller identification callback with C-DCC, 149 ISDN caller identification callback with
RS-DCC, 150 ISDN leased line, 151 link layer/network/routing protocol on the dial interface, 133 making preparatory configuration, 132 MP for DCC, 144 PPP callback, 146 PPP callback in the C-DCC implementation, 146 PPP callback in the RS-DCC implementation, 147 preparing for DCC configuration, 132 RS-DCC, 130, 141, 142 setting the operating mode for physical interfaces, 133 task list, 132 traffic statistics collecting interval, 156
troubleshooting, 191 warm-up timer for dynamic route backup, 156

DCC application on ISDN, 163 DCC configuration, 129, 132 DCC examples, 157
C-DCC application, 157 circular dial string backup and internet access with DCC, 176 DCC application on ISDN, 163 dynamic route backup configuration example I, 181 dynamic route backup configuration example II, 184 dynamic route backup configuration example III, 185 dynamic route backup configuration example IV, 188 network requirements, 157, 159, 163, 167, 169, 171, 172, 174, 176, 181, 184, 185, 188 NT server-to-router callback with DCC, 174 router-to-PC callback with DCC, 172 router-to-router callback with DCC (ISDN approach), 171 router-to-router approach), 169 RS-DCC application, 159 RS-DCC application with MP, 167
DCC features, 131 DCC overlap receiving, 152 DCC parameters, 132 DCC task list, 132 DCC timers and buffer queue length, 153 DCC troubleshooting, 191 DCE side frame relay, 100 deactivation protection for an ISDN BRI interface, 80
385
delay for disconnecting a backup link, 156 delay waiting for the response to an Invite Clear message, 335 dial authentication for RS-DCC, 143 dial string for the dialer interface, 143 dialer interface, 52 dialer interface for an IPv4 PPPoE client, 53 dialer interface for an IPv6 PPPoE client, 53 differences between DLSw v1.0 and DLSw v2.0, 231 direct connection of two routers connecting through serial interfaces (one address mapping), 346 direct connection of two routers connecting through serial interfaces (two address mappings), 348 disconnecting tunnels by force, 268 DLSw
ACL in DLSw, 237 adding an Ethernet interface to a bridge set, 235 configuration, 231 configuring DLSw in an Ethernet environment, 233 differences between DLSw v1.0 and DLSw v2.0, 231 displaying and maintaining, 244 DLSw forwarding on an SDLC interface, 239 DLSw in an SDLC environment, 238 DLSw v2.0 enhancements, 232 examples, 245
callback
with
DCC
(PPP
LLC2 parameters, 235 local reachable MAC or SAP addresses, 243 mapping a bridge set, 234 maximum number of DLSw v2.0 explorer retries, 237 multicast function of DLSw v2.0, 236 optional SDLC parameters, 242 peers, 234
problems with DLSw v1.0, 231 properties of a synchronous serial interface, 242 protocols and standards, 233 remote reachability information, 244 SDLC address for a secondary station, 240 SDLC encapsulation on an interface, 238 SDLC peer, 240 SDLC roles, 239 SDLC virtual MAC address, 241 SDLC XID, 241 timers, 235 troubleshooting, 251
DLSw configuration, 231 DLSw examples, 245
DLSw v1.0 problems, 231 DLSw v2.0, 231 DLSw v2.0 enhancements, 232 DLSw v2.0 example, 250 DLSw with VLAN support example, 249 DNS server address negotiation, 18 documentation
conventions used, 379 website, 378

