Partners
Log in
Compare Products
Hide
VS
.files/image005.png)
Ruijie Networks – InnovationBeyond Networks
RG-RouterImplementation Cookbook (V1.3)
Copyright Statement
Ruijie Networks©2013
Ruijie Networks reserves all copyrights ofthis document. Any reproduction, excerption, backup, modification,transmission, translation or commercial use of this document or any portion ofthis document, in any form or by any means, without the prior written consentof Ruijie Networks is prohibited.
.files/image006.jpg){kind=small}
,.files/image007.jpg){kind=small}
,.files/image008.jpg){kind=small}
,.files/image009.jpg){kind=small}
,.files/image010.jpg){kind=small}
,.files/image011.jpg){kind=small}
, .files/image012.jpg){kind=small}
,.files/image013.jpg){kind=small}
,.files/image014.jpg){kind=small}
, .files/image015.jpg){kind=small}
,.files/image016.jpg){kind=small}
,.files/image017.jpg){kind=small}
areregistered trademarks of Ruijie Networks. Counterfeit is strictly prohibited.
Exemption Statement
This document is provided “as is”. Thecontents of this document are subject to change without any notice. Pleaseobtain the latest information through the Ruijie Networks website. RuijieNetworks endeavors to ensure content accuracy and will not shoulder anyresponsibility for losses and damages caused due to content omissions,inaccuracies or errors.
This guide provides an overview and explainshow to configure the various features for the RG-RSR30-44 Router, RG-RSR20-14ERouter, RG-RSR10-02E Router, RG-RSR10-02 Router, and RG-RSR 77 series Router.Some information may not apply to your particular router model.
Audience
l Network Engineers
l Network Administrator
Obtain Technical Assistance
l Ruijie Networks Websites : http://www.ruijienetworks.com
l Ruijie Service Portal : http://caseportal.ruijienetworks.com
Welcome to report error and give advice inany Ruijie manual to Ruijie Service Portal
Related Documents
l Product Datasheet
RG-RSR30-44 Reliable Multi-Service RouterDatasheet
RG-RSR20-14E Reliable Multi-Service RouterDatasheet
RG-RSR10-02E Reliable Multi-Service RouterDatasheet
RG-RSR10-02 Reliable Multi-Service RouterDatasheet
RG-RSR77-X Core Service distributed RouterDatasheet
l Hardware Installation Guide
RG-RSR30 Series Routers HardwareInstallation and Reference Guide
RG-RSR20-14E Series Routers HardwareInstallation and Reference Guide
RG-RSR10-02E Series Routers HardwareInstallation and Reference Guide
RG-RSR10 (20) Series Router HardwareInstallation and Reference Guide
RG-RSR77 Series Router Hardware Installationand Reference Guide
l RGOS Configuration guide
RG-RSR30 Series Router RGOS ConfigurationGuide
RG-RSR20-14E Series Router RGOSConfiguration Guide
RG-RSR10-02E Series Router RGOSConfiguration Guide
RG-RSR10 (20) Series Router RGOSConfiguration Guide
RG-RSR77 Series Router RGOS ConfigurationGuide
l RGOS Command Reference
RG-RSR30 Series Router RGOS CommandReference
RG-RSR20-14E Series Router RGOS CommandReference
RG-RSR10-02E Series Router RGOS CommandReference
RG-RSR10 (20) Series Router RGOS CommandReference
RG-RSR77 Series Router RGOS CommandReference
l White Paper
White Paper for Ruijie ERPS Technology
White Paper for REF Technology
White Paper for WAN TransmissionAcceleration Technology of Routers
Revision History
| Date | Change contents | Reviser |
| 2016.5 | Initial publication V1.0 | TAC Oversea |
| 2017.2 | Add now chapters of 1.1.3 Distributed Router Upgrade , 2.1.4 Syslog, 2.4.6 VPDN 2.0, 2.6.5 DLDP, 3.1 4G Solutions, 5.1 Detailed Configuration for Internet Access on publication V1.1 | TAC Oversea |
| 2017.10 | Add new chapter of 3.3.2 Import Configuration Using FUNC Key | TAC Oversea |
3.1.3 DistributedRouter Upgrade
3.2.1 PasswordRestoration with RGOS Version 10.X
3.2.2 PasswordRestoration on RSR77
3.2.3 PasswordRestoration on 4G Router
3.3 UpgradeFirmware and Import Configuration Using FUNC Key
3.3.1 UpgradeFirmware Using Fun Key
4.1 BasicFunction Configuration
4.1.2 RuijieExpress Forwarding (REF)
4.5 NetworkManagement and Monitoring
4.6.3 2.6.3Link-Based Interface Backup
4.7.1 TrafficClassification and Marking
4.7.4 GenericTraffic Shaping (GTS)
5.1.1 4GProducts and Common Commands
5.1.2 4GTypical Scenario Configuration Guide
5.1.3 OtherFunction Configuration for a 4G Router
5.1.4 ConfiguringWiFi for the 4G Router
6.8 BasicFault Information Collection
I. Topology
.files/image018.png)
II. Upgrade in Xmodem Mode
Notes:
The default baud rate of the SIC-3G card is115,200 Bd during startup and the baud rate for accessing the main screen is9,600 Bd after startup. If the startup baud rate is changed to another value,select the new baud rate for login.
1. Power on the device and press Ctrl+C to access the BootLoader mainmenu.
.files/image019.jpg)
2. (Optional) If the current baud rate of the SIC-3G card is 115,200Bd, skip this step. Otherwise, perform the following step:
Note: Changing the baud rate to 115,200 Bd aims at acceleratingtransmission speed over Xmodem.
1) Select6. Scattered utilities.
.files/image020.png)
2) Select4. Set baudrate.
.files/image021.png)
3) Select2. Change baudrate to 115200.
.files/image022.png)
4) Changethe baud rate for logging in to a terminal to 115,200 Bd and press Enter.The change is successful if the console displays correct information.
3. Press Ctrl+Z twice to return to the BootLoader main menu.
.files/image023.png)
4. (Optional) If the main program of the SIC-3G card is lost, go toStep 4. Otherwise, perform the following step:
1) Select 4. File management utilities to access the filemanagement submenu.
.files/image024.png)
2) Select 1. Remove a file. Enter rgos.bin after the "The filenameyou want to remove:" prompt is displayed, and then press Enter.
.files/image025.png)
3) Press Ctrl+Z to return to the BootLoader main menu.
5. Transfer the automatic upgrade package to the SIC-3G card.
1) Select 1. XModem utilities.
.files/image026.png)
2) Select 1. Upgrade Main program.
.files/image027.png)
3) Send the Xmodem file.
To send the Xmodem file by usingSecureCRT, choose Option > Session Option from the main menu;in the Session Option dialog box, choose Terminal > X/Y/Zmodemand click 1024 bytes (Xmodem-1k/Ymodem-1k) in X/Ymodem send packetsize.
.files/image028.jpg)
Choose Transfer > Send Xmodemfrom the main menu, select the bin file used for upgrade (name the bin file rgos.bin),and click OK to start upgrade.
.files/image029.png)
6. Restart the SIC-3G card for the automatic upgrade package to run.
1) After downloading ends, press Ctrl+Z to return to the BootLoadermain menu, and select 6. Scattered utilities.
.files/image030.png)
2) Select 2. Reload system.
.files/image031.png)
The card upgrade is inprogress. Please wait patiently.
III. Upgrade Verification
1) After the upgrade ends, the card automatically restarts and entersthe major release till the PCI BUS Scan/Setup End screen is displayed.
.files/image032.jpg)
2) Change the baud rate for the PC to connect to the SIC-3G cardconsole to 9,600 Bd, and press Enter to enter the major releaseenvironment. Then, the upgrade is complete.
.files/image033.jpg)
Features
The NMX-24ESW switch fabric module of theRSR20 series routers adopts the distributed system architecture. The NMX-24ESWswitch fabric module is equipped with an independent CPU, memory, flash memory,and other hardware, and has an independent main program. The NMX-24ESW switchfabric module can be upgraded in router mode or independently.
Upgrade in router mode:
The software version of the switch fabricmodule is bound into the software version of the router. An upgrade channel isestablished between the router and the switch fabric module, and the routerdirectly transmits the software version of the switch fabric module to theflash memory of the latter, thereby achieving remote upgrade of the switchfabric module.
The RSR20 series routers of 10.3(5t86)/10.3(5b6) p3 and later versions support switch fabric module upgrade in routermode.
Independent upgrade of the switch fabricmodule
The network port of the switch fabric moduleis connected to an external TFTP server through a network cable, and the TFTPserver transmits the software version of the switch fabric module to the flashmemory of the latter.
The switch fabric module of all versionssupports this upgrade mode.
I. Upgrade Steps
1. Log in to the switch fabric module from the router.
In router mode, run the service-modulefastEthernet 5/0 session command to enter the switch fabric module.
RSR20-14#service-module fastEthernet 5/0 session //Enter the switch fabric module. If the switchfabric module is seated in Slot 5,enter5/0; if it is seated in Slot 6, enter 6/0.
Ruijie# //If the device prompt is changed to Ruijie#, you enter theswitch fabric module successfully.
2. Back up the original software version of the switch fabric module.
Notes:
If the current main program running on theswitch fabric module is rgos.bin, run the copyflash:rgos.bin flash:rgos.bak command for backup;if the main program is rgnos.bin, run the copyflash:rgnos.bin flash:rgnos.bakcommand for backup.
The following example is based on the mainprogram rgos.bin running on the switch fabric module.
a. Display the name of the current main program running on the switchfabric module.
Ruijie#dir
ModeLink Size MTime Name
------------ --------- ------------------- ------------------
<DIR> 1 0 1970-01-01 08:00:00 dev/
<DIR> 1 0 1970-01-01 08:00:03 ram/
<DIR> 2 0 1970-01-01 08:00:35 tmp/
<DIR> 0 0 1970-01-01 08:00:00 proc/
1 8 1970-01-04 10:15:00 priority.dat
1 5885184 1970-01-01 09:42:03 rgos.bin //The current main program running on the switch fabric module isrgos.bin.
1 5885184 1970-01-01 08:07:19 rgos.10.2(2).33474
--------------------------------------------------------------
3 Files(Total size 11770376 Bytes), 4 Directories.
Total31457280 bytes (30MB) in this device, 17907712 bytes (17MB) available.
b. Back up the software version of the switch fabric module.
Ruijie#copyflash:rgos.bin flash:rgos.bak //Backup the software version of the switch fabric module as rgos.bak.
Ruijie#dir
ModeLink Size MTime Name
------------ --------- ------------------- ------------------
<DIR> 1 0 1970-01-01 08:00:00 dev/
<DIR> 1 0 1970-01-01 08:00:03 ram/
<DIR> 2 0 1970-01-01 08:00:35 tmp/
<DIR> 0 0 1970-01-01 08:00:00 proc/
1 8 1970-01-04 10:15:00 priority.dat
1 5885184 1970-01-01 08:05:51 rgos.bak //The software version of the switch fabric module is backedup successfully.
1 5885184 1970-01-01 09:42:03 rgos.bin
--------------------------------------------------------------
3 Files(Total size 11770376 Bytes), 4 Directories.
Total31457280 bytes (30MB) in this device, 17907712 bytes (17MB) available.
c. Press Ctrl+X to exit from the switch fabric module to therouter mode.
3. Upgrade the main program of the router.
For the upgrade method, see section"Main Program Upgrade" (choose Daily Maintenance>SoftwareUpgrade>Mid-range and Low-end Series Router Upgrade>10.x VersionUpgrade> Main Program Upgrade).
4. Display the software versions of the router and switch fabricmodule.
1) Display the software version of the router in router mode.
RSR20-14#dir
ModeLink Size MTime Name
------------ --------- ------------------- ------------------
<DIR> 1 0 1970-01-01 00:00:00 dev/
<DIR> 2 0 2013-03-29 02:15:55 esw/ //Directoryfor storing the software version of the switch fabric module
<DIR> 2 0 2011-05-23 03:40:19 log/
<DIR> 2 0 2013-03-29 04:31:32 mnt/
<DIR> 1 0 2013-03-29 04:31:26 ram/
<DIR> 2 0 2013-03-29 04:31:46 tmp/
<DIR> 0 0 1970-01-01 00:00:00 proc/
1 1263 2013-01-31 14:19:56 config_0113.bak
1 7248608 2013-03-29 02:15:36 rgos.bin //Softwareversion of the router
--------------------------------------------------------------
2 Files(Total size 7249871 Bytes), 7 Directories.
Total33030144 bytes (31MB) in this device, 20160512 bytes (19MB) available.
2) Display the software version of the switch fabric module in routermode.
Notes:
For RSR20 series routers of 10.3(5t86),10.3(5b6)p3, and later versions, the software version of the switch fabricmodule is packaged into the main program of the router. After the routerupgrade is complete, the router automatically decompresses the software versionof the switch fabric module into the esw folder in the flash memory.
RSR20-14#cd esw //Accessthe directory for storing the software version of the switch fabric module.
RSR20-14#dir
ModeLink Size MTime Name
-------- ------------- ------------------- ------------------
1 4221664 2013-03-29 02:16:04 esw_install.bin //Mainprogram file of the switch fabric module
--------------------------------------------------------------
1 Files(Total size 4221664 Bytes), 0 Directories.
Total33030144 bytes (31MB) in this device, 20160512 bytes (19MB) available.
5. Return to the main program of the router in the flash memory andenable the terminal monitor function.
RSR20-14#cd .. //Return to the main program of the router in the flashmemory.
RSR20-14#terminal monitor //Enable the terminal monitor function.
6. Shut down services of the switch fabric module, and deliver the mainprogram of the switch fabric module from the flash memory of the router to theflash memory of the switch fabric module.
Notes:
1) It takes about 15 minutes to transmit thesoftware version of the switch fabric module from the router to the flashmemory of the switch fabric module.
2) When the prompt "Upload completed" is displayed, wait another 8-15 minutes (15 minutes arerecommended) to ensure that the version files of the switch fabric module areall received.
3) Do not perform destructive operations such aspower-off and restart during upgrade of the switch fabric module. Otherwise,the upgrade of the switch fabric module will fail.
4) If the switch fabric module or router isrestarted before version files of the switch fabric module are all received,the version files may be damaged and the switch fabric module may fail tostart. In this case, run the RSR20-14#service-module fastEthernet 5/0 resetcommand in router mode to restart the switch fabric module, press Ctrl+Cto enter the Ctrl layer of the switch fabric module, press Ctrl+Q toenter the CLI mode, and then run the Ctrl>rename rgos.bak rgos.bincommand to restore the original main program of the switch fabric module. Then,run the Ctrl>reload command to restart the switch fabric module andrestore services.
RSR20-14#esw-switch shut-service //Shut down services of the switch fabricmodule.
RSR20-14#esw-upgrade xmodem slot 5 //Transmitthe software version of the switch fabric module in the flash memory of therouter to the flash memory of the switch fabric module (if the switch fabric module is seated in Slot 5, enter slot 5; if it is seated in Slot6, enter slot6).
