Manuel d'utilisation / d'entretien du produit 10014303 du fabricant 3Com
Aller à la page of 63
3Com R outer Configuration Guide for V1.20 http://www.3com.com/ Part No. 10014303 Published Janu ary 2004.
1.1. Intr oduction 1.1.1. Scope This manual provide s configuration inform ation for new software features foun d in V1.20 of the 3Com Router ope rating system. Use thi s addendum to supplement configuration in formation foun d in the 3Com Router Configuration Guide .
Chapter 1 Configuring Class-Based Queuing As an extension of WFQ, class based queui n g (CBQ) provides users with class definition support. CBQ assigns individual FIFO re servation queues to the classes defined by each user to buffer dat a of the same class.
policing upon cong estion. If no congestion occurs, the pri ority class is permitted to use bandwid th exceeding the a ssigned val ue. In case of congestion, pa ckets exceeding the assigne d bandwidth of the priori ty class will be disca rded. Burst size is also configurable under LL Q.
Table 1-2 Define/delete the rule matching all packets Operation Command Define the rule ma tching all pack ets if-match [logic-n ot ] any Delete the rule ma tching all pack ets undo if-match [logic- not ] an y 2) Define the class matching rule Perform the following configuration s in class view .
The matching rules of the source MAC address are only meaningf ul for the policies in inbound direction and the interface of Ethernet type. 5) Define the inbound interface matching rule of a class Perform the following configuration s in class view .
Use the corresponding command to co nfigure the value of ip precedence duri ng the configuration; otherwise, the configuration of the if-match ip pre cedence command will overwrite the prev ious configurations. 8) Define the RTP port matc hing rule Perform the following configuration s in class view .
Perform the following configurat ions in the system view . Table 1-12 Define the policy and enter the policy view Operation Command Define the policy and enter the policy view qos policy policy-name Delete the specifi ed policy undo qos poli cy policy-name If an interface applies this policy , this policy is not allowed to b e deleted.
configured with a maximum band width, the sy stem will assign the cla ss an individual queue, called the default queue. Theoretically , each class can be configured with bandwid th of any size, but generally , the priority classes can occ upy 70% of the total bandwidth, and other ordinary classes and the default class occupy less t han 10%.
3) Configure the maximum queue length of the class Configure maximum queue len gth of the cl ass and co nfigure the drop type as t ail drop. Perform the following configuratio n s in the poli cy-class view .
Table 1-18 Configure exponential of average queue length calculated by WRED Operation Command Configure expone ntial of average queue length calculat ed by WRED wred weighting-constant exponent Delete.
The discarding mode ba sed on WRED mu st already have been en abled via the wr ed ip-precedence command. When the configuration of qos wred is deleted, the wred ip-precedence is also deleted. When the af configuration is deleted, the configuration of discarding p arameters will also be deleted.
If qos gts is used in the class-policy that is app lied to the interface, it can o nly be applied to the outbound interface. When the class including T S is applied to the interface, the original qos gts command that is configured on the in terface will become invalid.
The following is the rule for a policy to be applied in interface view . A policy configured with vari ous features (including remark , car , gts , af , ef , wfq , and wr e d ,) a pply to a common physical interface and a virtual template interface over MP.
In terms of service, service flow 1 must occupy a b andwidth of 10K, service flow 2 must occupy a bandwidt h of 20K, under t he premise of ensuring voice service. 10.1.1.1/24 E0 1.1.1.2/24 E0 1.1.4.2/24 Router A Router B s0 1.1.6.1 s0 1.1.6.2/24 1.1.1.
[RouterA-qosclass-voip] if-match rtp start-port 16384 end-port 32767 [RouterA-qosclass-voip] quit 5 Configure CBQ policy: [RouterA] qos policy 1 6 Configure the bandwid t h of service 1 to be 10K: [Ro.