Droubleshooting, 191 DTE side frame relay, 95 dynamic frame relay address mapping, 96 dynamic route backup, 154 dynamic route backup achieved through DCC, 154 dynamic route backup configuration example I, 181 dynamic route backup configuration example II, 184 dynamic route backup configuration example III, 185 dynamic route backup configuration example IV, 188 dynamic route backup on a backup interface, 155 EtoFR example, 308 EtoFR translation mapping, 306 EtoPPP and EtoFR
DLSw for SDLC-LAN remote media translation, 247 DLSw v2.0 example, 250 DLSw with VLAN support, 249 LAN-to-LAN DLSw, 245 network requirements, 245, 246, 247, 249, 250 SDLC-to-SDLC DLSw, 246
DLSw for SDLC-LAN remote media translation example, 247 DLSw forwarding on an SDLC interface, 239 DLSw in an Ethernet environment, 233 DLSw in an SDLC environment, 238 DLSw peers, 234 DLSw protocols and standards, 233 DLSw timers, 235 DLSw troubleshooting, 251
configuration, 305 configuring, 305 displaying and maintaining, 306 EtoFR translation mapping, 306 EtoPPP translation mapping, 305 EtoPPP/EtoFR translation table, 305 examples, 307 how EtoPPP and EtoFR handle IP packets, 305 how EtoPPP and EtoFR work, 305
EtoPPP and EtoFR configuration, 305 EtoPPP and EtoFR examples, 307
EtoFR example, 308 EtoPPP example, 307 network requirements, 307, 308
EtoPPP example, 307 EtoPPP translation mapping, 305 EtoPPP/EtoFR translation table, 305
unable to establish a DLSw circuit, 252 unable to establish a TCP connection, 251
DLSw v1.0, 231
386
failed to ping the other side with X.25 on both sides being up, 374, 375 failed to ping XOT PVCs, 376 failed to ping XOT SVCs, 376 features of ISDN caller identification callback, 149 flow control negotiation of X.25 switching, 330 forwarding and filtering, 287 frame
troubleshooting, 109 typical application scenarios, 93 virtual circuit, 91 X.25 parameters for an Annex G interface, 98
frame relay address mapping, 92, 100 frame relay address mappings, 95 frame relay compression
relay subinterface, 101

frame relay
configuration, 110 configuring, 110 displaying and maintaining, 112 examples, 112 FRF.20, 110 FRF.20 IP header compression, 111 FRF.9, 110 FRF.9 compression, 110
frame relay compression configuration, 1 10 frame relay compression examples, 1 12
address mapping, 92, 100 address mappings, 95 Annex G, 97, 103 Annex G interface, 98 basic DCE side frame relay, 100 basic DTE side, 95 configuration, 91 data link connection identifier, 92 DCE side frame relay, 100 displaying and maintaining, 104 DTE side, 95 dynamic frame relay address mapping, 96 examples, 105 frame relay over IP, 102 interface types, 91 LMI protocol, 92 local virtual circuit, 96, 100 marking the DE bit, 99, 103 static frame relay address mappings, 95 subinterface, 97 switching, 101 task list, 94 trap function, 103
387
FRF.20 IP header compression example, 113 FRF.9 stac compression example, 112 network requirements, 112, 113
frame relay configuration, 91 frame relay examples, 105
connecting LANs through a frame relay network, 105 connecting LANs through an Annex G DLCI, 107 connecting LANs with a dedicated line, 106 network requirements, 105, 106, 107
frame relay FRF.20 IP header compression example, 1 13 Frame relay FRF.9 stac compression example, 1 12 frame relay interface types, 91 frame relay local virtual circuit, 96, 100 frame relay over IP, 102 frame relay subinterface, 97, 101 frame relay switching, 101
frame relay task list, 94 frame relay troubleshooting, 109 FRF.20, 1 10 FRF.20 IP header compression, 1 1 1 FRF.9, 1 10 FRF.9 compression, 1 10 HDLC
symbols used, 379 websites, 378