*Mar 29 06:09:29:%UPGRADE-6-ESW_CARD_UPRADE: Now start transmit file.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#*Mar29 06:24:45: %UPGRADE-6-ESW_CARD_UPRADE: Upload completed, 4221664 bytes ofvalid data has been transferred.
*Mar 2906:24:45: %UPGRADE-6-ESW_CARD_UPRADE: Please wait a few minutes(about 8-15min) for the switch card upgrading until you can login the card. //Wait another 8-15 minutes (15minutes are recommended) to ensure that version files of the switch fabricmodule are all received.
7. Enable services of the switch fabric module, log in to the switch fabricmodule, and check its software version.
RSR20-14#esw-switch open-service //Enable services of the switch fabric module.
RSR20-14#service-module fastEthernet 5/0 session //Enter the switchfabric module. If the switch fabric module is seated in Slot 5, enter 5/0; ifit is seated in Slot 6, enter 6/0.
8. (Optional) Rename the main program file of the switch fabric module.
If the original mainprogram of the switch fabric module is rgnos.bin, skip to Step 9.
Notes:
l If the original main program file of the switch fabric module is rgnos.bin,the version file transmitted over Xmodem directly replaces it and the file doesnot need to be renamed. The switch fabric module fails if it is renamed.
l If the original main program file of the switch fabric module is rgos.bin,the new program file needs to be renamed rgos.bin to ensure successfulupgrade. The following example is based on the original main program file rgos.binof the switch fabric module.
1) Display the main program file of the switch fabric module.
Ruijie#dir
ModeLink Size MTime Name
------------ --------- ------------------- ------------------
<DIR> 1 0 1970-01-01 08:00:00 dev/
<DIR> 1 0 1970-01-01 08:00:03 ram/
<DIR> 2 0 1970-01-01 08:00:35 tmp/
<DIR> 0 0 1970-01-01 08:00:00 proc/
1 8 1970-01-04 10:15:00 priority.dat
1 4221696 1970-01-01 08:51:00 rgnos.bin //Newmain program of the switch fabric module
1 5885184 1970-01-01 08:05:51 rgos.bak //Originalmain program backup of the switch fabric module
1 5885184 1970-01-01 09:42:03 rgos.bin //Originalmain program of the switch fabric module
--------------------------------------------------------------
4 Files(Total size 15992072 Bytes), 4 Directories.
Total31457280 bytes (30MB) in this device, 12918784 bytes (12MB) available.
2) Rename the new main program of the switch fabric module rgos.bin.
Ruijie#renameflash:rgnos.bin flash:rgos.bin //The new main program directly replaces the original main program.
3) Check whether the new main program is renamed successfully.
Ruijie#dir
ModeLink Size MTime Name
------------ --------- ------------------- ------------------
<DIR> 1 0 1970-01-01 08:00:00 dev/
<DIR> 1 0 1970-01-01 08:00:03 ram/
<DIR> 2 0 1970-01-01 08:00:35 tmp/
<DIR> 0 0 1970-01-01 08:00:00 proc/
1 8 1970-01-04 10:15:00 priority.dat
1 5885184 1970-01-01 08:05:51 rgos.bak
1 4221696 1970-01-01 08:51:00 rgos.bin //The new main program is successfully renamed rgos.bin.
9. Press Ctrl+X to exit the switch fabric module and restart the routerto complete upgrade of the switch fabric module.
Notes:
1) The switch fabric module can be managed on the screen of the router.It is not recommended that the switch fabric module be independently restartedand upgraded. If some management commands become available after the switchfabric module is independently restarted, the router needs to be restarted.
2) When the system reaches the state "FastEthernet 0/0, changedstate to up" after router restart, wait 4-5 minutes for the switchfabric module to complete upgrade. Then, the system is restarted completely.This waiting is required only after the upgrade of the switch fabric module iscomplete, and is not required in normal restart.
RSR20-14#reload //Restart the router to complete the upgrade.
Proceedwith reload? [no]y
II. Upgrade Verification
Check whether the softwareversions of both the router and switch fabric module are upgraded successfully.
1) Check whether the router is upgraded successfully.
RSR20-14#showversion
Systemdescription : Ruijie Router (RSR20-14) by Ruijie Networks
Systemstart time : 2013-03-29 7:7:40
Systemuptime : 0:0:3:36
Systemhardware version : 1.00
Systemsoftware version : RGOS 10.3(5T86),Release(154167)
SystemBOOT version : 10.3.154167
2) Enter the switch fabric module and check whether it is upgradedsuccessfully.
Ruijie#showversion
Systemdescription : Ruijie Switch Service Module(NM2-24ESW) by Ruijie NetworkCo., Ltd..
Systemstart time : 1970-1-1 8:0:0
Systemhardware version : 2.0
Systemsoftware version : RGOS 10.2(3T42),Release(153542)
Systemboot version : 10.2.21580
SystemCTRL version : 10.2.45595
Systemserial number : 0000000000000
Deviceinformation:
Device-1
Hardware version : 2.0
Software version : RGOS 10.2(3T42),Release(153542)
BOOTversion : 10.2.21580
CTRLversion : 10.2.45595
SerialNumber : 0000000000000
Instructions for Distributed RouterUpgrade
I. RSR distributed routers include thefollowing series:
RSR30-X SPU10 V2
RSR50E-40
RSR77 series (RSR7704/RSR7708/RSR7716)
RSR77-X series (RSR7708-X/RSR7716-X)
Upgrade in CTRL mode
II. Upgrade at the CTRL Layer
1) Generally only when an upgrade fails or the main program is lost,the upgrade is performed at the CTRL layer. To upgrade at the CTRL layer, youmust connect the cable between a router and a PC to the MGMT interface on themain processing unit (MPU) of the router.
2) If send download request is displayed during startup and thedevice cannot enter the user mode, it indicates that functions of the currentsoftware version are lost and you need to upgrade the version at the CTRLlayer.
III. Upgrade Steps
1. Prepare the upgrade file on the PC and start the TFTP Server.
1) Put the software upgrade file and the TrivialFile Transfer Protocol (TFTP) Server in the same folder (rename the softwareversion to rgos.bin).
.files/image034.png)
2) Double click startftp.exe to start the TFTPServer.
.files/image035.jpg)
2. Restart the router and enter command mode at the CTRL layer.
Restart the router. When Press Ctrl+Cto enter Ctrl .... is displayed, press Ctrl+C to enter command mode at theCTRL layer. Ctrl> prompt is displayed.
.files/image036.jpg)
3. Check card identification.
Before the upgrade, check cardidentification. If any card fails to be identified, please stop the process incase all cards fail to be upgraded. If any card is in UNKNOWN status, itindicates that this card fails to be upgraded and you need to restart thedevice. If the card is still in UNKNOWN status after restart, contact Ruijietechnical support engineers for upgrade guidance.
Run the upgrade–slot command to checkthe upgrade path of the device. The following is an example:
.files/image037.jpg)
Note:Perform upgrade only when all cards areidentified.
4. Transmit the automatic upgrade package to the router.
Connect the cable between the PC and therouter to the MGMT interface on the MPU of the router. Run the TFTPcommand to transmit the automatic upgrade package.
.files/image038.png)
When the prompt SUCCESS: UPGRADING OKis displayed on the router, it indicates that the upgrade package has beentransmitted to the router.
5. Upgrade line cards.
Run the upgrade -slot all -forcecommand to upgrade the version of line cards.
The router automatically upgrades all linecards.
6. Reset the system to run the automatic upgrade package.
.files/image039.png){kind=small}
Note:
1. Do not perform any dangerous operation such as reset or power cutoffwhen running the automatic upgrade package until the upgrade process isfinished.
2. After the running process is finished, the system is automaticallyreset to boot a new system.
IV. Verification
1) Run the show version command to displaythe device version and check whether the upgrade is successful.
.files/image040.jpg)
Note:
Run the show version command todisplay the MAIN, CTRL, and BOOT versions of the MPU and all line cards. If allof these are the latest versions, the upgrade is successful.
2) Run the show version slot command todisplay the status of each slot card. Confirm that the software status of eachline card is running. The following is an example:
.files/image041.jpg)
If the status is installed orruning-config for a long time after software upgrade, please immediatelycontact Ruijie for technical support.
Upgrade in Main Program Mode (via TFTP)
I. Upgrade Steps
1. Configure an IP address for the router Ethernet interface.
Configure an IP address for the router.
Note:
Ensure that the PC can ping the router.Disable the firewall of the PC before upgrade.
2. Prepare the upgrade file on the PC and start the TFTP Server.
1) Put the software upgrade file and the TFTP server in the samefolder.
.files/image042.png)
2) Double click startftp.exe to start the TFTP Server.
3. Check card identification.
Before the upgrade, check cardidentification. If any card fails to be identified, please stop the process incase all cards fail to be upgraded. If any card is in no card status, itindicates that this card fails to be upgraded and you need to restart thedevice. If the card is still in no card status after restart, contact Ruijietechnical support engineers for upgrade guidance.
Run the show upgrade command to checkthe upgrade path of the device.The following is an example:
Perform upgrade only when all cards areidentified. Only the line cards or engines of the version to be released aredisplayed while the slot number of the active engine is not displayed. That is,if RSR77 has two engines, the standby engine instead of the active engine isdisplayed; if RSR77 has only one engine, the slot number of the engine is notdisplayed.
4. Transmit the automatic upgrade package to the router.
Run the copy tftp: flash:/rgos.bincommand to transmit the upgrade file to the router.
.files/image043.jpg)
After transmission, the system automaticallyverifies the validity of the file. If the standby supervisor module has beeninserted before upgrade, the installation package is automatically synchronizedto the standby supervisor module. When the prompt SUCCESS: UPGRADING OKis displayed, it indicates that the automatic upgrade package has beentransmitted to the router.
Note:
1) If the prompt Verify the image .......[ok]is displayed, it indicates successful transmission and verification.
2) If the prompt System is running defragment,please wait....Press Ctrl+C to quit..... is displayed, it indicates thatthe router is running defragment and please wait.
3) If the prompt Transmission fail or ......is displayed, it indicates that transmission fails. Check whether the PC canping the router, whether the designated directory of TFTP Server is correct,and whether the file name is correct.
4) If the prompt ERROR: THE BINARY FILE CANNOTBE USED IN CURRENT PRODUCT !!! is displayed, it indicates that validityverification fails (the automatic upgrade package is not applicable to thecurrent product). Please check whether the correct automatic upgrade package isused.
5. Decompress the upgrade package to line cards (if the current version is 3b21 or a later version, it isrecommended but not mandatory to upgrade it to a later version).
Note:
1) The new and old versions of RSR77 series routers have the sameupgrade command: upgrade system rgos.bin, and are only different in the user interface(UI). If the current version is 10.4 (3b15) p1 or a later version, as theupgrade function is optimized and the upgrade time is reduced, the UI isdifferent from that of an earlier version.
2) After the upgrade system rgos.bin command is run to upgradeand restart the device, the old version of the BOOT layer may remain but itdoes not matter. If it is required to keep the versions of the MAIN layer, CTRLlayer, and BOOT layer consistent, run the following command.
a. The following is a upgrade UI example for 10.4 (3b15) p1 and a laterversion.
After the automatic upgrade package isdownloaded to the device, run the upgrade system rgos.bin command toupgrade line cards.
.files/image044.png)
Note:
The device is upgraded automatically. Thefollowing red box indicates the line cards and corresponding MAIN layer, CTRLlayer, and BOOT layer to be upgraded.
.files/image045.png)
Note:
After the upgrade process is finished, theupgrade result is displayed, specifying the line cards implementing imageupgrade in this process, image type, and upgrade results. OK indicatessuccessful upgrade. FAIL indicates failed upgrade.
3) The following is a upgrade UI example for 10.4(3b15) p1 and an earlier version.
After the automatic upgrade package isdownloaded to the device, run the upgrade system rgos.bin command toupgrade line cards.
.files/image046.jpg)
Note:
The device is upgraded automatically. Thefollowing red box indicates the line cards and corresponding MAIN layer, CTRLlayer, and BOOT layer to be upgraded.
6. Reset the system to run the automatic upgrade package.
.files/image047.png){kind=small}
Note:
Do not perform any dangerous operation suchas reset or power cutoff when running the automatic upgrade package until theupgrade process is finished.
II. Verification
1) Run the show version command to displaythe device version and check whether the upgrade is successful.
.files/image048.jpg)
Note:
a) Run the show version command to displaythe MAIN versions of the MPU and all line cards. If all of these are the latestversions, the upgrade is successful.
b) The MAIN, CTRL, and BOOT versions can beinconsistent. When the manual upgrade is performed, the upgrade systemautomatically determines whether to upgrade CTRL/BOOT versions based on theupgrade policy in the installation package. Upgrade versions as required.
2) Run the show version slot command todisplay the status of each slot card. Confirm that the software status of eachslot card is running. The following is an example:
.files/image049.jpg)
If the status is installed orruning-config for a long time after software upgrade, please immediatelycontact Ruijie for technical support.
Upgrade in Main Program Mode (via FTP)
I. Note to Upgrade via FTP
As the PC where the new version is stored istranslating a private Intranet address to a public address, the device cannotbe upgraded via TFTP. By upgrade via File Transfer Protocol (FTP), enable FTPServer on the PC and transmit the software version to the device via FTP.
II. Upgrade Tips
1. Enable FTP Server on the device.
2. Transmit the software version to the device with the PC as an FTP client.
3. Restart the device to confirm the upgrade result.
III. Upgrade Steps
1. Log in to the device to be upgraded and enable FTP Server.
Ruijie(config)#ftp-serverenable --->Enables FTPServer.
Ruijie(config)#ftp-serverusername ruijie --->Configures FTP Server user name.
Ruijie(config)#ftp-serverpassword ruijie --->Configures FTP Server password.
Ruijie(config)#ftp-servertopdir / --->Configures the directory where receivedfiles are stored for FTP Server. For the upgrade file, the directory must beindicated by "/".
2. Configure FTP parameters for the PC to log in to the device andtransmit the new version to the device.
Put the bin file to beuploaded in a root directory of a disk, such as C:\.
.files/image050.png)
Choose Menu > Run > CMD,and then press Enter.
.files/image051.png)
Enter disk C (where the bin file is stored)and enable FTP Server.
.files/image052.png)
Log in to the device to configure parameters.
.files/image053.jpg)
3. Transmit the bin file to the device.
.files/image054.jpg)
The file is transmitted.
.files/image055.png)
Run the bye command to disable theconnection to FTP Server.
.files/image056.png)
4. Restart the device to check the upgrade result.
Log in to the device and run the DIRcommand to confirm whether the size in bytes of the rgos.bin file is consistentwith the size in the release notes.
.files/image057.png)
For a RSR77/77-X/50E-40 device, upgrade linecards.
.files/image058.png)
Save the configuration of the device, and restartthe device.
Run the Ruijie#writecommand to save the configuration:
Run the Ruijie#reloadcommand to restart the device:
.files/image059.png){kind=small}
After restart, run the show versioncommand to confirm whether the device has been upgraded to the target version.
