cisco craft works interface configuration applications ... · r3.2 beta draft—cisco highly...

R3 .2 Beta Dra ft—Cisco H i gh ly Conf iden t i a l I n fo rma t ion

Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 526-4100

Cisco Craft Works Interface Configuration Applications Reference GuideCisco IOS XR Software Release 3.2

Text Part Number: OL-5497-04

http://www.cisco.com


THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)

Cisco Craft Works Interface Configuration Applications Reference GuideCopyright © 2005 Cisco Systems, Inc. All rights reserved.


Cisco Craft WorksOL-5497-04

C O N T E N T S

Preface ix

About This Document x

Intended Audience x

Organization of This Document x

Related Documentation xi

Conventions xi

Obtaining Documentation xii

Cisco.com xii

Ordering Documentation xii

Documentation Feedback xiii

Obtaining Technical Assistance xiii

Cisco Technical Support Website xiii

Submitting a Service Request xiii

Definitions of Service Request Severity xiv

Obtaining Additional Publications and Information xiv

C H A P T E R 1 Configuration Applications Overview 1-17

C H A P T E R 2 AAA Application 2-19

TACACS Server Tab 2-20

TACACS Server Hosts Tab 2-21

TACACS Server Groups Tab 2-23

Authentication Tab 2-24

Authorization Tab 2-27

Accounting Tab 2-30

C H A P T E R 3 Alarm Administration Application 3-33

Event Logs Tab 3-34

Correlation Rules Tab 3-35

Rule Definition Subtab 3-37

Rule Apply to Target Subtab 3-37

iii Interface Configuration Applications Reference Guide


Contents

C H A P T E R 4 User Administration Application 4-39

Users Tab 4-41

User Groups Tab 4-41

Task Groups Tab 4-43

AAA User Tasks Window 4-44

C H A P T E R 5 Explicit Path Configuration Application 5-47

C H A P T E R 6 MPLS-TE Configuration Application 6-51

Global Tab 6-53

Labels Tab 6-54

Links Tab 6-55

General Subtab 6-56

Backup Tunnels Subtab 6-57

Tunnel Head Tab 6-58

General Subtab 6-59

Advanced Subtab 6-61

Path Selections Subtab 6-63

Operations Tab 6-65

C H A P T E R 7 Interface Common Attributes Configuration Application 7-69

General Tab 7-70

IPv4 Configuration Subtab 7-71

Dampening Subtab 7-73

Operation Tab 7-76

C H A P T E R 8 Interface Ethernet Configuration Application 8-77

General Tab 8-78



Ethernet Tab 8-83

Operation Tab 8-86

C H A P T E R 9 Interface POS Configuration Application 9-87

General Tab 9-88



ivCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Contents

POS Tab 9-93

PPP Common Subtab 9-94

PAP Subtab 9-95

CHAP Subtab 9-97

Operation Tab 9-99

C H A P T E R 10 SONET Port Configuration Application 10-101

SONET Tab 10-102

SONET Configuration Subtab 10-102

Alarm Reporting Subtab 10-104

Operation Tab 10-107

C H A P T E R 11 Access Control Lists Application 11-109

Basic Subtab 11-110


TCP/UDP/SCTP Subtab 11-115

ICMP/IGMP Subtab 11-119

C H A P T E R 12 Packet Filter Application 12-121

C H A P T E R 13 QoS Application 13-123

Classmaps Tab 13-124

Policymaps Tab 13-127

Congestion Mgmt Subtab 13-129

Congestion Avoidance Subtab 13-131

Police (traffic/conform) Subtab 13-132

Police (exceed/violate) Subtab 13-135

Mark Subtab 13-139

Service Policies Tab 13-142

C H A P T E R 14 Routing Policy Manager Application 14-143

Prefix Lists Tab 14-144

Standard Community Lists Tab 14-145

Expanded Community Lists Tab 14-146

AS Path Access Lists Tab 14-147

vCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Contents

C H A P T E R 15 BGP Configuration Application 15-149

General Tab 15-151

Global Address Family Configuration Window 15-154

Cluster ID Subtab 15-157

Confederation Subtab 15-158

Graceful Restart Subtab 15-160

Router ID Subtab 15-162

Write Limit Subtab 15-164

Networks Tab 15-166

Aggregates Tab 15-167

Redistribution Tab 15-169

Neighbors Tab 15-172

Neighbor Address Family Configuration Window 15-177

Neighbor Groups Tab 15-183

Neighbor Group Address Family Configuration Window 15-187

Session Groups Tab 15-193

AF Groups Tab 15-197

Generic Config Subtab 15-199

Filtering Policy Subtab 15-201

Operations Tab 15-203

C H A P T E R 16 IS-IS Configuration Application 16-209

Router Operations Tab 16-210

Creating an IS-IS Process 16-211

Logical Router Process Tree 16-212

Process Tabs 16-212

General Tab 16-212

LSP Settings Tab 16-214

Advanced Tab 16-216

Address Family Tabs 16-219

General Subtab 16-220


MPLS-TE Subtab 16-223

Route Summarization Subtab 16-225

Route Propagation Subtab 16-227

Admin Distance Subtab 16-228

Interfaces Tabs 16-229

General Subtab 16-230

viCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Contents

Supported Address Families Subtab 16-231

PDU Settings Subtab 16-233


C H A P T E R 17 LDP Configuration Application 17-241

Interfaces Tab 17-242

General Tab 17-243

Neighbors Tab 17-246


C H A P T E R 18 OSPF Configuration Application 18-251

General Tab 18-252


Creating an OSPF Instance 18-254

Logical Router Instance Tree 18-255

Instance Tabs 18-255

General Tab 18-256

Route Summarization Tab 18-258

Admin Distance Tab 18-260

Advanced Tab 18-261


Interface Settings Tab 18-266

Creating an OSPF Area 18-272

Area Tabs 18-273

General Tab 18-273

Inter-area Summary Routes Tab 18-274

Virtual Links Tab 18-275

Interface Settings Tab 18-279

C H A P T E R 19 RSVP Configuration Application 19-289

Interfaces Tab 19-290

General Tab 19-294


GL O S S A R Y

IN D E X

viiCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Contents

viiiCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Preface

Beta Draft Highly Confidential Information - Available to authorized customers under nondisclosure

The Craft Works Interface (CWI) is a client-side application used to configure and manage routers. The management and configuration features include fault, configuration, security, and inventory, with an emphasis on speed and efficiency.

The CWI provides a context-sensitive graphical representation of the objects in a router, simplifying the process of configuring and managing the router. The CWI allows you to log in to multiple routers and perform the following management tasks:

• View, filter, sort, search, correlate, purge, and monitor real-time alarms.

• View, filter, export, and search real-time inventory and interface object attribute information.

• Display a dynamic graphical representations of routers.

• Telnet/SSH to the router for command-line interaction.

• Troubleshoot management connectivity problems.

The CWI provides three ways to configure and manage a router:

• Using a Telnet or Secure Shell (SSH) session launched from the CWI, which allows you to configure and manage the router using command-line interface (CLI) commands. Refer to the Cisco Craft Works Interface User Interface Guide.

• Using the Configuration Editor or Replace Configuration Editor, which allows you to view and edit the running configuration in CLI format. The configuration editors provide common text editing functionality as well as traditional CLI features. Refer to the Cisco Craft Works Interface User Interface Guide.

• Using the graphical configuration applications. See Chapter 2 through Chapter 19 for detailed information on the configuration applications.

Support is provided to manage a two-stage commit functionality which includes locking and rollback control.

ixCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Preface About This Document

The chapter contains the following sections:

• About This Document, page x

• Conventions, page xi

• Obtaining Documentation, page xii

• Documentation Feedback, page xiii

• Obtaining Technical Assistance, page xiii

• Obtaining Additional Publications and Information, page xiv

About This DocumentThe Cisco Craft Works Interface Configuration Applications Reference Guide provides detailed descriptions of each CWI configuration application interface, including field descriptions. The CWI supports Cisco IOS XR Software Release 3.2.

Intended AudienceThis document is intended for the following categories of personnel:

• Experienced service provider administrators

• Cisco telecommunications management engineers

• Third-party field service technicians who have completed the Cisco router training sessions

• Customers who use and manage the Cisco routers on a daily basis

Organization of This DocumentThis document contains the following chapters:

• Chapter 1, “Configuration Applications Overview”

• Chapter 2, “AAA Application”

• Chapter 3, “Alarm Administration Application”

• Chapter 4, “User Administration Application”

• Chapter 5, “Explicit Path Configuration Application”

• Chapter 6, “MPLS-TE Configuration Application”

• Chapter 7, “Interface Common Attributes Configuration Application”

• Chapter 8, “Interface Ethernet Configuration Application”

• Chapter 9, “Interface POS Configuration Application”

• Chapter 10, “SONET Port Configuration Application”

• Chapter 11, “Access Control Lists Application”

• Chapter 12, “Packet Filter Application”

• Chapter 13, “QoS Application”

• Chapter 14, “Routing Policy Manager Application”

xCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Preface Conventions

• Chapter 15, “BGP Configuration Application”

• Chapter 16, “IS-IS Configuration Application”

• Chapter 17, “LDP Configuration Application”

• Chapter 18, “OSPF Configuration Application”

• Chapter 19, “RSVP Configuration Application”

• “Glossary”

• “Index”

Related Documentation

Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the router documentation on Cisco.com for any updates.

The following additional documentation is available:

• Cisco IOS XR Getting Started Guide

• Cisco Craft Works Interface Quick Start Guide

• Cisco Craft Works Interface User Interface Guide

• Cisco Craft Works Interface Configuration Guide

• Cisco IOS XR Interface Configuration Guides

• Cisco IOS XR XML API Guide

• Cisco IOS XR software configuration guides and command references

ConventionsThis document uses the following conventions:

Item Convention

Commands and keywords boldface font

Variable for which you supply values italic font

Displayed session and system information screen font

Information you enter boldface screen font

Variables you enter italic screen font

Menu items and button names boldface font

Selecting a menu item Option > Network Preferences

xiCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Preface Obtaining Documentation

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Tip Means the following information will help you solve a problem. The information in tips might not be troubleshooting or an action, but contains useful information.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Obtaining DocumentationCisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.comYou can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:


You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering DocumentationYou can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

• Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

xiiCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04

http://www.cisco.com/univercd/home/home.htm


http://www.cisco.com/public/countries_languages.shtml

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

http://www.cisco.com/en/US/partner/ordering/index.shtml


Preface Documentation Feedback

Documentation FeedbackYou can send comments about technical documentation to [email protected].

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco SystemsAttn: Customer Document Ordering170 West Tasman DriveSan Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical AssistanceFor all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support WebsiteThe Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Submitting a Service RequestUsing the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

xiiiCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04

http://www.cisco.com/techsupport

http://tools.cisco.com/RPF/register/register.do

http://www.cisco.com/techsupport/servicerequest


Preface Obtaining Additional Publications and Information

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)EMEA: +32 2 704 55 55USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request SeverityTo ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various online and printed sources.

• Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

• The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

• Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

xivCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04

http://www.cisco.com/techsupport/contacts

http://www.cisco.com/go/marketplace/

http://cisco.com/univercd/cc/td/doc/pcat/

http://www.ciscopress.com




• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

• World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

xvCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


http://www.cisco.com/go/iqmagazine

http://www.cisco.com/ipj

http://www.cisco.com/en/US/learning/index.html



xviCisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Cisco Craft Works Interface ConfOL-5497-04

C H A P T E R 1
Configuration Applications Overview

The Craft Works Interface (CWI) allows you to configure Cisco routers in a network. The CWI provides the following configuration applications:

• The following Administration Configuration applications manage user access, permissions, and alarms:

– Chapter 2, “AAA Application”—Administers system access security.

– Chapter 3, “Alarm Administration Application”—Specifies event (alarm) log and correlation rule parameters.

– Chapter 4, “User Administration Application”—Allows root-system (superusers) to manage users, user groups, and task groups.

• The following applications display and configure traffic tunnels and explicit IP paths:

– Chapter 5, “Explicit Path Configuration Application”—Creates and configures an IP Explicit Path (IEP).

– Chapter 6, “MPLS-TE Configuration Application”—Configures Multiprotocol Label Switching traffic engineering (MPLS-TE) on the router.

• The following Interfaces Configuration applications display, configure, and manage Ethernet, and packet-over-SONET (POS) interfaces:

– Chapter 7, “Interface Common Attributes Configuration Application”—Displays and sets attributes common to all available interfaces.

– Chapter 8, “Interface Ethernet Configuration Application”—Displays and sets the attributes specific to the available Ethernet interfaces.

– Chapter 9, “Interface POS Configuration Application”—Displays and sets the attributes specific to the available POS interfaces.

• The SONET application configures the SONET on a router port using Layer 1 SONET transport technology. See Chapter 10, “SONET Port Configuration Application”

• The following Policy Configuration applications display, configure, and manage system-wide, policy-related rules that apply to traffic passing through the router:

– Chapter 11, “Access Control Lists Application”—Displays, creates, and edits access control lists (ACLs) and access control entries (ACEs).

– Chapter 12, “Packet Filter Application”—Displays and chooses the inbound and outbound ACLs that apply to each interface.

1-17iguration Applications Reference Guide


Chapter 1 Configuration Applications Overview

– Chapter 13, “QoS Application”—Displays and edits class maps, policy maps, and service policies.

– Chapter 14, “Routing Policy Manager Application”—Configures prefix lists and autonomous system path access lists.

• The following Protocols Configuration applications manage, create, display, and edit protocol data and settings on the router:

– Chapter 15, “BGP Configuration Application”—Displays, edits, and configures Border Gateway Protocol (BGP) neighbor, session, and address family parameters.

– Chapter 16, “IS-IS Configuration Application”—Displays, edits, and configures an Intermediate System-to-Intermediate System (IS-IS) routing protocol on process, address, family (topology), and interface levels.

– Chapter 17, “LDP Configuration Application”—Displays, edits, and configures Label Distribution Protocol (LDP) globally and enables or disables LDP for each interface or neighbor.

– Chapter 18, “OSPF Configuration Application”—Displays, edits, and configures Open Shortest Path First (OSPF) processes, areas, and interfaces.

– Chapter 19, “RSVP Configuration Application”—Displays, edits, and configures Resource Reservation Protocol (RSVP) configurations for available interfaces.

1-18Cisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04



C H A P T E R 2
AAA Application

The AAA Application contains the following tabs:

• TACACS Server Tab, page 2-20

• TACACS Server Hosts Tab, page 2-21

• TACACS Server Groups Tab, page 2-23

• Authentication Tab, page 2-24

• Authorization Tab, page 2-27

• Accounting Tab, page 2-30

Authentication, authorization, and accounting (AAA) is a network security service that provides the primary framework to set up access control on a router or access server. AAA is an architectural framework and modular means of configuring three independent but closely related security functions in a consistent manner. It is flexible and scalable, and supports, TACACS+ authentication.

The following three functions are described:

• Authentication—This function identifies users on a network using an authentication scheme prior to being allowed access to the network and network services. AAA authentication is configured by defining a named list (or unnamed default list) of authentication methods and then applying that list to various interfaces. The method list defines the types of authentication to be performed and the sequence in which they will be performed. It must be applied to a specific interface before any of the defined authentication methods can be performed.

• Authorization—This function controls authorization for each service. AAA authorization works by assembling a set of attributes that describe what the user is authorized to perform. These attributes are compared to the information contained in a database for a given user and the results are returned to AAA to determine the user’s actual privileges and restrictions.

• Accounting—This function collects and sends security server information used for billing, auditing, and reporting, such as user identities, start and stop times, and executed commands. Accounting lets administrators track the services that users are accessing and the amount of network resources they are consuming. When AAA accounting is activated, the network access server reports user activity to the TACACS+ security server in the form of accounting records. As with authentication and authorization, AAA accounting is configured by defining a list of accounting methods and then applying that list to various interfaces.

See Figure 2-1 for an example of the AAA Administration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the AAA Administration application.



Chapter 2 AAA Application TACACS Server Tab

Figure 2-1 AAA Application

TACACS Server TabThe Tacacs Server tab allows you to perform the following tasks:

• Configure the time out.

• Choose an authentication key.

• Choose a source interface.

See Figure 2-1 for an example of the Tacacs Server tab. Table 2-1 describes the Tacacs Server tab fields.


OL-5497-04


Chapter 2 AAA Application TACACS Server Hosts Tab

TACACS Server Hosts TabThe Tacacs Server Hosts tab allows you specify a TACACS+ host server.

The Tacacs Server Hosts tab allows you to perform the following tasks:

• Configure the IP address for the host.

• Configure the port number and timeout parameters.

• Choose an authentication key.

You can reorder the TACACS+ server hosts by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

Table 2-1 Tacacs Server Tab Description

Field Description

Time Out field Allows you to enter the interval that the server waits for a server host to reply,

Auth Key Allows you to configure the authentication encryption key used for all TACACS+1 communications between the router and the TACACS+ daemon.

The key name entered must match the key used on the TACACS+ daemon. All leading spaces are ignored; spaces within and at the end of the key are not. If you use spaces in your key, do not enclose the key in quotation marks unless the quotation marks themselves are part of the key.

This key name applies to all servers that have no individual keys specified

1. TACACS = Terminal Access Controller Access Control System

Auth Key field Allows you to view the authentication encryption key chosen using the Auth Key ellipsis button. (See Auth Key ellipsis button.)

Auth Key ellipsis button

Allow you to set the authentication encryption key.

Click the Auth Key ellipsis button to open the TacacsServer Global Configuration dialog box. Enter an authentication key in the Auth Key field and confirm the authentication key in the Retype Auth Key field.

Source Interface Allows you to choose the source IP address for the interface for all outgoing TACACS+ packets.

The Source Interface specifies the name of the interface whose IP address should be used for all outgoing TACACS+ packets. This address is used as long as the interface is in the up state. In this way, the TACACS+ server can use one IP address entry associated with the network access client instead of maintaining a list of all IP addresses.

The Source Interface is especially useful in cases where the router has many interfaces and you want to ensure that all TACACS+ packets from a particular router have the same IP address.

When the specified interface does not have an IP address or is in a down state, TACACS+ behaves as if no source interface configuration is used.

Source Interface field

Allows you to view the source IP address chosen using the Source Interface ellipsis button. (See Source Interface ellipsis button.)

Source Interface ellipsis button

Allows you to choose the source IP address from the Select Interfaces dialog box.


OL-5497-04


Chapter 2 AAA Application TACACS Server Hosts Tab

See Figure 2-2 for an example of the Tacacs Server Hosts tab. Table 2-2 describes the Tacacs Server Hosts tab fields.

Figure 2-2 Tacacs Server Hosts Tab

Table 2-2 Tacacs Server Hosts Tab Description

Field Description

IP Address field Allows you to specify the IP address of the TACACS+1 server.

Port Number field Allows you to specify a server port number.

Timeout field Allows you to specify a timeout value that sets the length of time the AAA server will wait to receive a response from the TACACS+ server.

The Timeout field overrides the global timeout value set in the Tacacs Server tab for this server only.

Auth Key Allows you to choose the authentication encryption key used for all TACACS+ communications between the router and the TACACS+ daemon. The Auth Key overrides the authentication key set in the Tacacs Server tab for this server only.


OL-5497-04


Chapter 2 AAA Application TACACS Server Groups Tab

TACACS Server Groups TabThe Tacacs Server Groups tab allows you to choose a subset of the configured server hosts and use them for a particular service.

A server group is a list of server hosts of a particular type. The supported server host type is TACACS+ server hosts. A server group is used in conjunction with a global server host list and lists the IP addresses of the chosen server hosts.

The Tacacs Server Groups tab allows you to add TACAC+ server IP addresses from the global list to the group.

See Figure 2-3 for an example of the Tacacs Server Groups tab. Table 2-3 describes the Tacacs Server Groups tab fields.

Auth Key field Allows you to view the authentication encryption key chosen using the TacacsServer Global Configuration dialog box. (See Auth Key ellipsis button.)

Auth Key ellipsis button

Allows you to choose the authentication encryption key used for all TACACS+ communications between the router and the TACACS+ daemon from the TacacsServer Global Configuration dialog box. Enter an authentication key in the Auth Key field and confirm the authentication key in the Retype Auth Key field.

The Auth Key field overrides the authentication key set in the Tacacs Server tab for this server only.


Table 2-2 Tacacs Server Hosts Tab Description (continued)

Field Description


OL-5497-04


Chapter 2 AAA Application Authentication Tab

Figure 2-3 Tacacs Server Groups Tab

Authentication TabThe Authentication tab allows you to create a series of authentication methods, or a method list. A method list is a named list describing the authentication methods to be used (such as TACACS+), in sequence. The subsequent methods of authentication are used only if the initial method returns an error, not if it fails.

Table 2-3 Tacacs Server Groups Tab Description

Field Description

Group Name field Allows you to enter the name of a group of servers.

Selected Servers list Allows you to choose servers to add to the server group. Click the Add button to open the Tacacs Server dialog box and choose a server.

For the AAA1 server group configuration to succeed, the server should be reachable at the time of configuration. Once configured, this group can be referenced from the AAA method lists (used while configuring authentication, authorization, or accounting).

1. AAA = authentication, authorization, and accounting


OL-5497-04



The default method list will be applied for all the interfaces for authentication, except when a different named method list is explicitly specified, in which case the explicitly specified method list will override the default list.

The following port behavior for authentication is supported:

• Console—Authentication is bypassed only if no authentication is configured and no local username is configured. If a username is configured locally, authentication is performed.

• Virtual type terminal (vty)—Authentication is performed under all circumstances (not bypassed). If no authentication is configured for the line, then the default method list is used. If a default method list is defined present, then local authentication is performed.

• Auxiliary (aux)—Authentication is performed under normal working conditions, but authentication is bypassed under abnormal circumstances such as low memory and loss of connectivity. Only local authentication is supported. A local username assigned to the root-system group and a secret password is required for authentication. The aux port runs Korn Shell (KSH).

The Authentication tab allows you to perform the following tasks:

• Choose the authentication type and list name.

• Configure the method entry.

See Figure 2-4 for an example of the Authentication tab. Table 2-4 describes the Authentication tab fields.


OL-5497-04



Figure 2-4 Authentication Tab

Table 2-4 Authentication Tab Description

Field Description

Authentication Area

Type list Allows you to choose the method list type. The following options are listed:

• login—Set the authentication for login.

• ppp—Set the authentication for PPP1.

List Name list Allows you to choose the list name of the authentication method list. The following options are listed:

• default—Use the default list of methods for authentication.

• remote—Use the default list of methods for administrative authentication on a remote nonowner LR2.

• named list—Enter a list name for the named list of methods for authentication.


OL-5497-04


Chapter 2 AAA Application Authorization Tab

Authorization TabThe Authorization tab allows you to set parameters for authorization and to create named method lists defining specific authorization methods that can be used on a per-line or per-interface basis.

Note The authorization applies to the one performed by an external AAA server and not for task-based authorization. This authorization is always performed and cannot be disabled.

The Authorization tab allows you to specify method lists for authorization that define the ways authorization will be performed and the sequence in which these methods will be performed. A method list is a named list describing the authorization methods to be used (such as TACACS+), in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, thus ensuring a backup system in case the initial method fails. The first method listed to authorize users for specific network services is used, but if that method fails to respond the next method listed in the method list is chosen. This process continues until there is communication with a listed authorization method, or until all methods defined have been exhausted.

Note The router OS software attempts authorization with the next listed method only when there is no response or an error response (not a failure) from the previous method. If authorization fails at any point in this cycle—meaning that the security server or local username database responds by denying the user services—the authorization process stops and no other authorization methods are attempted.

Method Entry Area

Method list Allows you to choose the method. The following options are listed:

• Server Group—A method list that uses a named subset of TACACS+3 servers for authentication. You can specify up to four TACACS+ server groups. The Group Name field and ellipsis button become available when Server Group is chosen.

• Line—A method list that uses the line password for authentication.

• Local—A method list that uses the local username database method for authentication.

• None—No method list is chosen.

Group Name Allows you to choose up to four server group names for the method list server group.

Group Name field Allows you to view the group names chosen from the Tacacs Server Groups dialog box. (See Group Name ellipsis button.)

Group Name ellipsis button

Allows you to choose up to four server group names from the Tacacs Server Groups dialog box.

Method List list Shows the authentication method lists.

1. PPP = Point-to-Point Protocol

2. LR = logical router


Table 2-4 Authentication Tab Description (continued)

Field Description


OL-5497-04



Two methods for authorization are supported:

• TACACS+ method—The router exchanges authorization information with the TACACS+ security daemon. Command authorization allows the administrator to define commands that are permitted or denied for a user or a group of users. TACACS+ authorization defines specific rights for users by associating attribute-value (AV) pairs, which are stored in a database on the TACACS+ security server, with the appropriate user.

• None method—The router does not request authorization information; authorization is not performed over this line or interface.

Method lists are specific to the type of authorization being requested. The router OS software supports three types of AAA authorization:

• Command authorization—Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands.

Note “Command” authorization is distinct from “task-based” authorization, which is based on the task profile established during authentication.

• EXEC authorization—Applies authorization for starting an EXEC session.

• Network authorization—Applies authorization for network services Internet Key Exchange (IKE).

When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type. Once defined, method lists must be applied to specific lines or interfaces before any of the defined methods will be performed. Do not use the names of methods, such as TACACS+, when creating a new method list.

The authorization causes a request packet containing a series of AV pairs to be sent to the TACACS+ daemon as part of the authorization process. The daemon can do one of the following:

• Accept the request as is.

• Make changes to the request.

• Refuse the request and refuse authorization.

The Authorization tab allows you to perform the following tasks:

• Choose the authorization type and list name.


See Figure 2-5 for an example of the Authorization tab. Table 2-5 describes the Authorization tab fields.


OL-5497-04



Figure 2-5 Authorization Tab

Table 2-5 Authorization Tab Description

Field Description

Authorization Area

Mode list Allows you to choose the method list type. The options are:

• commands—Enables authorization for EXEC shell commands.

• exec—Enables authorization for an interactive (EXEC) session.

• network—Enables authorization for the network.

List Name list Allows you to define the list name of the authorization method list.


OL-5497-04


Chapter 2 AAA Application Accounting Tab

Accounting TabThe Accounting tab allows you to create default or named method lists defining specific accounting methods that can be used on a per-line or per-interface basis. The list name can be applied to a line (console, aux, or vty template) to enable accounting on that particular line.

Currently, the router OS software supports only the TACACS+ method for accounting. The router reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.

Method lists for accounting define the way accounting will be performed, enabling you to designate a particular security protocol to be used on specific lines or interfaces for particular types of accounting services. When naming a method list, do not use the names of methods, such as TACACS+.

When AAA accounting is activated, the router monitors TACACS+ AV pairs pertinent to the connection. The router reports these attributes as accounting records, which are then stored in an accounting log on the security server.

The requested user process begins regardless of whether the “start accounting” notice was received by the accounting server.

The Accounting tab allows you to perform the following tasks:

• Choose the accounting type, default, and list name.


See Figure 2-6 for an example of the Accounting tab. Table 2-6 describes the Accounting tab fields.

Method Entry Area

Method Allows you to choose the method. The following options are listed:

• Server Group—A method list that uses a named subset of TACACS+1 servers for authorization. You can specify up to four TACACS+ server groups. The Group List field and ellipsis button become available when Server Group is chosen.

• Local—A method list that uses the local username database method for authentication.

• None—A method list that uses no authorization. Authorization will succeed if all prior methods (if any) return an error.


Group Name field Allows you to view the group names chosen from the Tacacs Server Groups dialog box. (See Group Name ellipsis button.)


Allow you to choose up to four server group names from the Tacacs Server Groups dialog box.

Method List Shows the authorization method lists.


Table 2-5 Authorization Tab Description (continued)

Field Description


OL-5497-04



Figure 2-6 Accounting Tab

Table 2-6 Accounting Tab Description

Field Description

Authorization Area

Mode list Allows you to choose the mode. The following options are listed:

• commands—Enables accounting for EXEC shell commands.

• exec—Enables accounting for an interactive (EXEC) session.

• network—Enables accounting for the network.

Default list Allows you to choose when to send a start or stop accounting message. The following options are listed:

• StartStop—Sends a “start accounting” notice at the beginning of a process and a “stop accounting” notice at the end of a process. The requested user process begins regardless of whether the “start accounting” notice was received by the accounting server. Enabling command accounting makes the router send only stop records even if start-stop is chosen.

• StartOnly—Sends a “stop accounting” notice at the end of the requested user process.

List Name list Allows you to choose default as the list name of the accounting method list.


OL-5497-04



Method Entry Area

Method list This list allows you to choose the method. The following options are listed:

• Server Group—A method list that uses a named subset of TACACS+1 servers for authentication. You can specify up to four TACACS+ server groups. The Group List field and ellipsis button become available when Server Group is chosen.

• None—A method list that uses no accounting.


Group Name field Allows you to view the server group names chosen from the Tacacs Server Groups dialog box. (See Group Name ellipsis button.)


Allows you to choose up to four server group names from the Tacacs Server Groups dialog box.

Method List list Shows the accounting method lists.


Table 2-6 Accounting Tab Description (continued)

Field Description


OL-5497-04



C H A P T E R 3
Alarm Administration Application

The Alarm Administration Application contains the following tabs and subtabs:

• Event Logs Tab, page 3-34

• Correlation Rules Tab, page 3-35

– Rule Definition Subtab, page 3-37

– Rule Apply to Target Subtab, page 3-37

The Alarm Administration application allows you to configure alarm and correlation rule parameters.

Alarm settings can be adjusted to respond to changes in user activity, network events, or system configuration that affect network performance or network monitoring requirements. The appropriate alarm settings depend on the configuration and requirements of the system.

Correlation rules extend system logging to include the ability to group similar messages generated by various applications and servers on the distributed router system while isolating the root cause.

The alarm logs are used to monitor and store alarm messages that are emitted by system servers and applications, and the correlation rules are used to correlate alarm messages that tend to be emitted due to a single root cause.

Correlation rules provide the ability to group alarm logs emitted because of a shared root cause. With correlation rules, alarms can be associated and grouped on the basis of alarm groups, alarm codes, time stamps, and alarm severity. The most significant root alarms describing events affecting system performance can be isolated.

When logged alarms are correlated, the attribute in the resulting alarm record and the correlated logs are set with a common ID that associates the records. The root, causal message appears in the alarm record. All other related messages are tagged along with the root message and stored in the correlated log record. In this way, log correlation can be used to prevent event storms (for instance, by filtering out messages resulting from too many clients trying to access the alarm agent).

Refer to the Cisco Craft Works Interface User Interface Guide for information on the Correlation Record Viewer in the Alarm Viewer.

See Figure 3-1 for an example of the Alarm Administration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Alarm Administration application.



Chapter 3 Alarm Administration Application Event Logs Tab

Figure 3-1 Alarm Administration Application

Event Logs TabThe Event Logs tab allows you to perform the following tasks:

• Configure the alarm log size.

• Configure the log threshold level.

• Display the current alarm log size in bytes and number of alarms.

• Filter alarm by severity.

• Manually purge the alarm log.

• Configure the correlation log size.

• Manually purge the correlation log.

Caution Decreasing the alarm log size may clear some alarm event records from the alarm record buffer.


OL-5497-04


Chapter 3 Alarm Administration Application Correlation Rules Tab

Caution Modifications to alarm settings that lower the severity level for reporting alarms and lower the threshold for generating capacity can slow system performance.

See Figure 3-1 for an example of the Event Logs tab. Table 3-1 describes the Event Logs tab fields.

Correlation Rules TabThe Correlation Rules tab allows you to perform the following tasks:

• Specify a rule name and timeout duration.

• Specify the message group and code names.

• Add and delete items from the target list.

See Figure 3-2 for an example of the Correlation Rules tab. Table 3-2 describes the Correlation Rules tab fields.

Table 3-1 Event Logs Tab Description

Field Description

Alarm Log Area

Log Size field Allows you to configure the size of the event logging buffer.

Capacity Threshold field

Allows you to specify the logging events buffer threshold. This field contains the minimum percentage of buffer capacity that must be allocated to messages before an alarm is generated. When the threshold is surpassed, an alarm is generated.

Alarm Log Used (Bytes) field

Displays the size of the current alarm log in bytes. Use this field to check the log size compared to the log size allocated in the Log Size field.

Alarm Log Used (Records)

Displays the number of records in the alarm log.

Alarm Filter slider Allows you to specify a severity level for logging alarm messages. When a severity level is specified, events of a higher severity are also written to the alarm event log.

Purge Log button Allows you to purge all alarm logs in the buffer. When this button is clicked, an Alarm Administration dialog box appears asking you to confirm that you want to purge all alarms.

Correlation Log Area

Log Size field Allows you to configure the logging correlator circular buffer size.

Correlation Log Used (Bytes) field

Displays the size of the current correlation buffer. Use this field to check the correlation log size compared to the correlation log size allocated in the Log Size field.

Purge Log button Allows you to purge the correlation logs in the buffer. When this button is clicked, an Alarm Administration dialog box appears asking you to confirm that you want to purge correlation logs.


OL-5497-04



Figure 3-2 Correlation Rules Tab

Table 3-2 Correlation Rules Tab Description

Field Description

Rule Name field Allows you to specify the rule name for the correlation rule.

Timeout (ms) field Allows you to specify the duration of the message collection period with the period of time beginning with the first arrival of logging messages and continuing until the specified time has expired.

This field defines the correlation rules used by the internal event correlator to store messages in the correlation message buffer. The correlator queues messages for each message pair separately for the duration of the timeout period. When the timeout for a given correlator queue expires and a root message (the first group and message pair defined in the rule) has been captured, only the root message is reported. When no root message has been reported, all other messages in the queue are reported.

The root message is assigned a consecutive correlation ID number. This number is also assigned to each unsent message in the correlator queue and the unsent messages are retained in a buffer maintained by the correlator for future retrieval.

When the same message pair is defined in multiple rules, the rules are applied in alphabetical order. Only the first matching rule is applied (messages can be correlated once by a correlator instance).


OL-5497-04



Rule Definition SubtabThe Rule Definition subtab allows you to perform the following tasks:

• Specify the message group and code names.

• Add and delete items from the target list.

See Figure 3-2 for an example of the Rule Definition subtab. Table 3-3 describes the Rule Definition subtab fields.

Rule Apply to Target SubtabThe Rule Apply to Target subtab allows you to perform the following tasks:

• Specify the objects to add to the target list.

• Specify the source to add to the target list.

• Specify the context parameter to add to the target list.

See Figure 3-3 for an example of the Rule Apply to Target subtab. Table 3-4 describes the Rule Apply to Target subtab fields.

Table 3-3 Rule Definition Subtab Description

Field Description

Group field Allows you to enter the message group name. A code name must also be entered in the Code field before it can be added to the Group/Code List.

Code field Allows you to enter the message code name. A group name must also be entered in the Group field before it can be added to the Group/Code List.

Group/Code List field

Displays the current group and code names for the chosen correlation rule.


OL-5497-04



Figure 3-3 Rule Apply to Target Subtab

Table 3-4 Rule Apply to Target Subtab Description

Field Description

Objects field Allows you to choose multiple objects to add to the Target List.

Context field Allows you to enter a context parameter to add to the Target List.

Target List field Displays the target list for the selected correlation rule.

This field defines the scope of the correlation rules that are applied. Messages that map to a given scope are stored in separate queues. Messages within each queue are correlated. This field is cumulative. The same rule name can be applied to multiple scopes in multiple commands.


OL-5497-04



C H A P T E R 4
User Administration Application

The User Administration Application contains the following tabs and subtabs:

• Users Tab, page 4-41

• User Groups Tab, page 4-41

• Task Groups Tab, page 4-43

• AAA User Tasks Window, page 4-44

The router user attributes form the basis of the router operating system administrative model. Each router user is associated with the following attributes:

• User ID (ASCII string) that identifies the user uniquely across an administrative domain (maximum of 253 characters).

• Password stored encrypted (maximum of 253 characters).

• List of user groups (at least one) of which the user is a member (thereby enabling attributes such as task IDs).

The router allows you to configure groups of users and the job characteristics that are common in groups of users. All groups must be explicitly assigned to users. Users are not assigned to groups by default. A user can be assigned to more than one group.

A user group defines a collection of users who share a common set of attributes such as access privileges. Each user may be associated with one or more user groups.

The router system provides a collection of user groups whose attributes are already defined. The predefined groups include:

• root-system

• root-lr

• sysadmin

• netadmin

• operator

• cisco-support

The user group root-system has root owners as the only members. The root-system group has predefined authorization; that is, it has the complete responsibility for root owner managed resources and certain responsibilities in other logical routers (LRs). Authorization is enabled by default for root system users in any LR. Refer to the Configuring AAA Services on Cisco IOS XR module of the Cisco IOS XR System Security Configuration Guide for detailed information on the predefined user groups.



Chapter 4 User Administration Application

Users can configure their own user groups to meet particular needs.

Router control, configure, or monitor operational tasks are represented by task IDs. A task ID defines the permission to execute an operation. Users are associated with sets of task IDs (a task group) that define their authorized access to the router.

Task IDs are assigned to users through the following means. Each user is associated with one or more user groups. Every user group is associated with one or more task groups. In turn, every task group is defined by a set of task IDs. A user’s association with a particular user group links that user to a particular set of task IDs. A user associated with a task ID can execute any of the operations associated with that task ID.

A task group is defined by a collection of task IDs. Task groups contain task ID lists for each class of task IDs. Each user group is associated with a set of task groups applicable to the users in that group. A user’s task permissions are derived from the task groups associated with the user groups to which that user belongs.

See Figure 4-1 for an example of the User Administration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the User Administration application.

Figure 4-1 User Administration Application


OL-5497-04


Chapter 4 User Administration Application Users Tab

Users TabEach user is identified by a username that is unique across the administrative domain. Each user must be a member of at least one user group. Deleting a user group may orphan the users associated with that group.

The Users tab allows you to perform the following tasks:

• Set the password for a username.

• Assign a username to user groups.

See Figure 4-1 for an example of the Users tab. Table 4-1 describes the Users tab fields.

User Groups TabUser groups are configured with the parameters for a set of users, such as task groups. You can add and remove specific user groups.

The User Groups tab allows you to perform the following tasks:

• Specify a user group name and description.

• Add and delete user groups from the selected user group.

• Add and delete task groups from the selected user group.

Table 4-1 Users Tab Description

Field Description

User Configuration Area

User Name field Allows you to enter a username.

Password Allows to configure the password.

Password field Allows you to confirm that a password has been configured using the User Administration dialog box. (See Password ellipsis button.) The field displays asterisks when there is a configured password.

Password ellipsis button

Allows you to set the password associated with the username using User Administration dialog box. You must enter and confirm the password.

Secret Allows you to configure the secret password. The secret password creates a secure login password.

Secret field Allows you to confirm that a secret password has been configured using the User Administration dialog box. (See Secret ellipsis button.) The field displays asterisks when there is a configured secret password.

Secret ellipsis button

Allows you to set the secure password associated with the username using the User Administration dialog box. You must enter and confirm the secure password.

Show Allows you to open the AAA1 User Tasks window. See the “AAA User Tasks Window” section on page 4-44 for more information on the AAA User Tasks window.

1. AAA = authentication, authorization, and accounting

User Groups Area

Selected User Groups list

Displays the user groups the username can inherit from.

Click the Add button to add a user group. This button opens a User Groups dialog box allowing you to choose a user group. Click Delete to remove a user group from the list.


OL-5497-04


Chapter 4 User Administration Application User Groups Tab

See Figure 4-2 for an example of the User Groups tab. Table 4-2 describes the User Groups tab fields.

Figure 4-2 User Groups Tab

Table 4-2 User Groups Tab Description

Field Description

User Group Configuration Area

Name field Allows you to enter a user group name.

Description field Allows you to enter a description of the user group.

User Groups Area

Selected User Groups list

Displays the user groups the user group is associated with.

Click the Add button to add a user group. This button opens a User Group dialog box, allowing you to choose a user group. Click Delete to remove a user group from the list.

Task Groups Area

Selected Task Groups list

Displays the task groups the user group is associated with.

Click the Add button to add a task group. This button opens a Task Group dialog box, allowing you to choose a task group. Click Delete to remove a task group from the list.


OL-5497-04


Chapter 4 User Administration Application Task Groups Tab

Task Groups TabTask-based authorization employs the concept of a task ID as its basic element. A task ID defines the permission to execute an operation for a given user. Each user is associated with a set of permitted router operation tasks identified by task IDs. Users are granted authority by being assigned to user groups that are in turn associated with task groups. Each task group is associated with one or more task IDs selected from the router set of available task IDs. The first configuration task in setting up the router authorization scheme is to configure the task groups, followed by user groups, followed by individual users.

The Task Groups tab allows you to perform the following tasks:

• Specify a task group name and description.

• Configure read, write, and execute classes for tasks.

• Add, delete, and inherit task groups from the chosen task group.

See Figure 4-3 for an example of the Task Groups tab. Table 4-3 describes the Task Groups tab fields.

Figure 4-3 Task Groups Tab


OL-5497-04


Chapter 4 User Administration Application AAA User Tasks Window

AAA User Tasks WindowThe AAA User Tasks window is opened from the User Administration application. The window allows you to display which tasks all users are assigned to and the privileges for each assigned task (read, write, execute, and notify).

See Chapter 2, “AAA Application,” for information on authentication, authorization, and accounting (AAA) in the AAA Administration application

See Figure 4-4 for an example of the AAA User Tasks Window.

Table 4-3 Task Groups Tab Description

Field Description

Task Group Configuration Area

Name field Allows you to enter a task group name.

Description field Allows you to enter a description of the task group.

Tasks table Allows you to enable and disable the following classes for each task:

• read

• write

• execute

• notify

Checking the check box for a task enables the class for the task. If the check box is unchecked, the class is disabled.

Task Groups area

Selected Task Groups list

Displays inherited the task groups for this task group.

Click the Add button to add a task group. This button opens a Task Groups dialog box allowing you to choose a task group. Click Delete to remove a task group from the list.


OL-5497-04



Figure 4-4 AAA User Tasks Window


OL-5497-04




OL-5497-04



C H A P T E R 5
Explicit Path Configuration Application

The Explicit Path Configuration Application contains one tab.

The Explicit Path Configuration application allows you to configure the explicit path.

An IP explicit path is a list of IP addresses, each representing a node or link in the explicit path.

See Figure 5-1 for an example of the Explicit Path Configuration application. Table 5-1 describes the explicit path application fields.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Explicit Path Configuration application.



Chapter 5 Explicit Path Configuration Application

Figure 5-1 Explicit Path Configuration Application

Table 5-1 Explicit Path Configuration Application Window Description

Field Description

Basics Area

Category list Allows you to choose whether an IP explicit path name or identifier will be entered in the Name/ID field. The following options are listed:

• Name—The IP explicit path is identified by a name.

• Identifier—The IP explicit path is identified by an identifier number.

Name/Id field Allows you to enter a name or identifier for the IP explicit path.

Enable check box Allows you to enable or disable the IP explicit path.

Path Details Table

Index column Displays the index number for the link in the IP explicit path. This value is automatically generated and the field is read-only.

IP Address column Displays the IP address for the link in the IP explicit path.

Double-clicking the cell activates it and allows you to enter the IP address.

Exclude column Allows you to exclude or include the link in the IP explicit path.

Double-clicking the cell changes the value from false to true or from true to false.


OL-5497-04



Up and Down arrows

Allows you to reorder the IP addresses in the explicit path. Choose a row in the table then use the arrows to move the row up or down. The index number is automatically modified based on location in the table relative to other records in the same list.