icons, 379 identifying the topology of DCC application, 132 implementing DCC with MP, 144 implementing X.25 load sharing function for IP datagram transmission, 367 InARP introduction, 199 interface to send calling number during an outgoing call, 73 interoperating with DMS100 switches, 88 IP address for an interface, 226 IP address negotiation, 16 IP header compression, 27 IPoA, 198 IPoA example, 213 IPoA overview, 198 IPoEoA, 198 IPoEoA example, 215 IPoEoA overview, 198 ISDN
compression, 227 configuration, 225 displaying and maintaining, 227 encapsulation on an interface, 225 examples, 227 frame format and frame type, 225 IP address for an interface, 226 link status polling interval, 226
HDLC HDLC HDLC HDLC HDLC basic example, 227 compression, 227 configuration, 225 encapsulation on an interface, 225 examples, 227
collecting statistics about ISDN message receiving and sending, 75 configuration, 63 configuring, 64 configuring an interface to check the calling number when an incoming call comes, 76 configuring ISDN BRI, 64 configuring ISDN to carry the Calling-Name field in outgoing packets, 77 configuring ISDN to carry the
basic HDLC example, 227 HDLC in conjunction with IP unnumbered interface example, 228 network requirements, 227, 228
HDLC frame format and frame type, 225 HDLC in conjunction with IP unnumbered interface example, 228 hello interval, 268 how EtoPPP and EtoFR handle IP packets, 305 how EtoPPP and EtoFR work, 305 HP
Connected-Name field in outgoing packets, 77 configuring the interface to send out Alerting messages that do not carry the Channel-ID field, 78 configuring the service type in the ISDN bearer compatibility signaling, 77 deactivation protection for an ISDN BRI interface, 80
388
customer support and resources, 378 document conventions, 379 documents and manuals, 378 icons used, 379 subscription service, 378 support contact information, 378
displaying and maintaining, 82 interface to send calling number during an outgoing call, 73 ISDN B channel selection mode, 74 ISDN BRI leased line, 79 ISDN call check, 81 ISDN Q.931 protocol version, 71 negotiation parameters of ISDN layer 3 protocol, 67 permanent link function at ISDN BRI link layer, 79 progress-to-alerting conversion, 76 remote powering on an ISDN BRI interface, 81 setting the called number or sub-address to be checked during a digital incoming call, 73 setting the local management ISDN B channel, 73 setting the progress indicator value in ISDN signaling messages, 78 sliding window size on a BRI interface, 74 sliding window size on a PRI interface, 75 specifying an ISDN BRI interface to be in permanent active state on physical layer, 80 SPID of the ISDN NI protocol, 72 TEI treatment on the BRI interface, 78 trap function, 81 troubleshooting, 89
ISDN ISDN ISDN ISDN ISDN ISDN ISDN 128K leased lines, 86 B channel selection mode, 74 BRI, 64 BRI leased line, 79 call check, 81 caller identification callback, 149 caller identification callback with C-DCC, 149
389
ISDN caller identification callback with RS-DCC, 150 ISDN configuration, 63 ISDN examples, 82
connecting routers through ISDN BRI lines running NI, 83 connecting routers through ISDN PRI lines, 82 interoperating with DMS100 switches, 88 ISDN 128K leased lines, 86 network requirements, 82, 83, 84, 86, 88 using ISDN BRI leased lines to implement MP bundling, 84
ISDN leased line, 151 ISDN Q.931 protocol version, 71 ISDN troubleshooting, 89 issuing an AT command to a modem, 193 L2TP
AAA authentication for VPN users on an LNS, 266 AAA authentication for VPN users on LAC side, 261 architecture, 254 background, 254 basic concepts, 254 basic L2TP capability, 260 configuration, 253 configuring an LAC to establish an L2TP tunnel, 262 configuring an LAC to initiate tunneling requests for specified users, 260 configuring an LAC to transfer AVP data in hidden mode, 261 configuring an LNS to grant certain L2TP tunneling requests, 264 connection parameters, 267
control message and data message, 255 disconnecting tunnels by force, 268 displaying and maintaining, 269 examples, 269 features, 258 hello interval, 268 LAC, 260 LCP re-negotiation, 266 LNS, 263 local address and the address pool for allocation, 264 mandatory CHAP authentication, 265 multi-instance, 266 protocols and standards, 258 specifying to send ACCM, 267 task list, 258 three typical tunneling modes, 255 troubleshooting, 279 tunnel and session, 254 tunnel authentication, 267 tunnel establishment process, 256 tunnel flow control, 268 tunneling modes and tunnel establishment process, 255 typical L2TP networking application, 253 user authentication on an LNS, 265 virtual template interface, 263
L2TP L2TP L2TP L2TP L2TP architecture, 254 background, 254 basic capability, 260 configuration, 253 connection parameters, 267
390
L2TP examples, 269
client-initiated VPN, 271 complicated network application, 279 L2TP multi-domain application, 275 LAC-auto-initiated VPN, 273 NAS-initiated VPN, 269 network requirements, 269, 271, 273, 275
L2TP features, 258 L2TP multi-domain application example, 275 L2TP multi-instance, 266 L2TP protocols and standards, 258 L2TP task list, 258 L2TP troubleshooting, 279 L2TP tunnel authentication, 267 L2TP tunnel establishment process, 256 L2TP tunneling modes and tunnel establishment process, 255 L2TP-based EAD
configuration, 281 displaying and maintaining, 282 example, 282 prerequisites, 281
L2TP-based EAD configuration, 281 L2TP-based EAD example, 282
network requirements, 282