.files/image060.jpg)
I. Password Restoration Requirements
If an administrator forgets the loginpassword, the administrator can enter the Boot layer to restore the password byusing a configuration cable, and previous configuration needs to be reserved.
II. Password Restoration Principle
The device reads the config.text fileduring startup and the password is stored in the config.text file.Therefore, enter the BootLoader mode of the device and rename the file. Whenthe device fails to locate the config.text file during startup, itdirectly enters the system. After the device enters the system, name theconfiguration file config.text, set a new password and save it. Then,you can log in to the device by using the new password next time.
III. Password Restoration
1. Get a configuration cable ready for password restoration. The deviceneeds to be restarted and password restoration needs to be completed at theBoot layer.
2. Rename the configuration file rather than delete it during passwordrestoration. Otherwise, the configuration will be lost.
IV. Configuration Steps
1. Restart the router to enter the CLI mode of the Boot layer.
Notes:
The operations of entering the CLI mode ofthe Boot layer from RSR routers are different for routers with RGOS later thanor earlier than 10.4. You can directly enter the CLI mode of routers with RGOSlater than 10.4, and you need to enter the menu mode first if the routers runRGOS earlier than 10.4.
1) Enter the CLI mode of the Boot layer from the router with RGOS laterthan 10.4.
Restart the router. When the "PressCtrl+C to enter Boot ..." prompt is displayed, press Ctrl+C toenter the CLI mode of the Boot layer. The BootLoader> prompt isdisplayed.
.files/image061.jpg)
2) Enter the CLI mode of the Boot layer from the router with RGOSearlier than 10.4.
a. Restart the router. When the "Press Ctrl+C to enter Boot Menu..." prompt is displayed, press Ctrl+C to enter the menu mode ofthe Boot layer.
.files/image062.jpg)
b. In menu mode of the Boot layer, press Ctrl+Q to enter the CLImode of the Boot layer. The BootLoader> prompt is displayed.
.files/image063.png)
2. Rename the configuration file.
BootLoader>rename config.text config.bak
3. Restart the device.
BootLoader>reload
4. Restore the configuration file.
.files/image064.png)
5. Set a new password and save device configuration.
RSR20-14E#configureterminal
RSR20-14E(config)#enable secret ruijie //Set a new password.
RSR20-14E(config)#end
RSR20-14E#write //Save device configuration.
After a new password is set, you can use itto log in to the system. Other configuration keeps unchanged.
I. Password Restoration Requirements
If an administrator forgets the loginpassword, the administrator can enter the Ctrl layer to restore the password byusing a configuration cable, and previous configuration needs to be reserved.
II. Password Restoration Principle
The device reads the config.text fileduring startup and the password is stored in the config.text file.Therefore, enter the Ctrl layer of the device and rename the file. When thedevice fails to locate the config.text file, it directly enters thesystem. After the device enters the system, name the configuration file config.text,set a new password and save it. Then, you can log in to the device by using thenew password next time.
III. Password Restoration
1.Get a configuration cable ready for password restoration. The device needs tobe restarted and password restoration needs to be completed at the Ctrl layer.
2.Rename the configuration file rather than delete it during passwordrestoration. Otherwise, the configuration will be lost.
IV. Steps
1. Restart the router to enter the CLI mode of the Ctrl layer.
Restart the router. When the "PressCtrl+C to enter Ctrl ..." prompt is displayed, press Ctrl+C toenter the CLI mode of the Ctrl layer. The Ctrl> prompt is displayed.
.files/image065.jpg)
2. Rename the configuration file.
Ctrl>renameconfig.text config.bak // Rename the configurationfile config.bak.
3. Restart the device.
Ctrl>reload
4. Restore the configuration file.
.files/image066.png)
Note:
To copy the configuration file of routerswith RGOS earlier than 10.4, the command must be copy flash:/config.bak flash:/config.text and a slash (/) must be added behind flash: to indicate theabsolute path. The slash (/) does not need to be added for routers with RGOSlater than 10.4.
5. Set a new password and save device configuration.
RSR7708#configureterminal
RSR7708(config)#enablesecret ruijie
RSR7708(config)#end
RSR7708#*Mar 8 10:36:56: %SYS-5-CONFIG_I: Configured from console by console
*Mar 8 10:36:56:%PARAM-6-CONFIG_SYNC: Sync'ing the running configuration to the standbysupervisor.
*Mar 810:36:56: %PARAM-6-CONFIG_SYNC: The running configuration has been successfullysynchronized to the standby supervisor.
RSR7708#write
Buildingconfiguration...
[OK]
RSR7708#*Mar 8 10:37:01: %PARAM-6-CONFIG_SYNC: Sync'ing the startup configuration to thestandby supervisor.
*Mar 810:37:01: %PARAM-6-CONFIG_SYNC: The startup configuration has been successfullysynchronized to the standby supervisor.
After a new password is set, you can use itto log in to the system. Other configuration keeps unchanged.
I. Steps
RSR10-01G series 4Grouters realize the password recovery by utilizing the “FUNC” button ofdevices. The recovery steps are as follows:
1. Restart thedevice, and press the “FUNC” key immediately for 6-10s.
.files/image067.jpg)
2. Changed the IP address of PC in same segment as router, using thedefault IP address to login the router Web interface
1) Change the IPaddress of PC into 192.168.1.0/24 segment, we suggest modify the IP address tobe the unique IP address of network, such as 192.168.1.2.
2) Access http://192.168.1.1with Chrome or Firefox browser, using account and password: admin/admin
.files/image068.jpg)
.
3) The webinterface will redirect to a recovery page.
.files/image069.jpg)
The recovery interface displays the original IP addressof this device, the IP address usually is LAN gateway of Intranet. And thispage also provides three options at the same time.
A. Recover tothe latest configuration: use this function, the configuration of device willnot be changed, it is used to the circumstance that the customer remembers theaccount and password of the device, but forget the IP address.
B. Reset thelogin password of web only: using this function, users can login the device byusing “admin” as username and password, but all configuration is same as before(Attention: you need to login the router by using original IP address insteadof 192.168.1.1 after using this function)
1) Perform theoperation of resetting the password
.files/image070.jpg)
input the new password and click thereset button t reset the web password
.files/image071.jpg)
2) Accessthe original IP address
(the IP address is 192.168.100.254 during theinstance.)
Change the IP address of PC to be anyaddress during the 192.168.100.0 segment. Then open http://192.168.100.254using web browser, login with admin (username) and ruijie( new password).
.files/image072.jpg)
.files/image073.jpg)
C. Factoryreset, it will clear all configuration and recover the device into defaultlogin account and IP address.
Features
You can upgrade the device software inone-key mode by using the FUNC key. No commands need to be executed forthe upgrade.
Notes:
1. The FUNC key must exist on the device or supervisor module(this key does not exist on devices of earlier versions and therefore, theone-key upgrade is not supported in such devices).
2. Access and convergence switches support one-key upgrade sinceversion 3b12.
3. The RSR77 router supports one-key upgrade since version 3b21.
Principle
After the device is normally started andsuccessfully identifies a USB flash drive or SD card, press the FUNC key.The system interrupts the current task and executes the FUNC key processingtask. In the FUNC key processing task, the system detects whether an SD card orUSB flash drive is inserted into the current device. If not, the systemdirectly resets. If a storage medium is identified, the system scans thestorage medium to detect whether an installation package in the specified filename format exists in the root directory. If an installation package in thecorrect format is detected, the system upgrades the device. After the upgradeends, the system resets and restarts using the new software version.
Upgrade Steps
1. Get ready the bin file required for upgrade.
Copy the bin file into the root directory ofthe USB flash drive and rename it rgos.bin. It is strongly recommendedthat only one bin file be stored in the USB flash drive.
2. Insert the USB flash drive into the USB port of the device.
.files/image074.png)
Wait till the USB indicator on the panelturns solid green, indicating that the device has correctly identified the USBflash drive.
3. Press FUNC to upgrade the device (the device cannot be powered off).
.files/image075.png)
Use a small object to press the FUNCkey. After FUNC is pressed, the device automatically starts upgrade. TheUSB indicator blinks and the device automatically resets after upgrade. Afterthe SYS indicator turns solid green, the upgrade is complete. Log in to thedevice to check the version.
Verification
Run the show version command to checkwhether the device is upgraded successfully.
Ruijie#showversion
Systemdescription : Ruijie Router (RSR20-14-E) by Ruijie Networks
Systemstart time : 2015-01-29 11:53:33
Systemuptime : 11:2:44:28
System hardwareversion : 1.00
System software version : RGOS 10.3(3b23), Release(174201)
SystemBOOT version : 10.3.150859
Systemserial number : 123456789efagd
Ruijie#
For RSR77 routers, run the show versionslot command to display operating status of cards in slots and check that SoftwareStatus of each card is running. The following figure shows an example.
.files/image076.jpg)
If you wait for a long time after softwareupgrade but Status is always installed or running-config,immediately contact Ruijie Network to seek technical support.
Features
There is no startup configuration on Ruijierouters by default. You can log in to the management device by using a consolecable. The following initial configuration is recommended to facilitatemanagement and maintenance of devices.
Configuration
Host name (recommended):
Ruijie(config)#hostnameXWRJ //Name the device XWRJ.
XWRJ(config)#
Interface description (recommended):
XWRJ(config)#interfacef0/0
XWRJ(config-if-FastEthernet0/0)#description To_BJ
System clock (mandatory):
Systemtime is very important. Fault logs and the CA certificate rely on timestamp.
Ruijie>enable
Ruijie#clock set 10:00:00 12 1 2012 //Set the clock in the format ofhh:mm:ssmmddyyyy.
Ruijie#configure terminal //Enter global configuration mode.
Ruijie(config)#clock timezone beijing 8 /Set the device time zone to East Area 8 (Beijingtime).
Log recording (recommended):
Record logs in the flash memory. Historylogs are very useful for locating a fault. Note: Debug logs can be recordedonly after the log level is set to 7.
XWRJ(config)#loggingfile flash:log 2000000 7
Management IP address (recommended):
In general, loopback 0 is used as themanagement interface according to customer network planning.
XWRJ(config)#interfaceloopback 0
XWRJ(config-if-Loopback0)#ip address 1.1.1.1 255.255.255.255
Telnet (recommended):
Configure the telnet function for allnetwork devices. If the telnet function is not configured, faults can behandled only at site.
XWRJ(config)#enablesecret 0 ruijie //The enable password must be configured for the telnet function.
XWRJ(config)#linevty 0 4
XWRJ(config-line)#password0 ruijie
XWRJ(config-line)#login
Password encryption (recommended):
Router(config)# service password-encryption //This command encryptsall passwords configured on the device.
Features
Ruijie Express Forwarding (REF) isRuijie-specific fast forwarding technology. All functions of the current routersoftware version are implemented based on the REF platform. The IP REF function must be configured on allLayer-3 interfaces. If the REF function is notcorrectly enabled, device functions may be unavailable or the device may runabnormally.
The following exceptions may arise if theREF function is not correctly enabled on the device:
1. The CPU utilization of the device is high.
2. High delay, packet loss, and other exceptions occur on customerservices forwarded or processed by the device.
3. Some functions are unavailable on the device.
4. The device runs abnormally and the device breaks down or restarts.
The REF function needs to be configured onthe following devices:
RSR10, RSR20, RSR30,NPE50, RSR50, and RSR50E-80 series routers
The REF function does not need to beconfigured on the following devices:
RSR810, RSR820, RSR10-02E, RSR20-14E/F,RSR30-X, RSR50E-40, RSR77, RSR77-X series routers and new products releasedlater, on which the IP REF function is enabled for all Layer-3 interfaces bydefault
Enabling the REF
1. Ensure that the IP REF function is configured on all Layer-3interfaces of routers during project testing and engineering implementation.
2. Pay attention to the REF configuration of Layer-3 interfaces ofrouters during network inspection. If the REF function is not correctlyconfigured, configure IP REF in a timely manner.
Note: Services may be interrupted instantaneously when IP REF isconfigured. Therefore, configure it in non-peak hours of services.
3. The interfaces, on which the IP REF function needs to be configured,are as follows:
Ethernet interfaces:
interface FastEthernet
ip ref
interface GigabitEthernet
ip ref
Virtual interfaces:
interface Dialer
ip ref
interface Group-Async
ip ref
interface Multilink
ip ref
interface Tunnel
ip ref
interface Virtual-ppp
ip ref
interface Virtual-template
ip ref
interface Vlan
ip ref
WAN interfaces:
interface Async
ip ref
interface ATM
ip ref
interface Pos
ip ref
interface Serial
ip ref
Controller e1
ip ref
Controller sonet
ip ref
Note: The IPREF function cannot be configured on some interfaces of routers with RGOSearlier than 10.4. You do not need to memorize such interfaces but remember thefollowing configuration principle: In interface configuration mode, run the ipref command. If ip ref is executed, the IP REF function is needed onthe interface.
Features
The Dynamic Host Configuration Protocol(DHCP) operates based on client/server mode. The DHCP server dynamicallyallocates IP addresses, gateway addresses, DNS server addresses, and otherparameters for clients.
DHCP supports two mechanisms for IP addressallocation:
l Dynamic allocation: The DHCP server allocates an IP address to aclient for a limited period of time (or until the client explicitlyrelinquishes the IP address).
l Manual allocation: Network administrators specify IP addresses forclients. Administrators can allocate specifiedIP addresses to clients by using DHCP.
Scenarios
DHCP needs to be enabled on routers to meetenterprises' requirement that a host connecting to the network should be ableto automatically obtain an IP address without extra configuration.
I.Networking Requirements
Requirement 1: common DHCP configuration
Requirement 2: Static IP addresses need to beallocated to specific PCs.
II. Networking Topology
.files/image077.jpg)
III. Configuration Tips
1. Enable the DHCP service.
2. Configure the DHCP address pool.
3. (Optional) Configure IP addresses that cannot be allocated to PCs.
4. (Optional) Specify static IP addresses that need to be allocated tospecific PCs.
5. Verify and save the configuration.
IV. Configuration Steps
Requirement 1: common DHCP configuration
1. Enable the DHCP service.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#servicedhcp //Enable the DHCPservice(the DHCP service is disabled on RSR series routers by default and this command must be executed to enable it).
2. Configure the DHCP address pool.
Ruijie(config)#ip dhcp pool ruijie //Create a DHCP address pool named ruijie.
Ruijie(dhcp-config)#lease 1 2 3 //1, 2, and 3 indicate day, hour, and minute respectively (addressesare released after 24 hours by default).
Ruijie(dhcp-config)#network 192.168.1.0 255.255.255.0 //The range of addresses that can be allocatedis 192.168.1.1 to 192.168.1.254.
Ruijie(dhcp-config)#dns-server 8.8.8.8 6.6.6.6 //8.8.8.8 indicates the IP address of theprimary DNS server and 6.6.6.6 indicates the IP address of the secondary DNSserver.
Ruijie(dhcp-config)#default-router 192.168.1.1 //Gateway address. Only the IP address is required while the subnetmask is not needed.
