1

For final production, import color definitions from

\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.

OmniAccess 5510Unified Services Gateway

CLI Configuration Guide

2

Release 3.0

Beta

Notes on numbered items on banner & legal pages1 Man26801 West Agoura Road

Calabasas, CA 91301

(818) 880-3500

FAX (818) 880-3505

support@ind.alcatel.com

US Customer Support(800) 995-2696

International Customer Support(818) 878-4507

Internetservice.esd.alcatel-lucent.com

Website: www.alcatel-lucent.com

Part No: 060285-00, Rev B

34

5

This configuration guide documents release 3.0 of the OmniAccess 5510-AA/AB USG, OmniAccess 5510-SR USG, and OmniAccess 5510-TE USG. The functionality

described in this guide is subject to change without notice.

The specifications and information regarding the products in this manual are subject to change without notice. All statements, information, and recommendations in this manual are believed to be accurate but are presented without warranty of any kind, express or implied. Users must take full responsibility for their application of any products.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE.

This equipment has been tested and found to comply within the limits pursuant to the (Centre for Telecom) rules. These limits are designed to provide protection against harmful interference when the equipment is operated in a commercial environment.

The following information is for the Users of the OmniAccess 5510 Unified Services Gateway: If it is not installed in accordance with the installation instructions, it may not function exactly to the said specifications. Modifying the equipment without Alcatel-Lucents written authorization may result in the equipment no longer complying with the said dimensions.

Copyright 2010, Alcatel-Lucent. All rights reserved. Alcatel-Lucent and Alcatel-Lucent logo are registered trademarks of Alcatel-Lucent. The contents or specifications contained within this document are subject to change without notice.

Not withstanding any other warranty herein, all hardware and software are provided "as is" with all faults. Alcatel-Lucent disclaim all warranties, expressed or implied, including, without limitation, those of merchantability, fitness for a particular purpose and non-infringement or arising from a course of dealing, usage, or trade practice. In no event shall Alcatel-Lucent be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Alcatel-Lucent have been advised of the possibility of such damages.

Table of Contents

1 Preface.............................................................................................................1About This Guide ......................................................................................................................1Supported Platforms .................................................................................................................1Audience ...................................................................................................................................1Organization..............................................................................................................................2

Part I - Introduction .............................................................................................................2Part II - LAN Interfaces .......................................................................................................2Part III- WAN Interfaces......................................................................................................3Part IV - Packet Classification ............................................................................................4Part V - Routing Protocols ..................................................................................................4Part VI - Network Security CLI............................................................................................5Part VII - Quality Of Service ...............................................................................................5Part VIII - TCP/IP Services .................................................................................................6Part IX - License Manager..................................................................................................6

Document Conventions.............................................................................................................7Obtaining Documentation..........................................................................................................8Reference Publications .............................................................................................................8Obtaining Technical Assistance ................................................................................................9Documentation Feedback .........................................................................................................9

Part 1: Introduction

2 The Command Line Interface ......................................................................13CLI Overview...........................................................................................................................13Introduction to CLI Modes .......................................................................................................14

CLI User Mode .................................................................................................................14CLI Configuration Mode....................................................................................................14CLI Sub-Configuration Mode (SCM).................................................................................14

CLI Modes...............................................................................................................................15CLI Modes ........................................................................................................................16Exiting Configuration Modes.............................................................................................27Example............................................................................................................................27Initial Setup.......................................................................................................................28

Using the Command Line Interface.........................................................................................29CLI Help............................................................................................................................29Partial Help .......................................................................................................................32Partial Commands ............................................................................................................32Command Line Editing .....................................................................................................33Command History.............................................................................................................35

Configuring Interfaces .............................................................................................................36Interface Configuration Commands..................................................................................36Interface Types and Limitations........................................................................................36

Common Interface Configuration Commands ..................................................................36Interface Show Commands ..............................................................................................37Clear Interface Commands...............................................................................................39Shutting Down and Bring Up an Interface ........................................................................39Backup Interface...............................................................................................................40

3 System Configuration and Monitoring .......................................................43System Configuration and Monitoring Tasks ..........................................................................43

Chapter Conventions........................................................................................................44Management Plane Overview.................................................................................................45

Out of Band Management ................................................................................................45Inband Management (SSH and Telnet) ............................................................................46Idle Timeout......................................................................................................................49Example............................................................................................................................49Ping ..................................................................................................................................50Example............................................................................................................................50Traceroute ........................................................................................................................53Example............................................................................................................................53Show Inband Sessions .....................................................................................................56Example............................................................................................................................56