Add button Allows you to add an IP address to the explicit path. Click the Add button then click the IP Address cell in the table and enter a valid IP address.

Remove button Allows you to remove the chosen IP address from the explicit path. Choose a row in the table then click Remove to remove the IP address from the explicit path.

Table 5-1 Explicit Path Configuration Application Window Description (continued)

Field Description


OL-5497-04




OL-5497-04



C H A P T E R 6
MPLS-TE Configuration Application

The MPLS-TE Configuration Application contains the following tabs and subtabs:

• Global Tab, page 6-53

• Labels Tab, page 6-54

• Links Tab, page 6-55

– General Subtab, page 6-56

– Backup Tunnels Subtab, page 6-57

• Tunnel Head Tab, page 6-58


– Advanced Subtab, page 6-61

– Path Selections Subtab, page 6-63

• Operations Tab, page 6-65

The MPLS-TE Configuration application allows you to configure MPLS-TE (also known as MPLS TE) for a Cisco router.

MPLS is a standards-based solution driven by the Internet Engineering Task Force (IETF) that was devised to convert the Internet and IP backbones into business-class transport mediums. Traffic engineering is the process of adjusting bandwidth allocations to accommodate high-priority traffic. In MPLS-TE, the upstream router creates a network tunnel for a particular traffic destination, reserving the bandwidth required for that tunnel. This network tunnel lets IP match the abilities of ATM or Frame Relay, which both offer that capability under private virtual channels (PVCs).

MPLS traffic engineering automatically establishes and maintains label-switched paths (LSPs) across the backbone using Resource Reservation Protocol (RSVP) by either:

• Dynamic path option

• Explicit path option (manually)

Available resources are flooded throughout the network by means of extensions to a link-state-based Interior Gateway Protocol (IGP).

MPLS-TE enables an MPLS backbone to replicate and expand on the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enables traffic engineering.



Chapter 6 MPLS-TE Configuration Application

MPLS-TE uses IGP (Intermediate System-to-Intermediate System [IS-IS] and Open Shortest Path First [OSPF]) to flood bandwidth information through a network. It also uses RSVP extensions to distribute labels and constraint-based routing to compute paths in the network. These extensions have been defined in RFC 3209.

MPLS-TE provides connectivity failure protection using fast reroute (FRR). FRR protects primary tunnels by using preprovisioned backup tunnels. During a failure condition, the primary tunnel switches over to the backup tunnel.

See Figure 6-1 for an example of the MPLS-TE Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the MPLS-TE Configuration application.

Figure 6-1 MPLS-TE Configuration Application


OL-5497-04


Chapter 6 MPLS-TE Configuration Application Global Tab

Global TabThe Global tab allows you to perform the following tasks:

• Configure the use of explicit-null labels or implicit-null labels.

• Specify the maximum bandwidth hold time and flooding interval.

• Configure the tunnel reoptimization frequency.

See Figure 6-1 for an example of the Global tab. Table 6-1 describes the Global tab fields.

Table 6-1 Global Tab Description

Field Description

Basics Area

Advertise explicit null check box

Allows you to specify that tunnels originating from the router use explicit-null labels.

Link Management Timers Area

Max bandwidth holdtime (secs) field

Allows you to set the length of time that bandwidth is held for an RSVP1 setup message while waiting for the corresponding RSVP Resv message to come back.

1. RSVP = Resource Reservation Protocol

Flooding interval (secs) field

Allows you to set the length of the interval for periodic flooding.

Tunnel Reoptimization Area

Frequency (secs) field

Allows you to control the frequency that tunnels with established LSP2 are checked for better paths.

A value of 0 disables reoptimization.

2. LSP = label switch path

Fast Reroute Promotion Timer (secs) field

Allows you to set the fast reroute backup promotion timer.

Topology Hold-down Timer (secs) field

Allows you to set the link holddown timer when path admission fails on the link, and is used in the next path calculation.

Path Selection Metric Type list

List allows you to choose the metric to use for path calculation. The following options are listed:

• IGP

• TE


OL-5497-04


Chapter 6 MPLS-TE Configuration Application Labels Tab

Labels TabThe Labels tab allows you to configure the range of local labels.

See Figure 6-2 for an example of the Labels tab. Table 6-2 describes the Labels tab fields.

Figure 6-2 Labels Tab


OL-5497-04


Chapter 6 MPLS-TE Configuration Application Links Tab

Links TabThe Links tab contains two subtabs: General and Backup Tunnels. The General subtab is displayed by default when the Links tab is clicked. (See Figure 6-3.)

The Links tab allows you to perform the following tasks:

• Enable MPLS on the link.

• Set flooding thresholds for the interface.

• Specify backup tunnels.

• Configure the administrative weight.

• Configure the attribute flags.

Table 6-2 Labels Tab Description

Field Description

Basics Area

Table Id field Allows you to specify the index of the label table to display.

Label Range Area

Min field Allows you to configure the range minimum of local labels available for use on packet interfaces. The minimum is the smallest label allowed in the label space.

The range provided in the Min and Max fields is used by all MPLS1 applications that allocate local labels (for dynamic label switching [see Max field], MPLS traffic engineering, and MPLS VPNs2).

Labels 0 through 15 are reserved by the IETF3 and cannot be included in the range.

1. MPLS = Multiprotocol Label Switching

2. VPNs = virtual private networks

3. IETF = Internet Engineering Task Force

Max field Allows you to configure the range maximum of local labels available for use on packet interfaces. The maximum is the largest label allowed in the label space.

The range provided in the Min and Max fields is used by all MPLS applications that allocate local labels (for dynamic label switching [see Min field], MPLS traffic engineering, and MPLS VPNs).

Labels 0 through 15 are reserved by the IETF and cannot be included in the range.


OL-5497-04



Figure 6-3 Links Tab

General SubtabThe General subtab allows you to perform the following tasks:

• Specify the link name.

• Set flooding thresholds for the interface.

• Configure the administrative weight.

• Configure the attribute flags.

See Figure 6-3 for an example of the General subtab. Table 6-3 describes the General subtab fields.

Table 6-3 General Subtab Description

Field Description

Basics Area

Name Allows you to specify the name of the interface to be MPLS-TE1 enabled.

Name field Allows you to enter the name of the interface to be MPLS-enabled.


OL-5497-04



Backup Tunnels SubtabThe Backup Tunnels subtab allows you to specify the backup tunnels for the link.

See Figure 6-4 for an example of the Backup Tunnels subtab. Table 6-4 describes the Backup Tunnels subtab fields.

Name ellipsis button Allows you to choose the name of the interface to be MPLS-enabled using the Select Interfaces dialog box.

Administrative weight field

Allows you to specify the cost of the link. The Administrative weight field overrides the IGP2 administrative weight (cost) of the link.

Attribute flags field Allows you to set the user-specified attribute flags for the interface.

This field assigns attributes to a link so that tunnels with matching attributes (represented by their affinity bits) prefer this link instead of others that do not match.

The interface is flooded globally allowing it to be used as a tunnel head-end path selection criterion.

Flooding Thresholds Area

Up Thresholds (%) field

Allows you to set up the flooding thresholds for increased resource availability. You can enter up to 14 space-delimited values within the specified range.

The up and down flooding thresholds set the reserved bandwidth thresholds for a link.

When a threshold is crossed, MPLS traffic engineering link management advertises updated link information. If no thresholds are crossed, changes can be flooded periodically unless periodic flooding is disabled.

Down Thresholds (%) field

Allows you to set the flooding thresholds for decreased resource availability. You can enter up to 14 space-delimited values within the specified range.

The up and down flooding thresholds set the reserved bandwidth thresholds for a link.

When a threshold is crossed, MPLS traffic engineering link management advertises updated link information. If no thresholds are crossed, changes can be flooded periodically unless periodic flooding is disabled.

1. MPLS-TE = Multiprotocol Label Switching traffic engineering

2. IGP = Interior Gateway Protocol

Table 6-3 General Subtab Description (continued)

Field Description


OL-5497-04


Chapter 6 MPLS-TE Configuration Application Tunnel Head Tab

Figure 6-4 Backup Tunnels Subtab

Tunnel Head TabThe Tunnel Head tab contains three subtabs: General, Advanced, and Path Selection. The General subtab is displayed by default when the Tunnel Head tab is clicked. (See Figure 6-5.)

The Tunnel Head tab allows you to perform the following tasks:

• Configure tunnel parameters including path, bandwidth, and source IP address.

• Specify and configure the shortest path first (SPF) calculation.

Table 6-4 Backup Tunnels Subtab Description

Field Description

Tunnel Number list Allows you to enter which tunnels to use as backup tunnels.

Clicking Add adds a blank row in the list, which allows you to double-click the row and enter a valid tunnel number.

Clicking Remove removes the chosen tunnel from the list.


OL-5497-04



• Specify bandwidth.

• Enable record route and fast reroute.

• Specify the tunnel path selection metric used for path calculation.

Figure 6-5 Tunnel Head Tab


• Specify the tunnel name, destination, and bandwidth.

• Specify the tunnel IP address.

• Configure the tunnel priorities.

• Configure the tunnel affinities.



OL-5497-04




Field Description

Basics Area

Tunnel Name field Allows you to enter a tunnel name.

Destination field Allows you to enter the destination of the tunnel.

Bandwidth (kbps) field

Allows you to enter the bandwidth required for an MPLS1 traffic engineering tunnel.

Reserve Bandwidth from SubPool field

Allows you to choose bandwidth from a subpool rather than the global pool.

Shutdown check box Allows you to choose to shut down a tunnel, protecting the interface. When this tunnel is down (shut down or removed) the traffic that it was carrying is rerouted onto another tunnel (if available).

IP Address Area

None radio button Allows you to specify that the IP address is not configured. You can configure a tunnel without specifying the IP address.

Unnumbered Allows you to configure the IP addressing for the tunnel without an explicit address.

Unnumbered radio button

Allows you to enable IP processing without an explicit address.

Unnumbered field Allows you to enter a valid interface name. The Unnumbered radio button must be chosen to enable the Unnumbered field. (See Unnumbered radio button.)

Unnumbered ellipsis button

Allows you to choose an interface from the Select Interfaces dialog box. The Unnumbered radio button must be chosen to enable the Unnumbered ellipsis button. (See Unnumbered radio button.)

IP/Mask Allows you to configure the IP address for the tunnel using an IPv4 address and mask or prefix length.

IP/Mask radio button

Allows you to enable IP processing with an explicit address.

IP/Mask field Allows you to enter a valid IPv4 address and mask or prefix length for the tunnel. The IP/Mask radio button must be chosen to enable the IP/Mask field. (See IP/Mask field.)

Priority Area

Setup Priority field Allows you to enter a setup priority. The priority is used when signaling an LSP2 for the tunnel to determine which existing tunnels can be preempted.

A lower priority number indicates a higher priority. Therefore, an LSP with a setup priority of 0 can preempt any LSP with a non-0 priority.

When an LSP is being signaled and an interface does not currently have enough bandwidth available for that LSP, the call admission software preempts lower-priority LSPs so that the new LSP can be admitted. (LSPs are preempted if the new LSPs are allowed to be admitted.)

The new LSP priority is its setup priority and the existing LSP priority is its hold priority. The two priorities make it possible to signal an LSP with a low setup priority (so that the LSP does not preempt other LSPs on setup) but a high hold priority (so that the LSP is not preempted after it is established). Setup priority and hold priority are typically configured to be equal, and setup priority cannot be better (numerically smaller) than the hold priority.


OL-5497-04



Advanced SubtabThe Advanced subtab allows you to perform the following tasks:

• Configure the autoroute parameters.

• Configure the backup bandwidth parameters.

• Enable reserving backup bandwidth.

• Enable fast reroute.

• Set the load-sharing for each tunnel (indicate the proportion of total traffic you want to be allocated into each individual tunnel).

See Figure 6-6 for an example of the Advanced subtab. Table 6-6 describes the Advanced subtab fields.

Hold Priority field Allows you to enter a hold priority. This is the hold priority associated with an LSP for the tunnel to determine if it should be preempted by other LSPs that are being signaled.

A lower priority number indicates a higher priority. Therefore, an LSP with a setup priority of 0 can preempt any LSP with a non-0 priority.

When an LSP is being signaled and an interface does not currently have enough bandwidth available for that LSP, the call admission software preempts lower-priority LSPs so that the new LSP can be admitted. (LSPs are preempted if the new LSPs are allowed to be admitted.)

The new LSP priority is its setup priority and the existing LSP priority is its hold priority. The two priorities make it possible to signal an LSP with a low setup priority (so that the LSP does not preempt other LSPs on setup) but a high hold priority (so that the LSP is not preempted after it is established). Setup priority and hold priority are typically configured to be equal, and setup priority cannot be better (numerically smaller) than the hold priority.

Affinity Area

Affinity Bits field Allows you to enter the affinity bits value required for links carrying the tunnel. The affinity determines the attributes of the links that this tunnel will use (that is, the attributes for which the tunnel has an affinity).

Affinity Mask field Allows you to set the affinity mask value required for links carrying the tunnel. The affinity determines the attributes of the links that this tunnel will use (that is, the attributes for which the tunnel has an affinity).

The attribute mask determines which link attribute the router should check. If a bit in the mask is 0, the attribute value of a link or that bit is irrelevant. If a bit in the mask is 1, the attribute value of that link and the required affinity of the tunnel for that bit must match. A tunnel can use a link if the tunnel affinity equals the link attributes and the tunnel affinity mask. Any properties set to 1 in the affinity should also be 1 in the mask.

In other words, affinity and mask should be set such that:

tunnel affinity = (tunnel affinity and tunnel affinity mask)




Field Description


OL-5497-04



Figure 6-6 Advanced Subtab

Table 6-6 Advanced Subtab Description

Field Description

Autoroute Area

Auto Announce check box

Allows you to specify that the IGP1 (routing protocol) should use the tunnel (if the tunnel is up) in its enhanced SPF2 calculation.

Currently, the only way to forward traffic onto a tunnel is to enable this feature or explicitly configure forwarding (for example, with an interface static route).

IGP Metric Subarea

Default radio button Allows you to choose the default IP traffic engineering tunnel metric that the IGP enhanced SPF calculation will use. The default is metric relative 0.

Relative Allows you to choose to use the relative metric that the IGP enhanced SPF calculation will use.

Relative radio button

Allows you to choose the relative metric as the IGP metric.

Relative field Allows you to enter a relative metric. A positive, negative, or zero metric value is required. The Relative radio button must be chosen to enable the Relative field. (See Relative radio button.)


OL-5497-04



Path Selections SubtabThe Path Selections subtab allows you to perform the following tasks:

• Choose the path selection metric.

• Choose the available IP path and set the path options.

See Figure 6-7 for an example of the Path Selections subtab. Table 6-7 describes the Path Selections subtab fields.

Absolute Allows you to choose to use the absolute metric that the IGP enhanced SPF calculation will use.

Absolute radio button

Allows you to choose the absolute metric as the IGP metric.

Absolute field Allows you to enter an absolute metric. A positive metric value is required. The Absolute radio button must be chosen to enable the Absolute field. (See Absolute radio button.)

Backup Bandwidth Area

Reserve Backup Bandwidth check box

Allows you to enable or disable reserving backup bandwidth.

From Pool field Allows you to choose the pool for the reserve backup bandwidth. The following options are listed:

• Any Pool—The backup bandwidth in any pool provided by an MPLS3 traffic engineering backup tunnel.

• Global Pool—The backup bandwidth in a global pool provided by an MPLS traffic engineering backup tunnel.

• Sub Pool—The backup bandwidth in a subpool provided by an MPLS traffic engineering backup tunnel. Only LSPs using bandwidth from the subpool can use the backup tunnel.

Unlimited Bandwidth radio button

Allows you to set the reserve backup bandwidth for the tunnel to unlimited.

Limited Bandwidth Allows you to limit the reserve backup bandwidth for the tunnel.

Limited Bandwidth radio button

Allow you to enable limiting the reserve backup bandwidth for the tunnel.

Limited Bandwidth field

Allows you to enter the reserve backup bandwidth.

Other Area

Record Route check box

Allows you to document the route used by a tunnel.

Fast Reroute check box

Allows you to enable fast-reroute protection for the tunnel.


2. SPF = Shortest Path First


Table 6-6 Advanced Subtab Description (continued)

Field Description


OL-5497-04



Figure 6-7 Path Selections Subtab

Table 6-7 Path Selections Subtab Description

Field Description

Path Selection Metric Area

Path Selection Metric list

Allows you to choose the tunnel path selection metric to be used for path calculation. The following options are listed:

• Use IGP Metric

• Use MPLS-TE Metric

Path Option Area

Available IP Path list Allows you to choose a path option for the tunnel.

Choose a path option from the Available IP Path list, then click the To arrow to add the path to the Path Options table. (See Path Options table.)


OL-5497-04


Chapter 6 MPLS-TE Configuration Application Operations Tab

Operations TabThe Operations tab allows you to perform the following tasks:

• Reoptimize tunnels.

• Reset counters.

See Figure 6-8 for an example of the Operations tab. Table 6-8 describes the Operations tab fields.

Path Options table Allows you to configure several path options for a single tunnel. For example, there can be several explicit path options and a dynamic option for one tunnel. The following fields are in the Path Options table:

• Preference—This is a sequential number automatically generated. This field is not user-configurable.

• Name/ID—This field contains the path name or path number of the IP explicit path that the tunnel uses with this path option. This field is not user-configurable.

• Type—This field indicates whether the LSP1 path is dynamically calculated (Dynamic) or is an IP explicit path (Explicit). This field is not user-configurable.

• Lockdown—By default the LSP is reoptimized. The field shows false. Double-clicking the field changes the value from false to true or from true to false.

Up and Down arrows

Allows you to reorder the path options. Choose a row in the table then use the arrows to move the row up or down. The preference number is automatically modified based on location in the table relative to other records in the same list.


Table 6-7 Path Selections Subtab Description (continued)

Field Description


OL-5497-04



Figure 6-8 Operations Tab

Table 6-8 Operations Tab Description

Field Description

Reoptimize Tunnels Area

All tunnels radio button

Allows you to choose all tunnels for reoptimization.

This tunnel Allows you to choose the tunnel for reoptimization.

This tunnel radio button

Allows you to enable the reoptimization of a specific tunnel.

This tunnel field Allows you to enter a tunnel name. The This tunnel radio button must be chosen to enable the This tunnel field. (See This tunnel radio button.)

Reoptimize Tunnels button

Tunnel reoptimization looks for a more optimal path for the tunnel.

Allows you to look for an optimal path for all tunnels or a specified tunnel. When the button is clicked, the Confirm dialog box appears to confirm that you want to reoptimize the tunnels. If Yes is clicked, the tunnels are reoptimized, and if No is clicked, the tunnels are not reoptimized.


OL-5497-04



Clear Counters Area

All Counters radio button

Allows you to clear all counters for tunnels.

Summary Counters radio button

Allows you to clear only summary counters for tunnels.

For this tunnel Allows you to choose a tunnel. Only counters for this tunnel will be cleared.

For this tunnel radio button

Allows you to enable the reoptimization of a specific tunnel.

For this tunnel field Allows you to enter a tunnel name. The For this tunnel radio button must be chosen to enable the For this tunnel field. (See For this tunnel radio button.)

Clear Counters button

Counters include tunnel input and output counters. Clearing counters for tunnels clears (sets to zero) counters so that you can monitor the tunnel traffic easily.

Allows you to clear counters. When the button is clicked, the Confirm dialog box appears to confirm that you want to clear the counters. If Yes is clicked, the counters are cleared, and if No is clicked, the counters are not cleared.

Table 6-8 Operations Tab Description (continued)

Field Description


OL-5497-04




OL-5497-04



C H A P T E R 7
Interface Common Attributes Configuration Application

The Interface Common Attributes Configuration Application contains the following tabs and subtabs:

• General Tab, page 7-70

– IPv4 Configuration Subtab, page 7-71

– Dampening Subtab, page 7-73

• Operation Tab, page 7-76

The Interface Common Attributes Configuration application allows you to configure interface attributes that are common across all interfaces, including Ethernet and Packet-over-SONET POS. Configuration of common attributes prevents the need to enter the same data numerous times across various interfaces.

When a common attribute is configured in the Ethernet or POS application, the changes can be displayed and edited in the Interface Common Attributes Configuration application.

See Figure 7-1 for an example of the Interface Common Attributes Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Interface Common Attributes Configuration application.



Chapter 7 Interface Common Attributes Configuration Application General Tab

Figure 7-1 Interface Common Attributes Configuration Application

General TabThe General tab contains two subtabs: IPv4 Configuration and Dampening. The IPv4 Configuration subtab is displayed by default when the General tab is clicked.

The General tab allows you to perform the following tasks:

• Provide a description of the interface.

• Specify the maximum transmission unit (MTU) Layer 2 value.

• Choose to enable or disable the Cisco Discovery Protocol (CDP).

See Figure 7-1 for an example of the General tab. Table 7-1 describes the General tab fields.


OL-5497-04



IPv4 Configuration SubtabThe IPv4 Configuration subtab allows you to perform the following tasks:

• Specify the IPv4 address and mask.

• Specify secondary addresses for the interface.

• Specify the IPv4 MTU for the interface.

• Configure the software response to Internet Control Message Protocol (ICMP) mask requests.

• Specify helper addresses for the interface.

See Figure 7-1 for an example of the IPv4 Configuration subtab. Table 7-2 describes the IPv4 Configuration subtab fields.

Note If any networking device on a network segment uses a secondary address, all other devices on that same segment must also use a secondary address from the same network or subnet. Inconsistent use of secondary addresses on a network segment can quickly cause routing loops.

Table 7-1 General Tab Description

Field Description

Description field Allows you to enter a description of the interface.

MTU Layer 2 (bytes) field

Allows you to enter a MTU1 Layer 2 value in bytes for the interface. This value is the maximum packet size or MTU size.

The following are the default MTUs according to media type:

• Ethernet—1514 B

• POS—4474 B

• Tunnel—1500 B

• Loopback—1514 B

Each interface has a default maximum packet size or MTU size. This number generally defaults to the largest size possible for that interface type.

1. MTU = maximum transmission unit

CDP list Allows you to enable or disable CDP2 on the interface.

CDP is disabled by default at the global level. CDP is supported on all interfaces except for SRP3 interfaces. To start sending and receiving CDP information on the interface choose enable. Choose disable to stop sending and receiving CDP information on the interface.

CDP allows Cisco routers to discover each other in a protocol-or media-independent way. It allows a device to advertise its existence to devices, and also to detect all other devices on the same LAN (or on the other side of a WAN). CDP is a hello-based protocol, and all devices running CDP will periodically advertise their attributes to their neighbors.

2. CDP = Cisco Discovery Protocol

3. SRP = Spatial Reuse Protocol


OL-5497-04



Table 7-2 IPv4 Configuration Subtab Description

Field Description

IPv4 Configuration Area

Enable IPv4 Processing check box

Enables IPv4 processing, which allows you to either set primary and secondary IP Version 4 addresses for an interface or set an unnumbered interface to make this interface use the unnumbered interface IP address.

An interface can have one primary IP address and multiple secondary IP addresses. Packets generated by the software always use the primary IP address. Therefore, all networking devices on a segment should share the same primary network number.

Unnumbered Allows you to enable IPv4 processing without an explicit address.


Allows you to enable IP v4 processing.

Unnumbered field Allows you to view the chosen interface name.


Allows you to choose an interface from the Select Interfaces dialog box. The Unnumbered radio button must be chosen to enable the Unnumbered field. (See Unnumbered radio button.)

IP Address Allows you to enter a valid IPv4 address for the interface.

IP Address radio button

Allows you to configure the IPv4 address.

IP Address field Allows you to enter a valid IP address. The IP Address radio button must be chosen to enable the IP Address field. (See IP Address radio button.)

Mask field Allows you to enter a valid mask for the IP address of the interface.

Secondary Addresses table

Allows you to specify secondary IP addresses for the interface. Click the Add button to add a secondary address. Choose an address in the table and click Remove to delete a secondary address from the interface.

Double-click a cell in the IP Address column to activate it and enter the IP address for the secondary address. Double-click a cell in the Mask column to activate it and enter the mask for the secondary address.

There can be more than one secondary address specified. Secondary addresses are treated like primary addresses, except that the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP1 requests are handled properly, as are interface routes in the IP routing table.

Secondary IP addresses can be used in a variety of situations. The following are the most common applications:

• There may not be enough host addresses for a particular network segment. For example, your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need to have 300 host addresses. Using secondary IP addresses on the networking devices allows you to have two logical subnets using one physical subnet.

• Many older networks were built using Level 2 bridges. The judicious use of secondary addresses can aid in the transition to a subnetted, router-based network. Routers on an older, bridged segment can be easily made aware that there are many subnets on that segment.

• Two subnets of a single network might otherwise be separated by another network. This situation is not permitted when subnets are in use. In these instances, the first network is extended, or layered on top of the second network using secondary addresses.


OL-5497-04



Dampening SubtabCurrently, a router with an unstable data link (also known as a link flap) may remove itself from service and return to service several times in a matter of seconds, requiring all other routers to rebuild their routing tables with each event. Dampening enables a router experiencing link flap to remove itself from network routing tables until return to data-link stability is ensured. Once the link is stable, an up event is sent and the route is added back to the routing table.

With interface state dampening, the interface will immediately remove itself from the routing table on the down event (link flap). If there are multiple link flaps in a short period of time, the interface will ignore the next up event. The interface will remain down until the data link has stabilized based on the dampening configuration parameters. Dampening can ignore up events based but cannot ignore down events unless the interface is already down.

General Area


Allows you to enter a valid MTU2 Layer 3 size in bytes. The MTU Layer 3 field contains the maximum MTU available for IP traffic.

ICMP Mask Reply check box

Allows you to configure the software to respond to ICMP3 mask requests by sending ICMP mask reply messages to the interface.

Hosts can determine subnet masks using the ICMP mask request message. Networking devices respond to this request with an ICMP mask reply message.

Helper Addresses table

Allows you to specify helper addresses for the interface. Helper addresses are the addresses to which the software forwards UDP4 broadcasts/packets, including BOOTP, received on an interface.

Click the Add button to add a helper address. Choose an address in the table and click Remove to delete a helper address from the interface. There can be more than one helper address for an interface.

Double-click a cell in the Helper IP Address column to activate it and enter the IP address for the helper address.

One common application that requires helper addresses is DHCP5, which is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the networking device interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the networking device. The DHCP server now receives broadcasts from the DHCP clients.

1. ARP = Address Resolution Protocol


3. ICMP = Internet Control Message Protocol

4. UDP = User Datagram Protocol

5. DHCP = Dynamic Host Configuration Protocol

Table 7-2 IPv4 Configuration Subtab Description (continued)

Field Description


OL-5497-04



Dampening delivers resiliency improvements that include the following issues:

• Faster convergence. Routers that are not experiencing link flap reach convergence sooner, because routing tables are not rebuilt each time the offending router leaves and enters service. Faster convergence provides a more stable network because a router remains out of service until it is ready to enter service, ensuring fewer transitions.

• Increased network stability. A router with data-link problems removes itself from service until the data link is consistently stable. Other routers simply redirect traffic around the affected router until data-link issues are resolved, thus ensuring that the router loses no data packets.

The Dampening subtab allows you to perform the following tasks:

• Enable dampening for the interface.

• Configure the half-life, suppress, resuse, and maximum suppress values.

See Figure 7-2 for an example of the Dampening subtab. Table 7-3 describes the Dampening subtab fields.

Figure 7-2 Dampening Subtab


OL-5497-04



Table 7-3 Dampening Subtab Description

Field Description


Dampening check box

Allows you to enable state dampening for the interface.

HalfLife (min) field Allows you to enter a time after which a penalty is decreased (decay half life).

Once the interface has been assigned a penalty, the penalty is decreased by half after the half life period.

Suppress field Allows you to set a suppress threshold. An interface state is suppressed down when its penalty (increased by state flaps) exceeds the suppress threshold.

Reuse field Allows you to set the reuse threshold. An interface state is unsuppressed if the penalty for an interface decreases enough to fall below the reuse threshold.

Max Suppress (min) field

Allows you to set the maximum time (in minutes) that an interface state can be suppressed down. A reasonable rule is to configure the maximum suppress to approximately four times the half-life value.


OL-5497-04


Chapter 7 Interface Common Attributes Configuration Application Operation Tab

Operation TabThe Operation tab allows you to manually shut down the interface.

See Figure 7-3 for an example of the Operation tab. Table 7-4 describes the Operation tab fields.

Figure 7-3 Operation Tab

Table 7-4 Operation Tab Description

Field Description

Shutdown check box Allows you to shut down the interface. Shutdown administratively brings down an interface.


OL-5497-04



C H A P T E R 8
Interface Ethernet Configuration Application

The Interface Ethernet Configuration Application contains the following tabs and subtabs:




• Ethernet Tab, page 8-83


The Interface Ethernet Configuration application allows you to configure interface attributes that are specific to Ethernet interfaces. With the exception of the attributes in the Ethernet tab, when an attribute is configured in the Interface Ethernet Configuration application, the changes can be displayed and edited in the Common application. See the Chapter 7, “Interface Common Attributes Configuration Application,” for information on the Common application.

See Figure 8-1 for an example of the Interface Ethernet Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Interface Ethernet Configuration application.



Chapter 8 Interface Ethernet Configuration Application General Tab

Figure 8-1 Interface Ethernet Application








OL-5497-04












Field Description



Allows you to enter an MTU1 Layer 2 value in bytes for the Ethernet interface. This value is the maximum packet size or MTU size.



CDP list Allows you to enable or disable CDP2 on the Ethernet interface.

CDP is disabled by default at the global level. CDP is supported on all interfaces except for SRP3 interfaces. To start sending and receiving CDP information on the interface, choose enable. Choose disable to stop sending and receiving CDP information on the interface.

CDP allows Cisco routers to discover each other in a protocol and media-independent way. It allows a device to advertise its existence to devices, and also to detect all other devices on the same LAN (or on the other side of a WAN). CDP is a hello-based protocol, and all devices running CDP will periodically advertise their attributes to their neighbors.




OL-5497-04




Field Description







Allows you to enable IP v4 processing.











Double-click a cell in the IP Address column to activate it and enter the IP address for the secondary address. Double-click a cell in the Mask column to activate it. and enter the mask for the secondary address.

There can be more than one secondary address specified. Secondary addresses are treated like primary addresses, except that the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP1 requests are handled properly, as are interface routes in the IP routing table.






OL-5497-04



Dampening SubtabCurrently, a router with an unstable data link (also known as link flap) may remove itself from service and return to service several times in a matter of seconds, requiring all other routers to rebuild their routing tables with each event. Dampening enables a router experiencing link flap to remove itself from network routing tables until return to data-link stability is ensured. Once the link is stable, an up event is sent and the route is added back to the routing table.


General Area



ICMP Mask Replay check box

Allows you to configure the software response to ICMP3 mask requests by sending ICMP mask reply messages to the interface.



Allows you to specify helper addresses for the interface. Helper addresses are the addresses to which the software forwards UDP4 broadcasts and packets, including BOOTP, received on an interface.



One common application that requires helper addresses is DHCP, which is defined in RFC 1531. DHCP5 protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the networking device interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the networking device. The DHCP server now receives broadcasts from the DHCP clients.







Field Description


OL-5497-04





• Increased network stability. A router with data-link problems removes itself from service until the data link is consistently stable, so other routers simply redirect traffic around the affected router until data-link issues are resolved, thus ensuring that the router loses no data packets.







OL-5497-04


Chapter 8 Interface Ethernet Configuration Application Ethernet Tab

Ethernet TabThe Ethernet tab allows you to perform the following tasks:

• Specify an ARP timeout length.

• Enable proxy ARP.

• Configure the Ethernet driver parameters.

See Figure 8-3 for an example of the Ethernet tab. Table 8-4 describes the Ethernet tab fields.


Field Description


Dampening check box







Allows you to set the maximum time (in minutes) that an interface state can be suppressed down. A reasonable rule is to configure the maximum suppress to approximately four times the half-life value.


OL-5497-04



Figure 8-3 Ethernet Tab

Table 8-4 Ethernet Tab Description

Field Description

ARP Configuration Area

ARP Timeout (sec) field

Allows you to enter an ARP1 timeout length.

The ARP timeout length specifies how long dynamic entries learned on an interface remain in the ARP cache.


OL-5497-04



Proxy ARP check box

Allows you to enable or disable proxy APR. Check the check box to enable proxy APR or uncheck the check box to disable proxy APR.

When proxy ARP is disabled, the networking device responds to ARP requests received on an interface only if one of the following conditions is met:

• The target IP address in the ARP request is the same as the interface IP address on which the request is received.

• The target IP address in the ARP request has a statically configured ARP alias.

When proxy ARP is enabled, the networking device also responds to ARP requests that meet all of the following criteria:

• The target IP address is not on the same physical network (LAN) on which the request is received.

• The networking device has one or more routes to the target IP address.

• All of the routes to the target IP address go through interfaces other than the one on which the request is received.

Ethernet Driver Configuration Area

MAC Address field Allows you to enter a valid MAC address for the Ethernet driver.

Speed list Allows you to choose the Ethernet connection speed. The following options are listed:

• 10 Mbps = Ethernet

• 100 Mbps = FastEthernet

• 1000 Mbps = GigabitEthernet

Media Type list Allows you to choose the media type. The following options are listed:

• AUI—attachment unit interface. IEEE2 802.3 interface between a MAU3 and a NIC4. Also called transceiver cable.

• RJ45—registered jack 45.

• MII5—Standard specification for the interface between network controller chips and their associated media interface chips. The MII automatically senses 10- and 100-MHz Ethernet speeds.

Duplex Type Configuration Subarea

Enable Duplex check box

Allows you to enable or disable a duplex configuration.

Full Duplex radio button

Allows you to choose full duplex. The Enable Duplex check box must be enabled for this radio button to be available. (See Enable Duplex check box.)

Half Duplex radio button

Allows you to choose half duplex. The Enable Duplex check box must be enabled for this radio button to be available. (See Enable Duplex check box.)


2. IEEE = Institute of Electrical and Electronics Engineers

3. MAU = media attachment unit

4. NIC = network interface card

5. MII = media independent interface

Table 8-4 Ethernet Tab Description (continued)

Field Description


OL-5497-04


Chapter 8 Interface Ethernet Configuration Application Operation Tab





Field Description

Shutdown check box Allows you to shut down the Ethernet interface. Shutdown administratively brings down an interface.


OL-5497-04



C H A P T E R 9
Interface POS Configuration Application

The Interface POS Configuration Application contains the following tabs and subtabs:




• POS Tab, page 9-93

– PPP Common Subtab, page 9-94

– PAP Subtab, page 9-95

– CHAP Subtab, page 9-97


The Interface POS Configuration application allows you to configure interface attributes that are specific to packet-over-SONET (POS) interfaces. With the exception of the attributes in the POS tab, when an attribute is configured in the Interface POS Configuration application, the changes can be displayed and edited in the Common application. See Chapter 7, “Interface Common Attributes Configuration Application,” for information on the Common application.

POS provides a method for efficiently carrying data packets in SONET or Synchronous Digital Hierarchy (SDH) frames. High-bandwidth capacity and efficient link utilization are characteristics that make POS largely preferred for building the core of data networks. POS uses PPP in High-Level Data Link Control (HDLC)-like framing for data encapsulation at Layer 2 (data link) of the Open System Interconnection (OSI) stack. This method provides efficient packet delineation and error control.

In addition to high-bandwidth efficiency, POS offers secure and reliable transmission for data. Reliable data transfer depends on timing integrity.

The real-time POS functionality is performed in hardware, according to the hardware configuration offline setup. Configured hardware events are detected by the framer application-specific integrated circuits (ASICs) and the control is passed to the software. The generic POS driver is responsible for providing a mechanism to configure the hardware on a per-interface basis, handle interface state transitions, and collect POS-related statistics.

See Figure 9-1 for an example of the Interface POS Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Interface POS Configuration application.



Chapter 9 Interface POS Configuration Application General Tab

Figure 9-1 Interface POS Application








OL-5497-04












Field Description



Allows you to enter an MTU1 Layer 2 value in bytes for the POS2 interface. This value is the maximum packet size or MTU size.


1. MTU= maximum transmission unit

2. POS = Packet over SONET

CDP list Allows you to enable or disable CDP3 on the POS interface.

CDP is disabled by default at the global level. CDP is supported on all interfaces except for SRP4 interfaces. To start sending and receiving CDP information on the interface, choose enable. Choose disable to stop sending and receiving CDP information on the interface.

CDP allows Cisco routers to discover each other in a protocol and media-independent way. It allows a device to advertise its existence to devices, and also to detect all other devices on the same LAN (or on the other side of a WAN). CDP is a hello-based protocol, and all devices running CDP will periodically advertise their attributes to their neighbors.




OL-5497-04




Field Description







Allows you to enable IPv4 processing.











Double-click a cell in the IP Address column to activate it and enter the IP address for the secondary address. Double-click a cell in the Mask column to activate it and enter the mask for the secondary address.

There can be more than one secondary address specified. Secondary addresses are treated like primary addresses, except that the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.






OL-5497-04



Dampening SubtabCurrently, a router with an unstable data link (also known as link flap) may remove itself from service and return to service several times in a matter of seconds, requiring all other routers to rebuild their routing tables with each event. Dampening enables a router experiencing link flap to remove itself from network routing tables until return to data-link stability is ensured. Once the link is stable, an up event is sent and the route is added back to the routing table.




General Area



ICMP Mask Reply check box

Allows you to configure the software response to ICMP2 mask requests by sending ICMP mask reply messages to the interface.



Allows you to specify helper addresses for the interface. Helper addresses are the addresses to which the software forwards UDP3 broadcasts/packets, including BOOTP, received on an interface.



One common application that requires helper addresses is DHCP, which is defined in RFC 1531. DHCP4 protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the networking device interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the networking device. The DHCP server now receives broadcasts from the DHCP clients.






Field Description


OL-5497-04



• Increased network stability. A router with data-link problems removes itself from service until the data link is consistently stable, so other routers simply redirect traffic around the affected router until data-link issues are resolved, thus ensuring that the router loses no data packets.







Field Description

Dampening check box





OL-5497-04


Chapter 9 Interface POS Configuration Application POS Tab

POS TabThe POS tab contains three subtabs: PPP Common, PAP, and CHAP. The PPP Common subtab is displayed by default when the POS tab is clicked.

The POS tab allows you to perform the following tasks:

• Configure encapsulation.

• Configure PPP parameters.

• Configure Password Authentication Protocol (PAP) parameters.

• Configure Challenge Handshake Authentication Protocol (CHAP) parameters.

See Figure 9-3 for an example of the POS tab. Table 9-4 describes the POS tab fields.




Allows you to set the maximum time (in minutes) that an interface state can be suppressed down. A reasonable rule is to configure the maximum suppress to approximately four times the half life value.

Table 9-3 Dampening Subtab Description (continued)

Field Description


OL-5497-04



Figure 9-3 POS Tab

PPP Common SubtabThe PPP Common subtab allows you to perform the following tasks:

• Configure the number of authentication retries, unacknowledged confirmation requests, consecutive negative acknowledgments, and unacknowledged terminate requests.

• Enable authentication types.

• Configure the timeout parameters.

Table 9-4 POS Tab Description

Field Description

Encapsulation list Allows you to choose the encapsulation type for the interface. The following options are listed:

• ppp1—Standard protocol for sending data over synchronous serial links

• hdlc2—ISO communications protocol used in X.25 packet switching networks.


2. HDLC = High-Level Data Link Controller


OL-5497-04



See Figure 9-3 for an example of the PPP Common subtab. Table 9-5 describes the PPP Common subtab fields.

PAP SubtabThe PAP subtab allows you to perform the following tasks:

• Refuse PAP authentication from peers.

• Specify the PAP username and password.

See Figure 9-4 for an example of the PAP subtab. Table 9-6 describes the PAP subtab fields.

Table 9-5 PPP Common Subtab Description

Field Description

Max Authentication Failures field

Allows you to enter a specified number of authentication retries. After the number of specified retries is reached, the interface is reset.

Max Conf Requests field

Allows you to enter the number of unacknowledged confirmation requests.

Max Consecutive Conf Naks field

Allows you to enter the number of consecutive negative acknowledgments.

Max Terminate Requests field

Allows you to enter the number of unacknowledged terminate requests.

Authentication Area

PAP check box Allows you to choose PAP1 authentication.

1. PAP = Password Authentication Protocol

CHAP check box Allows you to choose CHAP2 authentication.

2. CHAP = Challenge Handshake Authentication Protocol

MS-CHAP check box

Allows you to choose MS-CHAP3 authentication.

3. MS-CHAP = Microsoft CHAP

Authentication List field

Allows you to specify an authentication to be used with the interface. Type default to use the default list. This list is enabled when at least one of PAP, CHAP, or MS-CHAP is selected.

Timeout Parameters Area

Authentication Timeout (sec) field

Allows you to specify the maximum time to wait for a response to an authentication packet.

NCP Timeout (sec) field

Allows you to set a time limit for the successful negotiation of at least one network layer protocol after a PPP connection is established. If no network protocol is negotiated in the given time, the connection is disconnected.

The NCP4 timeout protects against the establishment of links that are physically up and carrying traffic at the link level, but are unusable for carrying data traffic due to failure to negotiate the capability to transport any network level data. Timeout is particularly useful for dialed connections, where it is usually undesirable to leave a telephone circuit active when it cannot carry network traffic.

4. NCP = Network Control Protocol

Retry Timeout (sec) field

Allows you to set a time limit for the maximum amount of time PPP5 should wait for a response to any control packet it sends.



OL-5497-04



Figure 9-4 PAP Subtab

Table 9-6 PAP Subtab Description

Field Description

Refuse PAP list Allows you to refuse PAP1 authentication from peers requesting it.

Authentication is disabled for all calls, meaning that all attempts by the peer to force the user to authenticate using PAP will be refused. If outbound PAP has been enabled, PAP will be suggested as the authentication method in the refusal packet.

1. PAP = Password Authentication Protocol

PAP Username field Allows you to enter a username to reenable remote PAP support for an interface and include the sent-username and password in the PAP authentication request packet to the peer. This field allows you to replace username configurations on any dialer interface or asynchronous group interface.

PAP Password field Allows you to enter a password to reenable remote PAP support for an interface and include the sent-username and password in the PAP authentication request packet to the peer. This field allows you to replace password configurations on any dialer interface or asynchronous group interface.

PAP Encryption check box

Allows you to enable PAP encryption.


OL-5497-04



CHAP SubtabThe CHAP subtab allows you to perform the following tasks:

• Refuse CHAP authentication from peers.

• Specify the CHAP username and password.

See Figure 9-5 for an example of the CHAP subtab. Table 9-7 describes the CHAP subtab fields.

Figure 9-5 CHAP Subtab


OL-5497-04



Table 9-7 CHAP Subtab Description

Field Description

Refuse CHAP list Allows you to refuse CHAP1 authentication from peers requesting it.

Authentication is disabled for all calls, meaning that all attempts by the peer to force the user to authenticate using CHAP will be refused. If outbound CHAP has been enabled, CHAP will be suggested as the authentication method in the refusal packet.

1. CHAP = Challenge Handshake Authentication Protocol

CHAP Host Name field

Allows you to enter a username to enable a router calling a collection of routers that do not support this command (such as routers running older Cisco IOS software images) to configure a common CHAP secret password to use in response to challenges from an unknown peer.

The CHAP hostname is used for remote CHAP authentication only (when routers authenticate to the peer) and does not affect local CHAP authentication.