LAC, 260 LAC-auto-initiated VPN example, 273 LAN-to-LAN DLSw example, 245 LAPB, 31 1 LAPB (or X.25) of two sides always being down, 374 LAPB and X.25
additional parameters for X.25 datagram transmission, 323 basic parameters of an X.25 interface, 315 basic X.25 datagram transmission functionality, 322 configuration, 310 configuring LAPB, 313
configuring X.25 PAD, 335 configuring X2T, 341 configuring XOT, 337 delay waiting for the response to an Invite Clear message, 335 displaying and maintaining, 342 flow control negotiation of X.25 switching, 330 introduction to basic X.25 interface parameters, 315 LAPB, 311 LAPB example, 343 LAPB frame numbering modulos, 313 LAPB N1 parameter, 313 LAPB N2 parameter, 313 LAPB parameters, 313 LAPB timers, 313 LAPB troubleshooting, 374 LAPB window size K, 313 maximum number of SVCs that can be associated to one address mapping, 324 maximum SVC idle interval, 324 packet acknowledgement threshold, 324 placing an X.25 PAD call to log in to a remote device, 335 PVC application of X.25 over FR, 340 queue length for all the virtual circuits on an interface, 327 restricting the use of address mapping, 328 sending broadcast packets through X.25, 328 SVC application of X.25 over FR, 339
391
troubleshooting X.25, 374 virtual circuit, 312 X.25, 310 X.25 basic switching functionality, 329 X.25 closed user group, 332 X.25 datagram transmission, 322 X.25 datagram transmission introduction, 322 X.25 examples, 346 X.25 interface, 315 X.25 interface supplementary parameters, 318 X.25 interface supplementary parameters
introduction, 318 X.25 load sharing, 330 X.25 over FR, 339 X.25 over TCP (XOT), 336 X.25 PAD introduction, 334 X.25 PAD remote access service, 334 X.25 PAD troubleshooting, 376 X.25 subinterface, 321 X.25 switching, 312, 329 X.25 user facilities, 325 XOT, 336 XOT optional attributes, 338
LAPB and X.25 configuration, 310 LAPB example, 343

LAPB LAPB LAPB LAPB LAPB LAPB frame numbering modulos, 313 N1 parameter, 313 N2 parameter, 313 parameters, 313 timers, 313 troubleshooting, 374
failed to ping the other side with X.25 on both sides being up, 374 LAPB (or X.25) of two sides always being down, 374
LAPB window size K, 313 Layer 3 VE interface, 209 LCP re-negotiation, 266 link fragmentation and interleaving, 27 link layer/network/routing protocol on the dial interface, 133 link report error in PPPoA application, 222 link state error in IPoA application, 222 link status polling interval, 226 LLC2 parameters, 235 LMI protocol, 92 LNS, 263 local address and the address pool for allocation, 264 local reachable MAC or SAP addresses, 243 major functionalities of bridges, 285 making preparatory configuration, 132 mandatory CHAP authentication, 265 manuals, 378 mapping a bridge set to DLSw, 234 marking the DE bit, 99, 103 maximum number of DLSw v2.0 explorer retries, 237 maximum number of PVCs allowed on an ATM interface, 206 maximum number of SVCs that can be associated to one address mapping, 324 maximum SVC idle interval, 324 MFR bundle, 1 17 MFR bundle link, 1 18 MFR direct connection example, 1 19 MFR switched connection example, 120 modem management
modem management troubleshooting, 194 MP, 8
configuration, 4 configuring, 21 configuring other optional parameters, 23 endpoint option, 26 functions, 9 implementation, 8 MP-group, 24 negotiation, 8 short sequence number header format
negotiation, 25 VT interface, 21
MP binding mode examples, 40 MP configuration, 4 MP configuration examples, 30 MP endpoint option, 26 MP example, 38 MP for DCC, 144 MPoFR
configuration, 125 configuring, 125 example, 126