Terminal Settings ....................................................................................................................57Example............................................................................................................................57

System Name..........................................................................................................................57Example............................................................................................................................57

AAA Configuration on OmniAccess 5510 USG.......................................................................58To Enable AAA Services ..................................................................................................58Example............................................................................................................................58Authentication Commands ...............................................................................................59Show Commands .............................................................................................................73Clear Commands..............................................................................................................76

Setting and Displaying the System Time and Date.................................................................77Set Time zone ..................................................................................................................78Example............................................................................................................................78Clock Set ..........................................................................................................................78Example............................................................................................................................78Clock Synchronize............................................................................................................79Example............................................................................................................................79

System Logging and Debugging .............................................................................................80Example............................................................................................................................81Example 1.........................................................................................................................82Example 2.........................................................................................................................83Example 3.........................................................................................................................83Example 4.........................................................................................................................83

Rate Limiting in Statlog ...........................................................................................................84Example 1.........................................................................................................................85Example 2.........................................................................................................................85

Example 3.........................................................................................................................85Saving Log Messages.............................................................................................................86

Example............................................................................................................................86Viewing Tech Support ......................................................................................................87Example............................................................................................................................87

The File System ......................................................................................................................88Example 1.........................................................................................................................88Example 2.........................................................................................................................89Copying Files....................................................................................................................89Example............................................................................................................................89Deleting Files....................................................................................................................90Example............................................................................................................................90Configuration File Management .......................................................................................91

Software Package Management .............................................................................................98Package Types.................................................................................................................98To Install a Package on the System .................................................................................99Example............................................................................................................................99To Take a Backup of the Package .................................................................................100Example..........................................................................................................................100To Remove a Package ...................................................................................................101Example..........................................................................................................................101Package Set-default .......................................................................................................101Example..........................................................................................................................101To View Details of the Package......................................................................................102Example 1.......................................................................................................................102Example 2.......................................................................................................................103

Reloading the System...........................................................................................................104Example..........................................................................................................................104

System Monitoring and Troubleshooting...............................................................................105Core Generation .............................................................................................................105System Hardware and Environment Information............................................................105Example..........................................................................................................................105To View Process Information..........................................................................................107Example..........................................................................................................................107Hot Key Support .............................................................................................................109Rescue Mode Options ....................................................................................................111

Factory Default Configuration ...............................................................................................114To Reload Factory Default Configuration .......................................................................116Example..........................................................................................................................116

Importing Certificates ............................................................................................................117Example..........................................................................................................................117

SNMP (Simple Network Management Protocol) ...................................................................122SNMP Agent and Manager.............................................................................................123SNMP Version ................................................................................................................124SNMPv3 Protocol Overview ...........................................................................................124SNMP Configuration Commands ...................................................................................125

SNMP Show Commands................................................................................................130SNMP MIB CLI ...............................................................................................................134SNMP MIB GUI ..............................................................................................................135

4 Virtual Router Redundancy Protocol........................................................137Chapter Organization .....................................................................................................137Chapter Conventions......................................................................................................137

VRRP Overview ....................................................................................................................138VRRP Configuration..............................................................................................................139

VRRP Configuration Steps .............................................................................................139VRRP Configuration Flow...............................................................................................140VRRP CLI Commands....................................................................................................141Modify Global VRRP Group Parameters ........................................................................143Monitor and Debug VRRP ..............................................................................................148

VRRP Interface Tracking ......................................................................................................151Alcatel-Lucent's Interface Tracking Design ....................................................................151

VRRP Configuration Scenario using OmniAccess 5510 USG..............................................153Procedure .......................................................................................................................153VRRP Configuration .......................................................................................................154

Part 2: LAN Interfaces and Configuration

5 Fast Ethernet Interface...............................................................................157Chapter Conventions......................................................................................................157

Ethernet Overview.................................................................................................................158Ethernet Basics ..............................................................................................................158Ethernet Terminologies ..................................................................................................159Switched Ethernet ..........................................................................................................160Full-duplex Ethernet .......................................................................................................160

Fast Ethernet Configuration ..................................................................................................161Fast Ethernet Interface Configuration Steps ..................................................................161Fast Ethernet Interface Configuration Flow ....................................................................162Ethernet Interface Configuration Commands .................................................................163Configure Optional Parameters on the Interface ............................................................165Configure Fast Ethernet Sub-interface ...........................................................................167Fast Ethernet Interface Show Commands......................................................................168Fast Ethernet Interface Clear Commands ......................................................................171

6 Layer 2 Switching Configuration ..............................................................173Chapter Conventions......................................................................................................173