Ruijie(dhcp-config)#exit
4. (Optional) Configure IP addresses that cannot be allocated to PCs.
Ruijie(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10 //192.168.1.1to 192.168.1.10 should not be allocated by the DHCP server.
5. Verify and save the configuration.
Ruijie(config)#end
Ruijie#write //Verify and save the configuration.
Verification
1) Set the network adapter of a PC to automatically obtain an IPaddress and then check whether the network adapter successfully obtains an IPaddress.
Right-click the network adapter of the PC,choose Status from the shortcut menu, and then click Details. TheIP address obtained by the network adapter and other parameter values aredisplayed.
.files/image078.png)
2) Display information about the IP address dynamically allocated onthe router.
.files/image079.jpg)
Requirement 2: Static IP addresses need tobe allocated to specific PCs.
DHCP manual allocation. Assume that the PCwith the MAC address of f0de.f17f.cb4c is required to automatically obtain theIP address 192.168.1.88.
Therefore, the DHCP server needs to allocatestatic IP addresses to clients with specific MAC addresses. There are twomethods of allocating IP addresses based on the client MAC address identifierin the clients' DHCP requests:
1) Run the client-identifier 01+mac address command (01indicates that the network type is Ethernet).
2) Run the hardware-address macaddress command.
Notes:
It is recommended that the client-identifier command be executed to allocate static IP addresses toclients with specific MAC addresses. If IP addressesfail to be manually allocated using the client-identifier command, runthe hardware-address command.
1. Enable the DHCP service.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#servicedhcp //Enable the DHCPservice(the DHCP service is disabled on RSR series routers by default and this command must be executed to enable it).
2. Specify static IP addresses that need to be allocated to specificPCs.
Ruijie(config)#ip dhcp pool zhangsan //Set the name of the static IP address poolto zhangsan.
Ruijie(dhcp-config)#client-identifier01f0.def1.7fcb.4c//Configure the client MAC address (this mode is recommended).
(Optional) Ruijie(dhcp-config)#hardware-address f0de.f17f.cb4c //Configure the client MAC address (attempt this commandif an IP address fails to be manually allocated using the client-identifiercommand).
Ruijie(dhcp-config)#host 192.168.1.88 255.255.255.0 //Configure thestatic IP address to be allocated and its subnet mask.
Ruijie(dhcp-config)#dns-server 8.8.8.8 6.6.6.6 //8.8.8.8 indicates the IP address of theprimary DNS server and 6.6.6.6 indicates the IP address of the secondary DNSserver.
Ruijie(dhcp-config)#default-router 192.168.1.1 //Configure the user gateway.
3. Verify and save the configuration.
Ruijie(config)#end
Ruijie#write //Verify and save the configuration.
Verification
1) Set the network adapter of a PC to automatically obtain an IPaddress and then check whether the network adapter successfully obtains an IPaddress.
Right-click the network adapter of the PC,choose Status from the shortcut menu, and then click Details. TheIP address obtained by the network adapter and other parameter values aredisplayed.
.files/image080.jpg)
2) Display information about the allocated IP address on the router.
.files/image081.jpg)
Features
The Dynamic Host Configuration Protocol(DHCP) relay is also called DHCP relay agent. If a DHCP client is in the sameIP network segment as the DHCP server, the DHCP client can correctly obtain anIP address that is dynamically allocated. If a DHCP client is not in the sameIP network segment as the DHCP server, DHCP relay agent is required. DHCP relayagent breaks the limitation that a DHCP server must exist in each IP networksegment. It is capable of transmitting DHCP messages to a DHCP server in a differentIP network segment and transmitting messages from a server to a DHCP clientthat is not in the same IP network segment as the DHCP server.
Scenarios
An enterprises needs to deploy a DHCP serverbut intranet users are not in the same network segment as the DHCP server. TheDHCP relay function needs to be enabled on the gateway router of the users.
I.Networking Requirements
1) The DHCP server is an intranet server with the IP address of192.168.2.100.
2) Intranet user hosts are connected to a router, which is in adifferent IP network segment from the DHCP server. The user hosts canautomatically obtain IP addresses only by using DHCP relay.
II. Networking Topology
.files/image082.jpg)
III. Configuration Tips
1. Enable the DHCP service.
2. Enable DHCP relay.
3. Verify and save the configuration.
IV. Configuration Steps
Notes:
1) The DHCP server can be a Windows- orLinux-based host with the DHCP service enabled or a router or switch configuredwith the DHCP service.
2) If an RSR router functions as a DHCPserver, see section "DHCP" for the configuration (choose TypicalConfiguration>Basic Function Configuration>DHCP>DHCP).
3) Ensure that the DHCPserver functions properly. Test method: Connect a PC to a switch that is in thesame network segment as the DHCP server and set the server IP address to be inthe same IP address segment as the DHCP client. Then, check whether the PCautomatically obtains an IP address.
1. Enable the DHCP service.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#servicedhcp //Enable the DHCP service(the DHCP service is disabled on RSR series routers by default and this command must be executed to enable it).
2. Enable DHCP relay.
Ruijie(config)#ip helper-address 192.168.2.100 //Set the address of the DHCP relay to192.168.2.100.
3. Verify and save the configuration.
Ruijie(config)#end
Ruijie#write //Check that the configuration iscorrect and save the configuration.
V. Verification
1) Set the network adapter of a PC to automatically obtain an IPaddress and then check whether the network adapter successfully obtains an IPaddress.
Right-click the network adapter of the PC,choose Status from the shortcut menu, and then click Details. TheIP address obtained by the network adapter and other parameter values aredisplayed.
2) Display information about the IP address dynamically allocated onthe router.
.files/image083.jpg)
Features:
During operation, the device may encounterstatus changes (for example, the link status may switch between UP and DOWN)and some events (such as abnormal packets and handling exceptions). Ruijieproduct logs provide a mechanism where in case of status changes or events,messages in a fixed format are automatically generated and displayed in relatedwindows (such as the console and Virtual Teletype Terminal (VTY)) or saved inrelated media (such as the memory buffer and flash) or transmitted to a set oflog servers on the network for network diagnosis and troubleshooting by theadministrator. To facilitate the administrator to read and manage logs andpackets, the logs and packets can be marked with timestamps and numbers andclassified by priorities.
I.Networking Requirements
When an exception occurs in the device, theadministrator can check the cause via logs, and analyze and locate faults.
II. Configuration Tips
1. Enable/disable logs.
2. Enable log display on the VTY window.
3. Configure the buffer memory space for logs.
4. Save logs in the flash.
5. Send logs to the Syslog Server on the network.
6. Enable the log timestamp.
7. Run the CLI command to save logs.
III. Configuration Steps
1. Enable/disable logs.
Logs are enabled by default. If logs aredisabled, the device will not print logs on the user window or send them to theSyslog Server or save them in related media (such as the buffer memory orflash).
Ruijie(config)#loggingon //Enables logs.
Ruijie(config)#nologging on //Disables logs.Generally it is not recommended.
2. Enable log display on the VTY window.
Note:
Log in to the device through Telnet and SSH.Logs are not displayed by default. To display them, run the terminal monitorcommand.
Ruijie#terminalmonitor //Enables log display onthe VTY window.
Ruijie#terminalno monitor //Disables logdisplay on the VTY window.
3. Configure the buffer memory space for logs.
Ruijie(config)#loggingbuffered 1000000 7 //1000000indicates that the buffer memory space of logs is 1,000,000 bytes (when logsexceed the threshold, old logs are overwritten). 7 indicates that all logs(including debugging data) are saved.
4. Save logs in the flash.
Ruijie(config)#loggingfile flash:log 6000000 7 //6000000indicates that the buffer memory space of logs is 6,000,000 bytes (when logsexceed the threshold, old logs are overwritten). 7 indicates that all logs(including debugging data) are saved. 16 log.txt files are generated bydefault. Each file has a size of 6 MB and all files occupy 6*16=72 MB in theflash. Please rationally assign the value based on the total size of the flash.
Note:
When an exception occurs in the device, youneed to collect logs and it is recommended to save them in the flash (logs aresaved only in the memory by default and may be lost in case of power failure ordevice restart.)
a) Send logs to the Syslog Server on the network.
Ruijie(config)#loggingserver 192.168.1.2 //192.168.1.2indicates the address of the Syslog Server.
Ruijie(config)#logging trap 7 //(Optional) Configures logs to be sent tothe Syslog Server. 7 indicates that all logs (including debugging data) aresaved.
Ruijie(config)#logging source interface loopback 0 //(Optional) Configures the source IPaddress where the device sends the syslog packets.
Note:
When an exception occurs in the device, youneed to collect logs and it is recommended to send them to the Syslog Server onthe network (logs are saved only in the memory by default and may be lost incase of power failure or device restart.)
5. Enable the log timestamp.
Ruijie(config)#servicetimestamps debug datetime msec //Enablesthe timestamp for debugging data.
Ruijie(config)#servicetimestamps log datetime msec //Enablesthe timestamp for common logs.
6. Run the CLI command to save logs.
Ruijie(config)#logginguserinfo command-log
Features
Static routes are manually configured routes.With static routes, data packets can be transmitted to a specified targetnetwork along preset paths. When no dynamic routing protocol is available forlearning routes to some target networks, configuring static routes is verysignificant.
Scenarios
The network scale of an enterprise is small,with less than five routers, and mutual communication and data sharing arerequired throughout the network. Static routes can be configured on all routersin the network to meet this requirement.
I.Networking Requirements
Configure static routes to implement networkconnectivity.
II. Networking Topology
.files/image084.jpg)
III. Configuration Tips
1. Configure IP addresses for interfaces of Router R1.
2. Configure IP addresses for interfaces of Router R2.
3. Configure a static route for Router R1.
4. Configure a static route for Router R2.
5. Save the configuration.
IV. Configuration Steps
1. Configure IP addresses for interfaces of Router R1.
Ruijie>enable //Enter privileged EXEC mode.
Ruijie#configureterminal //Enter globalconfiguration mode.
Ruijie(config)#interfacefastethernet 0/1
Ruijie(config-if-FastEthernet 0/1)#ip address192.168.1.254 255.255.255.0
Ruijie(config-if-FastEthernet 0/1)#interface fastethernet0/0
Ruijie(config-if-FastEthernet 0/0)#ip address 192.168.3.1255.255.255.0
Ruijie(config-if-FastEthernet 0/0)#exit
2. Configure IP addresses for interfaces of Router R2.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#interfacefastethernet 0/1
Ruijie(config-if-FastEthernet 0/1)#ip address192.168.2.254 255.255.255.0
Ruijie(config-if-FastEthernet 0/1)#interface fastethernet0/0
Ruijie(config-if-FastEthernet 0/0)#ip address 192.168.3.2255.255.255.0
Ruijie(config-if-FastEthernet 0/0)#exit
3. Configure a static route for Router R1.
Notes:
1) The next hop of static routes can be configured to two forms(next-hop IP address and local outbound interface). If the next hop of a staticroute is configured to local outboundinterface, it is considered that the static route is a directly-connected route. In an Ethernet link, ARPinformation about each destination address needs to beparsed. If default routes are configured for a network egress and the next hopis configured to local outbound interface, a large number of ARP packets needto be parsed, which occupies large space in the ARP table. If the ARP proxyfunction is disabled at the peer end, the network may fail. If the next hop ofa static route is configured to next-hop IP address, the static route is deemedto be a common recursive route.
2) When configuring static routes in an Ethernetlink, configure the next hop in the form of outbound interface + next-hop IPaddress. If default routes are configured for a network egress, do notconfigure the next hop to local outbound interface.
3) It is recommended that the next hop of staticroutes be configured to local outbound interface for PPP and HDLC WAN links.
Ruijie(config)#ip route 192.168.2.0 255.255.255.0192.168.3.2 //Configurea static route for forwarding data packets with the destination IP address of192.168.2.0/24 to the device with the IP address of 192.168.3.2.
4. Configure a static route for Router R2.
Ruijie(config)#ip route 192.168.1.0 255.255.255.0192.168.3.1 //Configure astatic route for forwarding data packets with the destination IP address of192.168.1.0/24 to the device with the IP address of 192.168.3.1.
5. Save the configuration.
Ruijie(config)#end //Return to privileged EXEC mode.
Ruijie#write //verify and save the configuration.
V. Verification
1. Ping the intranetaddress of the peer end from an intranet PC. If the ping succeeds, the staticroute is configured correctly.
To ping the intranet address of the peer end,do as follows: Choose Start>Run. In the Run dialog box,enter cmd. In the window that is displayed, enter ping X.X.X.X(X.X.X.X indicates the intranet IP address of the peer end).
2. Run the Ruijie#show ip route command to display informationabout routes.
Example of the static route configured forRouter R1:
Ruijie#showip route
Codes:C -connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
S192.168.2.0/24 [1/0] via 192.168.3.2
C192.168.3.0/24is directly connected, FastEthernet 0/0
C192.168.3.1/32is local host.
C192.168.1.0/24is directly connected, FastEthernet 0/1
C192.168.1.254/32is local host.
Features
When multiple routes with the same prefix exist ona network, the route with a smaller administrative distance (AD) value (routereliability, a smaller value indicates a higher route priority) is selected asthe active route and the route with a larger AD value is used as a standbyroute. When the next hop of the active route is unreachable, the active routedisappears and the standby route takes effect and becomes active. When multiplepaths are reachable to a destination network, you can configure multiple staticroutes and set the AD value for the static routes to implement backup of activeand standby links. This function is called floating static routing.
Scenarios
An enterprise has two egress links, with onefunctioning as active and the other functioning as standby. Normally, users ofthe enterprise access the network through the active link. When the active linkfails, the router automatically switches traffic to the standby link, ensuringnormal operation of the network. In this case, the floating static routingfunction can be enabled on the router.
I.Networking Requirements
1. The router has two paths reachable to the destination network.
2. When the active link (F0/0 in the example) fails (the interface isdown or the link is disconnected), the standby link becomes active.