MPoFR configuration, 125 MPoFR example, 126

MS-CHAP authentication, 5, 14 MS-CHAP or MS-CHAP-V2 authentication, 14 MS-CHAP-V2, 6 MS-CHAP-V2 authentication, 14 multicast function of DLSw v2.0, 236 multilink frame relay
configuration, 192 configuring, 192 example, 193 issuing an AT command to a modem, 193 setting the modem answer mode, 193 troubleshooting, 194
modem management configuration, 192 modem management example, 193
configuration, 117 configuring, 117 displaying and maintaining, 119 examples, 119

392
MFR bundle, 117 MFR bundle link, 118

multilink frame relay configuration, 1 17 multilink frame relay examples
Link fragmentation and interleaving, 27 link quality control, 20 MS-CHAP authentication, 5 MS-CHAP-V2, 6 negotiation, 15 negotiation parameters, 15 negotiation timeout time, 16 PAP authentication, 4 PFC negotiation, 19 PPP link phases, 7 Stac LZS compression, 27 traffic statistics collection, 21 troubleshooting, 48 VJ TCP header compression, 27
PPP and MP
MFR direct connection example, 119 MFR switched connection example, 120 network requirements, 119, 120
Multilink frame relay examples, 1 19 NAS-initiated VPN example, 269 negotiation parameters of ISDN layer 3 protocol, 67 nrt_VBR, 199 NT server-to-router callback with DCC, 174 OAM continuity check, 200 OAM F5 loopback, 200 one-way CHAP authentication example, 34 one-way PAP authentication example, 30 optional parameters, 23 optional SDLC parameters, 242 packet acknowledgement threshold, 324 packet loss and CRC errors and changes of interface state, 223 PAP authentication, 4, 10
configuring, 10
permanent link function at ISDN BRI link layer, 79 PFC negotiation, 19 ping failure, 222 ping failure after PPPoA configuration, 223 placing an X.25 PAD call to log in to a remote device, 335 PPP, 4
configuration, 4 examples, 30
PPP and MP configuration, 4 PPP and MP examples, 30
MP binding mode examples, 40 MP example, 38 network requirements, 30, 32, 34, 36, 38, 40 one-way CHAP authentication example, 34 one-way PAP authentication example, 30 PPP IP address negotiation example, 36 two-way PAP authentication example, 32
PPP PPP PPP PPP PPP PPP callback, 146 callback in the C-DCC implementation, 146 callback in the RS-DCC implementation, 147 configuration, 4 examples, 30 link efficiency mechanisms, 26
ACCM negotiation, 18 ACFC negotiation, 19 CHAP authentication, 4 configuration, 4 configuring, 9 DNS server address negotiation, 18 IP address negotiation, 16 IP header compression, 27 link efficiency mechanisms, 26
configuring, 28
393
introduction, 26
PPP PPP PPP PPP PPP PPP link phases, 7 link quality control, 20 negotiation, 15 negotiation parameters, 15 negotiation timeout time, 16 traffic statistics collection, 21
server example, 55 using ADSL to provide backup connection, 60

PPPoE server, 50, 51 PPPoE server example, 55 PPPoE session, 53 PPPoEoA, 198 PPPoEoA client example, 219 PPPoEoA overview, 198 PPPoEoA server example, 217 PPPoFR
enabling, 21 introduction, 21
PPP traffic statistics collection introduction, 21 PPP troubleshooting, 48 PPP, MP, and PPP link efficiency mechanisms
configuration, 123 displaying and maintaining, 123 example, 124