Switching Overview...............................................................................................................174Alcatel-Lucent Specific Overview on Switching..............................................................176

L2 Switching Configuration ...................................................................................................177L2 Switching Configuration Steps...................................................................................177

L2 Switching Configuration Flow ....................................................................................179L2 Switching Commands................................................................................................180L2 Switching Show Commands......................................................................................184L2 Switching Clear Commands ......................................................................................188

Switching Configuration using OmniAccess 5510 USG........................................................189OmniAccess 5510 USG as a Switch with no VLANs......................................................189OmniAccess 5510 USG as a Switch with VLANs...........................................................190

7 Spanning Tree Protocol .............................................................................193Chapter Conventions......................................................................................................193

Spanning Tree Protocol Overview ........................................................................................194STP Configuration.................................................................................................................195

STP Configuration Steps ................................................................................................195STP Configuration Commands.......................................................................................196Show Commands in Spanning Tree...............................................................................200

STP Configuration Example..................................................................................................202Topology.........................................................................................................................202Procedure .......................................................................................................................203Verification......................................................................................................................204

8 Integrated Routing and Bridging ..............................................................205Chapter Conventions......................................................................................................205

Integrated Routing and Bridging Overview ...........................................................................206Alcatel-Lucent Specific IRB Overview ............................................................................206

IRB Configuration..................................................................................................................207IRB Configuration Steps .................................................................................................207IRB Commands ..............................................................................................................208

IRB Configuration using OmniAccess 5510 USG .................................................................209Topology for IRB Configuration on OmniAccess 5510 USG ..........................................209

Part 3: WAN Interfaces and Protocols

9 ADSL (Asymmetric Digital Subscriber Line)............................................213Chapter Conventions......................................................................................................214

ADSL Overview.....................................................................................................................215ATM Configuration ................................................................................................................217

ATM Interface Configuration Steps ................................................................................217ATM Configuration Flow .................................................................................................219ATM Configuration Commands ......................................................................................220Set Encapsulation on the Sub-interface .........................................................................225

10 Universal Serial Port (USP)........................................................................237Chapter Conventions......................................................................................................238

USP (V.35/X.21/RS-232) Overview ......................................................................................239

Alcatel-Lucent Specific Overview ...................................................................................240V.35/X.21/RS-232 Configuration...........................................................................................241

V.35/X.21/RS-232 Interface Configuration Steps ...........................................................241V.35/X.21/RS-232 Configuration Flow............................................................................242V.35/X.21/RS-232 Configuration Commands.................................................................243V.35/X.21/RS-232 DTE Optional Parameters ................................................................245Show Command .............................................................................................................248Clear Command .............................................................................................................249

11 T1E1 Interface .............................................................................................251Chapter Conventions......................................................................................................251

T1 and E1 Overview..............................................................................................................252E1 Interface Overview...........................................................................................................252

E1 Timeslot Functionalities.............................................................................................253Mechanisms Supported by the E1 interface...................................................................253E1 Modes of Operation...................................................................................................254Alcatel-Lucent Specific Overview ...................................................................................254

E1 Configuration ...................................................................................................................255E1 Configuration Steps...................................................................................................255E1 Configuration Flow ....................................................................................................257E1 Configuration Commands .........................................................................................258E1 Show Commands......................................................................................................265Troubleshooting E1 Lines...............................................................................................267

T1 Interface Overview...........................................................................................................268Frame Formats Used in T1.............................................................................................268T1 Modes of Operation...................................................................................................269

T1 Configuration....................................................................................................................270T1 Configuration Steps...................................................................................................270T1 Configuration Flow ....................................................................................................272T1 Configuration Commands..........................................................................................273T1 Show Commands ......................................................................................................280Troubleshooting T1 Lines ...............................................................................................282

12 Third Generation (3G) Wireless WAN Interface .......................................283Chapter Conventions......................................................................................................284

3G Wireless Overview...........................................................................................................285Alcatel-Lucent Specific Overview ...................................................................................285

3G Wireless Configuration ....................................................................................................288Cellular Interface Configuration Steps............................................................................289Cellular Interface Configuration Flow .............................................................................291Cellular Interface Configuration Commands...................................................................292Cellular Interface Show Commands ...............................................................................302Cellular Interface Clear Commands ...............................................................................307

13 High-level Data Link Control .....................................................................309Chapter Conventions......................................................................................................309

HDLC Overview ....................................................................................................................310HDLC Frame Structure...................................................................................................310HDLC Frame Formats ....................................................................................................311HDLC Protocol Operation...............................................................................................311