CHAP Password field

Allows you to enter a password to enable a router calling a collection of routers that do not support this command (such as routers running older Cisco IOS software images) to configure a common CHAP secret password to use in response to challenges from an unknown peer.

The CHAP password is used for remote CHAP authentication only (when routers authenticate to the peer) and does not affect local CHAP authentication.

CHAP Encryption check box

Allows you to enable CHAP encryption.


OL-5497-04


Chapter 9 Interface POS Configuration Application Operation Tab





Field Description

Shutdown check box Allows you to shut down the POS1 interface. Shutdown administratively brings down an interface.

1. POS = Packet over SONET


OL-5497-04


Chapter 9 Interface POS Configuration Application Operation Tab


OL-5497-04



C H A P T E R 10
SONET Port Configuration Application

The SONET Port Configuration Application contains the following tabs and subtabs:

• SONET Tab, page 10-102

– SONET Configuration Subtab, page 10-102

– Alarm Reporting Subtab, page 10-104


The SONET Port Configuration application allows you to configure the SONET on a router port using Layer 1 SONET transport technology.

See Figure 10-1 for an example of the SONET Port Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the SONET Port Configuration application.



Chapter 10 SONET Port Configuration Application SONET Tab

Figure 10-1 SONET Application

SONET TabThe SONET tab contains two subtabs: SONET Configuration and Alarm Reporting. The SONET Configuration subtab is displayed by default when the SONET tab is clicked.

The SONET tab allows you to perform the following tasks:

• Configure SONET for the interface.

• Configure the alarm reporting parameters for the interface.

See Figure 10-1 for an example of the SONET tab.

SONET Configuration SubtabThe SONET Configuration subtab allows you to perform the following tasks:

• Configure a clock source.

• Configure a loopback source.


OL-5497-04



• Specify the framing for the SONET controller.

• Configure the section, line, and path parameters.

See Figure 10-1 for an example of the SONET Configuration subtab. Table 10-1 describes the SONET Configuration subtab fields.

Table 10-1 SONET Configuration Subtab Description

Field Description

General Area

Clock Source list Allows you to choose which reference clock is used by the sender for the sent signal on SONET1 ports. The options are:

• Internal—Specifies that the controller will clock its sent data from its internal clock.

• Line—Specifies that the controller will clock its sent data from a clock recovered from the receive data stream of the line.

Loopback list Allows you to choose the SONET controller for loopback mode. The options are:

• internal—In the terminal (internal) loopback, the sent signal is looped back to the receiver.

• line—In the facility (line) loopback, the signal received from the far end is looped back and sent on the line.

The two loopback modes cannot be active at the same time.

Framing list Allows you to choose the framing used on the SONET controller. The options are:

• SONET—Chooses SONET framing.

• SDH—Chooses SDH2 framing.

Section Area

Identifier (J0/C1) Byte field

Allows you to enter the JO/C1 byte value in the SONET section overhead. For interoperability with SDH equipment in Japan, use the value 0x01.

The value that you use for the trace byte depends on the type of equipment being used.

Line Area

Bits s1 and s0 of H1 Byte field

Allows you to enter the s1 and s0 bits value of the H1 byte in the SONET line overhead.

Use the following values to tell the SONET transmission equipment the s1and s0 bit:

• For SONET mode, use 0.

• For SDH mode, use 2.

The values for the s1 and s0 bits can be from 0 to 3. Values 1 and 3 are undefined.

AIS When Shutdown check box

Allows you to enable automatic insertion of a LAIS3 in the sent SONET signal whenever the SONET port enters the administratively down state.

When the line is placed in administrative shutdown state, a signal is sent to downstream equipment that indicates that there is a problem with the line. LAIS is ignored if APS4 is running for the corresponding port, because the setting must be enabled for proper APS operation.

Delay Trigger (msec) field

Allows you to specify the line defects hold-off delay value. The delay trigger is the time a defect must persist before a recovery action, such as protection switching, takes place. If the defect disappears within the delay trigger time, the protection activity is not triggered.


OL-5497-04



Alarm Reporting SubtabThe Alarm Reporting subtab allows you to perform the following tasks:

• Set the section alarm threshold and reporting parameters.

• Set the line alarm threshold and reporting parameters.

• Set the path alarm threshold and reporting parameters.

See Figure 10-2 for an example of the Alarm Reporting subtab. Table 10-2 describes the Alarm Reporting subtab fields.

Path Area

Delay Trigger (msec) field

Allows you to specify the path defects hold-off delay value. The delay trigger is the time a defect must persist before a recovery action, such as protection switching, takes place. If the defect disappears within the delay trigger time, the protection activity is not triggered.

SPE Content (C2) Byte field

Allows you to enter the transmit C2 byte value. This SONET path overhead value allows you to meet a specific standards requirement or to ensure interoperability with equipment from another vendor.

The SONET standards permit or require user access for configuration of some bytes or bits in the SONET path overhead.

AIS When Shutdown check box

Allows you to enable automatic insertion of a LAIS in the sent SONET signal whenever the SONET port enters the administratively down state.

When the line is placed in administrative shutdown state, a signal is sent to downstream equipment that indicates that there is a problem with the line. LAIS is ignored if APS is running for the corresponding port, because the setting must be enabled for proper APS operation.

Scrambling list Allows you to enable SONET payload scrambling on a SONET path.

SONET payload scrambling applies a self-synchronous scrambler (x43+1) to the SPE5 of the controller to ensure sufficient bit transition density. Both ends of the connection must be configured using SONET path scrambling.

Trace (J1) Buffer field

Allows you to enter the user-defined path trace message in the J1 bytes of the SONET path overhead. This trace buffer value allows you to meet specific standards requirements or to ensure interoperability.

Shutdown UNEQ check box

This check box allows you to enable the automatic insertion of Path Unequipped (UNEQ) code (0x00) in the sent SONET path overhead C2 byte when the SONET path enters an administratively down state.

1. SONET = Synchronous Optical Network

2. SDH = synchronous digital hierarchy

3. LAIS = Line Alarm Indication Signal

4. APS = automatic protection switching

5. SPE = Synchronous Payload Envelope

Table 10-1 SONET Configuration Subtab Description (continued)

Field Description


OL-5497-04



Figure 10-2 Alarm Reporting Subtab

Table 10-2 Alarm Reporting Subtab Description

Field Description

Section Area

Threshold B1 BER field

Allows you to set the B1 BE1R threshold values of the specified alarms for a SONET controller (10 to the minus n).

Report LOF check box

Allows you to enable SLOF2 reporting.

Report B1 BER check box

Allows you to enable B1 BER TCA3 reporting.

Report LOS check box

Allows you to enable SLOS4 reporting.

Line Area


Allows you to set the B2 BER threshold values of the specified alarms for a SONET controller (10 to the minus n).

Threshold SF BER field

Allows you to set the SF5 BER threshold values of the specified alarms for a SONET controller (10 to the minus n).


OL-5497-04



Threshold SD BER field

Allows you to set the SD6 BER threshold values of the specified alarms for a SONET controller (10 to the minus n).


Allows you to enable B2 BER TCA reporting. Check the check box to enable B2 BER TCA reporting and uncheck the check box to disable B2 BER TCA reporting.

Report SD BER check box

Allows you to enable SD BER reporting.

Report AIS check box

Allows you to enable LAIS reporting.

Report RDI check box

Allows you to enable LRDI7 reporting.

Report SF BER check box

Allows you to enable SF BER reporting.

Path Area


Allows you to set the B3 BER threshold values of the specified alarms for a SONET controller (10 to the minus n).


Allows you to enable B3 BER reporting.

Report RDI check box

Allows you to enable Path RDI reporting.

Report AIS check box

Allows you to enable Path AIS8 reporting.

Report LOP check box

Allows you to enable LOP9 reporting.

Report UNEQ check box

Allows you to enable Path UNEQ reporting.

1. BER = bit error rate

2. SLOF = Section Loss of Frame

3. TCA = threshold crossing alert

4. SLOS = Section Loss of Signal

5. SF = signal failure

6. SD = signal degrade

7. LRDI = Line Remote Defect Indication

8. AIS = Alarm Indication Signal

9. LOP = Path Loss of Pointer

Table 10-2 Alarm Reporting Subtab Description (continued)

Field Description


OL-5497-04


Chapter 10 SONET Port Configuration Application Operation Tab

Operation TabThe Operation tab allows you to enable shutdown on the chosen interface.




Field Description

Shutdown check box Allows you to shut down the interface. Shutdown administratively brings down an interface (shuts down the SONET1 controller and disables SONET controller processing).

1. SONET = Synchronous Optical Network


OL-5497-04


Chapter 10 SONET Port Configuration Application Operation Tab


OL-5497-04



C H A P T E R 11
Access Control Lists Application

The Access Control Lists Application contains the following subtabs:

• Basic Subtab, page 11-110

• Advanced Subtab, page 11-112

• TCP/UDP/SCTP Subtab, page 11-115

• ICMP/IGMP Subtab, page 11-119

The Access Control Lists application allows you to configure IP Version 4 (IPv4) access lists.

An access control list (ACL) consists of one or more access control entries (ACEs) that collectively define the network traffic profile. This profile can then be referenced by Craft Works Interface (CWI) features such as traffic filtering, priority or custom queueing, and dynamic access control. Each ACL includes an action element (permit or deny) and a filter element based on criteria such as source address, destination address, protocol, and protocol-specific parameters.

You can recorder the access lists by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

See Figure 11-1 for an example of the Access Control Lists application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Access Control Lists application.



Chapter 11 Access Control Lists Application Basic Subtab

Figure 11-1 Access Control Lists Application

Basic SubtabThe Basic subtab allows you to perform the following tasks:

• Specify an access control list name and sequence number.

• Choose to permit or deny packet matching.

• Choose whether to log matches.

• Specify source and destination traffic matching criteria.

• Specify a remark for the ACL.

See Figure 11-1 for an example of the Basic subtab. Table 11-1 describes the Basic subtab fields.

Table 11-1 Basic Subtab Description

Field Description

Basics Area

Name field Allows you to enter the name of the ACL1.

Sequence Number field

Allows you to enter the sequence number for the ACL.

The sequence number is the number of the statement in the access list. This number determines the order of the statements in the access list.


OL-5497-04


Chapter 11 Access Control Lists Application Basic Subtab

Grant list Allows you to specify whether packets that match the ACL are permitted or denied. The following options are listed:

• Permit—Packets that match the ACL are permitted.

• Deny—Packets that match the ACL are denied.

Logging list Allows you to specify whether to log matches against the input and how the log match is done. A packet is matched for a new flow defined by a combination of the source address, destination address, source port, and destination port. The following options are listed:

• Log—Causes an informational logging message about the packet that matches the entry to be sent to the console. The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP2, UDP3, ICMP4, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.

• LogInput—Provides the same function as the log, except that the logging message also includes the input interface.

Traffic Area

Source-any radio button

Allows you to use the default value for source IPv45 address matching.

Source-address radio button

Allows you to specify a source IPv4 address to match.

The source must be the number of the network or host from which the packet is being sent.

Source-wildcard field

Allows you to enter the wildcard bits to be applied to the source. The wildcard bits are the opposite of the IP address mask. If a bit is zero then it is considered for filtering.

This field is enabled when the Source-address radio button is activated. (See Source-address radio button.)

Destination-any radio button

Allows you to use the default value for destination IPv4 address matching.

Destination- address radio button

Allows you to specify a destination IPv4 address to match.

The destination must be the number of the network or host to which the packet is being sent.

Destination- wildcard field

Allows you to enter the wildcard bits to be applied to the destination. The wildcard bits are the opposite of the IP address mask. If a bit is zero then it is considered for filtering.

This field is enabled when the address radio button is activated. (See Destination- address radio button.)

Remark Area

Add remark field Allows you to enter comments or a description of the ACL.

1. ACL = access control list

2. TCP = Transmission Control Protocol



5. IPv4 = IP version 4

Table 11-1 Basic Subtab Description (continued)

Field Description


OL-5497-04


Chapter 11 Access Control Lists Application Advanced Subtab


• Specify an IP protocol the ACL must match.

• Choose to enable or disable Differentiated Services Code Point (DSCP) matching.

• Choose to enable or disable IP precedence matching.

• Specify whether to search for noninitial fragments.





OL-5497-04




Field Description

Advanced Area

Protocol list Allows you to choose the IP protocol that the ACL must match. The following options are listed:

• 0 (IP)

• 1 (ICMP)

• 2 (IGMP)

• 3 (GGP)

• 4 (IPinIP)

• 6 (TCP)

• 8 (EGP)

• 12 (PUP)

• 17 (UDP)

• 22 (IDP)

• 29 (TP)

• 46 (RSVP)

• 47 (GRE)

• 50 (ESP)

• 51 (AHP)

• 80 (AHP)

• 88 (EIGRP)

• 89 (OSPF)

• 94 (NOSIP)

• 98 (ENCAP)

• 103 (PIM)

• 108 (PCP)

• 115 (L2TPV)

• 120 (UTI)

• 132 (SCTP)

• 255 (RAW)

The integers from 0 to 255 represent an IP protocol number.

DSCP or Precedence Area

None radio button Allows you to disable DSCP1 and precedence for the chosen ACL.

DSCP Allows you to enable DSCP matching. DSCP provides QoS2 control.

DSCP radio button Allows you to enable DSCP matching.


OL-5497-04



DSCP list Allows you to choose a DSCP reserved keyword to match packets with from the list. The following options are listed:

• 0 (Default)—Default DSCP (000000)

• 8 (CS1)—CS1(precedence 1) DSCP (001000)

• 10 (AF11)—AF11 DSCP (001010)

• 12 (AF12)—AF12 DSCP (001100)

• 14 (AF13)—AF13 DSCP (001110)

• 16 (CS2)—CS2 (precedence 2) DSCP (010000)

• 18 (AF21)—AF21 DSCP (010010)

• 20 (AF22)—AF22 DSCP (010100)

• 22 (AF23)—AF23 DSCP (010110)


• 26 (AF31)—AF31 DSCP (011010)

• 28 (AF32)—AF32 DSCP (011100)

• 30 (AF33)—AF33 DSCP (011110)


• 34 (AF41)—AF41 DSCP (100010)

• 36 (AF42)—AF42 DSCP (100100)

• 38 (AF43)—AF43 DSCP (100110)


• 46 (EF)—EF DSCP (101110)



The DSCP radio button must be chosen to enable the DSCP list. (See DSCP radio button.)


Field Description


OL-5497-04


Chapter 11 Access Control Lists Application TCP/UDP/SCTP Subtab

TCP/UDP/SCTP SubtabThe TCP/UDP/SCTP subtab allows you to perform the following tasks:

• Specify the source port comparison criteria.

• Specify the destination port comparison criteria.

• Choose a TCP flag.


See Figure 11-3 for an example of the TCP/UDP/SCTP subtab. Table 11-3 describes the TCP/UDP/SCTP subtab fields.

Precedence Allows you to enable precedence. Packets can be filtered by precedence level. Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name.

Precedence radio button

Allows you to enable precedence.

Precedence list Allows you to choose the precedence level. The following options are listed:

• 0 (Routine)

• 1 (Priority)

• 2 (Immediate)

• 3 (Flash)

• 4 (Flash Override)

• 5 (Critical)

• 6 (Internet)

• 7 (Network)

The Precedence radio button must be chosen to enable the Precedence list. (See Precedence radio button.)

Check Non-initial fragments check box

Allows you to check for noninitial fragments of IPv43 packets when applying the chosen access list entry.

1. DSCP = differentiated services code point

2. QoS = quality of service

3. IPv4 = IP version 4


Field Description


OL-5497-04



Figure 11-3 TCP/UDP/SCTP Subtab

Table 11-3 TCP/UDP/SCTP Subtab Description

Field Description

Source Port Area

operator list Allows you to choose the source comparison operator, which compares source or destination ports. The following options are listed:

• Equal—You must enter a value for the start parameter.

• Great Than—You must enter a value for the start parameter.

• Less Than—You must enter a value for the start parameter.

• Not Equal—You must enter a value for the start parameter.

• Range—You must enter values for the start and end parameters.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab. (See the “Advanced Subtab” section on page 11-112.)

start field Allows you to enter the first source port for comparison.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.


OL-5497-04



start-TCP/SCTP list Allows you to choose a TCP1 port. This list is available when the start field is empty.

TCP port names can be used only when filtering TCP.

This list becomes available when 6 (TCP) or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.

start-UDP list Allows you to choose a UDP2 port.

UDP port names can be used only when filtering UDP.

This list becomes available when 17 (UDP) is chosen in the Protocol list in the Advanced (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end field Allows you to enter the second source port for comparison. Only enter a value in the end field if comparing a range of TCP, SCTP3, or UDP ports.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end-TCP/SCTP list Allows you to choose a TCP port. This list is available when the end field is empty.


This list becomes available when 6 (TCP) or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end-UDP list Allows you to choose a UDP port. This list is available when the end field is empty.


This list becomes available when 17 (UDP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

Destination Port Area

operator list Allows you to choose the source comparison operator, which compares source or destination ports. The following options are listed:

• Equal—You must enter a value for the start parameter.

• Great Than—You must enter a value for the start parameter.

• Less Than—You must enter a value for the start parameter.

• Not Equal—You must enter a value for the start parameter.

• Range—You must enter values for the start and end parameters.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab. (See the “Advanced Subtab” section on page 11-112.)

start field Allows you to enter the first source port for comparison.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.

Table 11-3 TCP/UDP/SCTP Subtab Description (continued)

Field Description


OL-5497-04



start-TCP/SCTP list Allows you to choose a TCP port. This list is available when the start field is empty.


This list becomes available when 6 (TCP) or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.

start-UDP list Allows you to choose a UDP port.


This list becomes available when 17 (UDP) is chosen in the Protocol list in the Advanced (see the “Advanced Subtab” section on page 11-112) and an operator is chosen in the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end field Allows you to enter the second source port for comparison. Only enter a value in the end field if comparing a range of TCP, SCTP, or UDP ports.

This list becomes available when 6 (TCP), 17 (UDP), or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end-TCP/SCTP list Allows you to choose a TCP port. This list is available when the end field is empty.


This list becomes available when 6 (TCP) or 132 (SCTP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

end-UDP list Allows you to choose a UDP port. This list is available when the end field is empty.


This list becomes available when 17 (UDP) is chosen in the Protocol list in the Advanced subtab (see the “Advanced Subtab” section on page 11-112) and Range is chosen for the operator list in the Source Port area of the TCP/UDP/SCTP tab.

TCP Only Area

TCP Flags

Established check box

Allows you to enable an established connection. A match occurs if the TCP datagram has the ACK.

When the Established check box is checked, the ACK and RST check boxes are activated by default.

Checking any of the following check boxes enables matching of the bits:

• ACK—Acknowledgment bit set

• RST—Reset bit set

• SYN—Synchronize bit set

• FIN—Fin bit set; no more data from sender

• PSH—Push function bit set

A match occurs if the TCP datagram has any of the checked bits sets.



3. SCTP = Stream Control Transmission Protocol

Table 11-3 TCP/UDP/SCTP Subtab Description (continued)

Field Description


OL-5497-04


Chapter 11 Access Control Lists Application ICMP/IGMP Subtab

ICMP/IGMP SubtabThe ICMP/IGMP subtab allows you to perform the following tasks:

• Specify the ICMP message type.

• Specify the IGMP message type.


See Figure 11-4 for an example of the ICMP/IGMP subtab. Table 11-4 describes the ICMP/IGMP subtab fields.

Figure 11-4 ICMP/IGMP Subtab

Table 11-4 ICMP/IGMP Subtab Description

Field Description

ICMP Area

ICMP Message Type field

Allows you to enter an ICMP1 message type for filtering ICMP packets. ICMP packets can be filtered by ICMP message type.

This field is activated when ICMP is the chosen Protocol in the Advanced subtab. (See the “Advanced Subtab” section on page 11-112.)


OL-5497-04


Chapter 11 Access Control Lists Application ICMP/IGMP Subtab

ICMP Message Code field

Allows you to enter an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

IGMP Area

IGMP Message Type field

Allows you to enter an ICMP message type for filtering ICMP packets. ICMP packets can be filtered by ICMP message type.

This field is activated when ICMP is the chosen Protocol in the Advanced subtab. (See the “Advanced Subtab” section on page 11-112.)


Table 11-4 ICMP/IGMP Subtab Description (continued)

Field Description


OL-5497-04



C H A P T E R 12
Packet Filter Application

The Packet Filter Application contains one tab.

The Packet Filter application allows you to control which access control lists (ACLs) are applied to specific interfaces.

The Packet Filter application allows you to perform the following tasks:

• Add an ACL to inbound or outbound traffic on one or more interfaces.

• Remove currently configured ACLs from one or more interfaces.

See Figure 12-1 for an example of the Packet Filter application. Table 12-1 describes the Packet Filter application fields.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Packet Filter application.

Figure 12-1 Packet Filter Application



Chapter 12 Packet Filter Application

Table 12-1 Packet Filter Application Description

Field Description

Packet Filter Area

Inbound Allows you to choose the inbound packet filter (ACL1).


Inbound field Allows you to view the ACL chosen using the Select ACL dialog box. (See Inbound ellipsis button.)

Inbound ellipsis button

Allows you to choose an ACL from the Select ACL dialog box.

Inbound-Count packets in hardware check box

Allows you to enable inbound hardware packet counting.

Outbound Allows you to choose the outbound packet filter (ACL).

Outbound field Allows you to view the ACL chosen using the Select ACL dialog box. (See Outbound ellipsis button.)

Outbound ellipsis button


Outbound-Count packets in hardware check box

Allows you to enable a outbound hardware packet counting.


OL-5497-04



C H A P T E R 13
QoS Application

The QoS Application contains the following tabs and subtabs:

• Classmaps Tab, page 13-124

• Policymaps Tab, page 13-127

– Congestion Mgmt Subtab, page 13-129

– Congestion Avoidance Subtab, page 13-131

– Police (traffic/conform) Subtab, page 13-132

– Police (exceed/violate) Subtab, page 13-135

– Mark Subtab, page 13-139

• Service Policies Tab, page 13-142

Quality of service (QoS) is a measure of performance for a transmission system that reflects its transmission quality and service availability. QoS efficiently applies network resources to ensure that the greatest breadth of applications can be properly supported while still enabling packet networks to achieve the high levels of utilization essential for enabling profitability.

The QoS application allows you to configure class maps and policy maps, and apply the policy maps to the inbound and outbound traffic on interfaces.

The policy map specifies the traffic policy name and configures a traffic policy. The class map is used for matching packets to a specific class.

See Figure 13-1 for an example of the QoS application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the QoS application.



Chapter 13 QoS Application Classmaps Tab

Figure 13-1 QoS Application

Classmaps TabThe Classmaps tab allows you to perform the following tasks:

• Specify a class map name.

• Configure the match settings for the chosen class map.

See Figure 13-1 for an example of the Classmaps tab. Table 13-1 describes the Classmaps tab fields.


OL-5497-04



Table 13-1 Classmaps Tab Description

Field Description

Basics area

Name field Allows you to enter the name of the class map for which you want to create or modify class map match criteria. Packets arriving at the interface are checked against the match criteria configured for a class map to determine if the packet belongs to that class.

The class map is used for matching packets to the class whose name you specify.

The name entered in the Name field is used for both the class map and to configure the policy for the class in the policy map.

Match Settings Area

Match Any check box

Allows you to configure the match criteria for a class map to match any. When the Match Any check box is checked, the class map will match all packets (equivalent to the default class).

Match Any specifies that the remaining traffic (after the other match criteria set in the Match Settings area are met) is considered to belong to the class specified by the class map.

Match IPv4 Access Group(s)

Allows you to choose the match criteria for a class map based on the specified access control lists. The Match IPv4 Access Group(s) parameter specifies the ACLs1 whose contents are used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.

Match IPv4 Access Group(s) field

Allows you to view the match criteria chosen using the Select ACL(s) dialog box. (See Match IPv4 Access Group(s) ellipsis button.)

Match IPv4 Access Group(s) ellipsis button

Allows you to choose the match criteria from the Select ACL(s) dialog box.

Match IPv4 DSCP(s)

Allows you to choose the IP DSCP values as match criteria for a class map.

This feature examines the higher order 6 bits in the ToS2 byte of the IP header. Up to eight IP DSCP3 values can be matched in one match statement. For example, if you wanted the IP DCSP values of 0, 1, 2, 3, 4, 5, 6, and 7 (note that only one of the IP DSCP values must be a successful match criterion, not all of the specified IP DSCP values), enter the match IP DSCP values.

The IP DSCP value is used as a matching criterion only. The value has no mathematical significance. For instance, the IP DSCP value 2 is not greater than 1. The value simply indicates that a packet marked with the DSCP of 2 should be treated differently than a packet marked with a DSCP value of 1. The treatment of these marked packets is defined by the user through the setting of QoS policies.

Match IPv4 DSCP(s) field

Allows you to view the match criteria chosen using the Select IP DSCP(s) dialog box. (See Match IPv4 DSCP(s) ellipsis button.)

Match IPv4 DSCP(s) ellipsis button

Allows you to choose the match criteria from the Select IP DSCP(s) dialog box.

Match IPv4 Precedence(s)

Allows you to choose the IP precedences as match criteria for a class map. This feature examines the higher order 3 bits in the ToS byte of the IP header. Up to four precedences can be matched in one match statement. For example, if you wanted the IP precedences of Routine, Flash, and Internet (note that only one of the IP precedences must be a successful match criterion, not all of the specified IP precedences), enter the match IP precedences.

Match IPv4 Precedence(s) field

Allows you to view the match criteria chosen using the Select IP Precedence(s) dialog box. (See Match IPv4 Precedence(s) ellipsis button.)


OL-5497-04



Match IPv4 Precedence(s) ellipsis button

Allows you to choose the match criteria from the Select IP Precedence(s) dialog box.

Choose a precedence from the Configured IP Precedence(s) list and click Add>> to move it to the Selected IP Precedence(s) list. You can choose multiple precedences. The following options are listed:

• Routine

• Priority

• Immediate

• Flash

• Flash Override

• Critical

• Internet

• Network

Match Protocol Allow you to choose the protocols as match criteria for a class map.

Match Protocol field Allows you to view the match criteria chosen using the Select IP Protocol(s) dialog box. (See Match Protocol ellipsis button.)

Match Protocol ellipsis button

Allows you to choose the match criteria from the Select IP Protocol(s) dialog box.

Match QoS Group Allows you to choose the QoS4 group values in a class map to match packets.

This feature is used to set the match criteria for examining QoS groups marked on the packet. Up to eight QoS group values can be matched in one match statement. For example, match QoS group 1 2 3 4 5 6 7 returns matches for QoS group variables 1, 2, 3, 4, 5, 6, and 7. Only one of the QoS group values must be a successful match criterion, not all of the specified QoS group values.

The QoS group value is used as a matching criterion only. The value has no mathematical significance. For instance, the QoS group value 2 is not greater than 1. The value simply indicates that a packet marked with the QoS group of 2 should be treated differently than a packet marked with a QoS group value of 1. The treatment of these different packets is defined using the policy map service policy configuration features.

Match QoS Group field

Allows you to view the match criteria chosen using the Select QoS Group(s) dialog box. (See Match QoS Group ellipsis button.)

Match QoS Group ellipsis button

Allows you to choose the match criteria from the Select QoS Group(s) dialog box.

Match MPLS EXP topmost(s)

Allows you to configure a class map so that the three-bit experimental field in the top-most MPLS labels is examined for experimental (EXP) field values.

This feature is used by the class map to identify MPLS5 experimental value matching on a packet.

Up to four EXP values can be matched in one match statement. For example, if you wanted the EXP values of 0, 1, 2, and 3 (note that only one of the EXP values must be a successful match criterion, not all of the specified EXP values), enter the match MPLS experimental topmost 0 1 2 3 values.

The EXP value is used as a matching criterion only. The value has no mathematical significance. For instance, the EXP value 2 is not greater than 1. The value simply indicates that a packet marked with the EXP value of 2 is different than a packet marked with the EXP value of 1. The treatment of these different packets is defined by the user through the setting of policy map QoS configuration features.

Table 13-1 Classmaps Tab Description (continued)

Field Description


OL-5497-04


Chapter 13 QoS Application Policymaps Tab

Policymaps TabThe Policymaps tab contains five subtabs: Congestion Mgmt, Congestion Avoidance, Police (traffic/conform), Policy (exceed/violate), and Mark. The Congestion Mgmt subtab is displayed by default when the Policymaps tab is clicked.

The Policymaps tab allows you to perform the following tasks:

• Specify a policy map name and sequence number.

• Specify an associated class maps name.

• Configure the congestion management parameters.

• Configure the congestions avoidance parameters.

• Configure the traffic conform, exceed, and violate parameters.

• Configure the mark parameters.

You can recorder the class maps by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

Match MPLS EXP topmost(s) field

Allows you to view the match criteria chosen using the Select MPLS Experimental Topmost(s) dialog box. (See Match MPLS EXP topmost(s) ellipsis button.)

Match MPLS EXP topmost(s) ellipsis button

Allows you to choose the match criteria from the Select MPLS Experimental Topmost(s) dialog box.

Match Discard Class(es)

Allows you to use specified discard class values in a class map to match packets.

This feature is used to set the match criteria for examining discard classes marked on the packet. Up to eight discard class values can be matched in one match statement. For example, match discard class 0 1 2 3 4 5 6 7 returns matches for discard class variables 0, 1, 2, 3, 4, 5, 6, and 7. Only one of the discard class values must be a successful match criterion, not all of the specified discard class values.

The discard class value is used as a matching criterion only. The value has no mathematical significance. For instance, the discard class value 2 is not greater than 1. The value simply indicates that a packet marked with the discard class of 2 should be treated differently than a packet marked with a discard class value of 1.

Match Discard Class(es) field

Allows you to view the match criteria chosen using the Select Discard Class(s) dialog box. (See Match MPLS EXP topmost(s) ellipsis button.)

Match Discard Class(es) ellipsis button

Allows you to choose the match criteria from the Select Discard Class(s) dialog box.


2. ToS = type of service




Table 13-1 Classmaps Tab Description (continued)

Field Description


OL-5497-04



See Figure 13-2 for an example of the Policymaps tab. Table 13-2 describes the Policymaps tab fields.

Figure 13-2 Policymaps Tab

Table 13-2 Policymaps Tab Description

Field Description

Basics Area

Name field Allows you to enter the name of the policy map that can be attached to one or more interfaces to specify a service policy.

A single policy map can be attached to multiple interfaces concurrently. When you attempt to attach a policy map to an interface, the attempt is denied if the available bandwidth on the interface cannot accommodate the total bandwidth requested by class policies comprising the policy map. In this case, any policy map already attached to other interfaces is removed.


Allows you to enter the ordering index for the policy map.

Classmap Name field

Allows you to enter the name of the class map. The name must be unique among all the ordering indexes for the policy map.

The name is used to configure the policy for the class in the policy map.


OL-5497-04



Congestion Mgmt SubtabThe Congestion Mgmt subtab allows you to perform the following tasks:

• Specify the shape average parameters.

• Specify the bandwidth parameters.

• Specify the priority parameters.

The bandwidth and priority parameters are used to calculate the total bandwidth available on an interface.

Note Specifying the queue limit is especially important for higher-speed interfaces, in order to meet the minimum bandwidth guarantees required by the interface.

See Figure 13-2 for an example of the Congestion Mgmt subtab. Table 13-3 describes the Congestion Mgmt subtab fields.

Table 13-3 Congestion Mgmt Subtab Description

Field Description

Shape Average check box

Enables shape averaging. Shape averaging allows you to shape traffic to the specified bit rate.

kbps Allows you to enter the shape average in kbps. The minimum rate is 128 kbps and the rates are in multiples of 128 kbps.

kbps radio button Allows you to specify the shape average in kbps.

kbps field Allows you to enter the shape average in kbps. The kbps radio button must be chosen to enable the kbps field. (See kbps radio button.)

percent Allows you to specify average or peak-rate traffic shaping on the basis of a percentage of bandwidth available on an interface.

Specifying the shape average using percent calculates the CIR1 based on a percentage of the available bandwidth on the interface. Once a policy map is attached to the interface, the equivalent CIR value in bps is calculated based on the interface bandwidth and the percent value entered. If the CIR percentage is changed after the policy map is attached to the interface, the bps value of the CIR is recalculated.

percent radio button Allows you to specify the shape average as a percentage.

percent field Allows you to enter the shape average as a percentage. The percent radio button must be chosen to enable the percent field. (See percent radio button.)

Bandwidth check box

Allows you to enable the configuring of the bandwidth allocated for a class belonging to a policy map.

Bandwidth configuration is used to configure guaranteed bandwidth for a class. When bandwidth is configured, traffic belonging to the class is guaranteed that much bandwidth even during congestion.

kbps Allows you to enter the amount of bandwidth, in kbps, to be assigned to the class.

The amount of bandwidth varies according to the interface.

kbps radio button Allows you to specify the bandwidth in kbps.

kbps field Allows you to enter the bandwidth in kbps. The kbps radio button must be chosen to enable the kbps field. (See kbps radio button.)


OL-5497-04



percent Allows you to enter the amount of guaranteed bandwidth, based on an absolute percent of available bandwidth.

During periods of congestion, the classes are serviced in proportion to their configured bandwidth percentages. Available bandwidth is equal to the interface bandwidth minus the sum of all bandwidths reserved by the LLQ2 feature.

percent radio button Allows you to specify the bandwidth as a percentage.

percent field Allows you to enter the bandwidth as a percentage. The percent radio button must be chosen to enable the percent field. (See percent radio button.)

priority radio button Allows you to give priority to a class of traffic belonging to a policy map.

Priority configures LLQ, providing strict PQ3. Strict PQ allows delay-sensitive data such as voice to be dequeued and sent before packets in other queues are dequeued.

The Bandwidth and Priority cannot be used in the same class, within the same policy map, but they can be used together in the same policy map. Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is queued to the same, single priority queue.

When the policy map containing class policy configurations is attached to the interface to stipulate the service policy for that interface, available bandwidth is assessed. If a policy map cannot be attached to a particular interface because of insufficient interface bandwidth, the policy is removed from all interfaces to which it was attached.

Queue limit (bytes) field

Allows you to enter the maximum number of bytes the queue can hold for a class policy configured in a policy map.

Packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are sent, which occurs when the queue is serviced by the fair queueing process. When the maximum byte threshold you defined for the class is reached, enqueueing of any further packets to the class queue causes tail drop.

Service Policy field Allows you to enter the name of the service policy map. When a service policy map is entered, the policy map is attached to an input interface or output interface.

1. CIR = committed information rate

2. LLQ = low latency queueing

3. PQ = priority queueing

Table 13-3 Congestion Mgmt Subtab Description (continued)

Field Description


OL-5497-04



Congestion Avoidance SubtabThe Congestion Avoidance subtab allows you to specify the random detection parameters.

See Figure 13-3 for an example of the Congestion Avoidance subtab. Table 13-4 describes the Congestion Avoidance subtab fields.

Figure 13-3 Congestion Avoidance Subtab

Table 13-4 Congestion Avoidance Subtab Description

Field Description

Discard Class Allows you to choose the discard class and set the thresholds for the discard class.

Discard Class field Allows you to view the discard class chosen using the Select Discard Classes and Bandwdith(s) dialog box. (See Discard Class ellipsis button.)

Discard Class ellipsis button

Allows you to choose the discard class and thresholds from the Select Discard Classes and Bandwidth(s) dialog box.

Enter the minimum threshold for the discard class in the Minimum threshold (bytes) field and the maximum threshold for the discard class in the Maximum threshold (bytes) field. Then choose a discard class value.


OL-5497-04



Police (traffic/conform) SubtabThe Police (traffic/conform) subtab allows you to mark packets with different QoS values based on conformance to the service-level agreement. Traffic policing is not executed for traffic that passes through an interface.

The Police (traffic/conform) subtab allows you to perform the following tasks:

• Specify traffic parameters such as rate of traffic and burst size.

• Set the conform action criteria.

See Figure 13-4 for an example of the Police (traffic/conform) subtab. Table 13-5 describes the Police (traffic/conform) subtab fields.

IP DSCP Allows you to choose the IP DSCP1 and set the thresholds for the DSCP.

IP DSCP field Allows you to view the IP DSCP chosen using the Select DSCPs and Bandwidth(s) dialog box. (See IP DSCP ellipsis button.)

IP DSCP ellipsis button

Allows you to choose the IP DSCP and thresholds from the Select DSCPs and Bandwidth(s) dialog box.

Enter the minimum threshold for the DSCP in the Minimum threshold (bytes) field and the maximum threshold for the DSCP in the Maximum threshold (bytes) field. Then choose a DSCP reserved keyword.

IP Precedence Allow you to choose the IP precedence and set the thresholds for the IP precedence.

IP Precedence field Allows you to view the IP precedence chosen using the Select IP Precedences and Bandwidth(s) dialog box. (See IP Precedence ellipsis button.)

IP Precedence ellipsis button

Allows you to choose the IP precedence and thresholds from the Select IP Precedences and Bandwidth(s) dialog box.

Enter the minimum threshold for the IP precedence in the Minimum threshold (bytes) field and the maximum threshold for the IP precedence in the Maximum threshold (bytes) field. Then choose an IP precedence value.

MPLS EXP topmost Allows you to choose the MPLS2 experimental topmost value and set the thresholds for the MPLS experimental topmost value.

MPLS EXP topmost field

Allows you to view the MPLS experimental topmost value chosen using the Select MPLS EXP topmost and Bandwidth(s) dialog box. (See IP Precedence ellipsis button.)

MPLS EXP topmost ellipsis button

Allows you to choose the MPLS experimental topmost value and thresholds from the Select MPLS EXP topmost and Bandwidth(s) dialog box.

Enter the minimum threshold for the MPLS experimental topmost in the Minimum threshold (bytes) field and the maximum threshold for the MPLS EXP topmost in the Maximum threshold (bytes) field. Then choose an MPLS EXP topmost value.



Table 13-4 Congestion Avoidance Subtab Description (continued)

Field Description


OL-5497-04



Figure 13-4 Police (traffic/conform) Subtab

Table 13-5 Police (traffic/conform) Subtab Description

Field Description

Traffic Area

No CIR radio button Allows you to choose to not configure a committed information rate.

CIR (kb/sec) radio button

Allows you to choose to specify a committed information rate in kBps.

CIR (kb/sec) field Allows you to enter a CIR1 value.

CIR (%) radio button

Allows you to choose to specify a committed information rate as a percentage.

CIR (%) Allows you to enter a CIR percent.

Burst Size (kb/sec) field

Allows you to enter the sustained number of bits that can be sent per interval.

Excess Burst Size (kb/sec) field

Allows you to enter the maximum number of bits that can exceed the burst size in the first interval in a congestion event.


OL-5497-04



Conform Area

Transmit radio button

Allows you to set the conform action to transmit. Conform is the action to take on packets that conform to the rate limit. The packets are sent with no alteration.

Set MPLS EXP topmost

Allows you to set the conform action to MPLS2 EXP topmost and choose the MPLS EXP topmost value.

Set MPLS EXP topmost radio button

Allows you to set the conform action to MPLS experimental topmost.

Set MPLS EXP topmost list

Allows you to choose the MPLS experimental topmost value.

The Set MPLS EXP topmost list sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.

The Set MPLS EXP topmost radio button must be chosen to enable the Set MPLS EXP topmost list. (See Set MPLS EXP topmost radio button.)

Set Discard Class Allows you to set the conform action to discard class and choose a valid discard class value.

Set Discard Class radio button

Allows you to set the conform action to discard class.

Set Discard Class list

Allows you to choose the discard class value.

The Set Discard Class list sets the discard class attribute of a packet and sends the packet with the new discard class setting.

The Set Discard Class radio button must be chosen to enable the Set Discard Class list. (See Set Discard Class radio button.)

Set IP Precedence Allows you to set the conform action to IP Precedence and choose a valid IP precedence value.

Set IP Precedence radio button

Allows you to set the conform action to IP precedence.

Set IP Precedence list

Allows you to choose the IP precedence value. The following options are listed:

• Routine

• Priority

• Immediate

• Flash

• Flash Override

• Critical

• Internet

• Network

The Set IP Precedence list sets the IP precedence and sends the packet with the new IP precedence value setting.

The Set IP Precedence radio button must be chosen to enable the Set IP Precedence list. (See Set IP Precedence radio button.)

Set IP DSCP Allows you to set the conform action to IP DSCP and choose a valid IP DSCP value.

Table 13-5 Police (traffic/conform) Subtab Description (continued)

Field Description


OL-5497-04



Police (exceed/violate) SubtabThe Police (exceed/violate) subtab allows you to mark packets with different QoS values based on conformance to the service-level agreement. Traffic policing is not executed for traffic that passes through an interface.

The Police (exceed/violate) subtab allows you to perform the following tasks:

• Specify the traffic exceed parameters.

• Specify the traffic violate parameters.

See Figure 13-5 for an example of the Police (exceed/violate) subtab. Table 13-6 describes the Police (exceed/violate) subtab fields.

Set IP DSCP radio button

Allows you to set the conform action to IP DSCP.

Set IP DSCP list Allows you to choose the IP DSCP value.

The Set IP DSCP list sets the DSCP value and sends the packet with the new DSCP value setting.

The Set IP DSCP radio button must be chosen to enable the Set IP DSCP list. (See Set IP DSCP radio button.)

1. CIR = committed information rate

2. MPLS = Multiptotocol Label Switching

Table 13-5 Police (traffic/conform) Subtab Description (continued)

Field Description


OL-5497-04



Figure 13-5 Police (exceed/violate) Subtab

Table 13-6 Police (exceed/violate) Subtab Description

Field Description

Exceed Area

Drop radio button Allows you to set the exceed action to drop. Drop means that the packets are dropped when they exceed the rate limit.


Allows you to set the exceed action to MPLS1 EXP topmost and choose the MPLS EXP topmost value.


Allows you to set the exceed action to MPLS EXP topmost.


Allows you to choose the MPLS EXP topmost value.

The Set MPLS EXP topmost list sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.


Set Discard Class Allows you to set the exceed action to discard class and choose a valid discard class value.


OL-5497-04




Allows you to set the exceed action to Discard Class.


Allows you to choose the Discard Class value.



Set IP Precedence Allows you to set the exceed action to IP Precedence and choose a valid IP precedence value.


Allows you to set the exceed action to IP precedence.


Allows you to choose the IP precedence value.

The following options are listed:

• Routine

• Priority

• Immediate

• Flash

• Flash Override

• Critical

• Internet

• Network



Set IP DSCP Allows you to set the exceed action to IP DSCP2 and choose a valid IP DSCP value.


Allows you to set the exceed action to IP DSCP.


The Set IP DSCP list sets the IP DSCP value and sends the packet with the new IP DSCP value setting.


Violate Area

Drop radio button Allows you to set the violate action to drop. Drop means that the packet are dropped when the packets violate the normal and maximum burst sizes.


Allows you to set the violate action to MPLS EXP topmost and choose the MPLS EXP topmost value.


Allows you to set the violate action to MPLS EXP topmost.

Table 13-6 Police (exceed/violate) Subtab Description (continued)

Field Description


OL-5497-04





The Set MPLS EXT topmost list sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.


Set Discard Class Allows you to set the violate action to discard class and choose a valid discard class value.


Allows you to set the violate action to discard class.


Allows you to choose the discard class value.



Set IP Precedence Allows you to set the violate action to IP Precedence and choose a valid IP precedence value.


Allows you to set the violate action to IP precedence.


Allows you to choose the IP precedence value.