II. Networking Topology
.files/image085.png)
III. Configuration Tips
1. Configure interface IP addresses for Router R1.
2. Configure interface IP addresses for Router R2.
3. Configure a static route for Router R1.
4. Configure a static route for Router R2.
IV. Configuration Steps
1. Configure interface IP addresses for Router R1.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#interface fastethernet 0/2
Ruijie(config-if-FastEthernet 0/2)#ip address192.168.4.1 255.255.255.0
Ruijie(config-if-FastEthernet 0/2)#interfacefastethernet 0/1
Ruijie(config-if-FastEthernet 0/1)#ip address192.168.1.254 255.255.255.0
Ruijie(config-if-FastEthernet 0/1)#interfacefastethernet 0/0
Ruijie(config-if-FastEthernet 0/0)#ip address192.168.3.1 255.255.255.0
Ruijie(config-if-FastEthernet 0/0)#exit
2. Configure interface IP addresses for Router R2.
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#interfacefastethernet 0/2
Ruijie(config-if-FastEthernet 0/2)#ip address192.168.4.2 255.255.255.0
Ruijie(config-if-FastEthernet 0/2)#interfacefastethernet 0/1
Ruijie(config-if-FastEthernet 0/1)#ip address192.168.2.254 255.255.255.0
Ruijie(config-if-FastEthernet 0/1)#interfacefastethernet 0/0
Ruijie(config-if-FastEthernet 0/0)#ip address192.168.3.2 255.255.255.0
Ruijie(config-if-FastEthernet 0/0)#exit
3. Configure a static route for Router R1.
Notes:
1) The next hop of static routes can be configured to two forms(next-hop IP address and local outbound interface). If the next hop of a staticroute is configured to local outboundinterface, it is considered that the static route is a directly-connected route. Inan Ethernet link, ARP information about each destination address needs to be parsed. If defaultroutes are configured for a network egress and the next hop is configured tolocal outbound interface, a large number of ARP packets need to be parsed,which occupies large space in the ARP table. If the ARP proxy function isdisabled at the peer end, the network may fail. If the next hop of a staticroute is configured to next-hop IP address, the static route is deemed to be acommon recursive route.
2) It is recommended that the next hop of a static route be configuredto next-hop IP address in an Ethernet link. If default routes are configured fora network egress, do not configurethe next hop to local outbound interface.
3) The next hop of static routes can be configured to local outboundinterface or next-hop IP address in PPP and HDLC WAN links, because PPP andHDLC links are point-to-point links and Layer-2 address resolution is notinvolved.
4) If the next hop of a static route is configured to local outboundinterface, it is considered that the static route is a directly-connected route and thedefault AD is 0. If the next hop of a static route is configured to next-hop IPaddress, it is considered that the static route is a common recursive route and thedefault AD is 1.
Ruijie(config)#ip route 192.168.2.0 255.255.255.0192.168.3.2 //Configure a static route for forwarding data packetswith the destination IP address of 192.168.2.0/24 to the device with the IPaddress of 192.168.3.2.
Ruijie(config)#ip route 192.168.2.0 255.255.255.0192.168.4.2 10 //Configure a staticroute for forwarding data packets with the destination IP address of192.168.2.0/24 to the device with the IP address of 192.168.4.2 and set AD to10 (the default AD is 1 and a smaller AD indicates a higher route priority).
4. Configure a static route for Router R2.
Ruijie(config)#ip route 192.168.1.0 255.255.255.0192.168.3.1 //Configurea static route for forwarding data packets with the destination IP address of192.168.1.0/24 to the device with the IP address of 192.168.3.1.
Ruijie(config)#ip route 192.168.1.0 255.255.255.0192.168.4.1 10 //Configure a static route for forwarding datapackets with the destination IP address of 192.168.1.0/24 to the device withthe IP address of 192.168.4.1 and set AD to 10 (the default AD is 1 and asmaller AD indicates a higher route priority).
V. Verification
Example of the static route configured forRouter R1:
1. Remove the cable of the active link (F0/0)connected to Router R1 and run the Ruijie#show ip route command todisplay the route and check whether the route is switched to the standby link:
Example of the staticroute configured for Router R1:
2. When the active link (F0/0 in the example) isnormal, run the Ruijie#show ip route command to display the route:
Ruijie#showip route
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1 - OSPFNSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
S 192.168.2.0/24 [1/0] via 192.168.3.2 //Data packets destined for 192.168.2.0 aretransmitted along the active link F0/0 and the next hop is 192.168.3.2.
C 192.168.1.0/24is directly connected, FastEthernet 0/1
C 192.168.1.254/32 is local host.
C 192.168.3.0/24 is directly connected, FastEthernet 0/0
C 192.168.3.1/32 is local host.
C 192.168.4.0/24 is directly connected, FastEthernet 0/2
C 192.168.4.1/32is local host.
Ruijie#showip route
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
S 192.168.2.0/24 [10/0] via 192.168.4.2 //Data packets destined for 192.168.2.0 aretransmitted along the standby link F0/2 and the next hop is 192.168.4.2. Theactive/standby links are switched successfully.
C 192.168.1.0/24 is directly connected, FastEthernet 0/1
C 192.168.1.254/32 is local host.
C 192.168.4.0/24is directly connected, FastEthernet 0/2
C 192.168.4.2/32 is local host.
Features
When multiple interfaces on a router belongto the same Virtual Routing & Forwarding (VRF) table and data needs to beforwarded by these interfaces, VRF static routing needs to be configured fordata forwarding.
I.Networking Requirements
As shown in the following figure, InterfacesF0/0 and F0/2 of Router R1 belong to the VRF table named abc, Router R2 is acommon global router, and network-wide interworking needs to be implemented.
II. Networking Topology
.files/image086.png)
III. Configuration Tips
1. Configure a VRF table named abc on Router R1.
2. Configure basic IP addresses.
3. Add interfaces on Router R1 to the VRF table.
4. Configure static routes.
IV. Configuration Steps
1. Configure a VRF table named abc on Router R1.
Notes:
VRF is locally effective. When VRF is enabledat the local end, interfaces on the local router that belong to the same VRFtable can interwork with each other. Interfaces that belong to different VRFtables are logically isolated, regardless of whether VRF is enabled on the peerrouter.
Ruijie(config)#hostnameR1
R1(config)#ipvrf abc //Enable a VRF tablenamed abc on the router.
R1(config-vrf)#exit
2. Configure basic IP addresses.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip ref
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip ref
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip ref
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip ref
R2(config-if-FastEthernet0/1)#ip address 10.2.1.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
3. Add interfaces on Router R1 to the VRF table.
Notes:
When an interface is added to a VRF table andan IP address has been configured for the interface, the IP address will be deleted andyou need to reconfigure an IP address for the interface.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip vrf forwarding abc//Configure the VRF table named ABC.
% Interface FastEthernet 0/2 IP address 192.168.1.1 removeddue to enabling VRF abc
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0 //Reconfigure an IP address for Interface F0/2.
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip vrf forwarding abc //Addthe interface to the VRF table named abc.
%Interface FastEthernet 0/0 IP address 10.1.1.1 removed due to enabling VRF abc
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0 //Reconfigure an IP address for the interface.
R1(config-if-FastEthernet0/0)#exit
4. Configure static routes.
Notes:
In addition to commands for configuringstatic routes, the vrf abc command needs to be executed forconfiguring VRF static routes. The precautions for configuring VRF staticroutes are the same as those for configuring common static routes. For details,see static route configuration.
R1(config)#iproute vrf abc 10.2.1.0 255.255.255.0 192.168.1.2 //Configure a static route in the VRF table namedabc.
R2(config)#iproute 10.1.1.0 255.255.255.0 192.168.1.1 //Configure a common static route on R2 because VRF is notenabled on Router R2.
V. Verification
1. Ping the intranet address of the peer end froman intranet PC. If the ping operation succeeds, the VRF static routing isconfigured correctly.
To ping theintranet address of the peer end, do as follows: Choose Start > Run. In theRun dialog box, enter cmd. In the window that is displayed, enter ping X.X.X.X(X.X.X.X indicates the intranet IP address of the peer end).
2. Run the show ip route vrf abc command todisplay the VRF route.
R1#show iproute vrf abc
RoutingTable: abc
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
C 10.1.1.0/24 is directly connected, FastEthernet 0/0
C 10.1.1.1/32 is local host.
S 10.2.1.0/24 [1/0] via 192.168.1.2
C 192.168.1.0/24 is directly connected, FastEthernet 0/2
C 192.168.1.1/32 is local host.
Features
The Routing Information Protocol (RIP) is anold routing protocol, which is widely applied in small-sized networks andnetworks using the same medium. RIP adopts the distance vector algorithm andtherefore it is a distance vector protocol. RIPv1 is defined in RFC 1058 andRIPv2 is defined in RFC 2453. Ruijie RGOS software supports both RIPv1 andRIPv2. RIP uses UDP packets to exchange routing information and the UDP port IDis 520. Normally, RIPv1 packets are broadcast packets while RIPv2 packets aremulticast packets, with the multicast address of 224.0.0.9. RIP sends an updatepacket every other 30 seconds. If a device fails to receive a route updatepacket from the peer end within 180 seconds, it marks all routes from the peerend as unreachable. After that, if the device still fails to receive a routeupdate packet from the peer end within 120 seconds, the device deletes theroutes from the routing table.
Scenarios
The network scale of an enterprise is small,with less than ten routers, and mutual communication and data sharing arerequired throughout the network. Therefore, RIP needs to be enabled on allrouters in the network.
I.Networking Requirements
The RIP protocol needs to run on routersthroughout the network so that routes across the network are reachable.
II. Networking Topology
.files/image087.png)
III. Configuration Tips
1. Configure basic IP addresses for routersthroughout the network.
2. Enable RIP on routers throughout the network andadvertise interfaces to the RIP process.
IV. Configuration Steps
1. Configure basic IP addresses for routersthroughout the network.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 10.1.1.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 192.168.2.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
Ruijie(config)#hostnameR3
R3(config)#interfacefastEthernet 0/0
R3(config-if-FastEthernet0/0)#ip address 10.4.1.1 255.255.255.0
R3(config-if-FastEthernet0/0)#exit
R3(config)#interfacefastEthernet 0/1
R3(config-if-FastEthernet0/1)#ip address 192.168.2.2 255.255.255.0
R3(config-if-FastEthernet0/1)#exit
2. Enable RIP on routers throughout the network andadvertise interfaces to the RIP process.
Notes:
1) There are two RIP versions: RIPv1 and RIPv2.RIPv2 uses multicast update packets to replace broadcast update packets andcarries mask information of routes in the packets. Therefore, RIPv2 isrecommended.
2) When the network command is executed toadvertise a network over RIP, onlythe classful network is advertised even if a subnetaddress is entered in this command. All interfaces that belong to this classfulnetwork will be advertised to the RIP process.
3) By default, RIP performs automatic summarization atthe border of the classful network. If the classful network is discontinuous, a routing learningexception will be incurred. Therefore, it is recommended that automaticsummarization be disabled after RIP is enabled, and manual summarization beadopted.
R1(config)#routerrip
R1(config-router)#version2 //Enable RIPv2.
R1(config-router)#noauto-summary //Disableautomatic summarization.
R1(config-router)#network192.168.1.0 //Advertise thenetwork segment 192.168.1.0 to the RIP process.
R1(config-router)#network10.0.0.0
R1(config-router)#exit
R2(config)#routerrip
R2(config-router)#version2
R2(config-router)#noauto-summary
R2(config-router)#network192.168.1.0
R2(config-router)#network192.168.2.0
R2(config-router)#exit
R3(config)#routerrip
R3(config-router)#version2
R3(config-router)#noauto-summary
R3(config-router)#network192.168.2.0
R3(config-router)#network10.0.0.0
R3(config-router)#exit
V. Verification
Check routes on routers throughout thenetwork. If each router successfully learns routes throughout the network, RIPis configured correctly.
.files/image088.jpg)
Features
The Routing Information Protocol (RIP) is anold routing protocol, which is widely applied in small-sized networks andnetworks using the same medium. RIP adopts the distance vector algorithm andtherefore it is a distance vector protocol. RIPv1 is defined in RFC 1058 andRIPv2 is defined in RFC 2453. Ruijie RGOS software supports both RIPv1 andRIPv2. RIP uses UDP packets to exchange routing information and the UDP portID is 520. Normally, RIPv1 packets are broadcast packets while RIPv2 packetsare multicast packets, with the multicast address of 224.0.0.9. RIP sends anupdate packet every other 30 seconds. If a device fails to receive a route update packet from thepeer end within 180 seconds, it marks all routes from the peer end asunreachable. After that, if the device still fails to receive a route updatepacket from the peer end within 120 seconds, the device deletes the routes fromthe routing table.
I.Networking Requirements
As shown in the following figure, InterfacesF0/0 and F0/2 of Router R1 belong to a VRF table named abc, and Router R2 is acommon global router. The RIP protocol needs to be configured on routersthroughout the network to so that routes across the network are reachable.
II. Networking Topology
III. Configuration Tips
1. Configure a VRF table named abc on Router R1.
2. Configure basic IP addresses.
3. Add interfaces on Router R1 to the VRF table.
4. Enable RIP on routers throughout the network andadvertise interfaces to the RIP process.
IV. Configuration Steps
1. Configure a VRF table named abc on Router R1.
Notes:
VRF is locally effective. When VRF is enabledat the local end, interfaces on the local router that belong to the same VRFtable can interwork with each other. Interfaces that belong to different VRF tablesare logically isolated, regardless of whether VRF is enabled on the remoterouter.
Ruijie(config)#hostnameR1
R1(config)#ipvrf abc //Enable a VRF tablenamed abc on the router.
R1(config-vrf)#exit
2. Configure basic IP addresses.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 10.2.1.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
3. Add interfaces on Router R1 to the VRF table.
Notes:
When an interface is added to a VRF table andan IP address has been configured for the interface, the IP address will be deleted andyou need to reconfigure an IP address for the interface.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip vrf forwarding abc
% Interface FastEthernet 0/2 IP address 192.168.1.1 removeddue to enabling VRF abc
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0 //Reconfigure an IP address for Interface F0/2.
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip vrf forwarding abc
% InterfaceFastEthernet 0/0 IP address 10.1.1.1 removed due to enabling VRF abc
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
4. Enable RIP on routers throughout the network andadvertise interfaces to the RIP process.
Notes:
To configure VRF RIP, run the address-familyipv4 vrf command after enabling RIP. The precautions for configuring VRFRIP are the same as those for configuring common RIP. For details, see RIPbasic configuration.
R1(config)#routerrip
R1(config-router)#address-familyipv4 vrf abc //Enable RIPafter enabling the VRF table named abc.
R1(config-router-af)#version2 //Enable RIPv2.
R1(config-router-af)#noauto-summary //Disable automaticsummarization.
R1(config-router-af)#network192.168.1.0 //Advertise thenetwork segment 192.168.1.0 to the RIP process.
R1(config-router-af)#network10.0.0.0
R1(config-router-af)#exit
R1(config-router)#exit
R2(config)#routerrip
R2(config-router)#version2
R2(config-router)#noauto-summary
R2(config-router)#network192.168.1.0
R2(config-router)#network10.0.0.0
R2(config-router)#exit
V. Verification
Check the VRF routing table on Router R1 andglobal routing tables on other routers. If each router successfully learnsroutes throughout the network, VRF RIP is configured correctly.
R1#show iproute vrf abc
RoutingTable: abc
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
C 10.1.1.0/24 is directly connected, FastEthernet 0/0
C 10.1.1.1/32 is local host.
R 10.2.1.0/24 [120/1] via 192.168.1.2, 00:02:53,FastEthernet 0/2
C 192.168.1.0/24 is directly connected, FastEthernet 0/2
C 192.168.1.1/32 is local host.
Features
The route redistribution functionimports routes learnt from other routing protocols to the Routing InformationProtocol (RIP) domain.
Scenarios
Multiple routing protocols are enabled on thenetwork of an enterprise, and mutual communication and data sharing arerequired throughout the network. Therefore, routes learnt by other routingprotocol need to be imported to the RIP domain.