HDLC Configuration ..............................................................................................................312HDLC Configuration Steps .............................................................................................313HDLC Configuration Flow...............................................................................................315HDLC Configuration Commands ....................................................................................316

14 Frame Relay ................................................................................................321Chapter Conventions......................................................................................................321

Frame Relay Overview..........................................................................................................322Frame Relay Devices .....................................................................................................322Frame Relay Virtual Circuits...........................................................................................322Frame Relay Network Deployments...............................................................................323

Frame Relay Configuration ...................................................................................................324Frame Relay Configuration Steps ..................................................................................325Frame Relay Configuration Flow ....................................................................................327Frame Relay Configuration Commands .........................................................................328

15 Point-to-Point Protocol ..............................................................................337Chapter Conventions......................................................................................................337

PPP Overview.......................................................................................................................339PPP Components ...........................................................................................................339PPP Operation................................................................................................................339

PPP Configuration.................................................................................................................340PPP Configuration Steps................................................................................................341PPP Configuration Flow .................................................................................................343PPP Configuration Commands.......................................................................................344PPP Optional Parameters ..............................................................................................345PPP Show Commands ...................................................................................................354PPP Debug Commands .................................................................................................362

16 Point-to-Point Protocol over Ethernet (PPPoE).......................................363Chapter Conventions......................................................................................................363

PPPoE Overview...................................................................................................................365PPPoE Operation ...........................................................................................................365OmniAccess 5510 USG Specific Overview on PPPoE Features ...................................365

PPPoE Configuration ............................................................................................................366PPPoE Configuration Steps ...........................................................................................367PPPoE Configuration Flow .............................................................................................369PPPoE Configuration Commands ..................................................................................370PPPoE Optional Parameters ..........................................................................................371

PPPoE Show Commands...............................................................................................375

17 Multilink Point to Point Protocol ...............................................................377Chapter Conventions......................................................................................................377

MLPPP Overview..................................................................................................................379MLPPP Components ......................................................................................................380MLPPP Operation...........................................................................................................380Alcatel-Lucent Specific Overview on MLPPP Features..................................................381

MLPPP Configuration............................................................................................................382MLPPP Configuration Steps...........................................................................................383MLPPP Configuration Flow ............................................................................................385MLPPP Configuration Commands..................................................................................386MLPPP Show Commands ..............................................................................................388

MLPPP Configuration Example.............................................................................................389

18 Ethernet OAM (Operations, Administration, and Maintenance).............391Chapter Conventions......................................................................................................391

OAM Overview......................................................................................................................393Alcatel-Lucent Specific Overview ...................................................................................394

OAM Configuration on OmniAccess 5510 USG....................................................................396OAM Configuration Steps...............................................................................................396OAM Configuration Flow ................................................................................................399OAM Configuration Commands......................................................................................400

OAM Configuration using OmniAccess 5510 USG...............................................................417Configuration Steps ........................................................................................................417

19 Bridging Configuration ..............................................................................419Chapter Conventions......................................................................................................419

Bridging overview..................................................................................................................420Alcatel-Lucent Specific Bridging Overview .....................................................................420

Bridging Configuration on PPP/MLPPP/FR/HDLC/FE Interface ...........................................422Bridging Configuration Steps..........................................................................................422Bridging Configuration Flow ...........................................................................................424Bridging Configuration Commands.................................................................................425

BCP Configuration using OmniAccess 5510 USG................................................................432Topology for BCP Configuration on OmniAccess 5510 USG.........................................432

20 Link Fragmentation and Interleaving (LFI)...............................................433Chapter Conventions......................................................................................................433

LFI Overview.........................................................................................................................435Alcatel-Lucent Specific Overview on LFI Features.........................................................435

Overview of LFI in MLPPP....................................................................................................436Packet Formats ..............................................................................................................436Configuration of LFI on MLPPP......................................................................................438

LFI Configuration on MLPPP ................................................................................................439

LFI - MLPPP Configuration Steps ..................................................................................440LFI - MLPPP Configuration Flow ....................................................................................442LFI - MLPPP Configuration Commands .........................................................................443LFI - MLPPP Show Commands......................................................................................446Configuration Example of LFI on MLPPP.......................................................................447

Overview of LFI in Frame Relay............................................................................................450End-to-End Fragmentation .............................................................................................450Packet Formats ..............................................................................................................450Configuration of LFI on FR (and FR Sub Interface)........................................................451