Chapter 2 Configuring TACACS+ T ACACS+ is facilitated wit h AAA to control PPP , VPDN, and login ac cess to routers. CISCO ACS is the only applicatio n softwa re that is supported. Compared to RADIUS, T ACACS+ features more reliable transmissi on and encryption, and is more suit able for security control.
2.2 The Basic Message Inte raction Flow of TACACS+ For example, use T ACACS+ to implement AAA on a telnet user , and the basic message interaction flow descri bed below is used: 1) A user requests access to the rout er . The router(T ACACS+ client) sends t he authentication sta rt packet to the T ACACS+ server upon receipt of the request.
Us e r HW T A CA C S C lien t HW T ACA C S Se r v e r U s er logs in A u th e n ti c a ti o n S t ar t Re q u e s t p a c k e t A uth en tic a ti o n r es p ons e pa c k e t, req ues ti ng f or th e u.
Standby/Primary server switchover interval The shared key for the AAA negotiati on between the r outer and TACACS+ Server Set the timeout time waiting for a TACACS+ server to make a resp onse Specify a source IP address for all t he TA CACS + packets to be transmitted 2.
Note: When this command is used without being configured with the parameter shared-key key-string for negotiation, the default key configured using the shared-key command will be used.
Caution: 1) The entered key must match the key used by the TACACS+ server. 2) All the leading spaces and ending spaces in a key string will be ignored.
2.5 Displaying and Debugging TACACS+ Execute the following commands in all views. Table 2-7 Display and debug AAA and RADIUS Operation Command Display all the ac counting detai ls. display hwtacacs accounting [ verbose ] Display all the router-TACACS+ interaction de tails.
2 Configure “mykey” as the shared key for the AAA negotiation with the T ACACS+ server . [3Com-HWTACACS-tactemplate1] shared-key mykey [3Com-HWTACACS-tactemplate1] quit 3 Enable AAA. [3Com] aaa-enable 4 Implement authentication on telnet login use r s.
[3Com-serial0] quit 12 Assign an IP add re ss to the interface Ethernet0. [3Com] interface ethernet 0 [3Com-ethernet0] ip address 10.110.1.10 255.255.0.0 13 Assign an IP add re ss to Ethernet1. [3Com-ethernet0] interface ethernet 1 [3Com-ethernet0] ip address 192.
[3Com-HWTACACS-tactemplate1] shared-key mykey [3Com-HWTACACS-tactemplate1] quit 5 Configure the IP address, authentic ation port, and acco unting port on the RADIUS server . [3Com] radius server 10.110.1.2 6 Configure the key , retransmission time s, and the timeout time for the RADIUS server .
13 Apply the default scheme for ac counting on telnet login use r s. [3Com] login-method accounting-mode login telnet default 14 Enable accounting on Serial0, and conf igure and apply the default accou nting scheme.
Chapter 3 Configuring SSH Terminal Service Secure Shell (SSH) is a feature that p rov ides information about security and powerful authentication functions, whic h can protect a router from the att a cks such as IP address spoo fing and plain text p assword.
T o set up a secure and au thenticated SSH conne ctio n, the server and client must go through the communication procedure t hat fa lls into five stages; version negoti ation, key algorithm negotiation, authentica tion type negotiation, session reques t, and session inte r action.
Table 3-2 Configure and destroy RSA key-pairs Operation Command Generate RSA key-pairs rsa local-key-pair create Destroy the RSA key-pairs rsa local-key-pair destroy Caution: An essential operation underlying a successful SSH log in is generating local RSA key-pairs.
Set a server key-pair u pdating interval ssh server rekey-interval hours Restore the defaul t updating interv al undo ssh server rekey-interval By default, the system does not update the server key-p air . Perform this task to set an SSH authenti cation timeout time period.
when entering key dat a but they will be del eted by the syste m. The configured public key must be a consecutive hexadeci mal char acter string coded in the public key format. Execute the public-key-code end comma nd to stop public key editing and save the key .