I.Networking Requirements
In addition to RIP, other routing protocolsrun on the network, and routes learnt by other routing protocols need to beredistributed to RIP.
II. Networking Topology
.files/image089.jpg)
III. Configuration Tips
1. Configure IP addresses and basic RIP informationfor routers throughout the network.
2. Configure a static route destined for thenetwork 10.1.2.0/24 on Router R1.
3. Redistribute the static route to the RIPdomain.
IV. Configuration Steps
1. Configure IP addresses and basic RIP informationfor routers throughout the network.
For the configuration, see RIP basicconfiguration (choose Typical Configuration>IP Routing>RIP>BasicConfiguration).
2. Configure a static route destined for thenetwork 10.1.2.0/24 on Router R1.
R1(config)#iproute 10.1.2.0 255.255.255.0 192.168.11.2
3. Redistribute the static route to the RIP domain.
Notes:
1) The commands for RIP to redistribute routes learnt by other routingprotocols are as follows:
R1(config)#routerrip
R1(config-router)#redistribute?
bgp Border Gateway Protocol (BGP)
connected Connected
ospf Open Shortest Path First (OSPF)
static Static routes
1) External routesimported by RIP are effective routes on the local router and must be the routes that can be displayed after the show ip route command isexecuted on the local router.
2) A metric must be specified for external routes imported by RIP. The default metric value isinfinite and the imported external routes with the metric unspecified areineffective.
The following example is based on importof a static route by RIP. The import of other routes is the same as that of astatic route.
R1(config)#routerrip
R1(config-router)#redistributestatic metric 1 //Redistributethe static route to the RIP domain and set metric to 1.
R1(config-router)#exit
V. Verification
Check routes on other routers. If the otherrouters successfully learn the route destined for the external network10.1.2.0/24, redistribution is configured correctly.
.files/image090.jpg)
Features
The route summarization function enables theRouting Information Protocol (RIP) to summarize specific routes learnt by orgenerated by RIP and transfer them to RIP neighbors, so as to reduce routeentries on routers.
Scenarios
There are numerous IP network segments in thenetwork of an enterprise. Route summarization can be configured on routers toreduce route entries on the routers and improve router performance.
I.Networking Requirements
Specific routes learnt by RIP need to besummarized to reduce route entries.
II. Networking Topology
III. Configuration Tips
1. Configure IP addresses and basic RIP informationfor routers throughout the network.
2. Configure route summarization.
IV. Configuration Steps
1. Configure IP addresses and basic RIP informationfor routers throughout the network.
For the configuration, see RIP basicconfiguration (choose Typical Configuration > IP Routing > RIP> Basic Configuration).
2. Configure route summarization.
Notes:
1) RIP can summarize routes generated by RIP orlearnt from neighbors on outbound interfaces, but cannot perform supernettingsummarization on these routes.
2) Automatic summarization mustbe disabled before routes learnt or generated by RIPare manually summarized.
R1(config)#routerrip
R1(config-router)#noauto-summary //Disableautomatic summarization.
R1(config-router)#exit
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip rip summary-address 10.1.0.0 255.255.0.0 //Summarize the route as 10.1.0.0/16.
R1(config-GigabitEthernet0/0)#exit
V. Verification
Check routes on routers throughout thenetwork. If all the routers correctly learn the summarized route, routesummarization of RIP is configured correctly.
.files/image091.jpg)
Features
The Open Shortest Path First (OSPF) protocolis a link status-based internal gateway routing protocol, developed by the OSPFWorking Group of Internet Engineering Task Force (IETF). OSPF is exclusivelydesigned for IP. It directly runs at the IP layer and the protocol ID is 89.OSPF packets are exchanged in multicast mode, with the multicast address of224.0.0.5 (to all OSFP routers) or 224.0.0.6 (to designated routers). When anOSPF routing domain is large, a hierarchical structure is often adopted. That is,an OSPF routing domain is divided into several areas, which are interconnectedthrough a backbone area. Each non-backbone area needs to be directly connectedto the backbone area.
Scenarios
The network scale of an enterprise is large,with more than ten routers, and mutual communication and data sharing arerequired throughout the network. Therefore, OSPF needs to be enabled on allrouters in the network.
I.Networking Requirements
The OSPF protocol needs to run on routersthroughout the network so that routes across the network are reachable.
II. Networking Topology
.files/image092.jpg)
III. Configuration Tips
1. Configure basic IP addresses for routersthroughout the network.
2. Enable OSPF on routers throughout the networkand advertise interfaces to a specified area.
3. (Optional) Adjust the OSPF network type forEthernet interfaces.
IV. Configuration Steps
1. Configure basic IP addresses for routersthroughout the network.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 10.1.1.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
R1(config)#interfaceloopback 0 //Configure theaddress of Interface loopback 0 as router ID of OSPF.
R1(config-Loopback0)#ip address 1.1.1.1 255.255.255.255
R1(config-Loopback0)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 192.168.2.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
R2(config)#interfaceloopback 0
R2(config-if-Loopback0)#ip address 2.2.2.2 255.255.255.255
R2(config-if-Loopback0)#exit
Ruijie(config)#hostnameR3
R3(config)#interfacefastEthernet 0/0
R3(config-if-FastEthernet0/0)#ip address 192.168.3.1 255.255.255.0
R3(config-if-FastEthernet0/0)#exit
R3(config)#interfacefastEthernet 0/1
R3(config-if-FastEthernet0/1)#ip address 192.168.2.2 255.255.255.0
R3(config-if-FastEthernet0/1)#exit
R3(config)#interfaceloopback 0
R3(config-if-Loopback0)#ip address 3.3.3.3 255.255.255.255
R3(config-if-Loopback0)#exit
Ruijie(config)#hostnameR4
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.3.2 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 10.4.1.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
R1(config)#interfaceloopback 0
R1(config-Loopback0)#ip address 4.4.4.4 255.255.255.255
R1(config-Loopback0)#exit
2. Enable OSPF on routers throughout the networkand advertise interfaces to a specified area.
Notes:
1) An OSPF process ID only indicates an OSPFprocess on the local router. OSPF process IDs of routers throughout the networkcan be different.
2) When establishing a neighbor relationship, OSPFdetects the area ID in the hello packet from the peer end. If the local router and peer router are in thesame link, the OSPF area IDs at both ends must be the same.
3) The network command is described asfollows: It is used to define an interface on which OSPF is to be enabled. Suchan interface is matched using the form of IP network segment + wildcard mask (0means that the equivalent bit must match and 1 means that the equivalent bitdoes not matter). It is recommended that the interface IP address be appendedbehind network and the wildcard mask be set to 0.0.0.0. Then, theinterface with the IP address will be advertised to the OSPF process.
R1(config)#routerospf 1 //Enable OSPF and setthe process ID to 1.
R1(config-router)#network192.168.1.1 0.0.0.0 area 1 //Advertisethe interface with the IP address of 192.168.1.1 to the OSPF area 1.
R1(config-router)#network10.1.1.1 0.0.0.0 area 1
R1(config-router)#exit
R2(config)#routerospf 1
R2(config-router)#network192.168.1.2 0.0.0.0 area 1
R2(config-router)#network192.168.2.1 0.0.0.0 area 0
R2(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#network192.168.2.2 0.0.0.0 area 0
R3(config-router)#network192.168.3.1 0.0.0.0 area 2
R3(config-router)#exit
R4(config)#routerospf 1
R4(config-router)#network192.168.3.2 0.0.0.0 area 2
R4(config-router)#network10.4.1.1 0.0.0.0 area 2
R4(config-router)#exit
3. (Optional) Adjust the OSPF network type forEthernet interfaces.
Notes:
The default OSPF network type of Ethernetinterfaces is broadcast. A Designated Router (DR)/Backup Designated Router(BDR) is elected within 40 seconds of waiting time. For point-to-point Ethernetinterconnection interfaces, it is recommended that the OSPF network type of interfaces at both ends beset to point-to-point, to accelerate convergence of the OSPF neighborrelationship.
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip ospf network point-to-point //Set the OSPF network type of the interface topoint-to-point (The OSPF network type at both ends of a link must be the same).
R2(config-if-FastEthernet0/1)#exit
R3(config)#interfacefastEthernet 0/1
R3(config-if-FastEthernet0/1)#ip ospf network point-to-point
R3(config-if-FastEthernet0/1)#exit
V. Verification
1. Check whether an OSPF neighbor relationship is establishedbetween adjacent routers and the neighbor status. If adjacentrouters successfully establish a neighbor relationship and the neighbor statusis full, OSPF runs properly.
Notes:
When the OSPF network type is multi-accessnetwork, the neighbor relationship between DR others is 2-way and the neighborstatus cannot be full.
.files/image093.jpg)
2. Check routes on routers throughout the network. If each routersuccessfully learns routes throughout the network, OSPF is configuredcorrectly.
.files/image094.jpg)
Features
The OpenShortest Path First (OSPF) protocol is a link status-based internal gatewayrouting protocol, developed by the OSPF Working Group of Internet EngineeringTask Force (IETF). OSPF is exclusively designed for IP. It directly runs at theIP layer and the protocol ID is 89. OSPF packets are exchanged in multicastmode, with the multicast address of 224.0.0.5 (to all OSFP routers) or224.0.0.6 (to designated routers). When an OSPF routing domain is large, ahierarchical structure is often adopted. That is, an OSPF routing domain isdivided into several areas, which are interconnected through a backbone area.Each non-backbone area needs to be directly connected to the backbone area.
I.Networking Requirements
As shown inthe following figure, Interfaces F0/0 and F0/2 of Router R1 belong to a VRFtable named abc and Router R2 is a common global router. The OSPF protocolneeds to be configured on routers throughout the network (the entire network isin Area 0) so that routes across the network are reachable.
II. Networking Topology
III. Configuration Tips
1. Configure a VRF table named abc on Router R1.
2. Configure basic IP addresses.
3. Add interfaces on Router R1 to the VRF table.
4. Enable OSPF on routers throughout the networkand advertise interfaces to the OSPF process.
IV. Configuration Steps
1. Configure a VRF table named abc on Router R1.
Notes:
VRF islocally effective. When VRF is enabled at the local end, interfaces on thelocal router that belong to the same VRF table can interwork with each other.Interfaces that belong to different VRF tables are logically isolated,regardless of whether VRF is enabled on the remote router.
Ruijie(config)#hostnameR1
R1(config)#ipvrf abc //Enable a VRF tablenamed abc on the router.
R1(config-vrf)#exit
2. Configure basic IP addresses.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
R1(config)#interfaceloopback 0 //Configure theaddress of Interface loopback 0 as router ID of OSPF.
R1(config-Loopback0)#ip address 1.1.1.1 255.255.255.255
R1(config-Loopback0)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 10.2.1.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
R2(config)#interfaceloopback 0
R2(config-if-Loopback0)#ip address 2.2.2.2 255.255.255.255
R2(config-if-Loopback0)#exit
3. Add interfaces on Router R1 to the VRF table.
Notes:
1) When an interface is added to a VRF table and an IP address isconfigured for the interface, the IPaddress will be deleted and you need to reconfigure anIP address for the interface.
2) When the address of the loopback interface is used as router ID ofOSPF, the loopback interface does not need to be added to the VRF table.
R1(config)#interfacefastEthernet 0/2
R1(config-if-FastEthernet0/2)#ip vrf forwarding abc //Addthe interface to the VRF table.
% Interface FastEthernet 0/2 IP address 192.168.1.1 removeddue to enabling VRF abc
R1(config-if-FastEthernet0/2)#ip address 192.168.1.1 255.255.255.0 //Reconfigure an IP address for Interface F0/2.
R1(config-if-FastEthernet0/2)#exit
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip vrf forwarding abc
%Interface FastEthernet 0/0 IP address 10.1.1.1 removed due to enabling VRF abc
R1(config-if-FastEthernet0/0)#ip address 10.1.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
4. Enable OSPF on routers throughout the networkand advertise interfaces to the OSPF process.
Notes:
Toconfigure VRF OSPF, associate the OSPF process with a relevant VRF table duringenabling of the OSFP process. The precautions for configuring VRF OSPF are thesame as those for configuring common OSPF. For details, see OSPF basicconfiguration.
R1(config)#routerospf 1 vrf abc//Enable OSPF process 1 in the VRF table named abc.
R1(config-router)#network192.168.1.1 0.0.0.0 area 0 //Advertisethe interface with the IP address of 192.168.1.1 to the OSPF area 1.
R1(config-router)#network10.1.1.1 0.0.0.0 area 0
R1(config-router)#exit
R2(config)#routerospf 1
R2(config-router)#network192.168.1.2 0.0.0.0 area 0
R2(config-router)#network10.2.1.1 0.0.0.0 area 0
R2(config-router)#exit
V. Verification
1. Check whether an OSPF neighbor relationship isestablished between adjacent routers and the neighbor status. If adjacentrouters successfully establish a neighbor relationship and the neighbor statusis full, OSPF runs properly.
R1#show ipospf neighbor
OSPFprocess 1, 1 Neighbors, 1 is Full:
NeighborID Pri State BFD State Dead Time Address Interface
2.2.2.2 1 Full/BDR - 00:00:36 192.168.1.2 FastEthernet 0/2
Check theVRF routing table on Router R1 and global routing tables on other routers. Ifeach router successfully learns routes throughout the network, VRF OSPF isconfigured correctly.
R1#show iproute vrf abc
RoutingTable: abc
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
C 10.1.1.0/24 is directly connected, FastEthernet 0/0
C 10.1.1.1/32 is local host.
O 10.2.1.0/24 [110/2] via 192.168.1.2, 00:10:21,FastEthernet 0/2
C 192.168.1.0/24is directly connected, FastEthernet 0/2
C 192.168.1.1/32 is local host.
Features
The route redistribution function importsroutes learnt from other routing protocols to the Open Shortest Path First(OSPF) domain.
Scenarios
Multiple routing protocols are enabled on thenetwork of an enterprise, and mutual communication and data sharing arerequired throughout the network. Therefore, routes learnt by other routingprotocol need to be imported to the OSPF domain.
I.Networking Requirements
In addition to OSPF, other routing protocolsrun on the network, and routes learnt by other routing protocols need to beredistributed to OSPF.
II. Networking Topology
.files/image095.png)
III. Configuration Tips
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
2. Configure a static route destined for thenetwork 10.1.2.0/24 on Router R1.
3. Redistribute the static route to the OSPFdomain.
IV. Configuration Steps
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration > IP Routing > OSPF> Basic Configuration).
2. Configure a static route destined for thenetwork 10.1.2.0/24 on Router R1.
R1(config)#iproute 10.1.2.0 255.255.255.0 192.168.11.2
3. Redistribute the static route to the OSPFdomain.
Notes:
1) The commands for OSPF to redistribute routes learnt from otherrouting protocols are as follows:
R1(config)#routerospf 1
R1(config-router)#redistribute?
bgp Border Gateway Protocol (BGP)
connected Connected
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
2) There are two metric types for external routes imported by OSPF:type 1 and type 2.
a. Metric type 1: The internal cost is superposed when routes aretransmitted within the OSPF domain. If an internal network needs to select aroute for an imported external route, type 1 is recommended (the default metrictype is 2 for imported external routes).
b. Metric type 2: The internal cost is not superposed when routesare transmitted within the OSPF domain.