• Routine

• Priority

• Immediate

• Flash

• Flash Override

• Critical

• Internet

• Network



Set IP DSCP Allows you to set the violate action to IP DSCP and choose a valid IP DSCP value.


Allows you to set the violate action to IP DSCP.


The Set IP DSCP list sets the IP DSCP value and sends the packet with the new IP DSCP value setting.




Table 13-6 Police (exceed/violate) Subtab Description (continued)

Field Description


OL-5497-04



Mark SubtabThe Mark subtab allows you to set the policy map criteria.

See Figure 13-6 for an example of the Mark subtab. Table 13-7 describes the Mark subtab fields.

Figure 13-6 Mark Subtab

Table 13-7 Mark Subtab Description

Field Description

None radio button Allows you to set the mark action to none.

Discard Class Allows you to set the discard class and choose a valid discard class value for inbound policies. Choosing a discard class value marks a packet with the discard class value.

Discard Class radio button

Allows you to set the discard class.

Discard Class list Allows you to choose the discard class value.

The Discard Class radio button must be chosen to enable the Discard Class list. (See Discard Class radio button.)

MPLS EXP topmost Allows you to set the MPLS EXP topmost and choose the MPLS1 EXP topmost value.


OL-5497-04



MPLS EXP topmost radio button

Allows you to set the MPLS EXP topmost.

MPLS EXP topmost list


The MPLS EXP topmost radio button must be chosen to enable the MPLS EXP topmost list. (See MPLS EXP topmost radio button.)

QoS Group Allows you to set the QoS2 group and choose a valid QoS value for inbound policies. Choosing a QoS group sets a QoS group identifier that can be used later to classify packets.

QoS Group radio button

Allows you to set the QoS group.

QoS Group list Allows you to choose the QoS group value.

The QoS Group radio button must be chosen to enable the QoS Group list. (See QoS Group radio button.)

IP Precedence Allows you to set the IP Precedence and choose a valid IP precedence value. Choosing an IP precedence sets the precedence value in the packet header.

IP Precedence radio button

Allows you to set the IP precedence.

IP Precedence list Allows you to choose the IP precedence value. The following options are listed:

• Routine

• Priority

• Immediate

• Flash

• Flash Override

• Critical

• Internet

• Network

The IP Precedence radio button must be chosen to enable the IP Precedence list. (See IP Precedence radio button.)

IP DSCP Allows you to set the IP DSCP and choose a valid IP DSCP value. Choosing an IP DSCP marks a packet by setting the DSCP value in the ToS byte.

IP DSCP radio button

Allows you to set the IP DSCP.

IP DSCP list Allows you to choose the IP DSCP value.

The IP DSCP radio button must be chosen to enable the IP DSCP list. (See IP DSCP radio button.)

COS Allows you to set the CoS3 and choose a valid COS value.

CoS is an indication of how an upper-layer protocol requires a lower-layer protocol to treat its messages. Also called ToS4.

Table 13-7 Mark Subtab Description (continued)

Field Description


OL-5497-04



COS radio button Allows you to set the CoS.

COS list Allows you to choose the CoS value.

Choosing a CoS sets the Layer 2 CoS value of an outgoing packet.

The CoS radio button must be chosen to enable the CoS list. (See COS radio button.)



3. CoS = class of service

4. ToS = type of service

Table 13-7 Mark Subtab Description (continued)

Field Description


OL-5497-04


Chapter 13 QoS Application Service Policies Tab

Service Policies TabThe Service Policies tab allows you to specify the service policy criteria.

See Figure 13-7 for an example of the Service Policies tab. Table 13-8 describes the Service Policies tab fields.

Figure 13-7 Service Policies Tab

Table 13-8 Service Policies Tab Description

Field Description

Basics Area

Inbound Service Policy field

Allows you to enter the name of a policy map to attach to an inbound interface to be used as the service policy for that interface.

Outbound Service Policy field

Allows you to enter the name of a policy map to attach to an outbound interface to be used as the service policy for that interface.


OL-5497-04



C H A P T E R 14
Routing Policy Manager Application

The Routing Policy Manager Application contains the following tabs:

• Prefix Lists Tab, page 14-144

• Standard Community Lists Tab, page 14-145

• Expanded Community Lists Tab, page 14-146

• AS Path Access Lists Tab, page 14-147

The Routing Policy Manager application allows you to configure system-wide policy-related information that includes prefix lists, standard and extended community lists, and AS-path access lists.

Routing policy provides a flexible mechanism to route IP traffic to a destination and to provide access control. A routing policy is defined to configure a router to inspect and modify the attributes of routes. The definition of a routing policy in the network determines how routes are processed. Routing protocols make routing decisions to advertise, aggregate, discard, distribute, export, hold, import, redistribute, and otherwise modify routes based on the configured routing policy. Routing policies were previously defined by route maps. However, route maps have limitations and are difficult to maintain and troubleshoot in large networks as configuration sizes increase.

Note To configure Routing Policy Language (RPL), refer to the Cisco IOS XR Getting Started Guide.

See Figure 14-1 for an example of the Routing Policy Manager application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the Routing Policy Manager application.



Chapter 14 Routing Policy Manager Application Prefix Lists Tab

Figure 14-1 Routing Policy Manager Application

Prefix Lists TabThe Prefix Lists tab allows you to specify any routes that have a destination network number address that is permitted by a prefix list.

The Prefix Lists tab allows you to perform the following tasks:

• Specify a prefix list name and sequence number.

• Specify whether to permit or deny packets that match the prefix list criteria.

• Specify the prefix list matching criteria.

You can recorder the prefix lists by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

See Figure 14-1 for an example of the Prefix Lists tab. Table 14-1 describes the Prefix Lists tab fields.

Table 14-1 Prefix Lists Tab Description

Field Description

Basics Area

Name field Allows you to enter the prefix list name.


Allows you to enter the sequence number of the prefix list.


OL-5497-04


Chapter 14 Routing Policy Manager Application Standard Community Lists Tab

Standard Community Lists TabThe Standard Community Lists tab allows you to specify the standard community lists name, sequence number, and community numbers, and whether to permit matching.

You can recorder the standard community lists by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

See Figure 14-2 for an example of the Standard Community Lists tab. Table 14-2 describes the Standard Community Lists tab fields.

Grant list Allows you to either permit or deny packets that match the prefix list criteria specified in the following fields:

• Prefix

• Prefix Mask

• Min Prefix Length

• Max Prefix Length


• permit—permits a packet that matches the criteria.

• deny—denies the packet that matches the criteria.

Prefix field Allows you to enter the IPv4 prefix address to match. Prefix address matching distributes any routes that have a destination network number address that is permitted by a prefix list.

Prefix Mask field Allows you to enter the IPv4 prefix mask to match.

Min Prefix Length field

Allows you to specify the minimum length of the prefix to match.

Max Prefix Length field

Allows you to specify the maximum length of the prefix to match.

Add remark field Allows you to add comments or a description to the prefix list.

Table 14-1 Prefix Lists Tab Description (continued)

Field Description


OL-5497-04


Chapter 14 Routing Policy Manager Application Expanded Community Lists Tab

Figure 14-2 Standard Community Lists Tab

Expanded Community Lists TabThe Expanded Community Lists tab allows you to specify the expanded community lists name, sequence number, and whether to permit matching regular expressions.

You can recorder the expanded community lists by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

See Figure 14-3 for an example of the Expanded Community Lists tab. Table 14-3 describes the Expanded Community Lists tab fields.

Table 14-2 Standard Community Lists Tab Description

Field Description

Standard Community Lists Area

List No field Allows you to enter a value that identifies the standard community list. The standard community list can contain one or more permit or deny groups of communities.

Sequence No field Allows you to enter the sequence number of the standard community list.

Grant list Allows you to either permit or deny access for a matching condition.

Community Numbers field

Allows you to enter up to three standard community numbers.


OL-5497-04


Chapter 14 Routing Policy Manager Application AS Path Access Lists Tab

Figure 14-3 Expanded Community Lists Tab

AS Path Access Lists TabThe AS Path Access Lists tab allows you to specify the autonomous system (AS) path access lists name, sequence number, and whether to permit matching regular expressions.

You can recorder the AS path access lists by clicking the blue Up and Down arrows on the left side of the Application table. Each time an arrow is clicked, the chosen record moves up or down one row in the Application table and the sequence number is automatically modified based on location in the table relative to other records in the same list.

See Figure 14-4 for an example of the AS Path Access Lists tab. Table 14-4 describes the AS Path Access Lists tab fields.

Table 14-3 Expanded Community Lists Tab Description

Field Description

Extended Community Lists Area

List No field Allows you to enter a value that identifies the expanded community list to use for filtering.

Sequence No field Allows you to enter the sequence number of the expanded community list.

Action field Allows you to either permit or deny access for a matching condition.

Regular Expression field

Allows you to enter an autonomous system in the expanded community list using a regular expression.


OL-5497-04


Chapter 14 Routing Policy Manager Application AS Path Access Lists Tab

Figure 14-4 AS Path Access Lists Tab

Table 14-4 AS Path Access Lists Tab Description

Field Description

AS Path Access Lists Area

List No field Allows you to enter a value that identifies the group of AS1-path access lists.

1. AS = autonomous system

Sequence No field Allows you to enter the sequence number of the AS-path access list.

Filter list Allows you to either permit or deny access for a matching condition.

Regular Expression field

Allows you to enter an autonomous system in the access list using a regular expression to match the BGP2 AS-paths.

You can specify an access list filter on both inbound and outbound BGP routes. In addition, you can assign weights based on a set of filters. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the AS-path of the route as an ASCII string, then the permit or deny condition applies. The AS-path does not contain the local AS-number.

2. BGP = Border Gateway Protocol


OL-5497-04



C H A P T E R 15
BGP Configuration Application

The BGP Configuration Application contains the following tabs, subtabs, and windows:


– Global Address Family Configuration Window, page 15-154

– Cluster ID Subtab, page 15-157

– Confederation Subtab, page 15-158

– Graceful Restart Subtab, page 15-160

– Router ID Subtab, page 15-162

– Write Limit Subtab, page 15-164

• Networks Tab, page 15-166

• Aggregates Tab, page 15-167

• Redistribution Tab, page 15-169

• Neighbors Tab, page 15-172

– Neighbor Address Family Configuration Window, page 15-177

• Neighbor Groups Tab, page 15-183

– Neighbor Group Address Family Configuration Window, page 15-187

• Session Groups Tab, page 15-193

• AF Groups Tab, page 15-197

– Generic Config Subtab, page 15-199

– Filtering Policy Subtab, page 15-201


The BGP Configuration application allows you to configure the Border Gateway Protocol (BGP) routing protocol on the router.

The BGP performs interdomain routing in TCP/IP networks. BGP is an Exterior Gateway Protocol (EGP), which means that it performs routing between multiple autonomous systems and exchanges routing and reachability information with other BGP systems.

Like any routing protocol, BGP maintains routing tables, sends routing updates, and bases routing decisions on routing metrics.



Chapter 15 BGP Configuration Application

Each BGP router maintains a routing table listing all feasible paths to a particular network. Periodic refreshing of the routing table is not performed. Routing information received from peer routers is retained until an incremental update is received.

BGP devices exchange routing information in the following situations:

• Initial data exchange—When a router first connects to the network, BGP routers exchange their entire BGP routing tables.

• Incremental updates—When the routing table changes, routers send the portion of their routing table that has changed.

BGP routers do not send regularly scheduled routing updates. BGP routing updates advertise only the optimal path to a network.

BGP uses a single routing metric to determine the best path to a given network. This metric consists of an arbitrary unit number specifying the degree of preference of a particular link.

The BGP metric is typically assigned to each link by the network administrator. The value assigned to a link can be based on any number of criteria, including the following:

• Autonomous system count—The number of autonomous systems through which the path passes.

• Type of link—How stable or fast the link is.

• Other factors—Other criteria, for example, delay and cost.

See Figure 15-1 for an example of the BGP Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the BGP Configuration application.


OL-5497-04


Chapter 15 BGP Configuration Application General Tab

Figure 15-1 BGP Configuration Application

General TabThe General tab contains five subtabs: Cluster ID, Confederation, Graceful Restart, Router ID, and Write Limit. The Cluster ID subtab is displayed by default when the General tab is clicked.


• Specify an autonomous system (AS) number, local preference, local metric, send buffer sizes, receive buffer sizes, and best path parameters.

• Configure the global address family modes.



OL-5497-04




Field Description

AS Number field Allows you to enter the router autonomous system number.

Default Local Preference field

Allows you to enter a value for the default local preference.

Generally, the default value of 100 allows you to easily define a particular path as less preferable than paths with no local preference attribute. The preference is sent to all networking devices in the local AS1.

Default Metric field Allows you to enter the default metric value for the BGP2.

A default metric helps solve the problem of redistributing routes with incompatible metrics. Whenever metrics do not convert, using a default metric provides a reasonable substitute and enables the redistribution to proceed.

In BGP, setting the default metric sets the MED3 metric.

Keepalive(sec) field Allows you to enter a value for the frequency, in seconds, with which the software sends keepalive messages to the neighbor.

The configured value for the keepalive time is used provided it does not exceed a third of the negotiated hold time. If it does, a value of a third of the negotiated hold time will be used.

Holdtime(sec) field Allows you to enter a value for the interval after not receiving a keepalive message from the neighbor that the software terminates the neighbor BGP session.

Enter 0 to disable keepalive and hold time.

Note that the values 1 and 2 are not allowable since the minimum allowable keepalive time is a third of the holdtime.

Socket Receive Size(bytes) field

Allows you to enter the receive socket buffer size.

BGP Receive Size(bytes) field

Allows you to enter the BGP receive buffer size.

Socket Send Size(bytes) field

Allows you to enter the send socket buffer size.

BGP Send Size(bytes) field

Allows you to enter the BGP write buffer size.

Scan Time(sec) Allows you to enter the scanner interval.

Update Delay(sec) field

Allows you to enter a value for the maximum delay time for a BGP-speaking networking device.

Always check box Allows you to disable the keepalive trigger best path and enforce the delay specified in the Update Delay(sec) field. (See Update Delay(sec) field.)

AS Path Loopcheck check box

Allows you to enable an autonomous system path for loop checking iBGP4 peers.

Auto Policy Soft Reset check box

Allows you to enable an automatic soft peer reset on the reconfiguration for BGP peers.


OL-5497-04



Bestpath Compare Router ID check box

Allows you to enable the comparison of identical routes received from eBGP5 peers during the best path selection process and switch the best path to the route with the lowest router ID.

By default, during the best path selection process, when BGP receives identical routes from eBGP peers (all the attributes are the same except for the router ID), the best path is not switched to the route with the lowest router ID if that route was not the first route received. If the Bestpath Compare Router ID check box is checked, then similar routes are compared and the best path is switched to the route with the lowest router ID.

Bestpath Med Always check box

Allows you to enable the comparison of the MED for paths from neighbors in different autonomous systems.

The software chooses the path with the lowest MED.

By default, during the best path selection process, there is a MED comparison only among paths from the same autonomous system. Checking the Bestpath Med Always check box allows comparison of MEDs among paths regardless of the autonomous system from which the paths are received.

Bestpath Med Confed check box

Allows you to enable MED comparison among paths learned from confederation peers.

There is a comparison between MEDs only if no external autonomous systems are in the path (an external autonomous system is an autonomous system that is not within the confederation). If an external autonomous system is in the path, then the external MED passes transparently through the confederation, and the comparison is not made.

For example, assume that autonomous systems 65000, 65001, 65002, and 65004 are part of the confederation. Autonomous system 1 is not. The software compares route A with the following four paths:

• path 1 = 65000 65004, med=2

• path 2 = 65001 65004, med=3

• path 3 = 65002 65004, med=4

• path 4 = 65003 1, med=1

If the Bestpath Med Confed check box is checked, the software chooses path 1. The fourth path has a lower MED, but the software does not include path 4 in the MED comparison because an external autonomous system is in this path.

Bestpath Med Missing As Worst check box

Allows you to have the software consider a missing MED attribute in a path as having a value of infinity, making the path without a MED value the least desirable path.

Default Information Originate check box

Allows you to enable the distribution of a default route (set the originate network to 0.0.0.0 into the BGP table).

Enforce First AS check box

Allows you to enable the enforcement of the first autonomous system (known as the AS-path) of a route received from an eBGP peer to be the same as the configured remote autonomous system.

By default, the software ignores any update received from an eBGP neighbor that does not have the autonomous system configured for that neighbor at the beginning of the AS-path. When checked, the Enforce First AS check box applies to all eBGP peers of the networking device.

Fast External Fallover check box

Allows you to enable the immediate reset of the BGP sessions of any directly adjacent external peers if the link used to reach them goes down.

Performing an immediate session reset allows the network to recover faster when links go down between BGP peers.

Table 15-1 General Tab Description (continued)

Field Description


OL-5497-04



Global Address Family Configuration WindowThe Global Address Family Configuration window is opened when the AF Mode ellipsis button is clicked in the General tab.

The Global Address Family Configuration window allows you to perform the following tasks:

• Choose the address family mode.

• Configure the address family distances.

• Specify the number of paths to a single destination.

• Specify the scanner interval.

• Specify a policy name.

• Configure dampening parameters.

See Figure 15-2 for an example of the Global Address Family Configuration window. Table 15-2 describes the Global Address Family Configuration window fields.

Log Neighbor Changes check box

Allows you to enable logging of BGP neighbor resets.

Log Neighbor Changes enables logging of BGP neighbor status changes (up or down) and resets for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network, and should be investigated.

Redistribute Internal check box

Allows you to enable the redistribution of iBGP routes into an IGP6 such as IS-IS7 or OSPF8.

Caution Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system.

AF Mode Allows you to create an address family group for BGP neighbors.

An address family group for BGP neighbors is used to group address family-specific neighbor parameters within an IP address family. Neighbors that have the same address family configuration are able to use the address family group name under that address family. Further, neighbors will inherit the configuration parameters of the entire address family group.

AF Mode field Allows you to view the address family group.

AF Mode ellipsis button

Allows you to configure an address family group from the Global Address Family Configuration window. Configure the global address family using the Family Configuration window. See the “Global Address Family Configuration Window” section on page 15-154.



3. MED = Multi Exit Discriminator

4. iBGP = internal Border Gateway Protocol

5. eBGP = external BGP


7. IS-IS = Intermediate System-to-Intermediate System

8. OSPF = Open Shortest Path First


Field Description


OL-5497-04



Figure 15-2 Global Address Family Configuration Window

Table 15-2 Global Address Family Configuration Window Description

Field Description

AF Mode list Allows you to choose the address family mode. The following options are listed:

• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

Global AF Detail Area

External Distance field

Allows you to specify the distance for routes external to the AS1. The external distance is the administrative distance for BGP2 external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system.

An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual networking device or a group of networking devices. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.


OL-5497-04



Internal Distance field

Allows you to specify the distance for routes internal to the AS. This is the administrative distance for BGP internal routes. Internal routes are those routes that are learned from another BGP entity within the same autonomous system.


Local Distance field Allows you to specify the distance for local routes. This is the administrative distance for BGP local routes. The local-distance parameter applies to locally generated aggregate routes and backdoor routes installed in the routing table.

Caution Changing the administrative distance of BGP internal routes is considered risky and is not recommended. One problem that can arise is the accumulation of routing table inconsistencies, which can interfere with routing.


Maximum Paths field

Allows you to enter the maximum number of paths to a single destination.

CC Reflection check box

Allows you to enable route reflection from a BGP route reflector to clients. Click the CC Reflection check box to enable CC3 reflection.

Clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required.

If the neighbors are fully meshed, there is no need for client-to-client reflection. It the neighbors are not fully meshed, the RR4 configuration can be based on the address family-specific number.

Scan Time (sec) field

Allows you to specify the scanning intervals of BGP-speaking networking devices.

The specified scan time shortens the interval times where the BGP scanner processes routing information. Internal BGP features may work more efficiently if the routing tables are updated faster.

Table Policy field Allows you to specify a routing policy for updates advertised to or received from a BGP neighbor. The policy can be used to filter routes and to modify route attributes.

Dampening check box

Allows you to enable BGP dampening for the global address family. Check the Dampening check box to enable dampening.

Route Policy Allows you to specify the name of the route policy.

Route Policy radio button

Allows you to select route policy filtering.

Route Policy field Allows you to enter the name of the route policy.

This field is enabled when the Route Policy radio button is activated. (See Route Policy radio button.)

Counters radio button

Allows you to configure dampening using counters. When this radio button is clicked, the Half Life, Max Suppress, Reuse, and Suppress fields become available in sequence when values are entered into the fields.

Table 15-2 Global Address Family Configuration Window Description (continued)

Field Description


OL-5497-04



Cluster ID SubtabThe Cluster ID subtab allows you to specify the cluster ID IP address or number.

See Figure 15-1 for an example of the Cluster ID subtab. Table 15-3 describes the Cluster ID subtab fields.

Half Life (min) field Allows you to specify the time after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period. Penalty reduction happens every 5 sec.


Allows you to specify the maximum time a route can be suppressed. The default is four times the half-life value. If the default half-life value is selected, the maximum suppress time defaults to 60 min.

Reuse field Allows you to enter the route reuse value. If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. Routes are unsuppressed in 10-sec increments.

Suppress field Allows you to enter a value for when route suppression should start. A route is suppressed when its penalty exceeds this limit.



3. CC = client-to-client

4. RR = route reflection

Table 15-2 Global Address Family Configuration Window Description (continued)

Field Description

Table 15-3 Cluster ID Subtab Description

Field Description

Cluster ID check box

Allows you to enable the configuring of the cluster ID if the BGP1 cluster has more than one route reflector. Together, a route reflector and its clients form a cluster. Checking the check box enables the IP Address and Number radio buttons. (See IP Address and Number.)

Usually a cluster of clients will have a single route reflector. In that case, the cluster is identified by the software as the networking device ID of the route reflector. In order to increase redundancy and avoid a single point of failure in the network, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the 4-B cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster.

If the cluster has more than one route reflector, checking the Cluster ID check box configures the cluster ID.

IP Address Allows you to enter an IP address for the cluster ID.


Allows you to specify an IP address.

IP Address field Allows you to enter an IP address for the cluster ID.

This field is enabled when the IP Address radio button is activated. (See IP Address radio button.)

Number Allows you to enter a number for the cluster ID. The number must be the cluster ID of the networking device acting as a route reflector.


OL-5497-04



Confederation SubtabThe Confederation subtab allows you to perform the following tasks:

• Specify the confederation ID.

• Specify the confederation neighbors.

See Figure 15-3 for an example of the Confederation subtab. Table 15-4 describes the Confederation subtab fields.

Number radio button Allows you to specify a number.

Number field Allows you to enter a number for the cluster ID.

This field is enabled when the Number radio button is activated. (See Number radio button.)


Table 15-3 Cluster ID Subtab Description (continued)

Field Description


OL-5497-04



Figure 15-3 Confederation Subtab


OL-5497-04



Graceful Restart SubtabThe Graceful Restart subtab allows you to perform the following tasks:

• Specify graceful restart and graceful reset.

• Specify the purge time.

• Specify the restart time.

• Specify the stale path time.

See Figure 15-4 for an example of the Graceful Restart subtab. Table 15-5 describes the Graceful Restart subtab fields.

Table 15-4 Confederation Subtab Description

Field Description

Confederation ID field

Allows you to specify a BGP1 confederation identifier. The confederation ID is an autonomous system number that internally includes multiple autonomous systems.

One way to reduce the iBGP2 mesh is to divide an autonomous system into multiple autonomous systems and group them into a single confederation. Each autonomous system is fully meshed within itself, and has a few connections to another autonomous system in the same confederation. Even though the peers in different autonomous systems have eBGP3 sessions, they exchange routing information as if they are iBGP peers. Specifically, the confederation maintains the next hop and local preference information and that allows you to retain a single IGP for all the autonomous systems. To the outside world, the confederation looks like a single autonomous system.



3. eBGP = external Border Gateway Protocol

Confederation Peers field

Allows you to configure the autonomous systems that belong to a confederation by entering the autonomous system numbers for BGP peers that will belong to the confederation.

The autonomous systems specified are visible internally to a confederation. Each autonomous system is fully meshed within itself.


OL-5497-04



Figure 15-4 Graceful Restart Subtab

Table 15-5 Graceful Restart Subtab Description

Field Description

Graceful Restart check box

Allows you to enable graceful restart support.

Graceful Reset check box

Allows you to reset gracefully if the configuration change forces a peer reset.

Purge Time(sec) field

Allows you to enter the maximum time before stale routes are purged.


OL-5497-04



Router ID SubtabThe Router ID subtab allows you to configure a router ID IP address or interface name.

See Figure 15-5 for an example of the Router ID subtab. Table 15-6 describes the Router ID subtab fields.

Restart Time(sec) field

Allows you to enter the maximum time advertised to neighbors.

Stalepath Time(sec) field

Allows you to enter the maximum time to wait for the End-of-RIB message from a neighbor that has been restarted before deleting learned routes.

Table 15-5 Graceful Restart Subtab Description (continued)

Field Description


OL-5497-04



Figure 15-5 Router ID Subtab

Table 15-6 Router ID Subtab Description

Field Description

Router ID check box Allows you to enable the configuration of a fixed router ID for a BGP1-speaking networking device.

A loopback interface, if one is configured, is more effective as an identifier because there is no physical link to go down.

IP Address Allows you to specify an IP address for the router ID.


Allows you to specify the IP address.

IP Address field Allows to enter an IP address for the router ID.

This field is enabled when the IP Address radio button is activated. (See IP Address radio button.)


OL-5497-04



Write Limit SubtabThe Write Limit subtab allows you to perform the following tasks:

• Specify a formatted messages limit.

• Specify an enqueued messages limit.

• Disable desynchronization.

See Figure 15-6 for an example of the Write Limit subtab. Table 15-7 describes the Write Limit subtab fields.

Interface Name Allows you to enter an interface name.

Interface Name radio button

Allows you to specify an interface name.

Interface Name field Allows you to view the chosen interface name.

Interface Name ellipsis button

Allows you to choose an interface from the Select Interfaces dialog box.

This ellipsis button is enabled when the Interface Name radio button is activated. (See Interface Name radio button.)


Table 15-6 Router ID Subtab Description (continued)

Field Description


OL-5497-04



Figure 15-6 Write Limit Subtab

Table 15-7 Write Limit Subtab Description

Field Description

Formatted Messages field

Allows you to enter the maximum number of formatted messages for an update group.

Enqueued Messages field

Allows you to enter the number of messages that can be enqueued in total.

Desynchronize check box

Allows you to desynchronize. Desynchronization is the process where BGP1 will separate and update groups into slow and fast peers so that the slow peers do not increase the update latency of the fast peers.



OL-5497-04


Chapter 15 BGP Configuration Application Networks Tab

Networks TabThe Networks tab allows you to perform the following tasks:

• Specify the IP address and mask for a network.

• Choose the address family mode.

• Specify a backdoor route.

See Figure 15-7 for an example of the Networks tab. Table 15-8 describes the Networks tab fields.

Figure 15-7 Networks Tab


OL-5497-04


Chapter 15 BGP Configuration Application Aggregates Tab

Aggregates TabThe Aggregates tab allows you to perform the following tasks:

• Specify the IP address and mask for aggregates.

• Choose the address format mode and optionally choose to generate AS confederation set path information and filter routes from updates.

• Configure the filtering policy for aggregates.

See Figure 15-8 for an example of the Aggregates tab. Table 15-9 describes the Aggregates tab fields.

Table 15-8 Networks Tab Description

Field Description

Network Area

IP Address Allows you to specify a local network that the BGP1 routing process should originate and advertise to its neighbors.

The BGP determines which local networks will be originated by the networking device and included in routing advertisements to its neighbors. Only routes that are specified using Networks tab will be originated and advertised to neighbors even if there is a corresponding non-BGP route in the routing table. Such routes can be learned using connected networks, static routing, or dynamic routing using an IGP.


IP Address field Allows you to enter an IP address.

IP Address ellipsis button

Allows you to choose an IP address from the Select IP Address dialog box.


• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

Mask field Allows you to enter an IP address mask for the network.

AutoGenerate Mask button

Allows you to automatically generate a mask. Click the button to automatically generate a mask.

Policy field Allows you to enter the name of the route policy.

Backdoor check box Allows you enable a BGP backdoor route. The backdoor route is to a BGP border networking device. This device will provide better information than the local networking device about the network.


OL-5497-04


Chapter 15 BGP Configuration Application Aggregates Tab

Figure 15-8 Aggregates Tab

Table 15-9 Aggregates Tab Description

Field Description

Aggregate Address Area

IP Address field Allows you to specify an IP address to create an aggregate entry in a BGP1 routing table.

Mask field Allows you to enter an aggregate IP address mask.

AutoGenerate Mask button

Allows you to automatically generate an aggregate mask. Click the button to automatically generate a mask.

AS Set check box Allows you to generate AS set path information.


OL-5497-04


Chapter 15 BGP Configuration Application Redistribution Tab

Redistribution TabThe Redistribution tab allows you to perform the following tasks:

• Choose the address family mode for redistribution.

• Configure connected routes.

• Configure static routes.

• Configure OSPF routes.

• Configure IS-IS routes.

See Figure 15-9 for an example of the Redistribution tab. Table 15-10 describes the Redistribution tab fields.


• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

AS Confed Set check box

Allows you to generate autonomous system set path information and community information from contributing paths.

Summary Only check box

Allows you to filter more specific routes from updates. Checking the Summary Only check box creates the aggregate route (for example, 172.20.0.0/8) but suppresses advertisements of more specific routes to all neighbors.

Policy field Allows you to enter a policy on which to condition advertisement, suppression, and attributes.

1. BGP= Border Gateway Protocol

Table 15-9 Aggregates Tab Description (continued)

Field Description


OL-5497-04



Figure 15-9 Redistribution Tab


OL-5497-04



Table 15-10 Redistribution Tab Description

Field Description

General Area

AF Mode list Allows you to choose the address family mode to redistribute routes from another routing protocol into BGP. The following options are listed:

• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

Each protocol (and instance of a protocol) may be redistributed independently of the others. Changing or removing redistribution for a particular instance does not affect the redistribution capability of other protocols or other instances of the same protocol.

Networks specified using the Networks tab are not affected by the Redistribution tab settings; that is, the policy specified in the Network tab takes precedence over the policy specified through the Redistribution tab.

Connected Routes Area

Default Metric field Allows you to specify a metric value to assign to connected routes.

Policy field Allows you to enter a routing policy to filter connected routes.

Static Routes Area

Default Metric field Allows you to specify a metric value to assign to static routes.

Policy field Allows you to enter a routing policy to filter static routes.

OSPF Routes Area

OSPF Instance Name column

Specifies the OSPF1 instance. Click the cell then enter a value.

Default Metric column

Specifies the metric value to assigned to the routes. Click the cell then enter a value.

Redistribute Type column

Specifies the redistribution type. Click the cell then enter a value.

Route Policy Name column

Specifies the name of the route policy that is used. Click the cell then enter a value.

Internal column Indicates whether the internal OSPF routes are redistributed. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

External column Indicates whether the external OSPF routes are redistributed. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

External Type 1 column

Specifies whether the route is an external route type 1. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

External Type 2 column

Specifies whether the route is an external route type 2. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

NSSA External column

Specifies whether the external OSFP routes are redistributed to the NSSA2. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

NSSA External Type 1 column

Specifies whether the NSSA External type is Type 1. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.


OL-5497-04


Chapter 15 BGP Configuration Application Neighbors Tab

Neighbors TabThe Neighbors tab allows you to perform the following tasks:

• Specify the neighbor IP address and AS number.

• Configure the neighbor inheritance.

• Configure neighbor details including demilitarized zone (DMZ) link bandwidth (DmzLinkBw) password, send and receive buffer sizes, shutdown, timers, and address family mode.

See Figure 15-10 for an example of the Neighbors tab. Table 15-11 describes the Neighbors tab fields.

NSSA External Type 2 column

Column specifies whether the NSSA External type is Type 2. The options are true or false. Double-click the cell to activate it, then double-click to choose true or false.

IS-IS Routes Area

IS-IS instance name column

Specifies the IS-IS3 name. Click the cell then enter a value.

Default Metric column

Specifies the metric value assigned to the routes. Click the cell then enter a value.

Redistribute Type column

Allows you to choose the redistribute type. The following options are listed:

• Level1

• Level2

• Level1and2

Double-click the cell to activate the list, then choose a redistribute type.

Route Policy Name column

Specifies the name of the route policy. Click the cell then enter a value.


2. NSSA = not-so-stubby area


Table 15-10 Redistribution Tab Description (continued)

Field Description


OL-5497-04



Figure 15-10 Neighbors Tab

Table 15-11 Neighbors Tab Description

Field Description

Neighbor Specific Area

IP Address field Allows you to enter an IP address of the BGP-speaking neighbor. Once a BGP1 neighbor is created, routing information is exchanged.

AS Number field Allows you to enter the autonomous system number to which the neighbor belongs.

The AS2 Number field assigns a remote AS number to a neighbor and causes the neighbor to be created. A neighbor must have a remote AS number before any other parameters can be configured for it.


OL-5497-04



Neighbor Inheritance Area

Neighbor Group Name

Allows you to choose a neighbor group name.

Neighbor Group Name field

Allows you to view the chosen neighbor group name.

Neighbor Group Name ellipsis button

Allows you to choose a neighbor group name from the Select Neighbor Group dialog box.

Session Group Name

Allow you to choose a session group name. Click the Session Group Name ellipsis button to open a Select Session Group dialog box and choose a session group name from the dialog box.

Session Group Name field

Allows you to view the chosen session group name.

Session Group Name ellipsis button

Allows you to choose a session group name from the Select Session Group dialog box.

Neighbor Details Area

Ad. Interval(sec) field

Allows you to enter the minimum advertisement interval time.

Description field Allows you to enter a description of the neighbor.

EBGP Multihop field

Allows you to enter the maximum hop count.

The hop count allows the router to accept and attempt BGP connections to external peers residing on networks that are not directly connected.

Local AS field Allows you to assign local AS numbers.

Each BGP peer can be made to have a local autonomous system value for the purpose of peering. In the case of neighbor groups and session groups, the local autonomous system value is valid for all peers in the neighbor group.

This feature cannot be customized for individual peers in a group.

You cannot use the local BGP autonomous system number or the autonomous system number of the remote peer.

This is valid only if the peer is a true eBGP3 peer—it does not work for two peers in different subautonomous systems in a confederation.

Update Source Allows you to specify an interface name specifying an interface type and instance.

• interface type—Interface to be used to obtain the local IP address for the BGP session with the neighbor.

• interface number—The interface number of the interface-type argument.

Choosing an interface allows internal iBGP4 sessions to use the IP address from a particular interface as the local address when forming an iBGP session with a neighbor.

This mechanism allows a BGP session to remain up even if the outbound interface goes down, provided there is another route to the neighbor.

If you configure the update source for a neighbor group or session group, all neighbors using the group will inherit the characteristics configured with the Update Source field. (See the “Neighbor Groups Tab” section on page 15-183 and the “Session Groups Tab” section on page 15-193.) Configuring the update source directly for the neighbor will override the value inherited from the group.

Table 15-11 Neighbors Tab Description (continued)

Field Description


OL-5497-04



Update Source field Allows you to view the chosen interface name.

Update Source ellipsis button

Allows you to choose an interface name from the Select Interfaces dialog box.

AF Mode Allows you to specify the address family mode. Click the AF Mode ellipsis button to open a Neighbor Address Family Configuration window and configure a neighbor address family (see the “Neighbor Address Family Configuration Window” section on page 15-177).

AF Mode field Allows you to view the chosen address family mode.


Allows you to configure an address family mode from the Neighbor Address Family Configuration window.

Buffer Sizes - Receive and Send Area

Socket Read(bytes) field


BGP Read(bytes) field

Allows you to enter the BGP read buffer size.

Socket Send(bytes) field


BGP Send(bytes) field


DMZLinkBw Area

DmzLinkBw check box

Allows you to propagate DMZ5 link bandwidth, which advertises the bandwidth of links that are used to exit an autonomous system.

This feature supports only single hop links over iBGP. BGP can originate the link bandwidth community only for eBGP peers that are one hop away.

Enable Inheritance check box

Allows you to enable DMZ link bandwidth to be inherited, allowing propagation and inheritance from a parent.

Password Area

Password field Allows you to enter a neighbor password. When a password is entered, it enables MD56 authentication on a TCP7 connection between two BGP neighbors.

You can invoke authentication between two BGP neighbors, causing each segment sent on the TCP connection between them to be verified. The password must be configured the same on both BGP neighbors, otherwise the connection will not be made. The authentication feature uses the MD5 algorithm. Specifying the password causes the software to generate and check the MD5 digest on every segment sent on the TCP connection.

If you configure a password for a neighbor, an existing session will be torn down and a new one established.

If you specify a BGP neighbor group or session group, all the members of the group will inherit the password characteristic.

To override any inherited password configuration from a neighbor group or session group, disable the password on the neighbor.


Field Description


OL-5497-04



Encryption Type list Allows you to choose a password encryption type. The following options are listed:

• None

• Cisco Proprietary

Password Disable check box

Allows you to disable the password even if the parent has one. Check the Password Disable check box to disable the password for the neighbor and uncheck the check box to enable the password.

Shutdown Area

Shutdown check box Allows you to shut down the neighbor. Check the Shutdown check box to enable shut down and uncheck the check box to disable shut down.


Allows you to enable shutdown of the neighbor from a parent.

Timers Area

Keepalive(sec) field Allows you to enter the keepalive interval timer. This is the frequency, in seconds, with which the software sends keepalive messages to the neighbor.

The timers actually used in connection with the neighbor group may not be the same as those configured because the actual timers are negotiated with the neighbor when establishing the session. The negotiated hold time is the minimum of the configured time and the time received from the neighbor. If the negotiated hold time is 0, keepalives will be disabled and the software never terminates the session when a keepalive is not received.


Holdtime(sec) field Allows you to enter the hold-time timer. This value is the interval, in seconds, after not receiving a keepalive message from the neighbor, that the software terminates the neighbor BGP session.

Enter 0 in the Holdtime(sec) field to disable the keepalive and hold-time timers.

Note that the values 1 and 2 are not allowable since the minimum allowable keepalive time is a third of the holdtime.

TTL Security Area

TTL Security check box

Allows you to enable BGP TTL security.


Allows you to enable inheritance from a parent.





5. DMZ = demilitarized zone

6. MD5 = Message Digest 5



Field Description


OL-5497-04



Neighbor Address Family Configuration WindowThe Neighbor Address Family Configuration window is opened when the AF Mode ellipsis button is clicked in the Neighbors tab.

The Neighbor Address Family Configuration window allows you to specify the address family group and mode.

See Figure 15-11 for an example of the Neighbor Address Family Configuration window. Table 15-12 describes the Neighbor Address Family Configuration window fields.

Figure 15-11 Neighbor Address Family Configuration Window


OL-5497-04



Generic Config Subtab

The Generic Config subtab allows you to perform the following tasks:

• Specify the maximum number of prefixes and threshold.

• Configure the default originate.

• Configure the route reflector client.

• Disable the next hop calculation.

• Remove private AS updates.

• Send communities to an eBGP group.

• Configure soft reconfiguration.

See Figure 15-17 for an example of the Generic Config subtab. Table 15-21 describes the Generic Config subtab fields.

Table 15-12 Neighbor Address Family Configuration Window Description

Field Description

AF Group Area


• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

AF Group Allows you to choose the address family group.

AF Group field Allows you to view the chosen address family group.

AF Group ellipsis button

Allows you to choose the address group from the Select AF Group dialog box.

Table 15-13 Generic Config Subtab Description

Field Description

Advertise Map This field and ellipsis button allow you to choose to map to conditionally advertise.

Advertise Map field Allows you to view the advertise map.

Advertise Map ellipsis button

Allows you to choose the advertise map from the Select routemap dialog box.

Conditional Map This field and ellipsis button allow you to choose the conditional map.

Conditional Map field

Allows you to view the conditional map.

Conditional Map ellipsis button

Allows you to choose the map from the Select routemap dialog box.

Condition Type list Allows you to choose the type of condition. The following options are listed:

• ConditionMatch—Advertises if a map is matched.

• ConditionNoMatch—Advertises if a match is not matched.


OL-5497-04



ORF Capability list Allows you to choose the capability ORF1. The following options are listed:

• Receive

• Send

• Both

• None

Max Prefix field Allows you to enter the maximum number of prefixes. The Max Prefix field configures a maximum number of prefixes that a BGP2 networking device is allowed to receive from a neighbor. It adds another mechanism (in addition to routing policy) to control prefixes received from a peer.

When the number of received prefixes exceeds the maximum number configured, the software terminates the peering (by default). However, if the Enable Warning check box is activated, the software sends only a log message, but continues peering with the sender.

Threshold field Allows you to enter the threshold value based on the maximum value in the Max Prefix field. When the threshold is reached (specified percent of the maximum received prefixes), a warning is generated.

Enable Warning check box

Allows you to configure the software to generate a log message when the maximum argument value (threshold) is exceeded, instead of terminating the peering.

Weight field Allows you to specify the default weight.

Default Originate Area

Default Originate check box

Allows you to enable default originate. Default originate allows you to originate network 0.0.0.0 into the BGP table.


Allows you to prevent default originate from being inherited from a parent (session group or neighbor group).

Route Reflector Client Area

RR Client check box Allows you to enable client-to-client reflection.

When client-to-client reflection is enabled, the clients of a route reflector cannot be members of a peer group.

If the neighbors are fully meshed, there is no need for client-to-client reflection.


Allows you to specify that all neighbors using the address family group will inherit the characteristics configured with the RR3 Client check box.

Send Extended Community EBGP Area

Send Ext Comm check box

Allows you to specify that extended community attributes are sent to an eBGP4 neighbor and cannot be configured for iBGP5 neighbors.


Allows you to specify that all neighbors using the address family group will inherit the characteristics configured with the Send Ext Comm check box.

Next Hop Self Area

Next Hop Self check box

Allows you to disable next hop calculation for BGP updates advertised by the networking device causing all routes to be advertised with this network device as the next hop.

Disabling the next hop calculation is useful in nonmeshed networks (such as Frame Relay or X.25) where BGP neighbors may not have direct access to all other neighbors on the same IP subnet.

Table 15-13 Generic Config Subtab Description (continued)

Field Description


OL-5497-04




Allows you to specify that all neighbors using the address family group will inherit the characteristics configured with the Next Hop Self check box.

Remove Private AS Area

Remove Private AS check box

Allows you to remove private autonomous system numbers. When an update is passed to the external neighbor, the software will drop any private autonomous system numbers in the AS-path. This feature is available for eBGP neighbors only.

If the AS-path includes both private and public autonomous system numbers, the software considers the two numbers to be a configuration error and does not remove the private autonomous system numbers.

If the AS path contains the autonomous system number of the eBGP neighbor, the private autonomous system numbers will not be removed.

If this feature is used with Confederation (see the “Confederation Subtab” section on page 15-158), it will work as long as the private autonomous system numbers follow the confederation portion of the AS-path.

If you configure this command for a neighbor group or address family group, all neighbors using the group will inherit the characteristics. Configuring the remove private AS directly for the neighbor will override the value inherited from the group.


Allows you to specify that all neighbors using the address family group will inherit the characteristics configured with the Remove Private AS check box.

Send Community EBGP Area

Send Community check box

Allows you to specify that community attributes should be sent to an eBGP neighbor and not to iBGP neighbors.


Allows you to specify that all neighbors using the address family group will inherit the characteristics configured with the Send Community check box.