Perform the following confi guration in sy stem view . Table 3-11 Close SSH processes by force Operation Command Kill SSH process(es ) by force kill ssh { all | userID userid } VI.
Choose the proper SSH versi on. Genera lly the client provide s several SSH versions. V1.20 supports SSH Server 1 .5, so you must choose 1.5 or lower. Specify the RSA key file. If you have conf igured to choose RSA authentication a t the server, you must specify the RSA key file at the client.
III. Choose the SSH version Click “SSH” under “Conn ection” in the left “Category” of the interface, then the following interface appears. Figure 3-2 SSH Client configuration interface (2) S pecify the SSH version to “1”, as shown in the above interfa ce.
Figure 3-3 SSH Client login interface (in password authentication mode ) After you have entered the correct user name and p assword, you can implem ent the connectio n.
Figure 3-4 PuTTY Generator Software interface (1) Choose “SSH1(RSA)” o r “SSH2 RSA” as the p arameter and ente r the number of bit s in the key . Click [Generate] button to generate the RSA key . T o ensure the random key , you are required to move the mouse.
Figure 3-5 PuTTY Key Gen erator interface (2) Enter a passphrase, if you want to use one. Save the key After you have generated t he keys, you have an RSA public key and an RSA private key . Click [Save public key] button and [Save pr ivate key] menu to save the keys into files (e.
If you need to perform an RSA authentication, you must specify the RSA private key file. If you only need to perform the passwo r d authenti cation, it is no t nece ssary . Click the “auth” unde r “SSH” in the PuTTY configuration interface and the foll owing figure appears.
Figure 3-7 SSH Client login interface (in RSA authentication mode) After you have entered the correct username , you can perform the SSH co nnection. If a passphrase was u sed when gener ating the keys, the p assphrase is also re quired before a successful SSH connection can be achieve d.
N o t e : If a local key-pair exists, you can omit this step. Authenticate login users with the password approach [3Com] protocol inbound ssh 5 [3Com] local-user client001 service-type operato.
Chapter 4 Configuring NTP As provisioned in RFC1305, Network T ime Prot ocol (NTP) is a protocol of the TCP/IP suite, which is used to synchronize the timekeepi ng among a set of distributed time servers and client s o n a network. The transmission reli es on UDP .
Upon the departure of the NTP mess age, Router B adds its timestam p 11:00:02am (T 3 ) again. Upon the receipt of the respo nse, Rout er A adds a new timestamp, that is, 10:00:03am (T 4 ). In this way , Router A obtains adequate information for calculating two esse ntial parameters.
Configure the NTP server mode Configure the NTP peer mode Configure the NTP broadcast se rver m ode Configure NTP broadcast client mode Configure NTP multicast server mode Configure NTP multicast client mode I. Configure NTP Server Mode This task sets a remote server as the loca l time server by specifying its address X.
Table 4-2 Configure NTP peer mode Operation Command Configure NTP peer mode ntp-service unicast-peer X.X.X.X [ version number | authentication-key keyid | source-interface { { interface-name | interface-type } interface-number } | priority ] * Disable NTP peer mode undo ntp-service unicast-peer X.
Table 4-4 Configure NTP broadcast client mode Operation Command Configure NTP broadcast clien t mode ntp-service broadcast - client Disable NTP broadcast client mode undo ntp-service broadcast - client This command must be configured on the in terfa ce to be used for receiving NTP broadcas t messages .
Table 4-6 Configure NTP multicast client mode Operation Command Configure NTP multicast clien t mode ntp-service multicast - client [ X.X.X.X ] Disable NTP multicast client m ode undo ntp-service multicast - client Multicast IP address X.X.X.X default s to 224.
4.2.4 Specify Reliable Key Y ou must specify a key to be a reliable one before it can be u sed for authentication. For example, if two routers w ant to use keyid 1 for a uthentication, both of them must specify it to be a reliable one. Perform the following confi guration in sy stem view .