LFI Configuration on FR........................................................................................................452LFI - FR Configuration Steps..........................................................................................453LFI - FR Configuration Flow ...........................................................................................455LFI-FR Configuration Commands...................................................................................456LFI Configuration on FR Sub Interface...........................................................................458LFI - FR Show Commands .............................................................................................459Configuration Example of LFI on FR ..............................................................................462

Part 4: Common Classification

21 Common Classifiers...................................................................................467Chapter Conventions......................................................................................................467

CC Overview.........................................................................................................................468Benefits of Alcatel-Lucent Devices Common Classifiers ................................................469CC Architecture ..............................................................................................................469Before you Configure CC ...............................................................................................470

CC Configuration...................................................................................................................471CC Configuration Steps..................................................................................................471Elements Used in Configuring CC..................................................................................472To Configure a Match-list ...............................................................................................475Example..........................................................................................................................475Rules within Match-lists ..................................................................................................475To Configure Rules Using the Protocol Numbers...........................................................482Lists in CC ......................................................................................................................483Nesting Of Match-lists ....................................................................................................485Show commands in CC ..................................................................................................487Deletion Commands in CC .............................................................................................490

Sample examples on the usage of CC across applications ..................................................492Example 1.......................................................................................................................492Example 2.......................................................................................................................493Example 3.......................................................................................................................494

Part 5: Routing Protocols

22 Protocol Independent Features.................................................................497Protocol Independent Features Configuration ......................................................................497

Chapter Conventions......................................................................................................497Protocol-Independent Configuration...............................................................................498Protocol-Independent Configuration Commands ...........................................................499

23 Routing Information Protocol ....................................................................527Chapter Conventions......................................................................................................527

RIP Overview ........................................................................................................................528RIP Configuration..................................................................................................................529

RIP Configuration Steps .................................................................................................530RIP Configuration Flow...................................................................................................532RIP Configuration Commands........................................................................................533RIP Optional Parameters................................................................................................534RIP Show Commands ....................................................................................................547RIP Clear Commands.....................................................................................................551

24 Border Gateway Protocol ..........................................................................553Chapter Conventions......................................................................................................553

BGP Overview.......................................................................................................................554BGP Configuration ................................................................................................................555

BGP Configuration Steps ...............................................................................................555BGP Configuration Flow .................................................................................................557BGP Configuration Commands ......................................................................................558BGP Show Commands...................................................................................................560BGP Clear Commands ...................................................................................................563

A Typical BGP Example Using OmniAccess 5510 USG.......................................................566

25 Open Shortest Path First ...........................................................................569Chapter Conventions......................................................................................................569

OSPF Overview ....................................................................................................................570OSPF Configuration ..............................................................................................................571

OSPF Configuration Steps .............................................................................................571OSFP Configuration Flow...............................................................................................573OSPF Configuration Commands ....................................................................................574OSPF Optional Parameters............................................................................................575Show Commands in OSPF.............................................................................................593Clear Commands in OSPF .............................................................................................601

OSPF Configuration on OmniAccess 5510 USG..................................................................602Example..........................................................................................................................602

26 Multicast Routing .......................................................................................605Chapter Conventions......................................................................................................605

Multicast Overview................................................................................................................606Protocol Independent Multicast (PIM) ............................................................................606Internet Group Management Protocol (IGMP)................................................................607RFCs ..............................................................................................................................608

PIM Configuration .................................................................................................................609PIM Configuration Steps.................................................................................................609PIM Configuration Flow ..................................................................................................611PIM Configuration Commands .......................................................................................612Show Commands in PIM ................................................................................................617Clear Commands in PIM ................................................................................................620

IGMP Configuration...............................................................................................................621IGMP Configuration Steps..............................................................................................621IGMP Configuration Flow ...............................................................................................623IGMP Configuration Commands.....................................................................................624Show Commands in IGMP .............................................................................................628Show Commands in Multicast ........................................................................................629Clear Commands in Multicast.........................................................................................630

Multicast Configuration on OmniAccess 5510 USG..............................................................631Verifying Multicast Routing .............................................................................................636

27 Policy Based Routing.................................................................................637Chapter Conventions......................................................................................................637

PBR Overview.......................................................................................................................638Alcatel-Lucent Specific Overview ...................................................................................638

PBR Configuration ................................................................................................................639PBR Configuration Steps................................................................................................639PBR Configuration Flow .................................................................................................641PBR Configuration Commands ......................................................................................642Show Commands in PBR ...............................................................................................645Clear Commands............................................................................................................646

PBR Configuration Example .................................................................................................647Configuration Steps ........................................................................................................648Verification......................................................................................................................649