Field Description


OL-5497-04



Filtering Policy Subtab

The Filtering Policy subtab allows you to perform the following tasks:

• Specify the prefix list.

• Specify the policy.

• Configure the outgoing route filter.

See Figure 15-12 for an example of the Filtering Policy subtab. Table 15-14 describes the Filtering Policy subtab fields.

Soft Reconfig Inbound Area

Soft Reconfiguration check box

Allows you to enable soft reconfiguration allowing the software to store updates received from a neighbor.

When an inbound policy is used to filter out or modify some of the updates received from a neighbor, this feature causes the software to store the original unmodified route in addition to the one that was changed or filtered out. This feature allows a “soft clear” to be performed after the inbound policy is changed. The original routes are then passed through the new policy, which then updates the set of routes be used.

When the Soft Reconfiguration check box is checked, the following three radio button options are described:

• Enable—Allow inbound soft reconfiguration. If the neighbor supports route refresh capability, then the original routes are not stored because they can be retrieved from the neighbor by making a route refresh request. Click the Enable radio button to allows inbound soft reconfiguration.

• Disable—Do not allow inbound soft reconfiguration. If the neighbor does not support the route refresh capability, then an inbound soft clear is not possible. In that case, the only way to rerun the inbound policy is to perform a “hard clear,” which is to reset the neighbor BGP session. Click the Disable radio button to deny inbound soft reconfiguration.

• Soft Always—Always use soft reconfiguration even when route refresh is supported. Checking the Soft Always check box enables the storing of received updates, even if the neighbor supports route refresh capability. Click the Soft Always radio button to always use soft reconfiguration.

1. ORF = Outbound Route Filter






Field Description


OL-5497-04



Figure 15-12 Filtering Policy Subtab

Table 15-14 Filtering Policy Subtab Description

Field Description

Prefix List (in) Allows you to choose a prefix list to filter updates advertised to or received from a neighbor. Choosing a prefix list applies the prefix list to incoming advertisements to that neighbor.

All neighbors using this group will inherit the characteristics configured with the Prefix List (in) field.

Prefix List (in) field Allows you to view the prefix list.

Prefix List (in) ellipsis button

Allows you to choose the prefix list from the Select prefix dialog box.

Policy (in) field Allows you to enter the name of a policy to apply to inbound routes.


OL-5497-04


Chapter 15 BGP Configuration Application Neighbor Groups Tab

Neighbor Groups TabThe Neighbor Groups tab allows you to perform the following tasks:

• Specify the neighbor group name and AS number.

• Configure the neighbor group inheritance.

• Configure neighbor group address family-independent and address family specific-information including DMZ link bandwidth, password, send and receive buffer sizes, shutdown, timers, and address family mode.

See Figure 15-13 for an example of the Neighbor Groups tab. Table 15-15 describes the Neighbor Groups tab fields.

Prefix List (out) Allows you to choose a prefix list filter for updates advertised from or sent to a neighbor. Choosing a prefix list applies the prefix list to outgoing advertisements from that neighbor.

All neighbors using this group will inherit the characteristics configured with the Prefix List (out) field.

Prefix List (out) field

Allows you to view the chosen prefix list.

Prefix List (out) ellipsis button

Allows you to choose the prefix list from the Select prefix list dialog box.

Policy (out) field Allows you to enter the name of a policy to apply to outbound routes.

Table 15-14 Filtering Policy Subtab Description (continued)

Field Description


OL-5497-04



Figure 15-13 Neighbor Groups Tab

Table 15-15 Neighbor Groups Tab Description

Field Description

Neighbor Group Specific Area

Neighbor Group Name field

Allows you to enter a neighbor group name.

AS Number field Allows you to assign a remote AS1 number to the remote neighbor.

Neighbor Group Inheritance Area

Parent Allows you to specify a neighbor group parent for inheritance. Click the Parent ellipsis button to open a Select Neighbor Group dialog box and choose a neighbor group from the dialog box.

Parent field Allows you to view the neighbor group parent.


OL-5497-04



Parent ellipsis button

Allows you to choose the neighbor group parent from the Select Neighbor Group dialog box.

Session Group Name

This field and ellipsis button allow you to specify a session group name for inheritance. Click the Session Group Name ellipsis button to open a Select Session Group dialog box and choose a session group from the dialog box.


Allows you to view the chosen the session group name.

Session Group Name ellipsis button

Allows you to choose the session group name.

Neighbor Group Details Area


Allows you to enter the minimum advertisement interval time.

Description field Allows you to enter a description of the neighbor group.

EBGP Multihop field


The hop count allows the router to accept and attempt BGP2 connections to external peers residing on networks that are not directly connected.


Each BGP peer can be made to have a local autonomous system value for the purpose of peering. In the case of neighbor groups and session groups, the local autonomous system value is valid for all peers in the neighbor group.

Update Source Allows you to specify an interface name specifying an interface type and instance for the following options:



Click the Update Source ellipsis button to open a Select Interfaces dialog box and choose an interface from the dialog box.

Update Source field Allows you to view the chosen interface name.



AF Mode Allows you to specify the address family mode.

AF Mode field Allows you to view the chosen address family mode.


Allows you to configure the address family mode from the Neighbor Group Address Family Configuration window. (See the “Neighbor Group Address Family Configuration Window” section on page 15-187.)


Socket Read (bytes) field


BGP Read (bytes) field


Table 15-15 Neighbor Groups Tab Description (continued)

Field Description


OL-5497-04



Socket Send (bytes) field


BGP Send (bytes) field


DMZLinkBw Area

DmzLinkBw check box


This feature supports only single hop links over iBGP4. BGP can originate the link bandwidth community only for eBGP peers that are one hop away.



Password Area

Password field Allows you to enter a neighbor password. When a password is entered, it enables MD5 authentication on a TCP5 connection between two BGP neighbors.

You can invoke authentication between two BGP neighbors, causing each segment sent on the TCP connection between them to be verified. The password must be configured the same on both BGP neighbors; otherwise, the connection is not made. The authentication feature uses the MD56 algorithm. Specifying the password causes the software to generate and check the MD5 digest on every segment sent on the TCP connection.

If you configure a password for a neighbor, an existing session will be torn down and a new one established.

If you specify a BGP neighbor group, all the members of the group will inherit the password characteristic.


• None



Allows you to disable the password for the neighbor group even if the parent has one.

Shutdown Area

Shutdown check box Allows you to shut down the neighbor group. Check the Shutdown check box to enable shut down and uncheck the check box to disable shut down.


Allows you to shut down the neighbor group independent of the parent.


Field Description


OL-5497-04



Neighbor Group Address Family Configuration WindowThe Neighbor Group Address Family Configuration window is opened when the AF Mode ellipsis button is clicked in the Neighbor Groups tab.

The Neighbor Group Address Family Configuration window allows you to specify the address family group and mode.

See Figure 15-14 for an example of the Neighbor Group Address Family Configuration window. Table 15-16 describes the Neighbor Group Address Family Configuration window fields.

Timers Area

Keepalive (sec) field Allows you to enter the keepalive interval timer. This is the frequency, in seconds, with which the software sends keepalive messages to the neighbor.

The timers actually used in connection with the neighbor group may not be the same as those configured because the actual timers are negotiated with the neighbor group when establishing the session. The negotiated hold time is the minimum of the configured time and the time received from the neighbor group. If the negotiated hold time is 0, keepalives will be disabled and the software never terminates the session when a keepalive is not received.

The configured value for the keepalive time is used provided it does not exceed a third of the negotiated hold time. If it does, a value of a third of the negotiated hold time is used.

Holdtime(sec) field Allows you to enter the hold-time timer. This value is the interval, in seconds, after not receiving a keepalive message from the neighbor group, that the software terminates the neighbor group BGP session.


TTL Security Area












Field Description


OL-5497-04



Figure 15-14 Neighbor Group Address Family Configuration Window

Table 15-16 Neighbor Group Address Family Configuration Window Description

Field Description

AF Group Area


• IPv4Unicast

• IPv4Multicast

• IPv6Unicast

AF Group Allows you to choose the address family group.

AF Group field Allows you to view the chosen address family group.

AF Group ellipsis button

Allows you to choose the address group from the Select AF Group dialog box.


OL-5497-04



Generic Config Subtab

The Generic Config subtab allows you to perform the following tasks:





• Remove private AS updates.





Field Description

Advertise Map This field and ellipsis button allow you to choose to map to conditionally advertise.

Advertise Map field Allows you to view the advertise map.

Advertise Map ellipsis button

Allows you to choose the conditional map.

Conditional Map This field and ellipsis button allow you to choose the conditional map.

Conditional Map field

Allows you to view the conditional map.

Conditional Map ellipsis button

Allows you to choose the map from the Select routemap dialog box.

Condition Type list Allows you to choose the type of condition. The following options are listed:

• ConditionMatch—To advertise if a map is matched.

• ConditionNoMatch—To advertise if a match is not matched.

ORF Capability list Allows you to choose the capability ORF1. The following options are listed:

• Receive

• Send

• Both

• None





OL-5497-04


















Allows you to specify that extended community attributes are sent to an eBGP neighbor and cannot be configured for iBGP4 neighbors.



Next Hop Self Area








Allows you to remove private autonomous system numbers. When an update is passed to the external neighbor, the software drops any private autonomous system numbers in the AS5-path. This feature is available for eBGP6 neighbors only.






Field Description


OL-5497-04



Filtering Policy Subtab

The Filtering Policy subtab allows you to perform the following tasks:















When the Soft Reconfiguration check box is checked, the following radio button options are listed:











Field Description


OL-5497-04





Field Description








OL-5497-04


Chapter 15 BGP Configuration Application Session Groups Tab

Session Groups TabThe Session Groups tab allows you to perform the following tasks:

• Specify the session group name and AS number.

• Configure the session group inheritance.

• Configure session group address family-independent information including DMZ link bandwidth, password, send and receive buffer sizes, shutdown, and timers.

See Figure 15-16 for an example of the Session Groups tab. Table 15-19 describes the Session Groups tab fields.









Field Description


OL-5497-04



Figure 15-16 Session Groups Tab

Table 15-19 Session Groups Tab Description

Field Description

Session Group Specific Area


Allows you to enter the session group name.

AS Number field Allows you to assign a remote AS1 number to the session group.

Session Group Inheritance Area

Parent Allows you to specify a session group parent for inheritance.

Parent field Allows you to view the session group parent.


OL-5497-04




Allows you to choose the session group parent from the Select Session Group dialog box.

Session Group Details Area


Allows you to enter the minimum advertisement interval time in seconds.

Description field Allows you to enter a description of the session group.

EBGP Multihop field


The hop count allows the router to accept and attempt BGP2 connections to external peers residing on networks that are not directly connected.


Each BGP neighbor can be made to have a local autonomous system value for the purpose of peering. In the case of neighbor groups and neighbors, the local autonomous system value is valid for all neighbor in the session group.

Update Source Allows you to specify an interface name specifying an interface type and instance for the following options:



Update Source field Allows you to view the interface name.


Allows you to choose the interface name from the Select Interfaces dialog box.


Socket Read(bytes) field


BGP Read(bytes) field


Socket Send(bytes) field


BGP Send(bytes) field


DmzLinkBw check box


This feature only supports single hop links over internal iBGP. BGP can originate the link bandwidth community only for eBGP peers that are one hop away.



Table 15-19 Session Groups Tab Description (continued)

Field Description


OL-5497-04



Password Area

Password field Allows you to enter a session password. When a password is entered, it enables MD54 authentication on a TCP5 connection between two BGP neighbors.

You can invoke authentication between two BGP peers, causing each segment sent on the TCP connection between them to be verified. The password must be configured the same on both BGP peers, otherwise the connection will not be made. The authentication feature uses the MD5 algorithm. Specifying the password causes the software to generate and check the MD5 digest on every segment sent on the TCP connection.

If you specify a BGP session group, all the members of the group will inherit the password characteristic.

To override any inherited password configuration from a neighbor or neighbor group, disable the password for the neighbor or neighbor group.


• None



Allows you to disable the password even if the parent has one.

Shutdown Area

Shutdown check box Allows you to shut down the session group.


Allows you to shut down the session group from a parent.

Timers Area

Keepalive(sec) field Allows you to enter the keepalive interval timer. This is the frequency, in seconds, with which the software sends keepalive messages to the neighbor.

The timers actually used in connection with the session group may not be the same as those configured because the actual timers are negotiated with the session group when establishing the session. The negotiated hold time is the minimum of the configured time and the time received from the session group. If the negotiated hold time is 0, keepalives will be disabled and the software never terminates the session when a keepalive is not received.


Holdtime(sec) field Allows you to enter the hold-time timer. This value is the interval, in seconds, after not receiving a keepalive message from the session group, that the software terminates the session group BGP session.


TTL Security Area








Table 15-19 Session Groups Tab Description (continued)

Field Description


OL-5497-04


Chapter 15 BGP Configuration Application AF Groups Tab

AF Groups TabThe AF Groups tab contains two subtabs: Generic Config and Filtering Policy. The Generic Config subtab is displayed by default when the AF Groups tab is clicked.

The AF Groups tab allows you to perform the following tasks:

• Specify the address family group name and mode.

• Specify an address group parent for inheritance.

See Figure 15-17 for an example of the AF Groups tab. Table 15-20 describes the AF Groups tab fields.




OL-5497-04



Figure 15-17 AF Groups Tab

Table 15-20 AF Groups Tab Description

Field Description

AF Group Area

AF Group Name field

Allows you to enter a BGP1 address family group name.


• IPv4Unicast

• IPv4Multicast

• IPv6Unicast


OL-5497-04



Generic Config SubtabThe Generic Config subtab allows you to perform the following tasks:





• Remove AS updates from outbound updates.




AF Group Inheritance Area

Parent This field and ellipsis button allow you to specify an address group parent for inheritance.

Parent field Allows you to view the chosen address group parent.


Allows you to choose the address group parent from the Select AF Group dialog box.


Table 15-20 AF Groups Tab Description (continued)

Field Description


Field Description

Capability ORF list Allows you to choose the capability ORF1. The following options are listed:

• Receive

• Send

• Both

• None








OL-5497-04








Route Policy field Allows you to enter a route policy name to specify criteria to originate default.



When client-to-client reflection is enabled, the clients of a route reflector cannot be members of a peer group.






Allows you to specify that extended community attributes are sent to an eBGP4 neighbor and cannot be configured for iBGP5 neighbors.



Next Hop Self Area








Allows you to remove private autonomous system numbers. When an update is passed to the external neighbor, the software will drop any private autonomous system numbers in the AS-path. This feature is available for eBGP neighbors only.






Field Description


OL-5497-04



Filtering Policy SubtabThe Filtering Policy subtab allows you to perform the following tasks:















When the Soft Reconfiguration check box is checked, the following radio button options are listed:










Field Description


OL-5497-04





Field Description








OL-5497-04


Chapter 15 BGP Configuration Application Operations Tab


• Specify clear BGP parameters and execute the operation.

• Specify clear BGP dampening parameters and execute the operation.

• Specify clear BGP flap statistics parameters and execute the operation.

• Specify clear BGP peer drop parameters and execute the operation.

• Clear BGP performance statistics.

• Clear BGP self-originated routes.










Field Description


OL-5497-04





Field Description

Clear BGP Area

All radio button Allows you to reset all BGP1 neighbors.

External Peers radio button

Allows you to reset all external neighbors.

Neighbor Allows you to reset a neighbor based on IP address.

Neighbor radio button

Allows you to enable the resetting of neighbors based on IP address.


OL-5497-04



Neighbor field Allows you to view the chosen neighbor.

This field is enabled when the Neighbor radio button is activated. (See Neighbor radio button.)

Neighbor ellipsis button

Allows you to choose the neighbor from the Select Neighbor dialog box.

This ellipsis button is enabled when the Neighbor radio button is activated. (See Neighbor radio button.)

Peers in AS Allows you to reset a neighbor based on the AS2 number.

Peers in AS radio button

Allows you to enable the resetting of neighbors based on AS number.

Peers in AS field Allows you to enter an AS number.

This field is enabled when the Peers in AS radio button is activated. (See Peers in AS radio button.)

Official AF list Allows you to choose the official address family mode. The following options are listed:

• IPv4

• IPv6

• All

Subsequent AF list Allows you to choose the subsequent address family mode. The following options are listed:

• Unicast

• Multicast

• All

Clear Direction list Allows you to choose the clear direction. The following options are listed:

• SoftInbound—The router uses soft inbound or from route refresh reconfiguration (cached routes).

• SoftOutbound—The router uses soft outbound reconfiguration (cached routes).

• Both—The router uses soft inbound and outbound reconfiguration.

• Hard—The router clears with a hard reset. This option can be chosen only if Official AF and Subsequent AF are set to All. (See Official AF list and Subsequent AF list.).

• Hard(Graceful)—The router clears with a hard reset (for example, terminate the TCP connection) and a graceful restart. This option can be chosen only if Official AF and Subsequent AF are set to All. (See Official AF list and Subsequent AF list.)

Prefix ORF check box

Allows you to send a new ORF to the neighbor. The BGP neighbor installs the new ORF and resends its routes.

Clear button Executes the clear operation based on the criteria configured in the Clear BGP area. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.

This Clear button is disabled by default. You must choose a radio button in an area to enable the Clear button.

Clear BGP Dampening Area

All radio button Allows you to clear BGP route dampening information and unsuppress the specified suppressed routes for all AS neighbors.

Network Allows you to clear BGP dampening information based on IP address network prefix.


Field Description


OL-5497-04



Network radio button

Allows you to enable the clearing of BGP dampening information based on an IP address network prefix.

Network field Allows you to enter the IP address.

This field is enabled when the Network radio button is activated. (See Network radio button.)

Mask field Allows you to enter a prefix mask that is applied to the IP address. This field is enabled when the Network radio button is clicked. (See Network radio button.)


• IPv4

• IPv6

• All


• Unicast

• Multicast

• All

Clear button Executes the clear operation based on the criteria configured in the Clear BGP Dampening area. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.


Clear BGP Flap Statistics Area

Filter List Allows you to clear BGP flap counts for a specified group of routes based on filter list. Specifying a filter list clears the flap counts for the chosen address families for the specified group of routes.

Filter List radio button

Allows you to enable the clearing of BGP flap counts based on a filter list.

Filter List field Allows you to view the chosen filter list.

This field is enabled when the Filter List radio button is activated. (See Filter List radio button.)

Filter List ellipsis button

Allows you to choose the filter list from the Select AS path ACL dialog box.

This ellipsis button is enabled when the Filter List radio button is activated. (See Filter List radio button.)

Neighbor Allows you to clear BGP flap counts for a specified group based on the neighbor address.


Allows you to enable the clearing of BGP flap counts based on a neighbor address.

Neighbor field Allows you to view the chosen neighbor address.



Allows you to choose the neighbor address from the Select Neighbor dialog box.


Network Allows you to clear flap counts based on IP address network prefix.


Field Description


OL-5497-04



Network radio button

Allows you to enable the clearing of BGP flap counts based on a network prefix.

Network field Allows you to enter an IP address network prefix.

This field is enabled when the Network radio button is activated. (See Network radio button.)

Mask field Allows you to enter a prefix mask that is applied to the IP address. This field is enabled when the Network radio button is clicked. Enter a network mask in the Mask field. (See Network radio button.)

Regular Exp Allows you to enter a regular expression.

Regular Exp radio button

Allows you to enable the clearing of BGP flap counts based on a regular expression.

Regular Exp field Allows you to enter a regular expression.

This field is enabled when the Regular Exp radio button is activated. (See Regular Exp radio button.)


• IPv4

• IPv6

• All


• Unicast

• Multicast

• All

Clear button Executes the clear operation based on the criteria configured in the Clear BGP Flap Statistics area. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.


Clear BGP Peer Drops Area

All radio button Allows you to clear the connections dropped counter for all neighbors.

Neighbor Allows you to clear BGP neighbor drops for a specified group based on the neighbor address.


Allows you to enable the clearing of BGP peer drops based on a neighbor address.

Neighbor field Allows you to view the chosen neighbor address.



Allows you to choose a neighbor address from the Select Neighbor dialog box.


Clear button Executes the clear operation based on the criteria configured in the Clear BGP Peer Drops area. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.



Field Description


OL-5497-04



Clear BGP Performance Statistics Area

Clear BGP Performance Statistics button

Allows you to clear the performance statistics for all address families. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.

Clear BGP Self Originated Area

Clear Self Originated Routes button

Allows you to clear BGP routes that are self-originated (redistributed network and aggregate routes originated by the local system).When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.


• IPv4

• IPv6

• All


• Unicast

• Multicast

• All




Field Description


OL-5497-04



C H A P T E R 16
IS-IS Configuration Application

The IS-IS Configuration Application contains the following tabs and subtabs:

• Router Operations Tab, page 16-210

• Creating an IS-IS Process, page 16-211

• Logical Router Process Tree, page 16-212

• Process Tabs, page 16-212

– General Tab, page 16-212

– LSP Settings Tab, page 16-214

– Advanced Tab, page 16-216

• Address Family Tabs, page 16-219



– MPLS-TE Subtab, page 16-223

– Route Summarization Subtab, page 16-225

– Route Propagation Subtab, page 16-227

– Admin Distance Subtab, page 16-228

• Interfaces Tabs, page 16-229


– Supported Address Families Subtab, page 16-231

– PDU Settings Subtab, page 16-233


See the “Creating an IS-IS Process” section on page 211 for information on creating an IS-IS Process in the IS-IS Configuration Application and the “Logical Router Process Tree” section on page 212 for information on the Process Tree.

The IS-IS Configuration Application allows you to configure the Integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol on the router.



Chapter 16 IS-IS Configuration Application Router Operations Tab

IS-IS, Internet Protocol Version 4 (IPv4), is an Interior Gateway Protocol (IGP) that advertises link-state information throughout the network to create a picture of the network topology. IS-IS is an Open Systems Interconnection (OSI) hierarchical routing protocol that designates an intermediate system as a Level 1 or Level 2 device. Level 2 devices route between Level 1 areas to create an intradomain routing backbone.

IS-IS, Internet Protocol Version 6 (IPv6), functions the same and offers many of the same benefits as IS-IS in IPv4. IPv6 enhancements to IS-IS allow IS-IS to advertise IPv6 prefixes in addition to IPv4 routes. IPv6 extends the address families supported by IS-IS to include IPv6, in addition to IPv4.

IS-IS requires you to create an IS-IS routing instance for each area, and assign it to a specific interface instead of assigning it to a network. An IS-IS routing instance is known as an IS-IS process and is a logical router (LR) running IS-IS in a physical router.

See Figure 16-1 for an example of the IS-IS Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and procedures for common activities in the IS-IS Configuration application.

Figure 16-1 IS-IS Application

Router Operations TabThe Router Operations tab is available when an LR is selected in the IS-IS Process Tree.


OL-5497-04


Chapter 16 IS-IS Configuration Application Creating an IS-IS Process

The Router Operations tab allows you to perform the following tasks:

• Clear the IS-IS database and adjacency database.

• Clear the IS-IS topology table.

See Figure 16-1 for an example of the Router Operations tab. Table 16-1 describes the router Operations tab fields.

Creating an IS-IS ProcessAn IS-IS process must be created to configure IS-IS.

To create an IS-IS process, perform the following steps:

Step 1 Right-click the LR in the IS-IS Process Tree and choose Create a new IS-IS process.

An Add Process dialog box appears. (See Figure 16-2.)

Figure 16-2 Add Process Dialog Box

Step 2 Enter a process ID in the Process ID field, then click OK.

A new process is created and appears below the LR in the IS-IS Process Tree.

Table 16-1 Router Operations Tab Description

Field Description

Clear Process Area

Process ID field Allows you to specify an instance identifier.

Clear IS-IS Database & Adjacency Database button

Allows you to clear the IS-IS1 database and the adjacency database for the chosen LR.

Clicking this button clears the LSP2 database and adjacency database sessions for the LR IS-IS instance.


2. LSP = link-state packet

Clear Routes Area

Process ID field Allows you to specify an instance identifier.

Clear All Routes button

Allows you to clear all routes for the selected LR3.

Clicking this button clears all the routes in the specified LR topology.

3. LR = logical router


OL-5497-04


Chapter 16 IS-IS Configuration Application Logical Router Process Tree

Logical Router Process TreeThe IS-IS Process Tree displays the processes for the LR. Each process in the IS-IS Process Tree contains Address Family and Interfaces icons. Clicking an icon displays the corresponding tab in the Application pane.

Process TabsClick a process in the IS-IS Process Tree to display the Process tabs. (See Figure 16-3.)

Figure 16-3 Process Settings

General TabThe General tab allows you to add a network entity title (NET), and choose the routing level and dynamic host name.



OL-5497-04


Chapter 16 IS-IS Configuration Application Process Tabs


Field Description

Network Entity Title field

Allows you to enter a network entity title. Click the Add button then click the new row in the table and enter a name.

A NET1 is a NSAP2 where the last byte is always zero. On a router running IS-IS, a NET can be 8 to 20 B in length. The last byte is always the n-selector and must be zero. The n-selector indicates which transport entity the packet is sent to. An n-selector of zero indicates no transport entity, and means that the packet is for the routing software of the system. The six bytes directly preceding the n-selector are the system ID. The system ID length is a fixed size and cannot be changed. The system ID must be unique throughout each area (Level 1) and throughout the backbone (Level 2). All bytes preceding the system ID are the area ID.

A maximum of three NETs per router are allowed. Configuring multiple NETs can be temporarily useful in the case of network reconfiguration where multiple areas are merged, or where one area is split into more areas. Multiple area addresses enable you to renumber an area individually as needed.

The following example configures a router with area ID 47.0004.004d.0001 and system ID 0001.0c11.1110:

47.0004.004d.0001.0001.0c11.1110.00

1. NET = Network Entity Title

2. NSAP = network service access point

Routing Level list Allows you to choose a routing level for the IS-IS process. The following options are listed:

• Level 1—Router performs only Level 1 (intra-area) routing. This router learns only about destinations inside its area. Level 2 (interarea) routing is performed by the closest Level 1-2 router.

• Level 2—Router performs only Level 2 (interarea) router only. This router is part of the backbone, and does not communicate with Level 1 only routers in its own area.

• Level 1-2—Router performs both Level 1 and Level 2 routing. This router runs two instances of the routing process. It has one LSDB3 for destinations inside the area (Level 1 routing) and runs a SPF4 calculation to discover the area topology. It also has another LSDB with LSPs of all other backbone (Level 2) routers, and runs another SPF calculation to discover the topology of the backbone, and the existence of all other areas.

Note When configuring a routing level parameter, and the parameter is configured for both Level 1 and Level 1-2 or for both Level 2 and Level 1-2, the Level 1 and Level 2 parameter is used instead of the Level 1-2 parameter.

3. LSDB = link-state packet database

Dynamic host name list

Allows you to enable or disable the dynamic host name resolution. The options are enable and disable.

When network administrators maintain and troubleshoot networking devices, they must know the networking device name and corresponding system ID. This list allows the mapping of networking device names to system IDs.

IS-IS uses host names rather than system IDs in all log messages and line interface output. Flooding of LSPs causes the TLV5 object parameters to carry the mapping information across the entire network. Every networking device in the network, upon receiving the TLV from an LSP6, tries to install it in a mapping table. The networking device uses the mapping table when it wants to convert a system ID to a networking device name. If a networking device on the network advertises the dynamic name in the TLV, but later stops the advertisement, the dynamic name remains in the mapping table for up to one hour. This behavior is intended to help the network administrator use the mapping entry while the network has a problem.


OL-5497-04



LSP Settings TabThe LSP Settings tab allows you to limit LSP flooding in IS-IS networks. In a network with a high degree of redundancy, such as a fully meshed set of point-to-point links over a nonbroadcast multiaccess (NBMA) transport, flooding of LSPs can limit network scalability. You can reduce LSP flooding in two ways:

• Blocking flooding on specific interfaces—The advantage of full blocking over mesh groups is that it is easier to configure and understand, and fewer LSPs are flooded. Blocking flooding on all links permits the best scaling performance, but results in a less robust network structure. Permitting flooding on all links results in poor scaling performance.

• Configuring mesh groups—The advantage of mesh groups over full blocking is that mesh groups allow LSPs to be flooded over one hop to all routers on the mesh, while full blocking allows some routers to receive LSPs over multiple hops. This relatively small delay in flooding can have an impact on convergence times, but the delay is negligible compared to overall convergence times.

By default, the router sends a periodic LSP refresh every 15 minutes. LSPs remain in a database for 20 minutes by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed. The software will adjust the LSP refresh interval if necessary to prevent the LSPs from timing out.

The LSP Settings Tab tab allows you to perform the following tasks:

• Configure the LSP maximum transmission unit.

• Configure the LSP passwords for Level 1, Level 2, and Level 1-2.

Note When configuring a routing level parameter, and the parameter is configured for both Level 1 and Level 1-2 or for both Level 2 and Level 1-2, the Level 1 and Level 2 parameters are used instead of the Level 1-2 parameter.

See Figure 16-4 for an example of the LSP Setting tab. Table 16-3 describes the LSP Settings tab fields.

4. SPF = shortest path first

5. TLV = type, length, and value



OL-5497-04



Figure 16-4 LSP Settings Tab

Table 16-3 LSP Settings Tab Description

Field Description

LSP Settings Area

LSP MTU fields Allows you to enter the MTU1 value for Level 1, Level 2, and Level 1 & 2. Under normal conditions, the default MTU size should be sufficient. However, if the MTU of a link is less than 1500 bytes, the LSP2 MTU must be lowered accordingly on each router in the network. If this action is not taken, routing becomes unpredictable. This field allows you to specify the MTU.

If any link in the network has a reduced MTU, all devices must be changed, not just the devices directly connected to the link.

Refresh Interval (secs) fields

Allows you to set the refresh interval for Level 1, Level 2, and Level 1-2 which determines the rate at which the software periodically sends the route topology information that it originates. This is done to keep the information from becoming out of date.

The lifetime of an LSP will expire if it is not refreshed. The refresh interval must be less than the LSP lifetime specified in the Maximum Lifetime (secs) field. Reducing the refresh interval reduces the amount of time that undetected link-state database corruption can persist at the cost of increased link utilization. (This event is extremely unlikely to occur, however, because there are other safeguards against corruption.) Increasing the interval reduces the link utilization caused by the flooding of refreshed packets.


OL-5497-04



Advanced TabThe Advanced tab allows you to perform the following tasks:

• Configure nonstop forwarding (NSF).

• Configure overhead bit parameters for Level 1, Level 2, and Level 1-2.

• Configure logging of dropped protocol data unit (PDU) and adjacency changes.

• Ignore LSP errors.

Maximum Lifetime (secs) fields

Allows you to adjust the maximum LSP lifetime for Level 1, Level 2, and Level 1-2 if the LSP refresh interval is changed.

The maximum LSP lifetime must be greater than the LSP refresh interval.

LSP Generation Intervals Area

Maximum Wait (msec) fields

Allows you to configure the maximum time delay between successive IS-IS3 LSP transmissions for Level 1, Level 2, and Level 1-2.

In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This field allows you to specify the LSP transmission rate and reception rate of IS-IS neighbors to be reduced.

Initial Wait (msec) fields

Allows you to configure the initial time delay before regenerations of the same LSP transmissions for Level 1, Level 2, and Level 1-2.

Secondary Wait (msec) fields

Allows you to configure the secondary time delay before regenerations of the same LSP transmissions for Level 1, Level 2, and Level 1-2.

LSP Password Area

Encryption Type lists

Allows you to choose the password encryption type. The following options are listed:

• None—No encryption is used.

• Cisco Proprietary—Encryption is used.

Password fields Allows you to enter a password for Level 1, Level 2, and Level 1-2. These fields will prevent unauthorized networking devices from injecting false routing information into the link-state database. The configured password is inserted into all LSPs and SNP4s at the configured level.

SNP Authentication Mode lists

Allows you to choose the SNP data units for Level 1, Level 2, and Level 1-2. The following options are listed:

• Validate—Adds passwords to SNPs when they are sent. Checks authentication in received SNP. This is the default if no SNP option is specified.

• Send only—Adds passwords to SNPs when they are sent. Does not check for authentication in received SNPs.




4. SNP = sequence number protocol

Table 16-3 LSP Settings Tab Description (continued)

Field Description


OL-5497-04




See Figure 16-5 for an example of the Advanced tab. Table 16-4 describes the Advanced tab fields.

Figure 16-5 Advanced Settings Tab

Table 16-4 Advanced Tab Description

Field Description

Non-Stop Forwarding Area

NSF Type list Allows you to choose the NSF1 type. The following options are listed:

• Cisco-proprietary NSF—Specifies Cisco proprietary NSF restart.

• IETF-standard NSF—Specifies IETF2 NSF restart.

NSF allows the IS-IS3 process to restart using checkpointed adjacency and LSP4 information, and to perform a restart with no impact on neighboring routers. In other words, when NSF is enabled, there is no impact on other routers in the network due to the destruction and recreation of adjacencies and the system LSP.


OL-5497-04



Max. route lifetime (secs) field

Allows you to enter a value for the maximum lifetime following a restart. The value is the maximum available time for the re-acquisition of checkpointed adjacencies and LSPs during a Cisco-proprietary NSF restart. LSPs and adjacencies not recovered during this time are abandoned, causing changes to the network topology.

This field applies only to Cisco-proprietary NSF. It has no effect if an IETF-style NSF is configured.

Interface timer (secs) field

Allows you to enter a value for the per-interface time period to wait for a restart acknowledgment during an IETF NSF restart. Specifying the interface timer controls the restart time interval after the hello packet is re-sent. The restart time interval need not match the hello interval. When the IETF NSF restart process begins, hello packets send an NSF restart flag that must be acknowledged by the neighboring routers.

This field applies to IETF-style NSF, not Cisco-proprietary NSF.

Interface-expires number field

When a hello packet sent with the NSF restart flag set is not acknowledged, it is re-sent.

Allows you to enter a value for the maximum number of times an interface timer may expire during an IETF NSF restart before the NSF restart is aborted. Specifying the interface expire number controls the number of times the NSF hello is re-sent. When this limit is reached on an interface, any neighbor previously known on that interface is assumed to be down and the initial SPF calculation is permitted, provided all other necessary conditions are met.

The total time period available for adjacency reestablishment (interface-timer * interface-expires) should be greater than the expected total NSF restart time.

This field applies to IETF-style NSF, not Cisco-proprietary NSF.

Overload Bit Area

Set overload bit

Level 1 list

Level 2 list

Level 1 & 2 list

Allows you to choose an option to force the router to set the overload bit in its nonpseudonode LSPs. The following options are listed:

• Permanently—Sets the overload bit only permanently after reboot.

• Delay on startup—Time to advertise when the router is overloaded after reboot. This option enables the Delay (secs) field and allows you to enter a delay time.

• Wait for BGP on startup—Sets the overload bit on startup until BGP5 signals converge or time out.

Normally the setting of the overload bit is allowed only when a router encounters problems. For example, when a router is experiencing a memory shortage, the reason might be that the link-state database is not complete, resulting in an incomplete or inaccurate routing table.

If the overload bit is set in the LSPs of the unreliable router, other routers can ignore the router in their SPF6 calculations until it has recovered from its problems. The result is that no paths through the unreliable router are seen by other routers in the IS-IS area. However, IP prefixes directly connected to this router are still reachable.

Setting the overload bit is useful when you want to connect a router to an IS-IS network, but do not want real traffic flowing through it under any circumstances.

Routers that would have the overload bit set are:

• Test router in the lab, connected to a production network.

• Router configured as an LSP flooding server.

• Router that is aggregating virtual circuits used only for network management. In this case, the network management stations must be on a network directly connected to the router with the overload bit configured.

Table 16-4 Advanced Tab Description (continued)

Field Description


OL-5497-04


Chapter 16 IS-IS Configuration Application Address Family Tabs

Address Family TabsClick an address family under a process in the IS-IS Process Tree to display the Address Families tab. (See Figure 16-6.)

Delay (secs)

Level 1 field

Level 2 field

Level 1 & 2 field

Allows you to enter a set overload bit delay time.

This field becomes available when the Delay on startup option is chosen from the Set overhead bit field.

Other Area

Log dropped PDUs check box

Allows you to enable monitoring (logging) of a network when IS-IS PDUs are suspected of being dropped. The reason for the PDU7 being dropped and current PDU drop statistics are recorded.

Log adjacency changes check box

Allows you to enable monitoring of IS-IS adjacency state changes and may be useful when monitoring large networks. Messages are logged using the system error message facility.

Ignore LSP errors list

Allows you to ignore LSPs with a bad checksum instead of purging the LSP. The options are Enable and Disable. Choose Enable to ignore LSPs with a bad checksum, or choose Disable to purge LSPs with bad checksums.

LSPs with an incorrect data-link checksum must be purged by the receiver, which causes the initiator of the packet to regenerate it. However, if a network has a link that causes data corruption while still delivering LSPs with correct data-link checksums, a continuous cycle of purging and regenerating large numbers of packets can occur. Because this situation could stop network operations, use this field to ignore these LSPs rather than to purge the packets.

Link-state packets are used by the receiving networking devices to maintain their routing tables.

1. NSF = nonstop forwarding






7. PDU = protocol data unit


Field Description


OL-5497-04



Figure 16-6 Address Family Settings


• Specify the address family type.

• Use the default link topology for the address family.

• Enable adjacency checking.

• Configure the default route.

• Configure parallel routes.

• Configure the metric style for Level 1, Level 2, and Level 1- 2.




OL-5497-04




Field Description

Address Family Type list

Allows you to choose the process address family configuration mode, from which you can configure routing sessions that use standard IPv4 or IPv6 address prefixes or alter interface parameters for IPv4 or IPv6. The following options are listed:

• ipv4 unicast

• ipv6 unicast

Basics Area

Use IPv4 Unicast topology check box

Allows you to use the default link topology. The default topology is IPv4 unicast.

Enable Adjacency Check check box

Allows you to enable multitopology mode check on received IIH1 packets.

IS-IS2 performs consistency checks on hello packets and forms an adjacency only with a neighboring router that supports the same set of protocols.

1. IIH = IS-IS hello


Default Route Area

Generate default route information check box

This check box allows you to enable the generation of default route information.

Parallel Routes Area

Maximum parallel routes field

Allows you to specify the maximum number of active parallel routes that the IS-IS protocol can support.

Metric Style Area

Generate TLV Style

Level 1 list

Level 2 list

Level 1 & 2 list

Allows you to choose whether the software generates old style, new style, or both TLV3 objects for Level 1, Level 2, and Level 1-2. The following options are listed:

• old-style (metric style narrow)—Narrower metric fields than the new style.

• new-style (metric style wide)—IS-IS traffic engineering extensions include new-style TLV objects with wider metric fields than old-style TLV objects. To perform MPLS-TE4, a router must generate new-style TLV objects. If new-style is chosen, a router generates and accepts only new-style TLV objects. Therefore, the router uses less memory and fewer other resources rather than generating both old-style and new-style TLV objects.

• both (metric style transition)—The software generates and accepts both old-style and new-style TLV objects.

Accept TLV Style

Level 1 list

Level 2 list

Level 1 & 2 list

Allows you to choose whether the software accepts old-style and new-style, or both TLV objects for Level 1, Level 2, and Level 1- 2. The following options are listed:

• old-style (metric style narrow)—Narrower metric fields than the new style.

• new style (metric style wide)—IS-IS traffic engineering extensions include new-style TLV objects with wider metric fields than old-style TLV objects. To perform MPLS-TE, a router must generate new-style TLV objects. If new-style is chosen, a router generates and accepts only new-style TLV objects. Therefore, the router uses less memory and fewer other resources rather than generating both old-style and new-style TLV objects.

• both (metric style transition)—The software generates and accepts both old-style and new-style TLV objects.


OL-5497-04




• Configure the SPF calculation for Level 1, Level 2, and Level 1- 2.

• Configure the incremental SPF calculation for Level 1, Level 2, and Level 1- 2.

• Set an attached bit.







OL-5497-04



MPLS-TE SubtabThe MPLS-TE subtab allows you to perform the following tasks:

• Enable traffic engineering for the address family.

• Configure the router ID.

See Figure 16-8 for an example of the MPLS-TE subtab. Table 16-7 describes the MPLS-TE subtab fields.


Field Description

SPF Calculation Area

SPF Maximum Wait interval (msecs) fields

Allows you to set the maximum interval between SPF1 calculations for Level 1, Level 2, and Level 1-2. The SPF interval is used to reduce the processor load when IS-IS2 needs to recalculate its topology after minor changes.



SPF Initial Wait (msec) fields

Allows you to set the initial interval between SPF calculations for Level 1, Level 2, and Level 1-2.

SPF Secondary Wait (msec) fields

Allows you to set the secondary interval between SPF calculations for Level 1, Level 2, and Level 1-2.

ISPF Area

ISPF-Enable check boxes

Allows you to enable ISPF3 for Level 1, Level 2, and Level 1-2. ISPF is used to configure the ISPF algorithm to calculate network topology.

3. ISPF = incremental SPF

Startup delay (secs) fields

Allows you to set the time delay between the starting of the IS-IS instance and the activation of the ISPF algorithm.

Running the ISPF algorithm before the IS-IS network reaches stability is inefficient, because the network has not completely converged and CPU resources are wasted as an outcome.

In very large or slowly converging networks, you may need to increase the delay before ISPF begins to handle topology changes; conversely, the delay may be activated sooner for small or rapidly converging networks.

Attached bit Area

Set attached bit check box

Allows you to configure an IS-IS instance with an attached bit in the Level 1 LSP.


OL-5497-04



Figure 16-8 MPLS-TE Subtab

Table 16-7 MPLS-TE Subtab Description

Field Description

MPLS-TE Related Settings

Enable TE for list Allows you to choose to enable MPLS-TE1 for Level 1 or Level 2. The following options are listed:

• Level 1

• Level 2

Route ID Area

None radio button Allows you to specify that the IP address is not configured allowing you to configure a tunnel without specifying the IP address.

Interface Name Allows you to specify that the MPLS-TE router ID for the node is the IP address associated with a chosen interface.

The identifier of the router acts as a stable IP address for the traffic engineering configuration. This IP address is flooded to all nodes. For all traffic engineering tunnels originating at other nodes and ending at this node, you must set the tunnel destination to the traffic engineering router of the destination node, because that is the address used by the traffic engineering topology database at the tunnel head for its path calculation.

Interface Name radio button

Allows you to specify an interface name.


OL-5497-04



Route Summarization SubtabThe Route Summarization subtab contains a table that allows you to add route summary addresses. Multiple groups of addresses can be summarized for a given level. Routes learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the more-specific routes. Configuring route summarization helps reduce the size of the routing table. It also reduces the size of the LSPs and the link-state database. In addition, it helps ensure stability, because a summary advertisement depends on many more-specific routes. If one more-specific route flaps, in most cases this flap does not cause a flap of the summary advertisement.

The drawback of summary addresses is that other routes might have less information to calculate the most optimal routing table for all individual destinations.

Note When IS-IS advertises a summary prefix, it automatically inserts the summary prefix into the IP routing table but labels it as a “discard” route entry. Any packet that matches the entry is discarded to prevent routing loops. When IS-IS stops advertising the summary prefix, the routing table entry is removed.

See Figure 16-9 for an example of the Route Summarization subtab. Table 16-8 describes the Route Summarization subtab fields.

Interface Name field Allows you to enter an interface name.

This field is enabled when the Interface Name radio button is activated. (See Interface Name radio button.)



This ellipsis button is enabled when the Interface Name radio button is activated. (See Interface Name radio button.)

IP Address Allows you to enter an IP address that specifies that the MPLS-TE router ID for the node is the IP address.