PPPoFR configuration, 123 PPPoFR example, 124
displaying and maintaining, 29

PPPoA, 198 PPPoA example, 216 PPPoA overview, 198 PPPoE, 50

progress-to-alerting conversion, 76 PVC application of X.25 over FR, 340, 362 PVC application of XOT, 359 PVC parameters, 202 PVC service mapping, 205 PVC setup request rejected, 375 PVC state is down while ATM interface state is up, 223 PVCs and the maximum number of PVCs allowed on an interface, 202 queue length for all the virtual circuits on an interface, 327 remote powering on an ISDN BRI interface, 81 remote reachability information, 244 resetting/terminating a PPPoE session, 54 restricting the use of address mapping, 328 router-to-PC callback with DCC, 172 router-to-router callback with DCC (ISDN approach), 171 router-to-router callback with DCC (PPP approach), 169 RS-DCC, 130, 141, 142 RS-DCC application, 159 RS-DCC application with MP, 167 rt_VBR, 199 SDLC address for a secondary station, 240 SDLC encapsulation on an interface, 238 SDLC peer, 240 SDLC roles, 239 SDLC virtual MAC address, 241 SDLC XID, 241 SDLC-to-SDLC DLSw example, 246 sending broadcast packets through X.25, 328
394
client, 50, 52 configuration, 50 dialer interface, 52 dialer interface for an IPv4 PPPoE client, 53 dialer interface for an IPv6 PPPoE client, 53 displaying and maintaining, 54 examples, 55 resetting/terminating a session, 54 server, 50, 51 session, 53
PPPoE PPPoE PPPoE PPPoE client, 50, 52 client example, 56 configuration, 50 examples, 55
accessing the internet through an ADSL interface, 61 client example, 56 connecting a LAN to the internet using an ADSL modem, 58 network requirements, 55, 56, 58, 60, 61
setting the called number or sub-address to be checked during a digital incoming call, 73 setting the CLP bit for ATM cells, 204 setting the local management ISDN B channel, 73 setting the modem answer mode, 193 setting the operating mode for physical interfaces, 133 setting the progress indicator value in ISDN signaling messages, 78 short sequence number header format negotiation, 25 sliding window size on a BRI interface, 74 sliding window size on a PRI interface, 75 SLIP
configuration, 1 configuring, 1 example, 1 network requirements, 1

SLIP configuration, 1 SLIP example, 1 specifying an ISDN BRI interface to be in permanent active state on physical layer, 80 specifying to send ACCM, 267 SPID of the ISDN NI protocol, 72 Stac LZS compression, 27 static frame relay address mappings, 95 subscription service, 378 support and other resources, 378 SVC application of X.25 over FR, 339, 361 SVC application of XOT, 358 symbols, 379 synchronous serial interface properties, 242 TCP/IP header compression protocol application, 370 TEI treatment on the BRI interface, 78 three typical L2TP tunneling modes, 255 traffic statistics collecting interval, 156 transmission priority to an ATM PVC, 205 transmitting IP datagrams through X.25 PVCs, 353 transparent bridging over ATM, 294 transparent bridging over FR, 297 transparent bridging over HDLC, 298 transparent bridging over MP, 296 transparent bridging over PPP, 295 transparent bridging over X.25, 298 trap function, 81, 103 tunnel and session, 254 tunnel flow control, 268 two-way PAP authentication example, 32 typical application scenarios for frame relay, 93 typical L2TP networking application, 253
395
UBR, 199 unable to establish a DLSw circuit, 252 unable to establish a TCP connection, 251 user authentication on an LNS, 265 using ADSL to provide backup connection, 60 using ISDN BRI leased lines to implement MP bundling, 84 virtual circuit, 91, 312 virtual circuit range example, 352 virtual template interface, 263 VJ TCP header compression, 27 VLAN transparency, 293 VLAN transparency example, 303 VP policing, 208 warm-up timer for dynamic route backup, 156 websites, 378 X.25, 310 X.25 and LAPB
protocols, 310
X.25 X.25 X.25 X.25 X.25 X.25 and LAPB protocols, 310 basic switching functionality, 329 closed user group, 332 datagram transmission, 322 datagram transmission introduction, 322 examples, 346
connecting the router to X.25 public packet network, 350 direct connection of two routers connecting through serial interfaces (one address mapping), 346 direct connection of two routers connecting through serial interfaces (two address mappings), 348 network requirements, 346, 348, 350, 352, 353, 355, 358, 359, 361, 362, 364, 367, 370, 371, 372, 373 PVC application of X.25 over FR, 362 PVC application of XOT, 359 SVC application of X.25 over FR, 361 SVC application of XOT, 358
TCP/IP
header
compression
protocol
application, 370 transmitting IP datagrams through X.25 PVCs, 353 virtual circuit range, 352 X.25 load sharing application, 364 X.25 load sharing function for IP datagram transmission, 367 X.25 PAD example, 371 X.25 subinterface example, 355 X2T PVC example, 373 X2T SVC example, 372
X.25 interface, 315 X.25 interface basic parameters, 315 X.25 interface supplementary parameters, 318 X.25 interface supplementary parameters introduction, 318 X.25 load sharing, 330 X.25 load sharing application, 364 X.25 of two sides always being down with LAPB of two sides being up, 374 X.25 over FR, 339 X.25 over TCP (XOT), 336 X.25 PAD example, 371
X.25 PAD introduction, 334 X.25 PAD remote access service, 334 X.25 PAD troubleshooting, 376
failed to ping XOT PVCs, 376 failed to ping XOT SVCs, 376
X.25 X.25 X.25 X.25 X.25 parameters for an Annex G interface, 98 subinterface, 321 subinterface configuration example, 355 switching, 312, 329 troubleshooting, 374
continuous resets and clears of the virtual circuit established, 375 failed to ping the other side with X.25 on both sides being up, 375 PVC setup request rejected, 375 X.25 of two sides always being down with LAPB of two sides being up, 374
X.25 user facilities, 325 X2T, 341 X2T PVC example, 373 X2T SVC example, 372 XOT, 336 XOT optional attributes, 338
396