28 Virtual Routing and Forwarding................................................................651Chapter Conventions......................................................................................................652

VRF-CE Overview.................................................................................................................653VRF-CE Configuration ..........................................................................................................655

VRF-CE Configuration Steps..........................................................................................655VRF-CE Configuration Flow ...........................................................................................657VRF-CE CLI Commands ................................................................................................658VRF Show Commands ...................................................................................................667Example..........................................................................................................................667

VRF Clear Commands ...................................................................................................672Example..........................................................................................................................672

Part 6: Network Security

29 Network Address Translation....................................................................675Chapter Conventions......................................................................................................675

NAT Overview.......................................................................................................................676Types of NAT..................................................................................................................676Benefits of NAT ..............................................................................................................678Before You Configure NAT.............................................................................................678Alcatel-Lucent Specific Overview ...................................................................................678

Source NAT Configuration ....................................................................................................679SNAT Configuration Steps .............................................................................................680SNAT Configuration Flow ...............................................................................................682SNAT Configuration Commands ....................................................................................683Sample Configurations of SNAT on OmniAccess 5510 USG.........................................689

Destination NAT Configuration..............................................................................................690DNAT Configuration Steps .............................................................................................691DNAT Configuration Flow...............................................................................................693DNAT Configuration Commands ....................................................................................694Sample Configuration Example of DNAT on OmniAccess 5510 USG ...........................698Bypass............................................................................................................................699NAT Show Commands ...................................................................................................700NAT Clear Commands ...................................................................................................702NAT Debug Commands .................................................................................................703

Modifying NAT Configuration ................................................................................................704Insertions ........................................................................................................................704Updations .......................................................................................................................705NAT Deletion Commands...............................................................................................707

30 Filter and Firewall .......................................................................................709Chapter Conventions......................................................................................................709

Network Security - An overview ............................................................................................710Network Security Terminologies.....................................................................................711Firewall Mechanisms ......................................................................................................712Before You Configure Filters and Firewalls ....................................................................713Alcatel-Lucent Specific Overview ...................................................................................713

Filter Configuration................................................................................................................714Filter Configuration Steps ...............................................................................................714Filter Configuration Flow.................................................................................................716Filter Configuration Commands......................................................................................717Filter Show Commands ..................................................................................................721Filter Deletion Commands ..............................................................................................723Filter Clear Commands...................................................................................................724

L2 (Layer2) Filter Configuration Commands ..................................................................725L2 Filter Show Commands .............................................................................................728L2 Filter Clear Commands..............................................................................................729Sample Examples of Configuring Filters on OmniAccess 5510 USG ............................730

Managing Security Configuration..........................................................................................731Insertions ........................................................................................................................731Updations .......................................................................................................................732

Network Attacks - An Overview.............................................................................................734Types of Network Attacks...............................................................................................734Default Attacks (Rate-limiting / Stateful) .........................................................................735Default Attacks (Non-rate Limiting / Stateless)...............................................................737Optional Attacks .............................................................................................................739

Network Attack Prevention Configuration .............................................................................741Network Attack Prevention Configuration Steps.............................................................741Network Attack Prevention Configuration Flow ..............................................................743Network Attack Prevention Configuration Commands ...................................................744Firewall Show Commands..............................................................................................754Sample Firewall Policy Configurations on OmniAccess 5510 USG ...............................761

Zone Configuration................................................................................................................763Trusted Zone Configuration............................................................................................763Untrusted Zone Configuration ........................................................................................763Semi-trusted Zone or Demilitarized Zone.......................................................................764Three Zone Firewall Example.........................................................................................765Example 2: Simple Zone Configuration in OmniAccess 5510 USG ...............................773

Time-range/Timer Configuration ...........................................................................................775Time-range Configuration Commands ...........................................................................775Time-range Show Command..........................................................................................776

ALGs Supported in OmniAccess 5510 USG.........................................................................777ALG Configuration Commands.......................................................................................779

Customized-service Rule Based ALG Configuration ............................................................786Customizing ALG Commands ........................................................................................786

Typical Rule Based ALG and DNAT Example Using OmniAccess 5510 USG.....................789Security - Best Practices .......................................................................................................791

Rules for Configuring Packet Filters ...............................................................................791

31 IP Security - Virtual Private Network ........................................................795Chapter Conventions......................................................................................................796

IPsec VPN Overview.............................................................................................................797IPsec Enabled VPN ........................................................................................................799IPsec Connection Types.................................................................................................799IPsec Concepts ..............................................................................................................801Benefits of IPsec Enabled VPN ......................................................................................806Default Configuration Setting on OmniAccess 5510 USG..............................................807