Table 4-11 Set an external reference clock or the local clock as the NTP master clock Operation Command Set an external ref erence clock or the local clock as the NTP master clock ntp-service refclock-m aster [ X.X.X.X ] [ stratum ] Disable the NTP master c lock setting undo ntp-service refclock-master [ X.
Table 4-13 Set the right for accessing the NTP services provided by the local router Operation Command Set the right for ac cessing the NTP services provided by the local rout er ntp-service access { .
Perform the debugging command in all views to debu g the NTP information. Table 4-15 Display and debug the NTP information Operation Command Display the state i nformation of t he NTP services display.
4.3.2 ntp-service s ource-interface disable Syn tax ntp-service source-interface disable undo ntp-service source-i nterface disable View Interface view Parameter None Description Using the ntp-service source-inte rface disable command, you can disable an interface to receive NTP messages.
vers io n : Defines NTP version number . number : NTP version number in the range of 1 to 3. authentication-k eyid : Defines an authenticatio n key . keyid : The key ID carried i n the messages transmitted to the remote serve r , which is in the range of 1 to 4294967295.
4.3.4 ntp-servi ce unicast-server Syn tax ntp-service unicast-s erver X.X.X.X [ ver sio n number | authentication-keyid keyid | source-interface { interface-name | interface-type interface-number } | priority ] * undo ntp-service unicast-server X.X.X.
This command declare s that the local time se rver is the remote server spe cified by X.X.X.X . X.X.X.X represents a host a ddress, which must not be a broadcast or multicast address, or the IP address of the reference clock.
Chapter 5 Configuring X2T The X.25 to TCP swit ch (X2T) technology can interco nnect X.25 and IP networks and enables access b etween X.25 and IP hosts.
Configure X2T route I. Enabling X.25 Swit c hing Before configuring X2T , yo u must enable X.25 switching. Perform the following confi guration in sy stem view . Table 5-1 Configure X.25 switching Operation Command Enable X.25 switc hing x25 switching Disable X.
forwarding route Delete the X.25-to-IP X2T forwarding route undo translate x25 x.121-address 2) Configuring an IP-to-X.25 X2T forwarding route Perform the following confi guration in sy stem view . Table 5-4 Configure an IP-to-X.25 X2T forwarding route Operation Command Configure an IP-to-X.
2 Configure the interface at the X.25 network side. [3Com] interface serial 0 [3Com-Serial0] link-protocol x25 dce [3Com-Serial0] x25 x121-address 1111 3 Configure the interface at the IP network side. [3Com] interface ethernet 0 [3Com-Ethernet0] ip address 10.
Chapter 6 Configuring Additional ISDN Support ISDN configuration includes the followin g t a sks: • Configuring the ISDN signaling type. • Configuring the negotiation p arameters of ISDN Layer 3. • Configuring the SPID pa rameters of the National (NI) ISDN protocol.
Configure the router to become ACTIVE to s tart data ex change before receiving C ONNECT ACK messages. undo isdn waitconnectack Configure the inter val for the Q931 timers isdn q931-timer timer-name t.
These can optionally be removed from the SETUP m essag e. 6.2.3 ATT 5ESS (Lucent 5E) Table 6-5 Required ATT 5ESS Commands Operation Command Disable the Sendi ng-Complete Information Ele ment in the Se.
Restore the SETUP mes sage. undo isdn ignore llc Configure the router to w ait for CONNECT ACK message replies from the c onnected exchan ge until switc hing to the ACTIVE state. isdn waitconnectack Configure the router to become ACTIVE to s tart data ex change before receiving C ONNECT ACK messages.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté 3Com 10014303 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du 3Com 10014303 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation 3Com 10014303, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le 3Com 10014303 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le 3Com 10014303, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du 3Com 10014303.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le 3Com 10014303. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei 3Com 10014303 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.