Manual Hp3com

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Manual Hp3com

Загружено:

Авторское право:

Доступные форматы

HP A-MSR Router Series Layer 2 - WAN Configuration Guide

Part number: 5998-2021 Software version: CMW520-R2207P02 Document version: 6PW100-20110810

Legal and notice information

Use the command

async mode protocol

SLIP configuration example

Figure 1 Network diagram

# Configure interface Serial 2/0 to work in asynchronous and protocol mode.

# Enable SLIP encapsulation on interface Serial 2/0.

# Assign an IP address to interface Serial 2/0.

# Configure interface Serial 2/0 to work in asynchronous and protocol mode.

# Enable SLIP encapsulation on interface Serial 2/0.

# Assign an IP address to interface Serial 2/0.

Verify the configuration.

PPP and MP configuration

Figure 2 PAP authentication

Sending the user name and the password

Ack or Not Ack

Figure 3 CHAP authentication

Ack or Not Ack

PPP link phases

Figure 4 PPP link phases

For more information about PPP, see RFC 1661.

MP link is established after the NCP negotiation succeeds.

Use the command...

4. Set the polling interval. Employ PAP.

timer hold seconds See Configuring PAP authentication.

Employ CHAP. 5. Configure PPP authentication mode.

See Configuring CHAP authentication.

Employ MS-CHAP or MS-CHAP-V2.

See Configuring MS-CHAP or MS-CHAP-V2 authentication.

6. Configure PPP negotiation.

See Configuring PPP negotiation.

Use the command...

8. Enable PPP traffic statistics collection.

Configuring PAP authentication

Use the command

9. Create an ISP domain or enter an existing ISP domain view.

10. Configure local authentication for the PPP users.

authentication ppp local

Configuring the authenticatee

Use the command

ppp pap local-user username password { cipher | simple } password

Configuring CHAP authentication

Configuring CHAP authentication when the authenticator name is configured

Configure the authenticator Use the command

To configure the authenticator: To do

4. Assign a username to the CHAP authenticator.

ppp chap user username

quit local-user username

password { cipher | simple } password

service-type ppp quit

Use the command

10. Create an ISP domain, or enter an existing ISP domain view.

11. Configure local authentication for the PPP users.

authentication ppp local

Configure the authenticatee Use the command

To configure the authenticatee: To do

3. Assign a username to the CHAP authenticate.

ppp chap user username

quit local-user username

6. Set the password for the local user.

password { cipher | simple } password