The identifier of the router acts as a stable IP address for the traffic engineering configuration. This IP address is flooded to all nodes. For all traffic engineering tunnels originating at other nodes and ending at this node, you must set the tunnel destination to the traffic engineering router of the destination node, because that is the address used by the traffic engineering topology database at the tunnel head for its path calculation.


Allows you to specify an IP address.

IP Address field Allows you to enter an IP address.

This field is enabled when the IP Address radio button is activated. (See Interface Name radio button.)


Table 16-7 MPLS-TE Subtab Description (continued)

Field Description


OL-5497-04



Figure 16-9 Route Summarization Subtab

Table 16-8 Route Summarization Subtab Description

Field Description

Route Summarization Area

Prefix column Allows you to enter a summary prefix designated for a range of IPv4 or IPv6 prefixes. Click the column, then enter a value.

Prefix Length column

Allows you to enter the length of the IPv4 or IPv6 prefix. Click the column, then enter a value.

Level column Allows you to choose the level to redistribute routes into and summarize them with the configured address and mask value. The following options are listed:

• Level 1-2

• Level 1

• Level 2

Double-click the column to activate the list, then choose a level.


OL-5497-04



Route Propagation SubtabThe Route Propagation subtab provides a table that allows you to propagate routes from one IS-IS level into another level.

See Figure 16-10 for an example of the Route Propagation subtab. Table 16-9 describes the Route Propagation subtab fields.

Figure 16-10 Route Propagation Subtab

Table 16-9 Route Propagation Subtab Description

Field Description

Route Propagation Area

From Level column Allows you to choose the route level to propagate from. Double-click the column, then choose the level. The following options are listed:

• Level 1

• Level 2


OL-5497-04



Admin Distance SubtabThe Admin Distance subtab provides a table that allows you to configure the default route source administrative distance and specify route sources that will override the default administrative distance.

See Figure 16-11 for an example of the Admin Distance subtab. Table 16-10 describes the Admin Distance subtab fields.

Figure 16-11 Admin Distance Subtab

Into Level column Allows you to choose the route level to propagate to. Double-click the column, then choose the level. The following options are listed:

• Level 1

• Level 2

Distribute List column

Allows you to enter the name or number of the access list that controls which packets are propagated. Click the column, then enter a name or number for the access list.

Table 16-9 Route Propagation Subtab Description (continued)

Field Description


OL-5497-04


Chapter 16 IS-IS Configuration Application Interfaces Tabs

Interfaces TabsClick an interface under a process in the IS-IS Process Tree to display the Interfaces tab. (See Figure 16-12.)

Table 16-10 Admin Distance Subtab Description

Field Description

Default admin distance for all route source field

Allows you to set the administrative distance assigned to routes discovered by the IS-IS1 protocol.

In general, the higher the value, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted at all and should be ignored.

This field is used to configure the administrative distances applied to IS-IS routes when they are inserted into the RIB2, and influences the likelihood of these routes being preferred over routes to the same destination addresses discovered by other protocols.

The default administrative distance is overridden for chosen route sources when the route source matches the values provided in the Override By Route Source table.


2. RIB = Routing Information Base

Override By Route Source Area

Source Prefix column

Allows you to enter the source prefix. Click the column, then enter a value.

Prefix Length column

Allows you to set the prefix length. Click the column, then enter a value.

Admin Distance column

Allows you to set the administrative distance assigned to routes discovered by the IS-IS protocol that match the Source Prefix and Prefix Length values. Click the column, then enter a value.

Prefix List column Allows you to enter the prefix list. Click the column, then enter a prefix list.


OL-5497-04



Figure 16-12 Interfaces Settings


• Specify an interface name and type.

• Choose the circuit type.



Field Description

Interface name Allows you to enter the interface name.

Interface name ellipsis button



OL-5497-04



Supported Address Families SubtabThe Supported Address Families subtab provides a table that allows you to configure IS-IS IPv4 and IPv6 address families.

Note We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop-count metrics.

See Figure 16-13 for an example of the Supported Address Families subtab. Table 16-12 describes the Supported Address Families subtab fields.

Circuit type list Allows you to choose a circuit type for the interface. The following options are listed:

• Level 1

• Level 2

• Level 1-2

Interface state list Allows you to choose the interface state. The following options are listed:

• Shutdown

• Passive


Field Description


OL-5497-04



Figure 16-13 Supported Address Families Subtab

Table 16-12 Supported Address Families Subtab Description

Field Description

Supported Address Families Area

AF Name column Allows you to choose an address family name. Double-click the column and choose an address family type. The following options are listed:

• ipv4 unicast

• ipv6 unicast

State column Allows you to choose the state of the address family. Double-click the column, then choose a state. The following options are listed:

• Active—The state is active.

• Disabled—The state is disabled.

Metric Level 1 column

Allows you to set the metric level for the interface used in the SPF1 calculation for Level 1 (intra-area) routing. Click the column and enter a value.

This column allows you to specify the metric assigned to the link and used to calculate the cost from each other networking device via the links in the network to other destinations.


OL-5497-04



PDU Settings SubtabThe PDU Settings subtab allows you to perform the following tasks:

• Configure the hello interval, multiplexer, padding, and password for Level 1, Level 2, and Level 1- 2.

• Configure the complete sequence number PDU for Level 1, Level 2, and Level 1-2.

• Configure the LSP interval and resend interval for Level 1, Level 2, and Level 1-2.


See Figure 16-14 for an example of the PDU Settings subtab. Table 16-13 describes the PDU Settings subtab fields.

Metric Level 2 column

Allows you to set the metric level for the interface used in the SPF calculation for Level 2 (inter-area) routing. Click the column and enter a value.

This column allows you to specify the metric assigned to the link and used to calculate the cost from each other networking device using the links in the network to other destinations.

Metric Level 1&2 column

Allows you to set the metric level for the interface used in the SPF calculation for Level 1-2 routing. Click the column and enter a value.

This column allows you to specify the metric assigned to the link and used to calculate the cost from each other networking device using the links in the network to other destinations.


Table 16-12 Supported Address Families Subtab Description (continued)

Field Description


OL-5497-04



Figure 16-14 PDU Settings Subtab


OL-5497-04



Table 16-13 PDU Settings Subtab Description

Field Description

Hello interval (secs) fields

Allows you to set the hello intervals for Level 1, Level 2, and Level 1-2. This value is the interval at which IIH1 packets are sent.

With smaller hello intervals, topological changes are detected more quickly, but there is more routing traffic.

Caution A shorter hello interval gives earlier convergence, but increases bandwidth and CPU usage. It might also add to instability in the network.

A slower hello interval saves bandwidth and CPU. Especially when used in combination with a higher hello multiplier, this strategy may increase overall network stability.

We recommend that you tune the hello interval and hello multiplier on point-to-point interfaces rather than on LAN interfaces.

Hello multiplier fields

Allows you to set the hello multipliers for Level 1, Level 2, and Level 1-2. This value is the number of successive IIH packets a neighbor must miss before the networking device should declare the IS-IS adjacency as down.

The “holding time” carried in an IS-IS2 hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated.

This feature is used in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.

On point-to-point links, there is only one hello for both Level 1 and Level 2. Separate Level 1 and Level 2 hello packets are sent over NBMA networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.

Encryption Type lists

Allows you to choose the encryption types for Level 1, Level 2, and Level 1-2. The following options are listed:

• None


Hello Password- Password fields

Allows you to configure the authentication passwords for Level 1, Level 2, and Level 1-2. The passwords prevent unauthorized networking devices from injecting false routing information into the link-state database.

The configured password argument is inserted into all LSPs3 and SNPs4 at the configured level. The configured password argument is exchanged as plain text; thus, this command provides only limited security.

The recommended password configuration is that both incoming and outgoing SNPs be authenticated.


OL-5497-04



Hello padding lists Allows you to choose the hello paddings for Level 1, Level 2, and Level 1-2. The following options are listed:

• Disable—Suppresses hello padding.

• Sometimes Enable—Enables hello padding during adjacency formation only.

• Always Enable—Configures hello padding.

This allows you to configure padding on IS-IS hello PDUs for IS-IS interfaces.

You might want to suppress hello padding to conserve network resources. The lower the circuit speed, the higher the percentage of padding overhead. Before suppressing the hello padding, you should know your physical and data link layer configurations and have control over them. You should also know your router configuration at the network layer.

You also might want to suppress hello padding to save resources on the authentication of PDUs. The encryption value of the PDU is computed over the entire length of the hello PDU, including the padding portion. If you have a large number of authenticated IS-IS adjacencies on the networking device, hello padding may adversely impact the networking device CPU.

CSNP interval (secs) fields

Allows you to set the CSNP5 intervals for Level 1, Level 2, and Level 1- 2. Specifying the CSNP interval configures the interval at which periodic CSNP packets are sent on broadcast interfaces.

The CSNP interval applies only to the DR6 for a specified interface. Only DRs send CSNP packets to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2.

Use of this feature on point-to-point subinterfaces makes sense only when using it in combination with the IS-IS mesh-group feature.

It is unlikely that you will ever need to change the default value of this field.

LSP interval (ms) fields

Allows you to set the LSP intervals for Level 1, Level 2, and Level 1-2. Specifying the LSP interval configures the time delay between successive IS-IS LSP transmissions.

In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception.

The specified interval reduces the LSP transmission rate of the router and the reception rate of its IS-IS neighbors.

Table 16-13 PDU Settings Subtab Description (continued)

Field Description


OL-5497-04




• Configure the designated routers for Level 1, Level 2, and Level 1-2.

• Configure the mesh group.



LSP retransmit interval (secs) fields

Allows you to set the LSP retransmit intervals for Level 1, Level 2, and Level 1-2. Specifying the LSP retransmit interval configures the interval between retransmissions of the same LSP.

The setting of the seconds argument should be conservative, or needless retransmission will result.

The value specified in the LSP retransmit interval field has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability.

Because retransmissions occur only when LSPs are dropped, setting the value to a higher value has little effect on reconvergence. The more neighbors networking devices have, and the more paths over which LSPs can be flooded, the higher this value can be made.

The value should be higher for serial lines.

LSP retransmit throttle interval (ms) fields

Allows you to set the LSP retransmit throttle intervals for Level 1, Level 2, and Level 1-2. Specifying the LSP retransmit throttle interval configures the minimum interval between retransmissions of different LSPs.

The value specified in the LSP retransmit throttle interval field may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This controls the rate at which LSPs can be re-sent on the interface.

The LSP retransmit throttle interval is distinct from the rate at which LSPs are sent on the interface and the period between retransmissions of a single LSP. All the LSP retransmit parameters may be used in combination to control the offered load of routing traffic from one networking device to its neighbors.

1. IIH = IS IS hello



4. SNP = sequence number protection

5. CSNP = complete sequence number PDU

6. DR = designated router

Table 16-13 PDU Settings Subtab Description (continued)

Field Description


OL-5497-04





Field Description

DR Election Area

Priority fields Allows you to configure the priority of DR1s for Level 1, Level 2, and Level 1- 2.

The priority is used to determine which networking device on a LAN will be the designated router or DIS2. The priorities are advertised in the hello packets. The networking device with the highest priority becomes the DIS.

In the IS-IS3 protocol, there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a networking device with a higher priority comes online, it takes over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.


OL-5497-04



Mesh Group Area

Default radio button Allows you to choose the default mesh group.

The mesh group optimizes LSP4 flooding in NBMA5 networks with highly meshed, point-to-point topologies.

LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.

LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the mesh group is blocked on a subinterface, a newly received LSP is not flooded out over that interface.

To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Choosing the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should choose only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios, no networking device will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.

Block mesh group radio button

Allows you to specify that no LSP flooding will take place on the selected interface.

Mesh group number Allows you to enter a number identifying the mesh group of which the chosen interface is a member.

Mesh group number radio button

Allows you to specify a number for identifying the mesh group.

Mesh group number field

Allows you to enter a mesh group number.

This field is enabled when the Mesh group number radio button is activated. (See Mesh group number radio button.)


2. DIS = Designated Intermediate System



5. NBMA = nonbroadcast multiaccess


Field Description


OL-5497-04




OL-5497-04



C H A P T E R 17
LDP Configuration Application

The LDP Configuration Application contains the following tabs and subtabs.

• Interfaces Tab, page 17-242


• Neighbors Tab, page 17-246


The LDP Configuration application allows you to configure Label Distribution Protocol (LDP) to perform label distribution in Multiprotocol Label Switching (MPLS) environments. LDP performs hop-by-hop or dynamic path setup, but does not provide end-to-end switching services. LDP also provides constraint-based routing, using LDP extensions for traffic engineering.

LDP provides the means for label switching routers (LSRs) to request, distribute, and release label prefix binding information to peer routers in a network. LDP enables LSRs to discover potential peers and establish LDP sessions with those peers to exchange label binding information.

LDP is deployed in the core of the router and is one of the key protocols used in Layer 2 virtual private networks (VPNs). LDP assigns labels to routes using the underlying Interior Gateway Protocol (IGP) routing.

See Figure 17-1 for an example of the LDP Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and procedures for common activities in the LDP Configuration application.



Chapter 17 LDP Configuration Application Interfaces Tab

Figure 17-1 LDP Application

Interfaces TabThe Interfaces tab allows you to perform the following tasks:

• Specify the LDP interface name.

• Configure the discovery transportation address.

See Figure 17-1 for an example of the Interfaces tab. Table 17-1 describes the Interfaces tab fields.

Table 17-1 Interfaces Tab Description

Field Description

Basics Area

Name Allows you to choose the interface name.

Name field Allows you to enter a name.

Name ellipsis button Allows you to choose a name from the Select Interfaces dialog box.

Discovery Transportation Address Area

Default radio button Allows you to specify that LDP1 use the router ID as its source address for TCP2 connection setup with its peer. Hello messages include this address in transport address TLV3 objects.

This interface’s IP radio button

Allows you to specify that the alternative address for a TCP connection is the interface IP address. Hello messages include this address in transport address TLV objects.


OL-5497-04


Chapter 17 LDP Configuration Application General Tab

General TabThe General tab allows you to perform the following tasks:

• Configure the router ID.

• Set the linked and targeted hello hold time and interval.

• Set the session hold time.

• Enable advertising Explicit Null labels.

• Configure backoff time parameters.

• Configure graceful restart parameters.

• Enable logging neighbor changes.


Specific IP Allows you to provide an alternative address for a TCP connection. Hello messages include this address in transport address TLV objects.

Specific IP radio button

Allows you to enable an alternative address for a TCP connection.

Specific IP field Allows you to enter an address.

1. LDP = Label Distribution Protocol



Table 17-1 Interfaces Tab Description (continued)

Field Description


OL-5497-04



Figure 17-2 General Tab


Field Description

Router ID Area

Default radio button Allows you to specify that LDP1 obtains its router ID from the router-wide router ID configuration, if available.

Use Loopback Interface

Allows you to provide a loopback interface name for the router ID.

Use Loopback Interface radio button

Allows you to enable using the loopback interface name for the router ID.

Use Loopback Interface field

Allows you to enter a loopback interface name.

This field is enabled when the Use Loopback Interface radio button is activated. (See Use Loopback Interface radio button.)

Use Loopback Interface ellipsis button

Allows you to choose a loopback interface name from the Select Interfaces dialog box.

This field is enabled when the Use Loopback Interface radio button is activated. (See Use Loopback Interface radio button.)

Use IP Address Allows you to provide a routable IP address for the router ID.


OL-5497-04



Use IP Address radio button

Allows you to enable using the IP Address for the router ID.

Use IP Address field Allows you to enter an IP address.

This field is enabled when the Use IP Address radio button is activated. (See Use IP Address radio button.)

Discovery Area

Linked Hello Hold time (sec) field

Allows you to configure the linked hello hold time. This is the hold time for a discovered LDP neighbor.

This field specifies the length of time that a discovered neighbor is assumed to be present in the absence of discovery messages.

Linked Hello Interval (sec) field

Allows you to configure the linked hello interval. This is the interval between transmission of consecutive LDP discovery messages.

Targeted Hello Hold time (sec) field

Allows you to configure the targeted hello hold time. This is the hold time for targeted neighbors.

This field specifies the length of time that a targeted neighbor is assumed to be present in the absence of discovery messages.

Targeted Hello Interval (sec) field

Allows you to configure the targeted hello interval. This is the interval between transmission of consecutive LDP discovery messages.

Accept Targeted Hellos check box

Allows you to accept from and respond to targeted hellos from the interfaces.

Session Area

Hold time (sec) field Allows you to specify the time for which an LDP session is maintained in the absence of LDP messages from the session peer.

Label Advertisement Area

Advertise Explicit Null labels check box

Allows you to cause a router to advertise an Explicit Null label in situations where it would normally advertise an Implicit Null label.

Normally, LDP advertises an Implicit Null label for directly connected routes. The Implicit Null label causes the previous hop (penultimate) router to do penultimate hop popping. Situations exist in which it might be desirable to prevent the penultimate router from performing penultimate hop popping and to force it to replace the incoming label with the Explicit Null label.

Backoff Time Area

Hold time (sec) field Allows you to specify the initial session time for LDP backoff. The LDP backoff mechanism prevents two incompatibly configured LSR2s from engaging in an unthrottled sequence of session setup failures. If a session setup attempt fails due to such incompatibility, each LSR delays its next attempt (backs off), increasing the delay exponentially with each successive failure, until the maximum backoff delay is reached.

Maximum (sec) field

Allows you to specify the maximum session time for LDP backoff. The LDP backoff mechanism prevents two incompatibly configured LSRs from engaging in an unthrottled sequence of session setup failures. If a session setup attempt fails due to such incompatibility, each LSR delays its next attempt (backs off), increasing the delay exponentially with each successive failure, until the maximum backoff delay is reached.


Field Description


OL-5497-04


Chapter 17 LDP Configuration Application Neighbors Tab

Neighbors TabThe Neighbors tab allows you to perform the following tasks:

• Provide the IP address of an LDP neighbor whose password and encryption type you want to set.

• Set the password and password encryption type for the LDP neighbor.

See Figure 17-3 for an example of the Neighbors tab. Table 17-3 describes the Neighbors tab fields.

Logging Area

Log Neighbor Changes check box

Allows you to enable the logging of neighbor session changes. You will receive a message when a neighbor goes up or down.

Graceful Restart Area

Enable check box Allows you to enable the graceful restart capability.

You must restart the LDP process to have the graceful restart configuration take effect.

Forwarding State Holdtime (sec) field

Allows you to specify the length of time that the peer label mapping entries are kept and can be reclaimed.

The Forwarding State hold time value is the time for which the restarting LSR intends to keep its forwarding state stale entries after restart. After restart and recovering its preserved forwarding entries, LSR starts a Forwarding State hold timer and waits for peers to resynchronize with the LSR.

The recovery time value in the FT3 session TLV (INIT message) to another peer after a restart or reconnect computes to be the value of the timer at the time of the INIT message.

Reconnection timeout (sec) field

Allows you to specify the time given to the peer to reestablish the connection before it is considered a neighbor that is disconnected indefinitely.

The Reconnection timeout value is the reconnect timeout that will be sent in the FT Session TLV (INIT message) to another peer.


2. LSR = label switching router

3. FT = fault-tolerant


Field Description


OL-5497-04


Chapter 17 LDP Configuration Application Neighbors Tab

Figure 17-3 Neighbors Tab

Table 17-3 Neighbors Tab Description

Field Description

Neighbor IP Address field

Allows you to enter the LDP1 neighbor IP address.


Password field Allows you to enter a password so that a session establishment attempt between two LDP peers is allowed only when a password match has been configured.

The passwords for the peers must be configured so that the passwords for both peers match.

Encryption Type list Allows you to choose the password encryption type. The following options are listed:

• None



OL-5497-04


Chapter 17 LDP Configuration Application Operations Tab


• Clear all message counters or a counter for a specific neighbor IP address.

• Restart all LDP sessions or a specific neighbor session.

Note Restarting a session could impact forwarding in non-graceful restart mode.




Field Description

Clear Counters Area

All Message Counters radio button

Allows you to clear the statistics message counters for all neighbors.


OL-5497-04



Specify Neighbor IP Address

Allows you to clear the statistics message counters for a specific neighbor. This sets the clear counters feature to clear counters only for the specified neighbor.

Specify Neighbor IP Address radio button

Allows you to enable clearing statistics message counters for a specific neighbor.

Specify Neighbor IP Address field

Allows you to enter a neighbor IP address.

This field is enabled when the Specify Neighbor IP Address radio button is activated. (See Specify Neighbor IP Address radio button.)


Runs the clear counters operation based on the criteria configured in the Clear Counters area. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the clear operation or click No to cancel the operation.

Restart Sessions Area

Restart all LDP Sessions radio button

Allows you to restart all LDP1 sessions without restarting LDP itself.

By Neighbor Session IP Address

Allows you to restart a single LDP session without restarting LDP itself

By Neighbor Session IP Address radio button

Allows you to enable a single LDP session without restarting LDP itself.

By Neighbor Session IP Address field

Allows you to enter an IP address.

Restart Sessions button

Runs the restart sessions operation based on the criteria configured in the Restart Sessions area (restart one or all LDP sessions). When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.



Field Description


OL-5497-04




OL-5497-04



C H A P T E R 18
OSPF Configuration Application

The OSPF Configuration Application contains the following tabs and subtabs:



• Instance Tabs, page 18-255


– Route Summarization Tab, page 18-258

– Admin Distance Tab, page 18-260

– Advanced Tab, page 18-261

– Operations Tab, page 18-264

– Interface Settings Tab, page 18-266

• Instance Tabs, page 18-255


– Inter-area Summary Routes Tab, page 18-274

– Virtual Links Tab, page 18-275

– Interface Settings Tab, page 18-279

See the “Creating an OSPF Instance” section on page 254 for information on creating an Open Shortest Path First (OSPF) Instance in the OSPF Configuration application, the “Logical Router Instance Tree” section on page 255 for information on the Instance Tree, and the “Creating an OSPF Area” section on page 272 for information on creating an OSPF area.

The OSPF Configuration application allows you to implement the OSPF protocol on the router.

OSPF is an Interior Gateway Protocol (IGP) developed by the Internet Engineering Task Force (IETF). Designed expressly for IP networks, OSPF supports IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication and uses IP multicast when sending and receiving packets.

OSPF Version 3 (OSPFv3) expands on OSPF Version 2 (OSPFv2), to provide support for IPv6 routing prefixes. OSPFv3 is not currently supported in the Craft Works Interface (CWI). Refer to the Cisco IOS XR command reference documentation for information about using command-line interface (CLI) commands to configure OSPFv3.

See Figure 18-1 for an example of the OSPF Configuration application.



Chapter 18 OSPF Configuration Application General Tab

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and procedures for common activities in the OSPF Configuration application.

Figure 18-1 OSPF Application

General TabThe General tab is available when a logical router is chosen in the OSPF Instance Tree.

The General tab allows you to enable Domain Name System (DNS) name lookup.



Field Description

DNS lookup for show commands check box

Enables the OSPF1 protocol to look up DNS2 names. DNS lookup makes it easier to identify a router when executing all OSPF show command displays. The router is displayed by name rather than by its router ID or neighbor ID.


2. DNS= Domain Name System


OL-5497-04


Chapter 18 OSPF Configuration Application Operations Tab

Operations TabThe Operations tab is available when an LR is chosen in the OSPF Instance Tree and then the Operations tab is clicked.

The Operations tab allows you to perform the following tasks:

• Reset OSPF instances.

• Clear routing tables.

• Clear redistributed route entries.

• Clear the neighbor state transition count.




Field Description

Reset Commands Area

Reset OSPF processes button

Allows you to reset an OSPF1 process without stopping and restarting it.

Clicking this button releases all OSPF resources allocated, cleans up the internal database, and shuts down and restarts all interfaces that belong to the process. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.


OL-5497-04


Chapter 18 OSPF Configuration Application Creating an OSPF Instance

Creating an OSPF InstanceAn OSPF instance is the equivalent of a router as described in OSPF v2 RFC 2328. RFC 2328 assumes that a physical router has a single OSPF instance. The router operating system allows multiple instances of OSPF to run simultaneously on the router. However, there is the requirement that no two instances may share interfaces or reside in the same autonomous system (AS).

An OSPF instance must be created to configure OSPF.

To create an OSPF instance perform the following steps:

Step 1 Right-click the LR in the OSPF Instance Tree and choose Create a new OSPF instance.

An Add Instance dialog box appears. (See Figure 18-3.)

Clear routing table Area

Clear OSPF routing tables button

Allows you to clear OSPF routes from the OSPF routing table.

Clicking this button clears all OSPF routes from the OSPF routing table and recomputes valid routes. When the OSPF routing table is cleared, OSPF routes in the global routing table are also recalculated.

Clear redistributed route entries button

Allows you to clear routes redistributed from other protocols out of the OSPF routing table. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.

Clicking this button causes the routing table to be read again. If an unexpected route has not appeared in the OSPF redistribution, clearing OSPF redistribution causes OSPF to resend Type 5 and Type 7 LSAs2 that can be used by the routing table.

Caution This command can cause a significant number of LSAs to flood the network. We recommend that you use this command with caution.

Clear neighbor state transition count Area

Interface name Allows you to specify the interface name for which you want to clear the state transition counter.

Interface name field Allows you to enter an interface name.



Neighbor IP field Allows you to enter the neighbor IP address of a specified neighbor for which you want to clear the state transition counter.

Clear button Allows you to clear the OSPF statistics of neighbor state transitions. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.


2. LSAs = link-state advertisements


Field Description


OL-5497-04


Chapter 18 OSPF Configuration Application Logical Router Instance Tree

Figure 18-3 Add Instance Dialog Box

Step 2 Enter an Instance ID in the Instance ID field, then click OK.

A new process is created and appears below the LR in the OSPF Instance Tree.

Logical Router Instance TreeThe OSPF Instance Tree displays the instances for the LR. Each process in the OSPF Instance Tree can contain multiple area icons, which must be manually created. See the “Creating an OSPF Area” section on page 18-272. Clicking an icon displays the corresponding tab in the Application pane.

Instance TabsClick an instance in the OSPF Instance Tree to display the Instance tabs. (See Figure 18-4.)

Figure 18-4 Instance Settings


OL-5497-04


Chapter 18 OSPF Configuration Application Instance Tabs


• Configure the router ID and maximum number of paths.

• Configure the link metrics.

• Configure the SPF algorithm.

• Configure link costs and LSA timers.

• Configure the default external route parameters.



Field Description

Basics Area

Router ID Allows you to specify the a router ID for the OSPF1 instance. You have the option of using an interface name or an IPv4 address.

The router ID can be any 32-bit value. It is not restricted to the IPv4 addresses assigned to interfaces in this router and need not be a routable IPv4 address.

It can be one of the following:

• The primary IPv4 address of the interface specified by the OSPF Router ID field.

• The primary IPv4 address of the interface specified by the OSPF. The 32-bit value specified by the global router ID. The address must be an IPv4 address assigned to an interface on this router.

• The primary IPv4 address of the interface specified by the global router ID.

• The highest IPv4 address assigned to any loopback interface.

• The primary IPv4 address of an interface over which this instance of OSPF is running.

Router ID field Allows you to enter a router ID.

Router ID ellipsis button

Allows you to choose a router ID from the Select Interfaces dialog box.

Max number of paths field

Allows you to specify the maximum number of equal cost paths to install. This controls the maximum number of parallel routes that the OSPF protocol can support and install in a routing table.

Default Link Metrics Area

Reference BW (Mbps)

Allows you to enable and specify the reference bandwidth.

This feature controls how the OSPF protocol calculates default metrics for the interface. By default, OSPF calculates the OSPF metric for an interface according to the bandwidth of the interface.

Reference BW (Mbps) check box

Allows you to enable reference bandwidth.

Reference BW (Mbps) field

Allows you to enter a value for the bandwidth.

This field is enabled when the Reference BW (Mbps) check box is activated. (See Reference BW (Mbps) check box.


OL-5497-04



Administrative distance field

Allows you to specify the administrative distance of OSPF.

In general, the higher the value, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted at all and should be ignored. Weight values are subjective; there is no quantitative method for choosing weight values.

Shortest Path First Algorithm Area

Initial delay (ms) field

Allows you to specify the time before the first SPF2 is run (also known as SPF throttling).

Backoff increment (ms) field

Allows you to specify the initial wait interval between the first and second SPF calculations. Each consecutive wait interval is twice the previous wait interval. If no SPF calculation is run for the maximum delay time, the subsequent wait interval is reset to the initial value.

Max delay time (ms) field

Allows you to specify the maximum time between consecutive SPF calculations.

The first wait interval between SPF calculations is the amount of time in milliseconds specified by the Initial delay. Each consecutive wait interval is twice the current hold level in milliseconds until the wait time reaches the maximum time in milliseconds as specified by the Max delay time field. Subsequent wait times remain at the maximum until the values are reset or an LSA3 is received between SPF calculations.

Link Costs Area

Inter-area field Allows you to specify the administrative distance for all routes from one area to another area.

Intra-area field Allows you to specify the administrative distance for all routes within an area.

External field Allows you to specify the administrative distance for all external routes (type 5 and type 7) learned from other routing domains through redistribution.

Link State Advertisement Timers Area

Min LSArrival rate (sec / LSA) field

Allows you to specify a value limiting the frequency that new instances of any particular OSPF LSA can be accepted during flooding.

Min LSInterval rate (sec / LSA) field

Allows you to specify a value to change the minimum interval between the same OSPF LSAs that the router originates.

This field is used to adjust the minimum amount of time between originations of the same LSA. This adjustment helps to reduce the flooding and SPF overhead that leads to frequent LSA generation.

Maxage / Refresh rate (sec / group LSA) field

Allows you to specify a value to change the interval at which OSPF LSAs are collected into a group and refreshed, checksummed, or aged (also called group pacing).

The duration of the LSA group pacing is inversely proportional to the number of LSAs the router is handling. For example, if you have approximately 10,000 LSAs, decreasing the pacing interval would benefit you. If you have a very small database (40 to 100 LSAs), increasing the pacing interval to 10 to 20 minutes might benefit you slightly.

Default External Route Area

Enable check box Allows you to enable the generation of a default external route into an OSPF routing domain.

Whenever you redistribute routes into an OSPF routing domain, the software automatically becomes an ASBR4. However, an ASBR does not, by default, generate a default route into the OSPF routing domain. The software still must have a default route for itself before it generates one, except when you have specified the always keyword.

always check box Allows you to choose to always advertise the default route, regardless of whether the software has a default route.


Field Description


OL-5497-04



Route Summarization TabThe Route Summarization tab allows you to perform the following tasks:

• Configure the IP prefix and mask for the route.

• Configure route summary filtering, matching, and suppressing options.

See Figure 18-5 for an example of the Route Summarization tab. Table 18-4 describes the Route Summarization tab fields.

Use existing default route radio button

Allows you to specify that the existing default route (0.0.0.0/0) be used.

Route metric field Allows you to specify the metric used for generating the default route. The value used is specific to the protocol.

Link state type list Allows you to choose the external link type associated with the default route advertised into the OSPF routing domain for the following options:

• Type 1

• Type 2

• Type 1&2



3. LSA = link-state advertisement

4. ASBR = Autonomous System Boundary Router


Field Description


OL-5497-04



Figure 18-5 Route Summarization Tab

Table 18-4 Route Summarization Tab Description

Field Description

Configuration Area

IP Prefix / Mask Allows you to specify an IP summary prefix and summary mask to create aggregate addresses for routes being redistributed from another routing protocol into the OSPF1 protocol.


IP Prefix / Mask radio button

Allows you to enable using an IP summary prefix and mask.

IP Prefix / Mask fields

Allows you to enter an IP prefix and mask.

This field is enabled when the IP Prefix / Mask radio button is activated. (See IP Prefix / Mask radio button.)

No filter radio button

Allows you to choose no filtering.

Match tag Allows you to specify a tag value that can be used as a “match” value for controlling redistribution.

Match tag radio button

Allows you to enable the specifying of a tag value to be used for matching.

Match tag field Allows you to enter a tag value.

Suppress type-7 LSAs radio button

Allows you to choose to suppress summary routes that match the address and mask pair from being advertised.


OL-5497-04



Admin Distance TabThe Admin Distance tab allows you to perform the following tasks:

• Configure the IP address and wildcard bits.

• Specify the administrative distance and the IP access list to be applied to incoming routing updates.

See Figure 18-6 for an example of the Admin Distance tab. Table 18-5 describes the Admin Distance tab fields.

Figure 18-6 Admin Distance Tab

Table 18-5 Admin Distance Tab Description

Field Description

Configuration Area

IP / Wildcard bits fields

Allows you to specify an IP source address and IP wildcard bits (inverted mask) to create aggregate addresses for routes being redistributed from another routing protocol into the OSPF1 protocol.

IP / Wildcard bits radio button

Allows you to enable using an IP source address and wildcard bits.

IP / Wildcard bits fields

Allows you to enter an IP source address and wildcard bits.

This field is enabled when the IP / Wildcard bits radio button is activated. (See IP / Wildcard bits radio button.)

Distance field Allows you to specify the administrative distance of the OSPF.

Access Control List Allows you to specify the name of an IP access list to be applied to incoming routing updates.


OL-5497-04



Advanced TabThe Advanced tab allows you to perform the following tasks:

• Configure the nonstop forwarding (NSF) parameters.

• Configure the max-metric LSA parameters.

• Choose a default metric for redistributed routes.

• Configure syslog messages.

• Configure Multiprotocol Label Switching traffic engineering (MPLS-TE) parameters.

• Configure outgoing network filtering parameters.

See Figure 18-7 for an example of the Advanced tab. Table 18-6 describes the Advanced tab fields.

Figure 18-7 Advanced Tab

Access Control List field

Allows you to enter an ACL2 name.

Access Control List ellipsis button




Table 18-5 Admin Distance Tab Description (continued)

Field Description


OL-5497-04



Table 18-6 Advanced Tab Description

Field Description

Non Stop Forwarding Area

Enable NSF list Allows you to choose an option for configuring NSF1 for the OSPF2 protocol. The following options are listed:

• Yes

• No

• Only for NSF-aware neighbors—NSF is cancelled if any non NSF-aware routers are detected.

NSF allows for the forwarding of data packets to continue along known routes while routing protocol information (such as OSPF) is being restored following a switchover.

This feature is used if the router is expected to perform NSF during restart. To experience the full benefits of this feature, configure all neighboring routers with NSF.

Interval (sec) field Allows you to configure the minimum time between NSF restart attempts for the OSPF protocol.

Lifetime (sec) field Allows you to configure the maximum time that routes are held in the RIB3 following an OSPF instance restart.

The OSPF instance must reconverge within the maximum length of time configured. If the convergence exceeds this length of time, routes are purged out of RIB and NSF restart may fail.

Max-metric Link State Advertisements Area

Send max-metric LSAs check box

Allows you to specify that the OSPF protocol signal other networking devices not to prefer the local router as an intermediate hop in their SPF calculations.

Max-metric LSAs4 cause the software to originate router LSAs with router link metrics set to LSInfinity (0XFFFF). This feature might be useful in Internet backbone routers. After a router reboots, OSPF might converge quickly, and other routers might try to forward traffic through the recently rebooted router. However, a router in the network may still be building its BGP5 routing tables, and not have fully converged yet. In such instances, the router that has not fully converged could drop many packets for destinations it has not yet learned through BGP.

When max-metric LSAs are configured, the router advertises its locally generated router LSAs with a metric of 0XFFFF. This action allows the router to converge but not attract transit traffic if there are better paths around this router. After the specified announce-time value or notification from BGP, the router advertises the local router LSAs with the normal metric (interface cost).

This feature might be useful when you want to connect a router to an OSPF network, but do not want real traffic flowing through it if there are better paths. If there are no alternative paths, this router still accepts transit traffic as before.

Cases where this might be useful are as follows:

• During a router reload, you prefer that OSPF wait for BGP to converge before accepting transit traffic. If there are no alternative paths, the router still accepts transit traffic.

• A router is in critical condition (for example, it has a very high CPU load or does not have enough memory to store all LSAs or build the routing table).

• When you want to gracefully introduce or remove a router to or from the network.

• When you have a test router in a lab, connected to a production network.

Always radio button Allows you to specify that the OSPF protocol always originates router LSAs with the maximum metric.


OL-5497-04



Announce time (sec) This radio button and field allow you to specify the time that router LSAs are originated with the maximum metric of 0XFFFF.

Announce time (sec) radio button

Allows you to enable specifying that the LSAs are originated with the maximum metric.

Announce time (sec) field

Allows you to enter the announce time.

This field is enabled when the Announce time (sec) radio button is activated. (See Announce time (sec) radio button.)

Until BGP converges radio button

Allows you to specify that OSPF use the originate router LSAs with the maximum metric and allow BGP to decide when to start originating router LSAs with a normal metric instead of the maximum metric.

Redistributed Routes Area

Default metric field Allows you to specify the default metric of redistributed routes.

Syslog Messages Area

Ignore lsa mospf check box

Allows you to enable suppressing of the sending of syslog messages when the router receives LSA Type 6 (MOSPF) packets.

Cisco routers do not support LSA Type 6 (MOSPF), and they generate syslog messages if they receive such packets. If the router is receiving many MOSPF6 packets, you might want to configure the router to ignore the packets and thus prevent a large number of syslog messages.

Log adjacency changes list

Allows you to configure the router to send a syslog message when the state of an OSPF neighbor changes. The following options are listed:

• Brief—Provides brief information about adjacency changes.

• Detail—Provides detailed information about adjacency changes.

• Suppress—Suppresses the logging of adjacency changes.

MPLS-TE Area

Router ID Allows you to specify a stable MPLS-TE7 address for the OSPF instance.

Router ID field Allows you to enter a loopback name of an IPv4 address.

Router ID ellipsis button


Opaque LSAs check box

Allows you to control opaque LSA support capability of the OSPF protocol.

This capability must be enabled for OSPF to support MPLS-TE. The MPLS-TE topology information is flooded to the network through opaque LSAs of OSPF.

Enable MPLS-TE for Areas table

Allows you to configure an OSPF area for MPLS-TE. Click Add then double-click the new column and enter an area ID.

Filter outgoing network updates Area

All Allows you to filter all outgoing network updates.

All field Allows you to enter an ACL name.

All ellipsis button Allows you to choose an ACL from the Select ACL dialog box.

BGP AS Allows you to filter BGP AS8 updates. Enter an AS number in the first field.

BGP AS fields Allows you to enter an AS number in the first field and an ACL9 name in the second field.


Field Description


OL-5497-04



Operations TabThis tab is also available at the LR level. See Operations Tab, page 18-253.

The Operations tab allows you to perform the following tasks:

• Set the clear counters option to all message counters or a specific neighbor IP address.

• Run the clear counters operation.

• Set the restart session option to all LDP sessions or to a specific neighbor session.

• Run the restart session operation.


BGP AS ellipsis button


Connected Allows you to filter connected updates.

Connected field Allows you to enter an ACL name.

Connected ellipsis button


OSPF PID These two fields and ellipsis button allow you to filter OSPF instance identifier updates. Enter an OSPF instance name in the first field. Either enter an ACL name in the second field or click the ellipsis button to open a Select ACL dialog box and choose an ACL from the dialog box.

OSPF PID fields Allows you to enter an OSPF instance name in the first field and an ACL name in the second field.

OSPF PID ellipsis button


Static This field and ellipsis button allow you to filter static updates. Either enter an ACL name in the Static field or click the ellipsis button to open a Select ACL dialog box and choose an ACL from the dialog box.

Static field Allows you to enter an ACL.

Static ellipsis button Allows you to choose an ACL name from the Select ACL dialog box.

1. NSF = nonstop forwarding


3. RIB = Routing Information Base



6. MOSPF = multicast OSPF





Field Description


OL-5497-04





Field Description

Reset Commands Area

Reset all OSPF processes button

Allows you to reset an OSPF1 router process without stopping and restarting it.

Clicking this button releases all OSPF resources allocated, cleans up the internal database, and shuts down and restarts all interfaces that belong to the process. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.

Clear routing table Area

Clear all OSPF routing tables button

Allows you to clear all OSPF routes from the OSPF routing table.

Clicking this button clears all OSPF routes from the OSPF routing table and recomputes valid routes. When the OSPF routing table is cleared, OSPF routes in the global routing table are also recalculated.

Clear all redistributed route entries button

Allows you to clear all routes redistributed from other protocols out of the OSPF routing table. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.

Clicking this button causes the routing table to be read again. If an unexpected route has not appeared in the OSPF redistribution, clearing OSPF redistribution causes OSPF to resend Type 5 and Type 7 LSAs2 that can be used by the routing table.

Caution This command can cause a significant number of LSAs to flood throughout the network. We recommend that you use this command with caution.


OL-5497-04



Interface Settings TabThe Interface Settings tab contains two subtabs: General and Authentication. The General subtab is displayed by default when the Interface Settings tab is clicked.

See Figure 18-9 for an example of the Interface Settings tab.

Clear neighbor state transition count Area

Interface name Allows you to specify the interface name for which you want to clear the state transition counter

Interface name field Allows you to enter the interface name.


Allows you to choose the interface name from the Select Interfaces dialog box.

Neighbor IP field Allows you to enter the neighbor IP address of a specified neighbor for which you want to clear the state transition counter.

Clear button Allows you to clear the OSPF statistics of neighbor state transitions. When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.

If an interface name and neighbor IP are not specified, this button clears all statistics.




Field Description


OL-5497-04



Figure 18-9 Interface Settings Tab

General Subtab

The General subtab allows you to perform the following tasks:

• Configure the designated router priority.

• Configure the resend interval.

• Configure the send delay.

• Configure the link cost, hello interval, and dead interval.

• Enable incoming network filtering.

• Choose a network broadcast behavior.

• Optimize process settings.



OL-5497-04




Field Description

Basics Area

Designated Router priority field

Allows you to specify the router priority for the DR1 and BDRs2.

When two routers attached to a network both attempt to become the designated router, the one with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero is ineligible to become the DR or BDR. Router priority is configured only for interfaces to multiaccess networks (in other words, not point-to-point networks).

Retransmit Interval (sec) field

Allows you to specify the time between LSA3 retransmissions for adjacencies belonging to the interface.

When a router sends an LSA to its neighbor, it keeps the LSA until it receives the acknowledgment message. If the router receives no acknowledgment, it resends the LSA.

The value of this parameter should be conservative, or needless retransmission results. The value should be larger for serial lines and virtual links.

Transmit Delay (sec) field

Allows you to specify the estimated time required to send a link-state update packet on the interface. LSAs in the update packet have their age incremented by this amount before transmission.

Link cost field Allows you to specify the cost of the link.

Hello Interval (sec) field

Allows you to specify the time between the hello packets that the software sends on an interface. This is the unsigned integer value to be advertised in the hello packets of the software. The value must be the same for all routers attached to a common network.

Dead Interval (sec) field

Allows you to specify the time that hello packets of the software are suspended before neighbors declare the router down. As with the hello interval, this value must be the same for all routers attached to a common network.

Filter incoming network updates Area

Distribute List ACL This check box, field, and ellipsis button allow you to enable and specify the incoming network updates filter. Check the Distribute List ACL4 check box to enable the incoming network updates filter. Either enter an ACL name in the Distribute List ACL field, or click the ellipsis button to open a Select ACL dialog box and choose an ACL from the dialog box.

Distribute List ACL check box

Allows you to enable incoming network updates filtering.

Distribute List ACL field

Allows you to enter an ACL name.

Distribute List ACL ellipsis button

Allows you to choose an ACL name from the Select ACL dialog box.