R1(config)#routerospf 1
R1(config-router)#redistributestatic metric-type ?
1 SetOSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
3) External routes imported by OSPF are effective routes on the localrouter and must be the routes that can be displayed after the show ip routecommand is executed on the local router.
4) When a route is redistributed to the OSPF domain, subnets must be appended.Otherwise, only main class network routes are redistributed.
The following example is based on import of astatic route by OSPF. The import of other routes is the same as that of astatic route.
R1(config)#routerospf 1
R1(config-router)#redistributestatic subnets //Redistribute the static route.
R1(config-router)#exit
V. Verification
Check routes on other routers. If the routerssuccessfully learn the route destined for the external network 10.1.2.0/24,redistribution is configured correctly.
.files/image096.jpg)
Features
The route summarization of the Open ShortestPath First (OSPF) reduces the size of the routing table on routers. The OSPFroute summarization can be configured only on Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). ABRs summarize routes inside an OSPF domain while ASBRssummarize routes outside an OSPF domain. OSPF cannot summarize intra-area routes.
Scenarios
There are numerous IP network segments in thenetwork of an enterprise. Route summarization can be configured on routers toreduce route entries on routers and improve router performance.
I.Networking Requirements
Specific routes learnt by OSPF need to besummarized to reduce route entries.
II. Networking Topology
III. Configuration Tips
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
2. Redistribute the external static route10.1.2.0/24 to the OSPF domain.
3. Summarize the intra-domain route.
4. Summarize the inter-domain route.
IV. Configuration Steps
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration>IP Routing>OSPF>BasicConfiguration).
2. Redistribute the external static route10.1.2.0/24 to the OSPF domain.
For the configuration, see OSPFredistribution (choose Typical Configuration>IP Routing>OSPF>Redistribution).
3. Summarize the intra-domain route.
Summarize the route 10.4.1.0/24 on Router R4as the route 10.4.0.0/16 on Router R3.
R3(config)#routerospf 1
R3(config-router)#area2 range10.4.0.0 255.255.0.0 //Summarizethe intra-domain route (the area appended behind area must be the area from which the route comes).
R3(config-router)#exit
4. Summarize the inter-domain route.
Notes:
OSPF only summarizes external routes on ASBRsfrom which the external routes are distributed.
Summarize the static route 10.1.2.0/16 thatis distributed to Router R1 as 10.1.0.0/16 on Router R1.
R1(config)#routerospf 1
R1(config-router)#summary-address10.1.0.0 255.255.0.0 //Summarizethe inter-domain route.
R1(config-router)#exit
V. Verification
Check routes on routers throughout thenetwork. If intra-domain and inter-domain routes are all correctly summarized,route summarization of OSPF is configured correctly.
.files/image097.jpg)
Features
A stub area, located at the distal end of anOSPF domain, is capable of filtering out type4 and type5 Link StateAdvertisements (LSAs) to reduce the size of the link status database androuting table.
I.Networking Requirements
Requirement 1: Configure Area 2 as a stubarea to filter out type 4 and type 5 LSAs.
Requirement 2: Configure Area 2 as a totallystub area to filter out type 3, type 4, and type 5 LSAs.
II. Networking Topology
.files/image098.jpg)
III. Configuration Tips
1. A stub area is capable of filtering out type 4and type 5 LSAs and one type 3 LSA default route is generated on the AreaBorder Router (ABR).
2. A totally stub area is capable of filtering outtype 3, type 4, and type 5 LSAs and one type 3 LSA default route is generatedon the ABR.
3. Routers in a stub area are not allowed to importroutes outside an OSPF domain.
IV. Configuration Steps
Requirement 1: Configure Area 2 as a stubarea to filter out type 4 and type 5 LSAs.
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration>IP Routing>OSPF>BasicConfiguration).
2. Configure a static route on Router R1 anddistribute it to the OSPF domain.
For the configuration, seeOSPF redistribution (choose Typical Configuration>IP Routing>OSPF>Redistribution).
3. Configure Area 2 as a stub area.
Notes:
1) When an area is configuredas a stub area, all routers in the area must beconfigured as the stub area.
2) The backbone area (Area 0)cannot be configured as a stub area.
3) Virtual links cannottraverse a stub area.
R3(config)#routerospf 1
R3(config-router)#area 2 stub //Configure Area 2 as a stub area.
R3(config-router)#exit
R4(config)#routerospf 1
R4(config-router)#area2 stub
R4(config-router)#exit
Requirement 2: Configure Area 2 as a totallystub area to filter out type 3, type 4, and type 5 LSAs.
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration>IP Routing>OSPF>BasicConfiguration).
2. Configure a static route on Router R1 anddistribute it to the OSPF domain.
For the configuration, seeOSPF redistribution (choose Typical Configuration>IP Routing>OSPF>Redistribution).
3. Configure Area 2 as a totally stub area.
Notes:
When an area is configured as a totallystub area, all routers in the areamust be configured as the stub area and the no-summary parameter must beset on the ABR.
R3(config)#routerospf 1
R3(config-router)#area 2 stub no-summary //Configure Area 2 as a totally stub area.
R3(config-router)#exit
R4(config)#routerospf 1
R4(config-router)#area2 stub
R4(config-router)#exit
V. Verification
1. Verification of the stub area
Check routes on routers in the stub area. Ifinter-domain routes are filtered out but inter-area routes persist, and an OIAdefault route is generated, the stub area is configured correctly.
.files/image099.jpg)
2. Verification of the totally stub area
Check routes on routers in the totally stubarea. If both inter-domain routes and inter-area routes are filtered out and anOIA default route is generated, the totally stub area is configured correctly.
.files/image100.jpg)
Features
A Not-So-Stubby Area (NSSA), located at thedistal end of an OSPF domain, is capable of filtering out type 4 and type 5Link State Advertisements (LSAs) to reduce the size of the link status databaseand routing table.
I.Networking Requirements
Requirement 1: Configure Area 2 as an NSSA tofilter out type 4 and type 5 LSAs, and import external static routes.
Requirement 2: Configure Area 2 as a totallyNSSA to filter out type 3, type 4, and type 5 LSAs, and import external staticroutes.
II. Networking Topology
.files/image101.jpg)
III. Configuration Tips
1. An NSSA is capable of filtering out type 4 andtype 5 LSAs and no type 3 LSA default route is generated on the Area BorderRouter (ABR).
2. A totally NSSA is capable of filtering out type3, type 4, and type 5 LSAs and one type 3 LSA default route will be generatedon the ABR.
3. Routers in an NSSA are allowed to import routesoutside an OSPF domain.
IV. Configuration Steps
Requirement 1: Configure Area 2 as an NSSAto filter out type 4 and type 5 LSAs, and import external static routes.
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration > IP Routing > OSPF> Basic Configuration).
2. Configure a static route on Router R1 and RouterR4 each, and distribute them to the OSPF domain.
For the configuration, seeOSPF redistribution (choose Typical Configuration > IP Routing >OSPF > Redistribution).
3. Configure Area 2 as an NSSA.
Notes:
1) When an area isconfigured as an NSSA, all routers in the area must be configured as the NSSA.
2) The backbone area (Area 0) cannot be configuredas an NSSA.
R3(config)#routerospf 1
R3(config-router)#area 2 nssa //Configure Area 2 as an NSSA.
R3(config-router)#exit
R4(config)#routerospf 1
R4(config-router)#area2 nssa
R4(config-router)#exit
Requirement 2: Configure Area 2 as atotally NSSA to filter out type 3, type 4, and type 5 LSAs, and import externalstatic routes.
1. Configure IP addresses and basic OSPFinformation for routers throughout the network.
For the configuration, see OSPF basicconfiguration (choose Typical Configuration > IP Routing > OSPF> Basic Configuration).
2. Configure a static route on Router R1 and RouterR2 each, and distribute them to the OSPF domain.
For the configuration, seeOSPF redistribution (choose Typical Configuration > IP Routing >OSPF > Redistribution).
3. Configure Area 2 as a totally NSSA.
Notes:
When an area is configured as a totallyNSSA, all routers in the area must be configured as the totally NSSA and the no-summaryparameter must be set on the ABR.
R3(config)#routerospf 1
R3(config-router)#area 2 nssa no-summary //Configure Area 2 as a totally NSSA.
R3(config-router)#exit
R4(config)#routerospf 1s
R4(config-router)#area2 nssa
R4(config-router)#exit
V. Verification
1. Verification of the NSSA
Check routes on routers in the NSSA. Ifinter-domain routes are filtered out but inter-area routes persist, and routesoutside the OSPF domain can be successfully imported (other routers in the NSSAlearns the OSPF NSSA routes), the NSSA is configured correctly.
.files/image102.jpg)
.files/image103.jpg)
2. Verification of the totally NSSA
Check routes on routers in the totally NSSA.The totally NSSA is configured correctly if inter-domain routes and inter-arearoutes are filtered out, routes outside the OSPF domain can be successfullyimported (other routers in the NSSA learns the OSPF NSSA routes), and one OIAdefault route is generated.
.files/image104.jpg)
.files/image105.jpg)
Features
The Border Gateway Protocol (BGP) is anExterior Gateway Protocol (EGP) used for communication between routers indifferent Autonomous Systems (ASs). BGP is used to exchange networkaccessibility information between different ASs and eliminate routing loops byusing its own mechanism. BGP uses TCP as the transmission protocol. Thereliable transmission mechanism of TCP ensures transmission reliability of BGP.Routers running BGP are called BGP speakers. BGP speakers between which a BGPsession is established are called BPG peers.
Two modes can be used to establish BGP peersbetween BGP speakers: Internal BGP (IBGP) and External BGP (EBGP). IBGP refersto a BGP connection established within an AS while EBGP refers to a BGPconnection established between different ASs. In a word, EBGP completesexchange of routing information between different ASs while IBGP completestransfer of routing information within an AS.
I.Networking Requirements
1) Router R1 and Router R2 both belong to AS123 andan IBGP neighbor relationship needs to be established between Router R1 andRouter R2.
2) Routes are advertised to neighbors over IBGP.
II. Networking Topology
.files/image106.png)
III. Configuration Tips
1. Configure basic IP addresses for routersthroughout the network.
2. Configure a static route on Router R1 and RouterR2 to ensure Interfaces Loopback 0 of Router R1 and Router R2 are reachable.
3. Configure an IBGP neighbor relationship.
4. Advertise routes to BGP.
IV. Configuration Steps
1. Configure basic IP addresses for routers throughout the network.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 10.1.1.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
R1(config)#interfaceloopback 0 //Configure theaddress of Interface Loopback 0 as the update source address of BGP.
R1(config-Loopback0)#ip address 1.1.1.1 255.255.255.255
R1(config-Loopback0)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 192.168.2.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
R2(config)#interfaceloopback 0
R2(config-if-Loopback0)#ip address 2.2.2.2 255.255.255.255
R2(config-if-Loopback0)#exit
3. Configure a static route on Router R1 and RouterR2 to ensure Interfaces Loopback 0 of Router R1 and Router R2 are reachable.
R1(config)#iproute 2.2.2.2 255.255.255.255 192.168.1.2
R2(config)#iproute 1.1.1.1 255.255.255.255 192.168.1.1
4. Configure an IBGP neighbor relationship.
Notes:
1) If the AS ID of a BGP neighbor of a router is consistent with the ASID of the router, an IBGP neighbor relationship is established; if their AS IDsare different, an EBGP neighbor relationship is established.
2) Selection of the update source address for a BGP neighborrelationship
a. An EBGP neighbor relationship is established atthe border of an AS. It is recommended that the address of a directly connectedinterface be used as the update source address of the EBGP neighbor. In thisway, IGP is not necessary because the directly connected interface isreachable.
b. An IBGP neighbor relationship is establishedwithin an AS. It is recommended that the loopback address be used as the updatesource address of the IBGP neighbor because the loopback address is reliable(the BGP neighbor flapping will not be incurred due to breakdown of a physicalline) and IGP is often used inside the AS to make the route to the updatesource address reachable.
3) IBGP supports split horizon. That is, routes learntfrom an IBGP neighbor will not be transferred to other IBGP neighbors but will betransferred to EBGP neighbors.
R1(config)#routerbgp 123//Enable the BGP process, with the AS ID of 123.
R1(config-router)#neighbor2.2.2.2 remote-as 123 //Specifythe address of a BGP neighbor and the AS ID of the neighbor.
R1(config-router)#neighbor2.2.2.2 update-source loopback 0 //Configure the update source address of BGP.
R1(config-router)#exit
R2(config)#routerbgp 123
R2(config-router)#neighbor1.1.1.1 remote-as 123
R2(config-router)#neighbor1.1.1.1 update-source loopback 0
R2(config-router)#exit
5. Advertise routes to BGP.
Notes:
In BGP, the network command is used tospecify the routes to be advertised to the BGP process rather than specify theinterfaces to be enabled with BGP, which is different from the networkcommand in RIP and OSPF. Routes advertised to the BGP process using the networkcommand must be the routes that are displayed after the show ip route commandis executed and whose mask is consistent with the value of the maskparameter.
R1(config)#routerbgp 123
R1(config-router)#network10.1.1.0 mask 255.255.255.0
R1(config-router)#exit
V. Verification
1. Check whether a BGP neighbor relationship isestablished between routers and the neighbor status. If a BGP neighborrelationship is established normally and State is Established,IBGP runs normally.
.files/image107.jpg)
2. Check routes on IBGP neighbor routers. If routes advertisedby the peer end are learnt, IBGP is configuredcorrectly.
.files/image108.jpg)
.files/image109.jpg)
Features
The Border Gateway Protocol (BGP) is anExterior Gateway Protocol (EGP) used for communication between routers indifferent Autonomous Systems (ASs). BGP is used to exchange networkaccessibility information between different ASs and eliminate routing loops byusing its own mechanism. BGP uses TCP as the transmission protocol. Thereliable transmission mechanism of TCP ensures transmission reliability of BGP.Routers running BGP are called BGP speakers. BGP speakers between which a BGPsession is established are called BPG peers.
Two modes can be used to establish BGP peersbetween BGP speakers: Internal BGP (IBGP) and External BGP (EBGP). IBGP refersto a BGP connection established within an AS while EBGP refers to a BGPconnection established between different ASs. In a word, EBGP completesexchange of routing information between different ASs while IBGP completestransfer of routing information within an AS.
I.Networking Requirements
1) Router R1 belongs to AS1, Router R2 belongs to AS2, and an EBGPneighbor relationship needs to be established between Router R1 and Router R2.
2) Routes are advertised to neighbors over EBGP.