IPsec VPN Configuration ......................................................................................................808IPsec VPN Configuration Steps......................................................................................808IPsec VPN Configuration Flow .......................................................................................810

IPsec Configuration Commands.....................................................................................811To Configure the Match-lists...........................................................................................811IPsec Configuration with Pre-shared Key.......................................................................811Example..........................................................................................................................812IPsec Configuration with X.509 Certificates ...................................................................812To Import a RSA Key......................................................................................................813Example..........................................................................................................................813Example..........................................................................................................................813To Export RSA Keys.......................................................................................................821Example..........................................................................................................................821To Delete a CA Certificate..............................................................................................821Example..........................................................................................................................821To Delete a Signed Certificate........................................................................................822Example..........................................................................................................................822To Delete a Peer Certificate ...........................................................................................822Example..........................................................................................................................822To Delete an RSA Key Pair ............................................................................................822Example..........................................................................................................................822Internet Key Exchange (IKE) Policy ...............................................................................823To Configure Transform-set in IPsec..............................................................................827To Configure IPsec Crypto Map .....................................................................................829Example..........................................................................................................................829To Attach Crypto Map to an Interface.............................................................................833Dead Peer Detection (DPD) ...........................................................................................834IPsec VPN Show Commands.........................................................................................836Clear Commands in IPsec..............................................................................................853

IPsec Scenarios on OmniAccess 5510 USG ........................................................................854Best Practices For Deploying IPsec VPN .............................................................................857

Identity ............................................................................................................................857IPsec Access Control .....................................................................................................858IPsec...............................................................................................................................858Network Address Translation .........................................................................................859Network Access Control .................................................................................................859Interoperability ................................................................................................................859Routing Entry..................................................................................................................859

IPsec NAT-Traversal.............................................................................................................860Scenarios Depicting IPsec Nat-traversal...............................................................................861IPsec Tunnel Interface ..........................................................................................................863

Before You Configure IPsec Tunnel Interface ................................................................863Default Configuration on OmniAccess 5510 USG for an IPsec Profile ..........................864

IPsec Tunnel Interface Configuration....................................................................................865IPsec Tunnel Interface Configuration Steps ...................................................................865IPsec Tunnel Interface Configuration Flow.....................................................................867IPsec Tunnel Interface Configuration Commands..........................................................868

IPsec Tunnel Configuration Scenarios using OmniAccess 5510 USG .................................876Dynamic Multipoint Virtual Private Network (DMVPN) Overview..........................................878

Alcatel-Lucent Specific Overview ...................................................................................879DMVPN Configuration...........................................................................................................880

DMVPN Configuration Steps ..........................................................................................880DMVPN Configuration Flow............................................................................................883DMVPN Configuration Commands.................................................................................884

DMVPN Configuration Scenarios using OmniAccess 5510 USG .........................................892IPsec VPN Server Overview .................................................................................................895

Alcatel-Lucent Specific Overview ...................................................................................895IPsec VPN Server Configuration...........................................................................................896

IPsec VPN Server Configuration Steps ..........................................................................896IPsec VPN Server Configuration Flow............................................................................900IPsec VPN Server Configuration Commands.................................................................901

Hardware Crypto Engine Support on OmniAccess 5510 USG .............................................910Overview.........................................................................................................................910To Enable/Disable Crypto Engine ..................................................................................910Example..........................................................................................................................910To View Crypto Engine Configuration ............................................................................910Example..........................................................................................................................910To View Crypto Engine Statistics ...................................................................................911Example..........................................................................................................................911To Clear Crypto Engine Statistics...................................................................................911Example..........................................................................................................................911

32 Intrusion Detection/Intrusion Prevention System...................................913Chapter Conventions......................................................................................................913

IDS/IPS Overview .................................................................................................................914Alcatel-Lucent Specific Overview ...................................................................................914

IDS/IPS Configuration ...........................................................................................................914IDS/IPS Configuration Steps ..........................................................................................915IDS/IPS Configuration Flow............................................................................................917IDS/IPS Configuration Commands .................................................................................918IDS/IPS Show Commands .............................................................................................924IDS/IPS Clear Commands..............................................................................................929IDS/IPS Debug Commands............................................................................................930

IDS/IPS Configuration Scenario Using OmniAccess 5510 USG...........................................931Configuration Steps ........................................................................................................931Show Commands ...........................................................................................................932IDS/IPS Topology ...........................................................................................................932

33 Generic Routing Encapsulation................................................................933Chapter Conventions......................................................................................................933