OL-5497-04



Network Broadcast Behavior Area

Network broadcast behavior list

Allows you to choose the type of attached network. This list configures the OSPF5 network type to a type other than the default for a given medium. The following options are listed:

• Default for interface type

• Broadcast—Sets the network type to broadcast.

• Non-broadcast—Sets the network type to NBMA6.

• Point-to-point—Sets the network type to point-to-point.

• Point-to-multipoint—Sets the network type to point-to-multipoint.

• Point-to-multipoint non-broadcast—Sets the point-to-multipoint network to be nonbroadcast.

You can configure broadcast networks as NBMA networks when, for example, routers in your network do not support multicast addressing.

Configuring NBMA networks as either broadcast or nonbroadcast assumes that there are virtual circuits from every router to every router or fully meshed network. However, there are other configurations where this assumption is not true; for example, a partially meshed network. In these cases, you can configure the OSPF network type as a point-to-multipoint network. Routing between two routers that are not directly connected goes through the router that has virtual circuits to both routers. You need not configure neighbors when using this command.

OSPF has two features related to point-to-multipoint networks. One feature applies to broadcast networks; the other feature applies to nonbroadcast networks:

• On point-to-multipoint broadcast networks, you must specify a cost to that neighbor.

• On point-to-multipoint nonbroadcast networks, you must identify neighbors, and assigning a cost to a neighbor is optional.

Optimizations Area

Flood reduction list Allows you to enable flood reduction, which suppresses unnecessary flooding of LSAs in stable topologies.

All routers supporting the OSPF demand circuit are compatible and can interact with routers supporting flooding reduction.

Demand circuit list Allows you to enable demand circuit which configures the OSPF protocol to treat the interface as an OSPF demand circuit.

On point-to-point interfaces, only one end of the demand circuit must have demand circuit enabled. Periodic hello messages are suppressed, and periodic refreshes of LSAs do not flood the demand circuit. Configuring the demand circuit allows the underlying data link layer to be closed when the topology is stable. In point-to-multipoint topology, only the multipoint end must have demand circuit enabled.

Ignore MTU setting list

Allows you to enable or disable ignoring MTU7 settings. The options are Enable and Disable. Choose Enable to ignore MTU settings.

Ignoring MTU settings prevents OSPF from checking whether neighbors are using the same MTU on a common interface when exchanging DBD8 packets. This check is performed when neighbors exchange DBD packets. If the receiving MTU in the DBD packet is higher than the MTU configured on the incoming interface, OSPF adjacency is not established.


Field Description


OL-5497-04



Authentication Subtab

The Authentication subtab allows you to perform the following tasks:

• Choose the authentication type.

• Configure the plain authentication parameters.

• Configure MD5 authentication parameters.

See Figure 18-10 for an example of the Authentication subtab. Table 18-9 describes the Authentication subtab fields.

Database filtering list

Allows you to enable or disable database filters during flooding and synchronization. The options are Enable and Disable. Choose Enable to allow database filtering on outgoing LSAs to an OSPF interface. This feature is supported only at the interface level.

Passive list Allows you to enable or disable the sending of OSPF updates on an interface. The options are Enable and Disable. Choose Enable to allow the sending of OSPF updates.

This feature is used to reduce OSPF traffic over low-bandwidth, high-cost network lines such as ISDN9.


2. BDRs = backup designated routers






8. DBD = database descriptor

9. ISDN = Integrated Services Digital Network


Field Description


OL-5497-04



Figure 18-10 Authentication Subtab

Table 18-9 Authentication Subtab Description

Field Description

Basics Area

Authentication Type list

Allows you to choose the authentication type. The following options are listed:

• None—No authentication is used. Useful for overriding password or MD51 authentication if configured for an area.

• Plain—Plain text authentication is used.

• MD5— MD5 authentication is used.

Specifying an authentication type for the interface overrides the authentication specified for the area to which this interface belongs.

The authentication type and password must be the same for all OSPF2 interfaces that are to communicate with each other through OSPF. If you specified plain text authentication, you must specify a plain text password.

Plain Authentication Area

Password Allows you to enable plain authentication. Specifying a password assigns a password to be used by neighboring routers that are using the OSPF simple password authentication.

The password created is used as a “key” that is inserted directly into the OSPF header when the software originates routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to exchange OSPF information.

Password check box Allows you to enable plain authentication.


OL-5497-04


Chapter 18 OSPF Configuration Application Creating an OSPF Area

Creating an OSPF AreaTo create an OSPF Area: perform the following steps:

Step 1 Right-click an instance in the OSPF Instance Tree and choose Add area.

An Add area dialog box appears. (See Figure 18-11.)

Figure 18-11 Add Area Dialog Box

Step 2 Choose an area type radio button. The options are Number or IP.

The area type field becomes available.

Step 3 Enter an area number or area IP address in the field.

Step 4 Click OK.

Password field Allows you to enter a password.

Encryption Type list Allows you to choose the password encryption type. The following options are listed:

• None


MD5 Authentication Area

Key id column Allows you to specify a key ID for the interface. Click Add to add a new row to the table then double-click the Key id column and enter a key ID.

Usually, one key per interface is used to generate authentication information when packets are sent and to authenticate incoming packets. The same key identifier on the neighbor router must have the same key value.

Password column Allows you to specify a password for the interface. Double-click the password column and enter a password.

Encryption Type column

Allows you to specify the password encryption type for the interface. Double-click the Encryption Type column and choose an encryption type from the list. The following options are listed:

• None


1. MD5= Message Digest 5


Table 18-9 Authentication Subtab Description (continued)

Field Description


OL-5497-04


Chapter 18 OSPF Configuration Application Area Tabs

A new Area is created and appears below the instance in the OSPF Instance Tree.

Area TabsClick an Area under an instance in the OSPF Instance Tree to display the Area tabs. (See Figure 18-12.)



• Choose the area type.

• Specify the summary route cost.



OL-5497-04



Inter-area Summary Routes TabThe Inter-area Summary Routes tab allows you to perform the following tasks:

• Specify inter-area summary routes.

• Choose to advertise type 3 labels.

See Figure 18-13 for an example of the Inter-area Summary Routes tab. Table 18-11 describes the Inter-area Summary Routes tab fields.


Field Description

Basics Area

Area Type list Allows you to choose the area type. The following options are listed:

• Normal—Configure the area as a standard OSPF1 area (all external routes are flooded through the network). External routes are flooded bidirectionally across the ABR2.

• Stub—Configure the area as a stubby area.

• NSSA3—Configure the area as a not-so-stubby area.


2. ABR = Area Border Router

3. NSSA = not-so-stubby area

Totally stubby check box

Allows you to configure the area as a totally stubby area, which means that only intra-area and the default route are allowed.

This check box is enabled when Stub or NSSA is chosen from the Area Type list. (See Area Type list.)

Default information originate check box

Allows you to generate a Type 7 default into the NSSA area.

This check box is enabled when NSSA is chosen from the Area Type list. (See Area Type list.)

Metric Type list Allows you to choose the OSPF external metric type. The following options are listed:

• type1

• type2

Default Metric field Allows you to enter the OSPF default metric.

No redistribution check box

Allows you to import routes only into the normal areas, but not into the NSSA area.

This check box is enabled when NSSA is chosen from the Area Type list. (See Area Type list.)

Summary Route Defaults Area

Default summary route cost field

Allows you to specify a cost for the default summary route sent into a stub area.


OL-5497-04



Figure 18-13 Inter-area Summary Routes Tab

Virtual Links TabThe Virtual Links tab allows you to perform the following tasks:

• Specify the neighbor router parameters.

• Set the authentication parameters.

See Figure 18-14 for an example of the Virtual Links tab.

Table 18-11 Inter-area Summary Routes Tab Description

Field Description

Configuration Area

IP / Mask fields Allows you to create aggregate addresses for routes being redistributed from another routing protocol into the OSPF1 protocol.


Advertise type 3 labels

Allows you to advertise type 3 labels to other areas.


OL-5497-04



Figure 18-14 Virtual Links Tab

General Subtab


• Specify the neighbor router ID.

• Specify the hello, dead, and retransmit interval for the neighbor.

• Specify the transmit delay for the neighbor.



Field Description

Basics Area

Neighbor Router ID field

Allows you to specify the router ID of a virtual link neighbor. The ID is internally derived by each router from the interface IP address of the router.


Allows you to specify the time between the hello packets that the software sends on an interface. It is an unsigned integer value to be advertised in the hello packets of the software. The value must be the same for all routers attached to a common network.


Allows you to specify the time that OSPF1 waits for hello packets from a neighbor before declaring that the neighboring router is unavailable. It is an unsigned integer value.This value must be the same for all routers attached to a common network.


OL-5497-04





• Specify the authentication type for the neighbor.

• Specify the password to be used by neighbors.




Allows you to specify the time between LSA2 retransmissions for adjacencies belonging to the interface. It is the expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay.


Allows you to specify the estimated time required to send a link-state update packet on the interface. It is an integer value that must be greater than zero. LSAs in the update packet have their age incremented by this amount before transmission.




Field Description


OL-5497-04




Field Description

Basics Area





• MD5— MD5 authentication is used.




Password Allows you to specify the password the neighbor must use.

The password acts as a key that allows the authentication procedure to generate or verify the authentication field in the OSPF header. The password is inserted directly into the OSPF header when originating routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to route OSPF traffic.


Password field Allows you to enter a password if no message-digest keys are configured.

This field is enabled when the Password check box is activated (See Password check box.)

Encryption Type list Allows you to choose the encryption type. The following options are listed:

• None—An unencrypted password will follow.

• Cisco Proprietary—An encrypted password will follow.

The password is stored in encrypted form on the router.

MD5 Authentication Area

MD5 Authentication table

Allows you to define an OSPF virtual link with a key identifier and password for MD5 authentication.

To add a row to the table, click Add. To remove a row from the table, choose a row and then click Remove.

Click the Add button to add MD5 authentication link. Choose a row in the table and click Remove to delete an MD5 authentication link.

Key id column Allows you to specify the key ID. The routers at both ends of the virtual link must have the same key ID to route OSPF traffic.


OL-5497-04



Interface Settings TabThe Interface Settings tab allows you to perform the following tasks:

• Specify the interface name.

• Configure interface parameters and optimizations.

• Configure the interface authentication parameters.

• Configure the nonbroadcast network parameters.

See Figure 18-16 for an example of the Interface Settings tab.

Password column Allows you to specify the password. The routers at both ends of the virtual link must have the same password to route OSPF traffic.


Allows you to choose the encryption type. The following options are listed:




Double-click the cell in the Encryption Type column to activate it and choose an encryption type.




Field Description


OL-5497-04



Figure 18-16 Interface Settings Tab

General Subtab


• Specify the interface name.

• Specify filtering on incoming network updates.

• Configure interface parameters including designated router priority, retransmit, hello, dead interval, transmit delay, and link cost.

• Choose the interface optimizations.

The parameters in the General subtab always use the most specific value specified. For example, if a parameter is specified at the Interface level, it uses that value and not the values specified for the same parameter at the Area or Process level.

• Process—If the parameter is not specified for the Area level, the interface adopts the parameter specified for the process.

• Area—If the parameter is not specified for the Interface level, the interface adopts the parameter specified for the area.

• Interface—The interface adopts the parameter specified by the interface.



OL-5497-04




Field Description

Interface Name Area

Name Allows you to specify the interface name. There are three levels:

• Process Level—Not user-configurable. Allows you to display the settings at the Process Level.

• Area Level—Not user-configurable. Allows you to display the settings at the Area Level.

• Interface Level—Allows you to associate an interface with an area.

Name field Allows you to view the chosen interface name.

The Process Level and Area Level names appear in the field if they are chosen from the Interface Settings table. They are not user configurable.

Click the Add Record tool on the OSPF1 Configuration toolbar to associate the interface with an area.

Name ellipsis button Allows you to choose an interface from the Select Interfaces dialog box.

This ellipsis button is enabled when an interface is chosen in the Interface Settings table.

Filter incoming network updates Area

Distribute List ACL Allows you to filter networks received in OSPF updates and is used to limit which OSPF routes are installed on this router. It does not affect the OSPF protocol itself.

If this parameter is not specified at any level, then the distribute list is disabled.

Distribute List ACL check box

Allows you to enable incoming network updates filtering by applying the chosen access list to incoming routing updates.

Distribute List ACL field

Allows you to enter an access list name.

The access list defines which networks are to be received and which are to be suppressed in routing updates.

This field is enabled when the Distribute ACL2 check box is activated (See Distribute List ACL check box.)

Distribute List ACL ellipsis button

Allows you to choose an access list from the Select ACL dialog box.

This ellipsis button is enabled when the Distribute ACL check box is activated (See Distribute List ACL check box.)

Basics Area

Designated Router priority field

Allows you to set the router priority, which helps determine the designated router for this network.

If this parameter is not specified at any level, the designated router priority is 1.


Allows you to specify the time between LSA3 retransmissions for adjacencies belonging to the interface. When a router sends an LSA to its neighbor, it keeps the LSA until it receives the acknowledgment message. If the router receives no acknowledgment, it resends the LSA.

This parameter should be conservative, or needless retransmission results. The value should be larger for serial lines and virtual links.

If this parameter is not specified at any level, the retransmit interval is 5.


Allows you to specify the transmission delay for LSAs.

If this parameter is not specified at any level, the transmit delay is 1.


OL-5497-04



Link Cost field Allows you to specify the cost of sending a packet on an interface.

In general, the path cost is calculated using the following formula:

10^8 / bandwidth

If this parameter is not specified at any level, the link cost is automatically calculated.


Allows you to specify the interval between hello packets that are sent on the interface. The hello interval value is advertised in the hello packets. The shorter the hello interval, the faster topological changes are detected, but more routing traffic occurs. This value must be the same for all routers and access servers on a specific network.

If this parameter is not specified at any level, the hello interval is 10 seconds for broadcast and point-to-point or 30 seconds for nonbroadcast.


Allows you to set the interval at which hello packets are suspended before neighbors declare the router down. This value must be the same for all routers and access servers on a specific network. The dead interval value must be larger than the hello interval value.

If this parameter is not specified at any level, the dead interval is 4 times the hello interval.

Optimizations Area

Flood reduction list Allows you to suppress the unnecessary flooding of LSAs in stable topologies. All routers supporting the OSPF demand circuit are compatible and can interact with routers supporting flooding reduction.

If this parameter is not specified at any level, then the flood reduction parameter is disabled.

Demand circuit list Allows you to configure the OSPF protocol to treat the interface as an OSPF demand circuit.

On point-to-point interfaces, only one end of the demand circuit must be configured with this command. Periodic hello messages are suppressed and periodic refreshes of LSAs do not flood the demand circuit. Enabling demand circuit allows the underlying data link layer to be closed when the topology is stable. In point-to-multipoint topology, only the multipoint end must be configured.

If this parameter is not specified at any level, the demand circuit parameter is disabled.

Ignore MTU setting list

Allows you to prevent OSPF from checking whether neighbors are using the same MTU4 on a common interface when exchanging DBD5 packets.

Ignore MTU setting checks whether OSPF neighbors are using the same MTU on a common interface. This check is performed when neighbors exchange DBD packets. If the receiving MTU in the DBD packet is higher than the MTU configured on the incoming interface, OSPF adjacency is not established.

If this parameter is not specified at any level, the OSPF checks the MTU received from neighbors when exchanging DBD packets.

Database filtering list

Allows you to filter OSPF LSAs during synchronization and flooding.

If this parameter is not specified at any level, the database filtering is disabled.

Passive list Allows you to suppress the sending of OSPF updates on an interface.This passive parameter is used to reduce OSPF traffic over low-bandwidth, high-cost network lines such as ISDN6.

If this parameter is not specified at any level, the passive is disabled and OSPF updates are sent on the interface.





Field Description


OL-5497-04





• Choose the authentication type.

• Set the plain authentication password.

• Choose the MD5 authentication.

The parameters in the Authentication subtab always use the most specific value specified. For example, if parameter is specified at the Interface level, it uses that value and not the values specified for the same parameter at the Area or Process level.







5. DBD = database descriptor

6. ISDN = Integrated Services Digital Network


OL-5497-04




Field Description

Basics Area





• MD5—MD5 authentication is used.

• Inherited—Authentication is inherited.




Password Allows you to specify the password the interface must use.

The password acts as a key that allows the authentication procedure to generate or verify the authentication field in the OSPF header. The password is inserted directly into the OSPF header when originating routing protocol packets. A separate password can be assigned to each network on a per-interface basis.


Password field Allows you to enter a password if no message-digest keys are configured.

This field is enabled when the Password check box is activated (See Password check box.)

Encryption Type list Allows you to choose the encryption type. The following options are listed:




MDS Authentication Table

MD5 Authentication table

Allows you to define an OSPF virtual link with a key identifier and password for MD5 authentication.

To add a row to the table, click Add. To remove a row from the table, choose a row then click Remove.

Click the Add button to add an MD5 authentication link. Choose a row in the table and click Remove to delete an MD5 authentication link.

If MD5 authentication is not specified at any level, there is no MD5 authentication for the interface.

Key id column Allows you to specify the key ID. The routers at both ends of the virtual link must have the same key ID to be able to route OSPF traffic.


OL-5497-04



Nonbroadcast Network Subtab

The Nonbroadcast Network subtab allows you to perform the following tasks:

• Choose the nonbroadcast behavior.

• Configure the nonbroadcast network.

The parameters in the Nonbroadcast Network subtab always use the most specific value specified. For example, if parameter is specified at the Interface level, it uses that value and not the values specified for the same parameter at the Area or Process level.




See Figure 18-18 for an example of the Nonbroadcast Network subtab. Table 18-16 describes the Nonbroadcast Network subtab fields.

Password column Allows you to specify the password. The routers at both ends of the virtual link must have the same password to route OSPF traffic.


Allows you to choose the encryption type. The following options are listed:

• None—Password is unencrypted.

• Cisco Proprietary—Password is encrypted and stored on the router.

Double-click the cell in the Encryption Type column to activate it and choose an encryption type.




Field Description


OL-5497-04



Figure 18-18 Nonbroadcast Network Subtab

Table 18-16 Nonbroadcast Network Subtab Description

Field Description

Basics Area

Network broadcast behavior list

Allows you to choose the broadcast behavior for the interface. The following options are listed:

• Default for interface type

• Broadcast

• Non-broadcast

• Point-to-point

• Point-to-multipoint

• Point-to-multipoint non-broadcast

If the broadcast behavior is not specified at any level, then the default for the interface type is used.

Nonbroadcast Network Area

IP Address column Allows you to enter an IP address for the neighbor. Double-click the cell to activate it, then enter an IP address.

Priority column Allows you to enter an 8-bit number indicating the router priority value of the nonbroadcast neighbor associated with the IP address specified.

Priority does not apply to point-to-multipoint interfaces.


OL-5497-04



Poll Interval column Allows you to enter an unsigned integer value reflecting the poll interval. RFC 1247 recommends that this value be much larger than the hello interval.

Poll Interval does not apply to point-to-multipoint interfaces.

Link Cost Allows you to assign a cost to the neighbor. Neighbors with no specific cost configured assume the cost of the interface, based on the cost command. On point-to-multipoint interfaces, Link Cost is the only column that applies. Link Cost does not apply to NBMA1 networks.

Database Filtering column

Allows you to enable filtering on all outgoing LSAs2 to an OSPF3 neighbor during synchronization and flooding for point-to-multipoint neighbors on nonbroadcast networks. Double-click the column to activate the column and switch between true and false.




Table 18-16 Nonbroadcast Network Subtab Description (continued)

Field Description


OL-5497-04




OL-5497-04



C H A P T E R 19
RSVP Configuration Application

The RSVP Configuration Application contains the following tabs and subtabs:

• Interfaces Tab, page 19-290



The RSVP Configuration application allows you to configure the Resource Reservation Protocol (RSVP).

RSVP is an end-to-end admission control and reservation signaling protocol that enables systems to request resource reservations from the network. RSVP processes protocol messages from other systems, processes resource requests from local clients, and generates protocol messages. As a result, resources are reserved for data flows on behalf of local and remote clients. RSVP creates, maintains, and deletes these resource reservations. Multiprotocol Label Switching (MPLS) uses RSVP to signal Label Switched Path (LSP).

See Figure 19-1 for an example of the RSVP Configuration application.

Refer to the Cisco Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the RSVP Configuration application.



Chapter 19 RSVP Configuration Application Interfaces Tab

Figure 19-1 RSVP Configuration Application

Interfaces TabThe Interfaces tab allows you to perform the following tasks:

• Configure the RSVP interface.

• Configure the signaling messages.

• Configure the refresh messages.

• Configure refresh reduction parameters.

• Specify the DSCP for the interface.

See Figure 19-1 for an example of the Interfaces tab. Table 19-1 describes the Interfaces tab fields.


OL-5497-04



Table 19-1 Interfaces Tab Description

Field Description

Basics Area

Interface Name Allows you to configure RSVP1 bandwidth on an interface.

When RSVP is enabled on an interface, no bandwidth resources are specified for RSVP on that interface. The Interface Name field is used to specify the RSVP bandwidth on an interface so that RSVP can make bandwidth reservations on behalf of applications (for instance, MPLS-TE2). If the RSVP bandwidth on an interface is 0, RSVP can be used only to signal for flows that do not require bandwidth.

If RSVP Reservation messages are received on an interface different from the one through which the corresponding path message was sent out, the interfaces are adjusted such that all resource reservations, such as bandwidth, are done on the outgoing interface of the path message.

Interface Name field Allows you to enter an interface name.



Reserved BW (kbps) field

Allows you to specify the total reservable bandwidth that RSVP will accept for reservations on this interface.

Max. flow (kbps) field

Allows you to specify the maximum size of a single reservation.

Sub Pool (kbps) field

Allows you to specify the reservable subpool bandwidth on interface. The value cannot be bigger than the total bandwidth.

Signalling Message Rate Area

Limit Signalling Message Rate check box

Allows you to limit the rate of RSVP signaling messages being sent out on a particular interface.

Limiting the rate of RSVP signaling has the advantage of avoiding an overload of the input queue of the next hop router, because such overloads would cause the next hop router to drop RSVP messages. Reliable messaging and rapid resend usually enable the router to recover rapidly from message drops, so rate limiting might not be necessary. If you set the rate too low, you can cause slower convergence times.

Checking the Limit Signalling Message Rate check box limits all RSVP messages except ACK3 and SRefresh messages. It does not let you make a router generate messages faster than its inherent limit. The inherent limit differs among router models.

Number of messages field

Allows you to specify the number of messages to be sent per scheduling interval.

Interval (ms) field Allows you to specify the interval length between scheduling intervals.

Refresh Messages Area

Missed message limit field

Allows you to specify the number of successive refresh messages that can be missed before the RSVP deems a state to be expired (resulting in the state to be torn down).


OL-5497-04



Message interval (sec) field

Allows you to specify the frequency at which refresh messages are sent via a particular interface to the peer router to refresh the path and reservation states.

RSVP relies on a soft-state mechanism to maintain state consistency in the face of network losses. That mechanism is based on continuous refresh messages to keep a state current. Each RSVP router is responsible for sending periodic refresh messages to its neighbors.

The router attempts to randomize network traffic and reduce metronomic burstiness by jittering the actual interval between refreshes by as much as 50 percent. As a result, refreshes may not be sent at exactly the interval specified. However, the average rate of refreshes is within the specified refresh interval.

Lengthening the interval reduces the refresh load of RSVP on the network but causes downstream nodes to hold state longer, and reduces the responsiveness of the network to failure scenarios. Shortening the interval improves network responsiveness but expands the messaging load on the network.

Refresh Reduction Area

Enable Refresh Reduction check box

Allows you to enable or disable RSVP refresh reduction on an interface.

The following features of the IETF refresh reduction standard RFC2961 are turned on when the Enable Refresh Reduction check box is checked:

• Refresh-reduction enabled bit in message headers.

• Message-ID usage.

• Reliable messaging with rapid resend, ACK and NACK4 messages.

• Summary refresh extension.

Because refresh reduction relies on cooperation of the neighbor, the neighbor must also support the standard. If the router detects that a neighbor is not supporting the refresh reduction standard (either through observing the refresh-reduction-enabled bit in messages received from the next hop, or by sending a Message-ID object to the next hop and receiving an error), refresh reduction will not be used on this link.

Max ACK size (bytes) field

Allows you to specify the maximum size of a single acknowledgment message. This length includes the RSVP message header and any other RSVP object headers. It does not include the IP header or any other Layer 3 or Layer 2 overheads

ACK hold time (ms) field

Allows you to specify the maximum amount of time a router will hold onto an acknowledgment before sending it, in an attempt to bundle several acknowledgments into a single acknowledgment message.

Retransmit time (ms) field

Allows you to specify the amount of time the router initially waits for an acknowledgment message before resending the RSVP message. If still no acknowledgment is received, the router doubles this interval and resends again. After five successive backoffs, the original RSVP message sent via the normal refresh mechanism or is discarded.

Enable Summary Refresh check box

Allows you to enable the use of ACK and NACK for summary refresh messages.

Summary Messaging Area

Max message size (bytes) field

Allows you to specify the maximum message size for summary refresh messages.


Field Description


OL-5497-04



DSCP area

Override with value field

Allows you to specify the DSCP5 for the interface and gives all RSVP signaling packets sent out on a specific interface higher priority in the network by marking them with a particular DSCP.

DSCP marking improves signaling setup and teardown times. Ordinarily, when a router receives path messages for a particular state marked with a DSCP value, it sends out path messages for that state marked with the same DSCP value. The Override with value feature overrides that DSCP persistence and ensures that all messages sent out a particular interface are marked with a specified DSCP.

The override value controls RSVP signaling packets and has no effect on ordinary IP or MPLS data packets traveling along the path created or reserved by this RSVP session.

DSCP persistence operates on a per-state basis, but this feature operates on a per-interface basis. So, if some incoming message (for example, multicast path) with DSCP 10 causes two outgoing messages on interfaces A and B, ordinarily both will be sent out with DSCP 10. If signaling DSCP 5 is configured for RSVP on interface A, the path messages being sent out interface A would be marked with DSCP 5, but the path messages being sent out interface B would still be marked with DSCP 10.

Note that there is a difference between the signaling DSCP 0 and no signaling DSCP. DSCP 0 instructs RSVP to explicitly set to 0 the DSCP on all packets sent out this interface. No signaling DSCP removes any override on the packets being sent out this interface, and allows the DSCP of received packets that created this state to persist on packets forwarded out this interface.



3. ACK = acknowledgments

4. NACK = negative acknowledgment



Field Description


OL-5497-04


Chapter 19 RSVP Configuration Application General Tab

General TabThe General tab allows you to configure the graceful restart parameters.




OL-5497-04


Chapter 19 RSVP Configuration Application General Tab


Field Description

Enable Graceful Restart check box

Allows you to enable or disable graceful restart.

Graceful restart provides a mechanism that helps minimize the negative effects on MPLS1 or OUNI2 traffic for the following types of faults. This is an implementation of the Fault handling section of the IETF3 standard RFC 3473:

• Control channel failure—Disruption of control channels between two nodes occurs when the control channels are separated from the data channels.

• Node failure—If the control plane of a node fails, the node preserves its data forwarding states.

Graceful restart requires the use of RSVP4 hello messages. When graceful restart is enabled, RSVP attempts to exchange hello messages with its neighbor nodes. Once the hello messages are exchanged with a given neighbor, RSVP can then detect the two types of fault when they occur with the given neighbor.


2. OUNI = Optical User-Network Interface



Graceful Restart time (secs) field

Allows you to specify the restart time that is advertised in the Restart Cap object in hello messages.

If no hello messages are received from a neighbor within a certain number of hello intervals, then a node assumes that communication with the neighbor has been lost. The node waits the amount of time set by the last restart time communicated by the neighbor before invoking procedures related to communication loss.

The Graceful Restart time is important in case of recovery from failure. The configured value should accurately reflect the amount of time within which, after a control-plane restart, RSVP can start exchanging hello messages. Note that having a long restart time is useful in case of control channel failure to have enough time to fix the link failure problem.

Graceful Restart Hello Interval (millisecs) field

Allows you to specify the interval at which RSVP graceful restart hello messages are sent per neighbor.

The graceful restart hello interval determines how often hello messages are sent to each neighbor. If the interval is made short, the hello messages are sent more frequently. A short interval may help detect failures quickly; however this results in increased network traffic. Optimizations in the RSVP hello mechanism exist to reduce the number of hello messages travelling over the network.

When an RSVP hello message is received, the receiving node acknowledges the hello and restarts its hello timer to the neighbor. A hello is sent to the neighbor only if a hello is not received before the hello refresh interval has expired.

If two neighboring nodes do not have the same hello interval, the node with the larger hello interval must acknowledge its neighbor's (more frequent) hellos. For instance, if node A has a hello interval of 5 seconds and node B has a hello interval of 10 seconds, node B still must send hello messages every 5 seconds.

Graceful Restart Max. Missed Messages field

Allows you to specify the number of consecutive missed RSVP hello messages before a neighbor is declared down or unreachable.

If no hello messages (request or ACK) are received from a neighbor within the configured number of refresh misses, then a node assumes that communication with the neighbor has been lost. The value should be configured such that faults are detected quickly but reliably.


OL-5497-04


Chapter 19 RSVP Configuration Application Operations Tab

Operations TabThe Operations tab allows you to clear counters.




Field Description

All Counters radio button

Allows you to choose to clear all counters.

Counter for this Interface

Allows you to clear counters for the specified interface.

Counter for this Interface radio button

Allows you to enable clearing counters for a specified interface.

Counter for this Interface field

Allows you to enter an interface name.

This field is enabled when the Counter for this Interface radio button is activated. (See Counter for this Interface radio button.)


OL-5497-04



Counter for this Interface ellipsis button


This field is enabled when the Counter for this Interface radio button is activated. (See Counter for this Interface radio button.)

All Event Counters radio button

Allows you to choose to clear all event counters.

Event counter for this Interface

Allows you to clear event counters for the specified interface.

Event counter for this Interface radio button

Allows you to enable clearing counters for all events on an interface.

Event counter for this Interface field


This field is enabled when the Event counter for this Interface radio button is activated. (See Event counter for this Interface radio button.)

Event counter for this Interface ellipsis button


This field is enabled when the Event counter for this Interface radio button is activated. (See Counter for this Interface radio button.)

All Message Counters radio button

Allows you to choose to clear all message counters.

Message Counters for this Interface

Allows you to clear message counters for the specified interface.

Message Counters for this Interface radio button

Allows you to enable clearing counters for all events on an interface.

Message Counters for this Interface field


This field is enabled when the Message Counters for this Interface radio button is activated. (See Message Counters for this Interface radio button.)

Message Counters for this Interface ellipsis button


This field is enabled when the Message Counters for this Interface radio button is activated. (See Message Counters for this Interface radio button.)


Executes the clear operation based on the criteria configured in the Clear Counters area.When the button is clicked, a Confirm dialog box appears. Click Yes to proceed with the operation or click No to cancel the operation.


Field Description


OL-5497-04




OL-5497-04


Cisco Craft Works Interface ConfigOL-5497-04

G L O S S A R Y

A

AAA authentication, authorization, and accounting. A network security service that provides the primary framework to set up access control on a Cisco router or access server. AAA is an architectural framework and modular means of configuring three independent, but closely related security functions in a consistent manner.

Access Control List See ACL.

ACK Acknowledged. Notification sent from one network device to another to acknowledge that some event occurred (for example, the receipt of a message).

Acknowledged See ACK.

ACL access control list. A list kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).

address family See AF.

Address Resolution

Protocol

See ARP.

affinity Requirements of an MPLS traffic engineering tunnel on the attributes of the links it will cross. The tunnel's affinity bits and affinity mask bits of the tunnel must match the attribute bits of the various links carrying the tunnel.

AF address family. Set of related communication protocols where all members use a common addressing mechanism to identify end points. Also called protocol family.

AIS Alarm Indication Signal. In a T1 transmission, an all-ones signal sent in lieu of the normal signal to maintain transmission continuity and to indicate to the receiving terminal that there is a transmission fault that is located either at, or upstream from, the sending terminal.

Alarm Indication

Signal

See AIS.

AppleTalk Remote

Access

See ARA.

ARA AppleTalk Remote Access. A protocol that provides Macintosh users direct access to information and resources at a remote AppleTalk site.

ARM ATM router module.

GL-299uration Applications Reference Guide


Glossary

ARP Address Resolution Protocol. A TCP/IP protocol used to obtain the physical address of a node so packets can be sent. An ARP request is sent onto the network with the IP address of the target node. The node with the requested address responds by sending back its physical address. ARP returns the Layer 2 address for a Layer 3 address.

AS autonomous system. A collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the Internet Assigned Numbers Authority (IANA).

ASBR Autonomous System Boundary Router. Located between an OSPF autonomous system and a non-OSPF network. ASBRs run both OSPF and another routing protocol, such as RIP. ASBRs must reside in a nonstub OSPF area.

Asynchronous

Response Mode

See ARM.

Asynchronous

Transfer Mode

See ATM.

ATM Asynchronous Transfer Mode. The international standard for cell relay in which multiple service types (such as voice, video, or data) are conveyed in fixed-length (53-byte) cells. Fixed-length cells allow cell processing to occur in hardware, thereby reducing transit delays. ATM is designed to take advantage of high-speed transmission media, such as E3, SONET, and T3.

ATM router module See ARM.

ATT attached bit.

attached bit See ATT.

attachment unit

interface

See AUI.

AUI attachment unit interface. IEEE 802.3 interface between a media attachment unit (MAU) and a NIC. Also called transceiver cable.

autonomous

system

See AS.

Autonomous

System Boundary

Router

See ASBR.

B

bandwidth The amount of data that can be sent in a fixed amount of time. For digital services, the bandwidth is usually expressed in bits per second (bps) or bytes per second.

BER bit error rate. Ratio of received bits that contain errors.

GL-300Cisco Craft Works Interface Configuration Applications Reference Guide

OL-5497-04


Glossary

BGP Border Gateway Protocol. An interdomain routing protocol used between autonomous systems. It is the routing protocol that makes the internet work. BGP is a distance vector routing protocol that carries connectivity information and an additional set of BGP attributes. These attributes allows for a rich set of policies for deciding what the best route to reach a given destination is.

bistate alarm Alarm that is not active and cannot be cleared (an event). For example, a fan failure alarm is a bistate alarm.

bit error rate See BER.

BOOTP BOOTstrap Protocol. A TCP/IP protocol used by nodes to obtain its IP address, server address, default gateway, and other network information. The node sends out a BOOTP request in a UDP packet to the BOOTP server, which returns the required information. The BOOTP request and response use an IP broadcast function that can send messages before a specific IP address is known.

Border Gateway

Protocol

See BGP.

C

CC client-to-client.

CDP Cisco Discovery Protocol. Runs on all Cisco devices so that these devices can learn about neighboring devices and exchange information. CDP uses a well-known multicast Media Access Control (MAC) address. During system initialization, the application-specific integrated circuit (ASIC) is configured to forward these packets to the Cisco IOS Software CPU, which processes the packets.

Challenge

Handshake

Authentication

Protocol

See CHAP.

CHAP Challenge Handshake Authentication Protocol. Security feature supported on lines using PPP encapsulation that prevents unauthorized access. CHAP does not itself prevent unauthorized access, but merely identifies the remote end. The router or access server then determines whether that user is allowed access

Cisco Discovery

ProtocolSee CDP.

class map Used for matching packets to a specific class.

class of service See CoS.

CLI command-line interface. A text-based user interface to an operating system. A CLI is a user interface to a computer’s operating system or an application in which the user responds to a visual prompt by typing in a command on a specified line, receives a response back from the system, and then enters another command, and so forth. Typically, most of today’s UNIX-based systems offer both a command-line interface and a graphical user interface.

client-to-client See CC.


OL-5497-04


Glossary

command-line

interface

See CLI.

complete sequence

number protocol

data unit

See CSNP.

confederation A confederation is a group of RDs that appears to RDs outside the confederation as a single RD. (The confederation's topology is not visible to RDs outside the confederation.) Confederations help reduce network traffic by acting as internetwork firewalls. Confederations might be nested within one another.

CoS class of service. An indication of how an upper-layer protocol requires a lower-layer protocol to treat its messages. In SNA subarea routing, CoS definitions are used by subarea nodes to determine the optimal route to establish a given session. A CoS definition comprises a virtual route number and a transmission priority field. Repetitive, regularly timed signals are used to control synchronous processes.

Craft Works

Interface

See CWI.

CWI Craft Works Interface.

CSNP complete sequence number protocol data unit (PDU). PDU sent by the designated router in an OSPF network to maintain database synchronization.

D

dampening A configurable exponential decay mechanism to suppress the effects of excessive interface flapping events on routing protocols and routing tables in the network. This feature allows the network operator to configure a router to automatically identify and selectively dampen a local interface that is flapping. Dampening an interface removes the interface from the network until the interface stops flapping and becomes stable. This feature improves convergence times and stability throughout the network by isolating failures so that disturbances are not propagated, which reduces the utilization of system processing resources by other devices in the network and improves overall network stability.

data

communications

channel

See DCC.

DCC data communication channel. Channel that carries provisioning and maintenance data/information between network elements in the SONET overhead.

DHCP Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.

Designated

Intermediate

System

See DIS.

demilitarized zone See DMZ.


OL-5497-04


Glossary

DMZ demilitarized zone. A middle ground between a trusted internal network and an untrusted, external network (for example, the Internet). The DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall.

DmzLinkBw DMZ link bandwidth.

DMZ link bandwidth See DmzLinkBw.

DIS Designated Intermediate System. DIS is elected by priority on an interface basis. In the case of a tie, the router with the highest SNPA (MAC) address will become the DIS. DIS helps routers on broadcast link to synchronize their IS-IS databases.

differentiated

services code point

See DSCP.

distributed route

processor

See DRP.

DNS Domain Naming System. Mechanism used in the Internet and on private Intranets for translating names of host computers into addresses. The DNS also allows host computers not directly on the Internet to have a registered names in the same style.

DR designated router. A router that forms adjacencies with all other routers on a multiple access network

Domain Naming

System

See DNS.

DRP distributed route processor. The optional Route Processor board in the Cisco CRS-1 Series router installed in the line card chassis to provide greater route update capacity.

DSCP differentiated services code point. Protocol for specifying and controlling network traffic by class so that certain traffic types get precedence. DSCP specifies a specific per-hop behavior that is applied to a packet.

Dynamic Host

Configuration

Protocol

See DHCP.

E

eBGP external Border Gateway Protocol. BGP sessions are established between routers in different autonomous systems. eBGPs communicate among different network domains.

EGP Exterior Gateway Protocol. Internet protocol for exchanging routing information between different autonomous systems.

Ethernet A type of networking technology for local-area networks.

extensible markup

language

See XML.


OL-5497-04


Glossary

Exterior Gateway

Protocol

See EGP.

external Border

Gateway Protocol

See eBGP.

F

fast reroute See FRR.

flooding Traffic passing technique used by switches and bridges in which traffic received on an interface is sent out all the interfaces of that device except the interface on which the information was received originally.

Frame Relay Industry-standard, switched data link layer protocol that handles multiple virtual circuits using High-Level Data Link Control (HDLC) encapsulation between connected devices. Frame Relay is more efficient than X.25, the protocol for which it generally is considered a replacement.

FRR fast reroute. Automatically reroutes traffic on a label switch path (LSP) if a node or link in an LSP fails. FRR reduces the loss of packets traveling over an LSP.

G

Gbps Gigabits per second. The amount of data that can be sent in a fixed amount of time. 1 gigabit = 230 bits, 1,073,741,824 bits.

Gigabit Ethernet An Ethernet technology that raises transmission speed to 1 Gbps. The standard for a high-speed Ethernet, approved by the IEEE 802.3z standards committee in 1996.

Gigabits per second See Gbps.

graceful restart Restart that does not impact any router processes.

graphical user

interface

See GUI.

GUI graphical user interface. Graphics-based user interface that incorporates windows, menus, buttons, and a mouse.

H

half life Amount of time it takes for half of an entity to undergo a specified process.

HDLC High-Level Data Link Controller. ISO communications protocol used in X.25 packet switching networks. HDLC provides error correction at the data link layer and contains the following subsets: LAP, LAPB, and SDLC.


OL-5497-04


Glossary

hello packet Multicast packet that is used by routers for neighbor discovery and recovery. Hello packets also indicate that a client is still operating and network-ready.

Hello protocol Protocol used by OSPF systems for establishing and maintaining neighbor relationships.

hexidecimal Means 16. The base 16 numbering system is used to represent binary numbers. Each half byte (four bits) is assigned a hex digit.

High-Level Data Link

Controller

See HDLC.

hold time Timing parameter.

I

iBGP internal Border Gateway Protocol. BGP sessions are established between routers in the same autonomous system.

ICMP Internet Control Message Protocol. Network layer Internet (TCP/IP) protocol that reports errors and provides other information relevant to IP packet processing.

IEP IP explicit path. List of IP addresses, each representing a node or link in the explicit path.

IETF Internet Engineering Task Force.

IGMP Internet Group Management Protocol. Governs the management of multicast groups in a TCP/IP network. Used by IP hosts to report their multicast group memberships to an adjacent multicast router.

IGP Interior Gateway Protocol. Internet protocol used to exchange routing information within an autonomous system. Examples of common Internet IGPs include IGRP, OSPF, and RIP.

IIH IS IS hello. Message sent by all IS-IS systems to maintain adjacencies.

Incremental

Shortest Path First

See ISPF.

Interior Gateway

Protocol

See IGP.

Intermediate

System-to-Intermed

iate System

See IS-IS.

Internal Border

Gateway Protocol

See iBGP.

Internet Control

Message Protocol

See ICMP.

Internet

Engineering Task

Force

See IETF.


OL-5497-04


Glossary

Internet Group

Management

Protocol

See IGMP.

Internetwork Packet

Exchange

See IPX.

IP explicit path See IEP.

IPv4 IP Version 4. Network layer for the TCP/IP protocol suite. A connectionless, best-effort packet switching protocol.

IPv6 IP Version 6. Replacement for IPv4. A next generation IP protocol. IPv6 is backward compatible with and is designed to fix the shortcomings of IPv4, such as data security and maximum number of user addresses. IPv6 increases the address space from 32 to 128 bits, providing for an unlimited number of networks and systems. It also supports quality of service (QoS) parameters for real-time audio and video.

IP version 4 See IPv4.

IP version 6 See IPv6.

IPX Internetwork Packet Exchange. NetWare network layer (Layer 3) protocol used for transferring data from servers to workstations. IPX is similar to IP and XNS.

IS-IS Intermediate System-to-Intermediate System. OSI link-state hierarchical routing protocol based on DECnet Phase V routing, whereby ISs (routers) exchange routing information based on a single metric to determine network topology.

IS-IS hello See IIH.

ISPF Incremental Shortest Path First (SPF).

K

keepalive interval Period of time between each keepalive message sent by a network device.

keepalive message Message sent by one network device to inform another network device that the virtual circuit between the two is still active.

L

Label Distribution

Protocol

See LDP.

label switch path See LSP.

label switch router See LSR.


OL-5497-04


Glossary

LAIS Line Alarm Indication Signal. Signal sent downstream indicating an upstream failure has occurred. LAIS prevents the generation of unnecessary downstream failures being declared or alarms being raised.

Layer 2 Layer 2 refers to the Data Link layer of the commonly-referenced multi layered communication model, Open Systems Interconnection (OSI) The Data Link layer contains the address inspected by a bridge or switch. Layer 2 processing is faster than layer 3 processing, because less analysis of the packet is required.

Layer 3 Layer 3 refers to the Network layer of the commonly-referenced multi layered communication model, OSI. The Network layer is concerned with knowing the address of the neighboring nodes in the network, selecting routes and quality of service, and recognizing and forwarding to the Transport layer incoming messages for local host domains.

LCP Link Control Protocol. Protocol that establishes, configures, and tests data-link connections for use by PPP.

LDP Label Distribution Protocol. A standard protocol between MPLS-enabled routers to negotiate the labels (addresses) used to forward packets. The Cisco proprietary version of this protocol is the Tag Distribution Protocol (TDP).

Line Alarm

Indication Signal

See LAIS.

Line Remote Defect

Indication

See LRDI.

Link Control

Protocol

See LCP.

link flap Unstable data link.

link-state packet See LSP.

LLQ low latency queueing. Way of handling packets that require high priority (high priority queueing).

logical router See LR.

loopback Send the outgoing signals back to the receiving side for testing purposes.

LOP Loss of Pointer. Failure state in the SONET signal where a receiving network cannot identify or lock on the pointer value of the H1 and H2 bytes to show the location of synchronous payload envelope (SPE).

low latency

queueing

See LLQ.

LR logical router. A collection of line cards and Route Processors that form a complete router. Each router contains its own instance of dynamic routing, IP stack, system database, interface manager, and event notification system.

LRDI Line Remote Defect Indication.


OL-5497-04


Glossary

LSP label switch path and link-state packet.

LSR label switch router. The role of an LSR is to forward packets in an MPLS network by looking only at the fixed-length label.

M

mask Pattern of bits used to reject or accept bit patterns in another set of data.

maximum

transmission unit

See MTU.

Mbps megabits per second. A bit rate expressed in millions of binary bits per second.

MD5 Message Digest 5. A one-way hashing algorithm that produces a 128-bit hash. MD5 is designed to strengthen the security of the MD4 hashing algorithm. Used for message authentication in SNMP. Verifies the integrity of the communication, authenticates the origin, and checks for timeliness.

MED Multi Exit Discriminator. BGP metric that provides information to external neighbors about the preferred path into an autonomous system.

Message Digest 5 See MD5.

media independent

interface

See MII.

Microsoft CHAP See MS-CHAP.

MII media independent interface. Standard specification for the interface between network controller chips and their associated media interface chips. MII automatically senses 10- and 100-MHz Ethernet speeds.

MOSPF Multicast OSPF. Intradomain multicast routing protocol used in OSPF networks. Extensions are applied to the base OSPF unicast protocol to support IP multicast routing.

MPLS Multiprotocol Label Switching. A mechanism whereby packets are forwarded by reading and replacing a fixed length “label” that is attached to the packet.

MPLS-TE Multiprotocol Label Switching traffic engineering.

MS-CHAP Microsoft Challenge Handshake Authentication Protocol. Security feature supported on lines using PPP encapsulation that prevents unauthorized access. CHAP does not itself prevent unauthorized access, but merely identifies the remote end. The router or access server then determines whether that user is allowed access.

MTU maximum transmission unit. The size of the largest packet that can be processed by an interface.

multicast OSPF See MOSPF.

Multi Exit

Discriminator

See MED.


OL-5497-04


Glossary

Multiprotocol Label

Switching

See MPLS.

Multiprotocol Label

Switching traffic

engineering

See MPLS-TE.

N

NACK negative acknowledgement. Response sent from a receiving device to a sending device indicating that the information received contained errors.

NBMA nonbroadcast multiaccess. A multiaccess network that either does not support broadcasting (such as X.25) or in which broadcasting is not feasible (for example, an SMDS broadcast group or an extended Ethernet that is too large).

negative

acknowledgement

See NACK.

NET network entity title. A NET is a network service access point (NSAP) where the last byte is always zero.

Network Entity Title See NET.

network service

access point

See NSAP.

nonbroadcst

multiaccess

See NBMA.

nonstop forwarding See NSF.

not-so-stubby area See NSSA.

NSAP network service access point. Network addresses, as specified by ISO. An NSAP is the point at which OSI network service is made available to a transport layer (Layer 4) entity.

NSF nonstop forwarding. The ability of a router to continue to forward traffic toward a router that may be recovering from a transient failure. Also, the ability of a router recovering from a transient failure in the control plane to continue correctly forwarding traffic sent to it by a peer.

NSSA not-so-stubby area. Type of stub area in which external routes can be flooded.

O

Open Shortest Path

First

See OSPF.

Open Systems

Interconnection

See OSI.


OL-5497-04


Glossary

ORF Outbound Route Filter. Allows BGP speakers to push inbound policy to a neighbor who applies it as outbound policy, providing the ability to filter unneeded routes at the send side instead of receive side.

OSI Open Systems Interconnection. International standardization program created by ISO and ITU-T to develop standards for data networking that facilitate multivendor equipment interoperability.

OSPF Open Shortest Path First. Link-state, hierarchical IGP routing algorithm proposed as a successor to RIP in the Internet community. OSPF features include least-cost routing, multipath routing, and load balancing. OSPF was derived from an early version of the IS-IS protocol.

OUNI Optical User Network Interface (UNI).

Outbound Route

Filter

See ORF.

P

Packet over SONET See PoS.

PAP Password Authentication Protocol. Authentication protocol that allows PPP peers to authenticate one another. The remote router attempting to connect to the local router is required to send an authentication request. Unlike CHAP, PAP passes the password and the host name or username in the clear (unencrypted). PAP does not itself prevent unauthorized access but merely identifies the remote end. The router or access server then determines whether that user is allowed access. PAP is supported only on PPP lines.

partial route

calculations

See PRC.

Password

Authentication

Protocol

See PAP.

PDU protocol data unit. A frame of data sent over Layer 2 (data link layer) in a network. Ethernet and Token Ring are examples of this layer.

PID process identifier. Temporary number assigned to a process or service.

Point-to-Point

Protocol

See PPP.

policy map Specifies the traffic policy name and configures a traffic policy.

PoS Packet over SONET. Enables core routers to send native IP packets directly over SONET or SDH frames.

PPP Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP.

PQ priority queueing.


OL-5497-04


Glossary

PRC partial route calculation.

priority queuing See PQ.

process identifier See PID.

protocol data unit See PDU.

Q

QoS quality of service. A set of parameters that describe a flow of data, such as guaranteed bandwidth, delay, and delivery guarantee.

quality of service See QoS.

R

Resource

Reservation

Protocol

See RSVP.

RIB Routing Information Base. A RIB is a routing database used by IDRP. RIBs are built by each BIS from information received from within the RD and from other BISs. A RIB contains the set of routes chosen for use by a particular BIS.

RIP Routing Information Protocol. A simple routing protocol that is part of the TCP/IP protocol suite and the most common IGP in the Internet. RIP determines a route based on the smallest hop count between source and destination. It is a distance vector protocol that broadcasts routing information to neighboring routers. It is known to use excessive bandwidth.

Route Processor See RP.

route reflection See RR.

Routing Information

Base

See RIB.

Routing Information

Protocol

See RIP.

RP Route Processor. Processor module that contains the CPU, system software, and most of the memory components that are used in the router.

RR route reflection.

RSVP Resource Reservation Protocol. Network-control protocol that enables Internet applications to obtain special qualities of service for data flows. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so on) of the packet streams they want to receive.


OL-5497-04


Glossary

S

SCTP Stream Control Transmission Protocol. An alternative protocol to TCP. SCTP contains multiple transmission paths and is designed to facilitate SS7 signaling over TCP/IP, supporting multiple IP addresses from the same host and treating the data streams from these addresses as one session. It does not require a strict order of delivery like TCP. If one data stream fails, the other streams are allowed to continue.

SDH Synchronous Digital Hierarchy. European standard that defines a set of rate and format standards that are sent using optical signals over fiber. SDH is similar to SONET, with a basic SDH rate of 155.52 Mbps, designated at STM-1.

Section Loss of

Frame

See SLOF.

Section Loss of

Signal

See SLOS.

sequence number

protection

See SNP.

SF signal failure.

shortest path first See SPF.

signal failure See SF.

Simple Network

Management

Protocol

See SNMP.

SLOF Section Loss of Frame.

SLOS Section Loss of Signal.

SNMP Simple Network Management Protocol. SNMP is the protocol governing network management and the monitoring of network devices and their functions. It is not necessarily limited to TCP/IP networks.

SONET Synchronous Optional Network. A broadband networking standard based on point-to-point optical fiber networks.

SNP sequence number protection. 4-bit field in the header of the protocol data unit used to detect error in the sequence number field.

Spatial Reuse

Protocol

See SRP.

SPE Synchronous Payload Envelope. Portion of the SONET frame containing overhead information (POH and user data).

SPF shortest path first. Routing algorithm that iterates on length of path to determine a shortest-path spanning tree. Commonly used in link-state routing algorithms. Sometimes called Dijkstra's algorithm.


OL-5497-04


Glossary

SRP spatial reuse protocol. Another name for Dynamic Packet Transport (DPT), which is a ring-based IP protocol.

Stream Control

Transmission

Protocol

See SCTP.

Synchronous Digital

Hierarchy

See SDH.

Synchronous

Optical Network

See SONET.

Synchronous

Payload Envelope

See SPE.

T

TACACS Terminal Access Controller Access Control System. Authentication protocol, developed by the DDN community, that provides remote access authentication and related services, such as event logging. User passwords are administered in a central database rather than in individual routers, providing an easily scalable network security solution.

TCA threshold crossing alert. An alert that is sent when a specified threshold is crossed.

TCP Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.

Terminal Access

Controller Access

Control System

See TACACS.

Threshold Crossing

Alert

See TCA.

TLV type, length, and value. Methodology for coding parameters within a frame. Type indicates the parameter type, length indicates the length of its value, and value indicates the value of parameter.

ToS type of service. An attribute used with the procedure code to identify a specific category of service.

Transmission

Control Protocol

See TCP.

tunnel Secure communication path between two peers, such as two routers.

type, length, and

value

See TLV.

type of service See ToS.


OL-5497-04


Glossary

U

UDP User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768.

unicast When sending a message to one receiver in a communications network, and multiple users request the same data from the same server at the same time, duplicate data streams are sent, one to each user.

User Datagram

Protocol

See UDP.

V

Virtual Private

Network

See VPN.

VPN Virtual Private Network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses "tunneling" to encrypt all information at the IP level.

X

XML extensible markup language. A standard maintained by the World Wide Web Consortium (W3C) that defines a syntax that lets you create markup languages to specify information structures. Information structures define the type of information, for example, subscriber name or address, not how the information looks (bold, italic, and so on). External processes can manipulate these information structures and publish them in a variety of formats. XML allows you to define your own customized markup language.


OL-5497-04


Cisco Craft Works Interface ConfiguOL-5497-04

I N D E X

A

AAA

access control 2-19

accounting, TACACS method 2-30

accounting method

none 2-32

server group 2-32

accounting modes

API 2-31

commands 2-31

EXEC 2-31

network 2-31

authentication 2-19

console port access 2-25

method list 2-24, 2-26

authentication encryption key 2-21

authorization, method list 2-27

authorization methods

local 2-28, 2-30

none 2-28, 2-30

TACACS 2-28, 2-30

authorization types

API 2-28, 2-29

command 2-28, 2-29

EXEC 2-28, 2-29

network 2-28, 2-29

network security 2-19

source IP address 2-21

TACACS authentication method 2-19

TACACS server

authentication encryption key 2-23

groups 2-23

IP address 2-22

port number 2-22

User Tasks window 4-44

See also user administration

AAA Application

AAA User Tasks Window

description 4-44

figure 4-45

Accounting tab

description 2-30

figure 2-31

Authentication tab

description 2-24

figure 2-26

Authorization tab

description 2-27

figure 2-29

network security 2-19

TACACS authentication methods 2-19

Tacacs Server Groups tab

description 2-23

figure 2-24

Tacacs Server Hosts tab

description 2-21

figure 2-22

Tacacs Server tab

description 2-20

figure 2-20

See also AAA

See also Administration Configuration applications

access control entry 11-109

Access Control Lists Application

Advanced subtab

IN-315ration Applications Reference Guide


Index

description 11-112

figure 11-112

Basic subtab

description 11-110

figure 11-110

ICMP/IGMP subtab

description 11-119

figure 11-119

TCP/UDP/SCTP subtab

description 11-115

figure 11-116

See also ACL

See also Policy Configuration applications

accounting

See AAA Application

ACE 11-109

ACK 19-291, 19-292

acknowledgment

See ACK

ACL

applying access list entry 11-115

configuring 11-109

destination

IPv4 address matching 11-111

wildcard bits 11-111

destination port

choosing a TCP port for the first source port 11-118

choosing a TCP port for the second source port 11-118

choosing a UDP port for the first source port 11-118

choosing a UDP port for the second source port 11-118

first source port for comparison 11-117

second source port for comparison 11-118

source comparison operator 11-117

elements

action (permit or deny) 11-109

filter 11-109

enable DCSP matching 11-113

enable precedence 11-115

IN-316Cisco Craft Works Interface Configuration Applications Reference

grant (permit or deny) 11-111

ICMP

filtering 11-119

message code 11-120

message type 11-119

IGMP

filtering 11-120

message type 11-120

incoming routing updates in OSPF 18-260

ISIS, route propagation 16-228

log matches 11-111

matching IP protocol 11-113

network traffic profile 11-109

noninitial fragments 11-115

OSPF, distribute list 18-268

packets

drop 11-111

forward 11-111

source

IPv4 address matching 11-111


source port

choosing a TCP port for the first source port 11-117

choosing a TCP port for the second source port 11-117

choosing a UDP port for the first source port 11-117

choosing a UDP port for the second source port 11-117

comparison operator 11-116

first source port for comparison 11-116

second source port for comparison 11-117

TCP flags

ACK 11-118

finish bit set 11-118

push function bit set 11-118

reset bit 11-118

synchronize bit set 11-118

See also Packet Filter

address family

interfaces 16-232

GuideOL-5497-04


Index

ISIS, type 16-221

address matching

destination 11-111

source 11-111

Address Resolution Protocol 8-83

Administration Configuration applications

AAA 2-19

Alarm Administration 3-33

User Administration 4-39

administrative distance

default 16-229

override

administrative distance 16-229

prefix length 16-229

prefix list 16-229

source prefix 16-229

Alarm Administration Application

Correlation Rules tab

description 3-35

figure 3-36

Rule Apply to Target subtab 3-37

Rule Definition subtab 3-37

Event Logs tab

description 3-34

figure 3-34


See also alarms

alarms

correlation

buffer size 3-35

log buffer 3-35

rule name 3-36

event log

buffer 3-35

size 3-35

message

code name 3-37

collection period 3-36

group name 3-37

Cisco Craft WOL-5497-04

parameters 3-33

purge

alarm logs 3-35

correlation logs 3-35

target list

context parameter 3-38

correlation rule 3-38

objects 3-38

applications

Administration Configuration

AAA 2-19

Alarm Administration 3-33

User Administration 4-39

Configuration

Explicit Path 5-47

MPLS-TE 6-51

Controllers Configuration

SONET Port 10-101

Interfaces Configuration

Common Attributes 7-69

Ethernet Attributes 8-77

POS Attributes 9-87

Policy Configuration

Access Control Lists 11-109

Packet Filter 12-121

QoS 13-123

Routing Policy 14-143

Protocols Configuration

BGP 15-149

ISIS 16-209

LDP 17-241

OSPF 18-251

RSVP 19-289

APS 10-103

ARP 8-83

proxy 8-85

timeout 8-84

AS 15-151

ASBR 18-257

IN-317orks Interface Configuration Applications Reference Guide


Index

attribute-value pairs 2-28

authentication

See AAA Application

authorization

See AAA Application

automatic protection switching

See APS

autonomous system

See AS

Autonomous System Boundary Router 18-258

autonomous system routing 15-149

averaging, shape 13-129

AV pairs 2-28

B

best path 15-150

BGP

autonomous system routing 15-149

link value criteria

autonomous system count 15-150

link type 15-150

other factors (delay and cost) 15-150

optimal paths 15-150

routing information exchange

incremental updates 15-150

initial data 15-150

TCP/IP networks 15-149

BGP Configuration Application

AF Groups tab

description 15-197

figure 15-198

Filtering Policy subtab 15-201

Generic Config subtab 15-199

Aggregates tab

description 15-167

figure 15-168

EGP 15-149

General tab


Cluster ID subtab 15-157

Confederation subtab 15-158

description 15-151

figure 15-151

Graceful Restart subtab 15-160

Router ID subtab 15-162

Write Limit subtab 15-164

Global Address Family Configuration window

description 15-154

figure 15-155

Neighbor Address Family Configuration window

description 15-177

figure 15-177



Neighbor Group Address Family Configuration window

description 15-187

figure 15-188



Neighbor Groups tab

description 15-183

figure 15-184

Neighbors tab

description 15-172

figure 15-173

Networks tab

description 15-166

figure 15-166

Operations tab

description 15-203

figure 15-204

Redistribution tab

description 15-169

figure 15-170

Session Groups tab

description 15-193

figure 15-194

See also BGP

GuideOL-5497-04


Index

See also Protocols Configuration applications

burst size 13-133

C

CDP, enable

common interfaces 7-71

Ethernet interface 8-79

POS interface 9-89

CHAP

encryption 9-98

password 9-98

refuse authentication from peers 9-98

username 9-98

CIR 13-133

Cisco Discovery Protocol 7-70, 8-78, 9-88

class map

configure 13-123

match criteria

ACL 13-125

discard class value 13-127

DSCP 13-125

precedence 13-125

protocol 13-126

QoS group value 13-126

matching packets 13-123

MPLS experimental value 13-126

clear

BGP

address family mode 15-205, 15-206, 15-207, 15-208

connections dropped counter 15-207

direction 15-205

external neighbors 15-204

flap counts 15-206

neighbors 15-204

peers in AS 15-205

performance statistics for address families 15-208

route dampening information 15-205

self-originated routes 15-208


unsuppress routes 15-205

ISIS

adjacency database 16-211

database 16-211

routes 16-211

LDP, message counters 17-248

OSPF

neighbor state transition count 18-254

redistributed route entries 18-254, 18-265

routing table 18-254

routing tables 18-265

state transition counter 18-266

RSVP

counters 19-296

event counters 19-297

message counters 19-297

committed information rate

See CIR

Configuration applications

Explicit Path 5-47

MPLS-TE 6-51

conform action

discard class 13-134

DSCP 13-134


precedence 13-134

transmit 13-134

connectivity failure, protection 6-52

Controllers Configuration applications

SONET Port 10-101

D

dampening

common interfaces

decay half life 7-75

enable 7-75

reuse threshold 7-75

routing table 7-73



Index

suppress threshold 7-75

Ethernet interface


enable 8-83


routing table 8-81


improvements

faster convergence 7-74, 8-82, 9-91

increased network stability 7-74, 8-82, 9-91

POS interface


enable 9-92

link flap 9-91


routing table 9-91


database

AAA

local username 2-27

TACACS security server 2-28

user 2-19

ISIS

clearing 16-211

link-state packet 16-213, 16-214, 16-225

LSP 16-211

OSPF

filtering 18-270

internal 18-253

link-state packet 18-257

Designated Intermediate System

See DIS

Differentiated Services Code Point

See DSCP

DIS 16-238

DNS

lookup 18-252

name lookup 18-252

OSPF 18-252


DSCP

ACL packet matching 11-113

QoS

class map match criteria 13-125

control 11-113

RSVP 19-293

E

EGP 15-149

Ethernet interface

ARP

proxy 8-85

timeout 8-84

connection speed 8-85

dampening


enable 8-83



duplex type 8-85

enable CDP 8-79

helper addresses

DHCP 8-81

UPD 8-81

interface shutdown 8-86

IPv4 processing 8-80

MAC address of Ethernet driver 8-85

media type 8-85

MTU Layer 2 value 8-79

MTU Layer 3 size 8-81

responding to ICMP mask requests 8-81

secondary addresses 8-80

Ethernet interfaces

See also interfaces, common

exceed action


DSCP 13-137


GuideOL-5497-04


Index

precedence 13-137

excess burst 13-133

explicit path

See IEP

Explicit Path Configuration Application

description 5-47

figure 5-48

See also Configuration applications

See also IEP

Exterior Gateway Protocol 15-149

F

fast reroute 6-52

field 7-75

flags, TCP

See ACL

flood

ISIS

limit LSP flooding 16-214

LSP flooding in NBMA networks 16-239

LSP flooding server 16-218

LSP refresh interval 16-215

mesh group 16-239

reduce LSP flooding 16-214

MPLS-TE

decreased resource availability 6-57

increased resource availability 6-57

periodic flooding interval 6-53

OSPF

clear redistributed route entries 18-254

database filtering during flooding 18-270

database filters 18-270

flood reduction 18-269

frequency of LSA instances accepted during flooding 18-257

minimum interval between the same LSAs 18-257

MPLS-TE topology 18-263

reduction 18-269


FRR 6-52

G

graceful restart

BGP

enable 15-161

LDP

enable 17-246

forwarding state holdtime 17-246

reconnection timeout 17-246

RSVP

enable 19-295

hello interval 19-295

missed hello messages 19-295

H

Handshake Authentication Protocol 9-93

HDLC 9-87

hello

ISIS

authentication password 16-235

designated router packets 16-238


hello multipliers 16-235

hello paddings 16-236

mode check 16-221

LDP

accept targeted hellos 17-245

linked hello hold time 17-245

linked hello interval 17-245

targeted hello hold time 17-245

targeted hello interval 17-245

OSPF

dead interval 18-268

interval 18-268

RSVP



Index

graceful restart hello interval 19-295

missed messages 19-295

helper addresses 7-73

common interfaces

DHCP 7-73

UDP 7-73

Ethernet interface

DHCP 8-81

UPD 8-81

POS interface

DHCP 9-91

UPD 9-91

High-Level Data Link Control

See HDLC

I

iBGP 15-152

ICMP 7-71, 8-79, 11-119

ACL

logging 11-111

message code 11-120

message code for filtering 11-120

message type 11-119

protocol matching 11-113

filtering 11-119

mask request



POS interface 9-91

IEP

enable 5-48

link 5-48

link IP address 5-48

name 5-48

See also Explicit Path Configuration Application

IGMP, ACL

filtering 11-120

message type 11-120


IGP 6-51, 16-210, 17-241

LDP 17-241

OSPF 18-251

IIH 16-235

IKE 2-28

incremental SPF 16-223

Interface Common Attributes Configuration Application

General tab

dampening subtab 7-73

description 7-70

figure 7-70

IPv4 subtab 7-71

Operation tab

description 7-76

figure 7-76


See also Interfaces Configuration applications

Interface Ethernet Attributes Configuration Application 8-77

Ethernet tab

description 8-83

figure 8-84

General tab

Dampening subtab 8-81

description 8-78

figure 8-78

IPv4 subtab 8-79

Operation tab

description 8-86

figure 8-86

See also Ethernet interfaces



Interface POS Attributes Configuration Application

General tab

Dampening subtab 9-91

description 9-88

figure 9-88

IPv4 subtab 9-89

GuideOL-5497-04


Index

Operation tab

description 9-99

figure 9-99

POS tab

CHAP subtab 9-97

description 9-93

figure 9-94

PAP subtab 9-95

PPP Common subtab 9-94



interfaces, common

dampening 7-73

convergence 7-74


enable 7-75

network stability 7-74



enabling CDP 7-71




link flap 7-73




secondary IP addresses 7-72

See also Interface Common Attributes Configuration Application

See also Ethernet interfaces

See also POS interfaces

Interfaces Configuration applications

Interface Common Attributes 7-69

Interface Ethernet Attributes 8-77

Interface POS Attributes 9-87

Interior Gateway Protocol

See IGP

internal Border Gateway Protocol


See iBGP

Internet Control Message Protocol 7-71, 8-79, 11-119

Internet Group Management Protocol

See IGMP

Internet Key Exchange 2-28

IP

multicast 18-251

subnetting 18-251

tagging 18-251

IPv4 processing



POS interface 9-90

ISIS

address family type 16-221

administrative distance

default 16-229

override administrative distance 16-229

override prefix length 16-229

override prefix list 16-229

override source prefix 16-229

clearing databases 16-211

clearing routes 16-211

default link topology 16-221

default route information generation 16-221

designated router priority 16-238

dynamic host name resolution 16-213

interfaces

address family 16-232

address family state 16-232

circuit type 16-231

metric for Level 1-2 routing 16-233

metric for Level 1 routing 16-232

metric for Level 2 routing 16-233

state 16-231

Interior Gateway Protocol 16-209

IPv4 16-209

IPv6 16-209

ISPF



Index

delay of ISPF algorithm activation 16-223

enable the ISPF algorithm 16-223

link-state advertisement 16-209

logging

adjacency state changes 16-219

PDU drops 16-219

LSP

attached bit in Level 1 16-223

flooding 16-214

ignore errors 16-219

maximum lifetime 16-216

MTU value 16-215

password encryption type 16-216

refresh 16-214

refresh interval 16-215

sequence number protection 16-216

mesh group

default 16-239

no LSP flooding (block mesh group) 16-239

MPLS-TE

enable 16-224

router ID 16-224

multitopology mode check on IIH packets 16-221

network entity title 16-213

NSAP 16-213

NSF

maximum lifetime following restart 16-218

timer expiry count 16-218

type 16-217

wait period for restart ACK 16-218

overload bit 16-218

overload bit delay time 16-219

parallel routes 16-221

PDU

CSNP interval 16-236

encryption type 16-235


hello multiplexer 16-235

hello padding 16-236


hello password 16-235

LSP interval time delay between transmissions 16-236

LSP retransmit interval 16-237

LSP retransmit throttle interval 16-237

process routing level

Level 1 16-213

Level 1-2 16-213

Level 2 16-213

route propagation

ACL 16-228

from level 16-227

into level 16-228

route summarization

IPv4 prefix 16-226

prefix length 16-226

route redistribution level 16-226

routing table size reduction 16-225

See also MPLS-TE

SPF

interval between calculations 16-223

TLV

object generation 16-221

object style acceptance 16-221

ISIS Configuration Application

Address Family Settings

Admin Distance subtab 16-228

Advanced subtab 16-222

description 16-219

figure 16-220

General subtab 16-220

MPLS-TE subtab 16-223

Route Propagation subtab 16-227

Route Summarization subtab 16-225

Interfaces Settings


description 16-229

figure 16-230

General subtab 16-230

GuideOL-5497-04


Index

PDU Settings subtab 16-233

Supported Address Families subtab 16-231

Process Settings

Advanced tab 16-216

description 16-212

figure 16-212

General tab 16-212

LSP Settings tab 16-214

Router Operations tab

description 16-210

figure 16-210

See also ISIS


ISIS hello 16-235

ISPF

delay of ISPF algorithm activation 16-223

enable the ISPF algorithm 16-223

J

job characteristics

See user administration

L

label

Explicit Null 17-245

Implicit Null 17-245

label distribution

See LDP

label-switched path

See LSP

label switching router 17-241

LAIS 10-103

LDP

backoff

hold time 17-245

maximum time 17-245


clear message counters 17-248

Explicit Null labels 17-245

forwarding state 17-246

graceful restart 17-246

IGP routing 17-241

Implicit Null label 17-245

Layer 2 17-241

linked hello

hold time 17-245

interval 17-245

logging neighbor session changes 17-246

neighbor 17-247

reconnection timeout 17-246

restart sessions 17-249

router ID

loopback 17-244

routable IP address 17-244

session hold time 17-245

source address TCP connection 17-242

targeted hello

hold time 17-245

interval 17-245

targeted hellos

accept 17-245

VPN 17-241

LDP Configuration Application

General tab

description 17-243

figure 17-244

Interfaces tab

description 17-242

figure 17-242

Neighbors tab

description 17-246

figure 17-247

Operations tab

description 17-248

figure 17-248

See also LDP



Index


Line Alarm Indication Signal

See LAIS

LLQ 13-130

logging

ACL

informational logging message 11-111

packet match 11-111


Alarm Administration

correlation circular buffer 3-35

event logging buffer 3-35

message collection period 3-36

BGP, neighbor resets 15-154

ISIS


dropped PDUs 16-219

LSP, neighbor session changes 17-246

OSPF, neighbor state changes 18-263

loopback 10-103

low latency queueing 13-130

LSA 18-254

OSPF

accepted LSAs during flooding 18-257

BGP originating router with normal metric 18-263

clearing redistributed route entries 18-254

database filtering 18-270

disable preferring the local router 18-262


link-state update packet 18-268

neighbor retransmission interval 18-268

opaque LSA support capability 18-263

refresh interval 18-257

retransmission interval for neighbor 18-268

suppress summary routes 18-259

syslog messages 18-263

time between origins of same LSA 18-257

transmit delay 18-268

LSP 6-51


attached bit in Level 1 16-223

ignore errors 16-219

ISIS



time delay between LSP transmissions 16-236

LSR 17-241

M

mark action

class of service 13-140


DSCP 13-140


precedence 13-140

QoS group 13-140

maximum transmission unit 7-70, 8-78, 9-88

MD5 18-271, 18-278, 18-284

MED 15-152

Message Digest 5

See MD5

MOSPF 18-263

MPLS-TE

bandwidth allocation 6-51

fast reroute 6-52

flooding thresholds 6-57

high-priority traffic 6-51

information flooding, using

ISIS 6-52

OSPF 6-52

label distribution using RSVP 6-52

labels 6-55

label-switched path 6-51

link

bandwidth hold time 6-53

cost 6-57

periodic flooding interval 6-53

network tunnel 6-51

GuideOL-5497-04


Index

OSPF 18-263

tunnel

address 6-60

affinity bits and mask 6-61

backup 6-58

backup bandwidth 6-60, 6-63

bandwidth 6-60

counters 6-67

destination 6-60

fast reroute 6-63

hold priority 6-61

path metric 6-64

path selection metric 6-64

reoptimization 6-53, 6-66

route recording 6-63

setup priority 6-60

SPF calculation parameters 6-62

user-specified attribute flags 6-57

MPLS-TE Configuration Application

Global tab

description 6-53

figure 6-52

Labels tab

description 6-54

figure 6-54

Links tab

Backup Tunnels subtab 6-57

description 6-55

figure 6-56

General subtab 6-56

Tunnel Head tab


description 6-58

figure 6-59

General subtab 6-59

Operations subtab 6-65

Path Selections subtab 6-63

See also Configuration applications

See also MPLS-TE


MTU

Layer 2 value



POS interface 9-89

Layer 3 size



POS interface 9-91

link state packet MTU value 16-215

OSPF, ignore settings 18-269

Multicast OSPF 18-263

Multi Exit Discriminator

See MED

N

NBMA 16-214

network security

See AAA Application

network service access point 16-213

network traffic profile 11-109

nonbroadcast multiaccess 16-214

nonstop forwarding 16-216

NSAP 16-213

NSF 16-216

maximum lifetime following restart 16-218

OSPF 18-262

timer expiry count 16-218

type 16-217

wait period for restart ACK 16-218

O

Open Systems Interconnection

See OSI

OPPF

IP multicast 18-251



Index

ORF 15-179, 15-189, 15-199

OSI 9-87, 16-210

OSPF

ACL 18-260

ACL, distribute list 18-268


attached network type 18-269

authentication

MD5 18-272

plain 18-271

type 18-271, 18-278, 18-284

backup designated router priority 18-268

BGP converge 18-263

clear

neighbor state transition count 18-254

redistributed route entries 18-254, 18-265

routing table 18-254

routing tables 18-265

state transition counter 18-266

database filters 18-270

demand circuit 18-269

designated router priority 18-268

DNS lookup 18-252

external route

default 18-257

link type 18-258

use existing default 18-258

filter outgoing network updates 18-263


hello packet interval 18-268

ignore MTU settings 18-269

IGP routing 18-251

IP subnetting 18-251

IP tagging 18-251

link cost

external 18-257

inter-area 18-257

intra-area 18-257

link state advertisement


interval rate 18-257

interval refresh rate 18-257

new instances rate 18-257

LSA

announce time 18-263

link-state update packet 18-268

originate with maximum metric 18-262

restransmission interval for neighbor 18-268

signal to not prefer the local router 18-262

MPLS-TE

enable 18-263

opaque LSA support 18-263

router ID 18-263

NSF

enable 18-262

maximum time 18-262

minimum interval 18-262

process


equal cost paths 18-256

parallel routes 18-256

reference bandwidth 18-256

router ID 18-256

redistribute routes 18-263

reset

router processes 18-265

reset router process 18-253

route summarization

filtering 18-259

IP mask 18-259

IP prefix 18-259

suppress summary routes 18-259

sending updates on an interface 18-270

source address 18-260

SPF

initial delay 18-257

throttling 18-257

time between consecutive calculations 18-257

wait interval 18-257

GuideOL-5497-04


Index

suspend hello packets (dead interval) 18-268

syslog messages

LSA Type 6 (MOSPF) packets 18-263

neighbor state changes 18-263

suppress 18-263


OSPF Configuration Application

Area

creating 18-272

description 18-273

Area Settings

figure 18-277

General tab 18-273

Inter-area Summary Routes tab 18-274

Interface Settings tab 18-279

Virtual Links tab 18-275

General tab

description 18-252

figure 18-252

Operations tab

description 18-253

figure 18-253

Process Settings

Admin Distance tab 18-260

Advanced tab 18-261

description 18-255

figure 18-255

General tab 18-256

Interface Settings tab 18-266

Operations tab 18-264

Route Summarization tab 18-258

See also OSPF


OSPFv3 18-251

OSPF version 3 18-251

Outbound Route Filter 15-191, 15-199

See ORF


P

packet authentication 18-251

Packet Filter

applying ACLs to interfaces 12-121

inbound

hardware packet counting 12-122

packet filter (ACL) 12-122

outbound

hardware packet counting 12-122

packet filter (ACL) 12-122

See also ACL

Packet Filter Application

description 12-121

figure 12-121

See also Packet Filter


PAP 9-93

encryption 9-96

password 9-96

refuse from peers 9-96

Password Authentication Protocol

See PAP

path, optimal 15-150

PDU

interface

CSNP interval 16-236

encryption type 16-235


hello multiplexer 16-235

hello padding 16-236

hello password 16-235

LSP interval time delay between transmissions 16-236



performance, transmission system 13-123

permissions, user




Index

Point-to-Point Protocol

See PPP

Policy Configuration applications

Access Control Lists 11-109

Packet Filter 12-121

QoS 13-123

Routing Policy 14-143

policy map

allocated class bandwidth 13-129

apply to inbound traffic 13-123

apply to outbound traffic 13-123

class map name 13-128

class priority 13-130

configure 13-123

conform action


DSCP 13-134


precedence 13-134

transmit 13-134


DSCP 13-132

exceed action


DSCP 13-137


packet drop 13-136

precedence 13-137

excess burst 13-133

mark action

class of service 13-140


DSCP 13-140


precedence 13-140

QoS group 13-140


precedence 13-132

queue size for class 13-130


service policy map 13-130

shape averaging 13-129

thresholds


DSCP 13-132


precedence 13-132

violate action


drop 13-137

DSCP 13-138


precedence 13-138

POS interface

authentication

CHAP 9-95, 9-98

MS-CHAP 9-95

NCP timeout 9-95

PAP 9-95, 9-96

retry maximum 9-95

retry timeout 9-95

timeout 9-95

dampening


enable 9-92



data packets

SDH frame 9-87

SONET frame 9-87

efficient link utilization 9-87

enable CDP 9-89

encapsulation type 9-94


high-bandwidth capacity 9-87





GuideOL-5497-04


Index

PPP in HDLC framing 9-87

requests 9-95


secondary IP addresses 9-90

POS interfaces


PPP 9-93

authentication

CHAP 9-95

MS-CHAP 9-95

PAP 9-95

timeout 9-95

authentication retry maximum 9-95

consecutive negative acknowledgements 9-95

Network Control Protocol timeout 9-95

response to control packet timeout 9-95

unacknowledged confirmation requests 9-95

unacknowledged terminate requests 9-95

See also POS interface

private virtual channel

See PVC

protection, connectivity failure 6-52

protocol data unit

See PDU

Protocols Configuration applications

BGP Configuration 15-149

ISIS Configuration 16-209

LDP Configuration 17-241

OSPF Configuration 18-251

RSVP Configuration 19-289

PVC 6-51

Q

QoS

class map

ACL match criteria 13-125

discard class values matching 13-127

DSCP match criteria 13-125


match criteria 13-125

matching packets 13-123


precedence match criteria 13-125

protocol match criteria 13-126

QoS group values match criteria 13-126

policy map

allocated class bandwidth 13-129

apply to inbound traffic 13-123

apply to outbound traffic 13-123

burst size 13-133

class map name 13-128

class of service mark action 13-140

class priority 13-130

discard class conform action 13-134

discard class exceed action 13-136

discard class mark action 13-139

discard class violate action 13-138

drop violate action 13-137

DSCP 13-132

DSCP conform action 13-134

DSCP exceed action 13-137

DSCP mark action 13-140

DSCP violate action 13-138

excess burst 13-133

LLQ 13-130

MPLS experimental value conform action 13-134

MPLS experimental value exceed action 13-136

MPLS experimental value mark action 13-139

MPLS experimental value violate action 13-137

packet drop exceed action 13-136

precedence conform action 13-134

precedence exceed action 13-137

precedence mark action 13-140

precedence violate action 13-138

QoS group mark action 13-140

queue size for class 13-130

service policy map 13-130




Index

transmit conform action 13-134

service policy

inbound policy map 13-142

outbound policy map 13-142

transmission system performance 13-123

QoS Application

Classmaps tab

description 13-124

figure 13-124

Policymaps tab

Congestion Avoidance subtab 13-131

Congestion Mgmt subtab 13-129

description 13-127

figure 13-128

Mark subtab 13-139

Police (traffic/conform) subtab 13-132

Policy (exceed/violate) subtab 13-135

Service Policies tab

description 13-142

figure 13-142


See also QoS

quality of service

See QoS

R

reporting

AAA 2-19

SONET, alarm 10-104

reset OSPF router processes 18-253, 18-265

route propagation

ACL 16-228

from level

Level 1 16-227

Level 2 16-227

into level

Level 1 16-228

Level 2 16-228


routers, clearing 16-211

route summarization

groups of addresses 16-225

IPv4 prefix 16-226

other routing protocols 16-225

route redistribution

Level 1 16-226

Level 1-2 16-226

Level 2 16-226

routing table size reduction 16-225

routing, autonomous 15-149

Routing Policy Manager Application

AS Path Access Lists tab

description 14-147

figure 14-148

Extended Community Lists tab

description 14-146

figure 14-147

Prefix Lists tab

description 14-144

figure 14-144

Standard Community Lists tab

description 14-145

figure 14-146


See also Routing Policy

routing table

common interfaces

dampening 7-73

link flap 7-73

Ethernet interface

dampening 8-81

link flap 8-81

ISIS

reducing the size 16-225

OSPF

clear 18-265

clear all routes redistributed from other protocols 18-265

GuideOL-5497-04


Index

clearing 18-254, 18-265

clear routes redistributed from other protocols 18-254

number of equal cost paths installed 18-256

POS interface

dampening 9-91

link flap 9-91

RSVP

clear

counters 19-296

event counters 19-297

message counters 19-297

DSCP 19-293

graceful restart 19-295


missed hello messages 19-295

interface 19-291

refresh message

ACK hold time 19-292

message interval 19-292

missed message limit 19-291

refresh reduction 19-292

retransmit time 19-292

RSVP component size in ACK message 19-292

summary refresh 19-292

reservable bandwidth 19-291

reservable subpool bandwidth 19-291

signalling message

interval length 19-291

number of messages 19-291

rate 19-291

size of reservation 19-291

RSVP Configuration Application

General tab

description 19-294

figure 19-294

Interfaces tab

description 19-290

Operations tab

description 19-296


figure 19-296


See also RSVP

S

SCTP 11-115

secondary IP addresses



POS interface 9-90

service policy

inbound policy map 13-142

outbound policy map 13-142


shortest path first

See SPF

SONET

See SONET port

See SONET Port Configuration Application

SONET port

administrative shutdown 10-107

framing

SDH 10-103

SONET 10-103

Layer 1 transport technology 10-101

line


APS 10-103

B2 BER TCA reporting 10-106

B2 BER threshold 10-105

defect hold-off delay value 10-103

LAIS reporting 10-106

LRDI reporting 10-106

overhead 10-103

signal degrade BER reporting 10-106

signal degrade BER threshold 10-106

signal failure BER reporting 10-106

signal failure BER threshold 10-105



Index

loopback

internal 10-103

line 10-103

path


AIS reporting 10-106

B3 BER reporting 10-106


hold-off delay value 10-104

LOP reporting 10-106

path trace message 10-104

payload scrambling 10-104

RDI reporting 10-106

SPE content 10-104

UNEQ code 10-104

UNEQ reporting 10-106

reference clock source

internal 10-103

line 10-103

section

B1 BER TCA reporting 10-105


overhead 10-103

SLOF reporting 10-105

SLOS reporting 10-105

SONET Port Configuration Application

Operation tab

description 10-107

figure 10-107

SONET tab

Alarm Reporting subtab 10-104

description 10-102

figure 10-102

SONET Configuration subtab 10-102

See also Controllers Configuration applications

See also SONET port

SPE 10-104

SPF 6-58

interval between calculations 16-223


Stream Control Transmission Protocol

See SCTP

summarization, prefix length 16-226

Synchronous Payload Envelope 10-104

T

TACACS

See authentication

task IDs


TCA

SONET B1 BER 10-105

SONET B2 BER 10-106

TCP 11-115

TCP flags

See ACL

threshold

Alarm Administration, logging events buffer 3-35

BGP, number of prefixes 15-179, 15-189, 15-199

Ethernet interface

interface suppress 8-83

reuse 8-83

interface common


reuse 7-75

MPLS-TE

decreased resource availability 6-57

increased resource availability 6-57

POS interface


reuse 9-93

QoS

class policy queue limit 13-130


IP DSCP 13-132

IP precedence 13-132

MPLS experimental topmost value 13-132

SONET

GuideOL-5497-04


Index

line 10-105

path 10-106

section 10-105

throttling 18-257

TLV

object generation 16-221

object style generation 16-221

Transmission Control Protocol

See TCP

transmission system performance 13-123

tunnel

address 6-60

affinity bits and mask 6-61

backup 6-52, 6-58

backup bandwidth 6-60, 6-63

bandwidth 6-60

counters 6-67

destination 6-60

fast reroute 6-63

hold priority 6-61

path

metric 6-64

selection metric 6-64

primary 6-52

reoptimization 6-53, 6-66

route recording 6-63

setup priority 6-60

SPF calculation parameters 6-62

U

UDP

helper addresses



POS interface 9-91

ports

choosing a port in ACL 11-117

filtering using ACL 11-117


user administration

task

groups 4-40

IDs 4-40

task groups

associated task groups 4-44

classes 4-44

name 4-44

task ID 4-43

user attributes

password 4-39

user groups 4-39

user ID 4-39

user groups

associating groups 4-42

associating tasks 4-42

name 4-42

users

password 4-41

secret 4-41

user groups 4-41

username 4-41


See also User Administration Application

User Administration Application

Task Groups tab

description 4-43

figure 4-43

User Groups tab

description 4-41

figure 4-42

Users tab

description 4-41

figure 4-40


See also user administration

User Datagram Protocol

See UDP

user groups



Index



V

violate action


drop 13-137

DSCP 13-138


precedence 13-138

virtual private network

See VPN

VPN 17-241

Guide
OL-5497-04

cisco craft works interface configuration applications ... · r3.2 beta draft—cisco highly...

Documents