GRE Overview ......................................................................................................................934GRE Tunnel Setup .........................................................................................................934GRE Tunnel Features.....................................................................................................935Summary ........................................................................................................................936Alcatel-Lucent Specific Overview ...................................................................................936

GRE Tunnel Configuration ....................................................................................................937GRE Configuration Steps ...............................................................................................937GRE Configuration Flow.................................................................................................939GRE CLI Commands......................................................................................................940

GRE Configuration Scenarios using OmniAccess 5510 USG ..............................................9441. GRE Configuration .....................................................................................................9442. GRE + IP Filters + DoS Configuration ......................................................................9463. GRE over IPsec Configuration .................................................................................948

Part 7: Quality of Service

34 Quality of Service .......................................................................................953Chapter Conventions......................................................................................................953

QoS Overview.......................................................................................................................954Generic terms used in QoS ............................................................................................954Alcatel-Lucent Specific Overview on QoS ......................................................................956Traffic Without Policing and Shaping..............................................................................958Traffic with Policing.........................................................................................................959Traffic with Shaping ........................................................................................................960Hierarchical Queuing ......................................................................................................961Bandwidth Sharing in Tunnels........................................................................................963

QoS Configuration.................................................................................................................964QoS Configuration Steps................................................................................................964QoS Configuration Flow .................................................................................................967QoS Configuration Commands.......................................................................................969Class Map Configuration ................................................................................................969Policy Map Configuration................................................................................................971Attaching a Policy Map to an Interface ...........................................................................973Traffic Class Attributes Configuration .............................................................................975Auto QoS Configuration..................................................................................................986

Hierarchical Policy Configuration ..........................................................................................988QoS over Tunnel Interface....................................................................................................993

Example..........................................................................................................................993QoS Show Commands ...................................................................................................995QoS Clear Commands .................................................................................................1003QoS Debug Commands ...............................................................................................1003

QoS Test Scenarios on OmniAccess 5510 USG................................................................1004Traffic Shaping .............................................................................................................1004Priority Queuing............................................................................................................1006

QoS on Frame Relay (Per-PVC Queuing) ..........................................................................1008QoS on FR and FR Sub Interface ................................................................................1008Frame Relay Queuing and Fragmentation on the Interface .........................................1009Alcatel-Lucent Specific Overview .................................................................................1010QoS on FR Configuration Steps ...................................................................................1011QoS on FR Configuration Commands..........................................................................1013

QoS on FR Sub Interface Configuration Commands ...................................................1015QoS on FR Show Commands ......................................................................................1016

L2 QoS................................................................................................................................1017To Attach a L2 Policy Map to an Interface....................................................................1017

Part 8: TCP/IP Services

35 DHCP (Dynamic Host Configuration Protocol) Server..........................1021Chapter Conventions....................................................................................................1021

DHCP Server Overview ......................................................................................................1022Alcatel-Lucent Specific Overview .................................................................................1022

DHCP Server Configuration ................................................................................................1023DHCP Server Configuration Steps ...............................................................................1023DHCP Server Configuration Flow.................................................................................1025DHCP Server Configuration Commands ......................................................................1026DHCP Server Show Commands ..................................................................................1034

DHCP Server Test Scenarios using OmniAccess 5510 USG.............................................1038Configuration Steps ......................................................................................................1039

36 DHCP (Dynamic Host Configuration Protocol) Client...........................1041Chapter Conventions....................................................................................................1041

DHCP Client Overview........................................................................................................1042Alcatel-Lucent Specific Overview .................................................................................1042

DHCP Client Configuration .................................................................................................1044DHCP Client Configuration Steps.................................................................................1044DHCP Client Configuration Flow ..................................................................................1046DHCP Client Configuration Commands .......................................................................1047DHCP Client Show Commands....................................................................................1053

DHCP Client Test Scenarios using OmniAccess 5510 USG ..............................................1055Configuration Steps ......................................................................................................1055

37 TFTP (Trivial File Transfer Protocol) Server ..........................................1057Chapter Conventions....................................................................................................1057

TFTP Server Overview........................................................................................................1058Alcatel-Lucent Specific Overview .................................................................................1058

TFTP Server Configuration .................................................................................................1059TFTP Server Configuration Steps ................................................................................1059TFTP Server Configuration Flow ..................................................................................1060TFTP Server Configuration Commands .......................................................................1061TFTP Show Commands ...............................................................................................1062

38 DHCP (Dynamic Host Configuration Protocol) Relay ...........................1063Chapter Conventions....................................................................................................1063

DHCP Relay Overview........................................................................................................106