II. Networking Topology
.files/image110.png)
III. Configuration Tips
1. Configure basic IP addresses for routers throughout the network.
2. Configure an EBGP neighbor relationship.
3. Advertise routes to the BGP process.
IV. Configuration Steps
1. Configure basic IP addresses for routers throughout the network.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 10.1.1.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
R2(config)#interfacefastEthernet 0/1
R2(config-if-FastEthernet0/1)#ip address 10.4.1.1 255.255.255.0
R2(config-if-FastEthernet0/1)#exit
2. Configure an EBGP neighbor relationship.
Notes:
1) If the AS ID of a BGP neighbor of a router is consistent with the ASID of the router, an IBGP neighbor relationship is established; if their AS IDsare different, an EBGP neighbor relationship is established.
R1(config)#routerbgp 1
R1(config-router)#neighbor192.168.1.2 remote-as 2
R1(config-router)#exit
R2(config)#routerbgp 2
R2(config-router)#neighbor192.168.1.1 remote-as 1
R2(config-router)#exit
3. Advertise routes to the BGP process.
R1(config)#routerbgp 1
R1(config-router)#network10.1.1.0 mask 255.255.255.0
R1(config-router)#exit
R2(config)#routerbgp 2
R2(config-router)#network10.4.1.0 mask 255.255.255.0
R2(config-router)#exit
Notes:
In BGP, the network command is used tospecify the routes to be advertised to the BGP process rather than specify theinterfaces to be enabled with BGP, which is different from the networkcommand in RIP and OSPF. Routes advertised to the BGP process using the networkcommand must be the routes that are displayed after the show ip route commandis executed and whose mask is consistent with the value of the maskparameter.
V. Verification
1. Check whether a BGP neighbor relationship isestablished between routers and the neighbor status. If a BGP neighbor relationship is establishednormally and State is Established, EBGP runs normally.
.files/image111.jpg)
2. Check routes on EBGP neighbor routers. If routes advertised by thepeer end are learnt, EBGP is configured correctly.
.files/image112.jpg)
Features
Route reflector solves the split horizonproblem of the Internal Border Gateway Protocol (IBGP).
I.Networking Requirements
As shown in the following networkingtopology, Router R1 and Router R3 fail to learn BGP routes of the peer end dueto split horizon of IBGP neighbors. Therefore, the route reflector needs to beconfigured to solve split horizon problem of IBGP neighbors.
II. Networking Topology
.files/image113.jpg)
III. Configuration Tips
1. Configure IP addresses and basic IBGP information for routersthroughout the network.
2. Configure a route reflector.
III. Configuration Steps
1. Configure IP addresses and basic IBGP information for routersthroughout the network.
For the configuration, see "IBGPBasic Configuration" (choose Typical Configuration>IP Routing>BGP>IBGPBasic Configuration).
2. Configure a route reflector.
ConfigureRouter R2 as a route reflector and specify Router R1 as a client.
R2(config)#routerbgp 123
R2(config-router)#neighbor1.1.1.1 route-reflector-client //Specify R1 to be the client of the route reflector onRouter R2.
R2(config-router)#exit
Notes:
1) When a router is configured as the client of a route reflector, theBGP neighbor relationship with the client will be broken.
2) A route reflector must have learnt IBGP routes so that it can reflect routes.
3) A route reflector can mutually reflect routes between a non-clientand a client and between clients but cannot reflect routes learnt from anon-client to other non-clients.
V.Verification
Check routes throughout the network. IfRouter R1 and Router 3 successfully learn routes from the peer end, the routereflector is configured correctly.
.files/image114.jpg)
Similarities:
Both can be used to matchthe route prefix.
Differences:
ACL can be used to filterIP packets by five elements while prefix-list can be used only to match theroute prefix.
Selection:
Either ACL or prefix-listis acceptable when the route prefix needs to be matched. When the route prefixwith different mask lengths in a large network segment needs to be matched,prefix-list is preferred.
distribute-list and route-map
Similarities:
Both can be used to filterroutes.
Differences:
1) Distribute-list can be used only to filter route entries and doesnot support route attribute modification. route-map can be used to filter routeentries and supports route attribute modification.
2) Route-map can be used to forcibly change the next hop of datapackets to implement policy-based routing (PBR).
3) Distribute-list can be applied in routing protocol redistribution,route transfer between distance vector routing protocol neighbors (it can beused to filter routes because routes are transferred between distance vectorrouting protocol neighbors), and route submission to the routing table by thelink state routing protocol (LSAs rather than routes are transferred betweenlink state routing protocol neighbors and therefore it cannot be used to filterLSAs transferred between neighbors).
4) Route-map is applied in routing protocol redistribution and routetransfer between BGP neighbors.
Selection:
The selection of distribute-list orroute-map depends on the application scenario. If both can be used but the routeattribute needs to be modified, route-map is preferred. If the route attributedoes not need to be modified, either is acceptable.
Features
Distribute-list controls route updates andfilters route entries. It does not support route attribute modification.
I.Networking Requirements
Redistribute RIP routes to the OSPF domain onRouter R2. Route filtering is required during redistribution, and only theroutes 172.16.1.32/28, 172.16.1.48/29, and 172.16.1.56/30 are allowed to beredistributed to the OSPF domain.
II. Networking Topology
.files/image115.png)
III. Configuration Tips
1. Configure basic IP addresses.
2. Enable RIP on Router R1 and Router R2 and advertise interfaces tothe RIP process.
3. Enable OSPF on Router R2 and Router R3 and advertise interfaces tothe OSPF process.
4. Redistribute routes learnt by RIP to the OSPF process on Router R2.
5. Use an ACL or prefix-list to match the routes to be learnt.
6. Redistribute RIP routes to the OSPF process on Router R2 and usedistribute-list to filter routes.
IV. Configuration Steps
1. Configure basic IP addresses.
Ruijie(config)#hostnameR1
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
R1(config)#interfaceloopback 1
R1(config-if-Loopback1)#ip address 172.16.1.1 255.255.255.224
R1(config-if-Loopback1)#exit
R1(config)#interfaceloopback 2
R1(config-if-Loopback2)#ip address 172.16.1.33 255.255.255.240
R1(config-if-Loopback2)#exit
R1(config)#interfaceloopback 3
R1(config-if-Loopback3)#ip address 172.16.1.49 255.255.255.248
R1(config-if-Loopback3)#exit
R1(config)#interfaceloopback 4
R1(config-if-Loopback4)#ip address 172.16.1.57 255.255.255.252
R1(config-if-Loopback4)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/2
R2(config-if-FastEthernet0/2)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/2)#exit
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.2.1 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
Ruijie(config)#hostnameR3
R3(config)#interfacefastEthernet 0/1
R3(config-if-FastEthernet0/1)#ip address 192.168.2.2 255.255.255.0
R3(config-if-FastEthernet0/1)#exit
2. Enable RIP on Router R1 and Router R2 and advertise interfaces tothe RIP process.
R1(config)#routerrip
R1(config-router)#version2 //Enable RIPv2.
R1(config-router)#noauto-summary //Disable automaticsummarization.
R1(config-router)#network172.16.0.0 //Advertise theclassful network 172.16.0.0 to the RIP process.
R1(config-router)#network192.168.1.0
R1(config-router)#exit
R2(config)#routerrip
R2(config-router)#version2
R2(config-router)#noauto-summary
R2(config-router)#network192.168.1.0
R2(config-router)#exit
3. Enable OSPF on Router R2 and Router R3 and advertise interfaces tothe OSPF process.
R2(config)#routerospf 1 //Enable OSPF Process 1.
R2(config-router)#network192.168.2.1 0.0.0.0 area 0 //Advertisethe interface with the IP address of 192.168.2.1 to Area 0 of OSPF Process 1.
R2(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#network192.168.2.2 0.0.0.0 area 0
R3(config-router)#exit
4. Redistribute routes learnt by RIP to the OSPF process on Router R2.
R2(config)#routerospf 1
R2(config-router)#redistributerip subnets //Redistribute RIProutes to the OSPF process. Subnets must be appended.
R2(config-router)#exit
5. Use an ACL or prefix-list to match the routes tobe learnt.
Notes:
1) Both ACL and prefix-list can be used to match route entries. Selecteither of them.
2) When the route prefix with different mask lengths in a large networksegment needs to be matched, prefix-list is preferred. You can also use an ACLbut you need to enter multiple entries.
In the following example, the route entries172.16.1.32/27, 172.16.1.48/28, and 172.16.1.56/29 need to be matched, threeACE entries are required in the ACL but only one entry is required in theprefix-list.
1) Use an ACL to match route entries.
Notes:
The ACL is used to match route entrieshere and the mask is set to 0.0.0.0 to precisely match route entries.
R2(config)#ipaccess-list standard 1
R2(config-std-nacl)#10permit 172.16.1.32 0.0.0.0
R2(config-std-nacl)#20permit 172.16.1.48 0.0.0.0
R2(config-std-nacl)#30permit 172.16.1.56 0.0.0.0
R2(config-std-nacl)#exit
2) Use a prefix-list to match route entries.
Notes:
1) The prefix-list can be used only to match route entries. It cannotbe used to filter data packets.
2) The prefix-list matches subnets in a network segment, where geindicates the mask length that a mask length must be greater than or equal towhile le indicates the mask length that a mask length must be smallerthan.
3) The prefix-list is also matched from top to bottom and the last entrydeny any is at the bottom.
R2(config)#ipprefix-list ruijie seq 10 permit 172.16.1.0/24 ge 28 le 30 //Define a prefix-list named ruijie to matchthe route prefix 172.16.1.0/24 with the subnet mask length greater than orequal to 28 and smaller than or equal to 30.
6. Redistribute RIP routes to the OSPF process onRouter R2 and use distribute-list to filter routes.
Notes:
1) Route entries filtered by distribute-list are matched by the ACL andprefix-list. The route entries to be filtered are determined by ACL andprefix-list.
2) distribute-list can be applied in routing protocol redistribution,route transfer between distance vector routing protocol neighbors (it can beused to filter routes because routes are transferred between distance vectorrouting protocol neighbors), and route submission to the routing table by thelink state routing protocol (LSAs rather than routes are transferred betweenlink state routing protocol neighbors and therefore it cannot be used to filterLSAs transferred between neighbors).
The following examples use thedistribute-list to call an ACL and prefix-list to filter routes.
1) Use the distribute-list to apply an ACL to filter routes.
R2(config)#routerospf 1
R2(config-router)#distribute-list1out rip //Filter routes when RIP routes are redistributedto the OSPF process (note that the direction must be out).
R2(config-router)#exit
2) Use the distribute-list to call a prefix-list to filter routes.
R2(config)#routerospf 1
R2(config-router)#distribute-listprefix ruijie out rip //Filter routes when RIP routes areredistributed to the OSPF process (note that the direction must be out).
R2(config-router)#exit
Supplement:
1) The distance vector protocol uses the distribute-list to filterroute entries transmitted between neighbors. The commands are as follows:
R2(config)#routerrip
R2(config-router)#distribute-list1infastEthernet 0/2 //1 indicates ACL 1 and the prefix-list can bealso used. In indicates routes learnt from neighbors and out indicates routestransferred to neighbors. Specific interfaces can be also appended.
2) The link state protocol uses the distribute-list to filter routeentries to be submitted to the routing table.
R2(config)#routerospf 1
R2(config-router)#distribute-list1 in //1 indicates ACL 1 and a prefix-list can be also used. The direction must be in.
V. Verification
Check route entries on Router R3. If RouterR3 successfully learns the route entries 172.16.1.32/28, 172.16.1.48/29, and172.16.1.56/30, the distribute-list used for route filtering is configuredcorrectly.
R3#show iproute
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
O E2 172.16.1.32/28 [110/20] via192.168.2.1, 00:02:45, FastEthernet 0/1
O E2 172.16.1.48/29 [110/20] via192.168.2.1, 00:02:29, FastEthernet 0/1
O E2 172.16.1.56/30 [110/20] via192.168.2.1, 00:02:21, FastEthernet 0/1
C 192.168.2.0/24 is directly connected, FastEthernet 0/1
C 192.168.2.2/32 is local host.
Features
Route-map controls route updates and supportsroute attribute modification.
I.Networking Requirements
Redistribute RIP routes to the OSPF domain onRouter R2. Route filtering is required during redistribution, and only theroutes 172.16.1.32/28, 172.16.1.48/29, and 172.16.1.56/30 are allowed to beredistributed to the OSPF domain. The type of the imported external route isOE1 and the metric value is 50.
II. Networking Topology
III. Configuration Tips
1. Configure basic IP addresses.
2. Enable RIP on Router R1 and Router R2 and advertise interfaces tothe RIP process.
3. Enable OSPF on Router R2 and Router R3 and advertise interfaces tothe OSPF process.
4. Redistribute routes learnt by RIP to the OSPF process on Router R2.
5. Use an ACL or prefix-list to match the routes to be learnt.
6. Configure route-map.
7. Redistribute RIP routes to the OSPF process on Router R2 and callroute-map for routing control.
IV. Configuration Steps
1. Configure basic IP addresses.
Ruijie(config)#hostnameR1
R1(config)#interfacefastEthernet 0/0
R1(config-if-FastEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-if-FastEthernet0/0)#exit
R1(config)#interfaceloopback 1
R1(config-if-Loopback1)#ip address 172.16.1.1 255.255.255.224
R1(config-if-Loopback1)#exit
R1(config)#interfaceloopback 2
R1(config-if-Loopback2)#ip address 172.16.1.33 255.255.255.240
R1(config-if-Loopback2)#exit
R1(config)#interfaceloopback 3
R1(config-if-Loopback3)#ip address 172.16.1.49 255.255.255.248
R1(config-if-Loopback3)#exit
R1(config)#interfaceloopback 4
R1(config-if-Loopback4)#ip address 172.16.1.57 255.255.255.252
R1(config-if-Loopback4)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacefastEthernet 0/2
R2(config-if-FastEthernet0/2)#ip address 192.168.1.2 255.255.255.0
R2(config-if-FastEthernet0/2)#exit
R2(config)#interfacefastEthernet 0/0
R2(config-if-FastEthernet0/0)#ip address 192.168.2.1 255.255.255.0
R2(config-if-FastEthernet0/0)#exit
Ruijie(config)#hostnameR3
R3(config)#interfacefastEthernet 0/1
R3(config-if-FastEthernet0/1)#ip address 192.168.2.2 255.255.255.0
R3(config-if-FastEthernet0/1)#exit
2. Enable RIP on Router R1 and Router R2 and advertise interfaces tothe RIP process.
R1(config)#routerrip
R1(config-router)#version 2 //Enable RIPv2.
R1(config-router)#no auto-summary //Disable automatic summarization.
R1(config-router)#network 172.16.0.0 //Advertise the classful network 172.16.0.0 tothe RIP process.
R1(config-router)#network192.168.1.0
R1(config-router)#exit
R2(config)#routerrip
R2(config-router)#version2
R2(config-router)#noauto-summary
R2(config-router)#network192.168.1.0
R2(config-router)#exit
3. Enable OSPF on Router R2 and Router R3 and advertise interfaces tothe OSPF process.
R2(config)#routerospf 1 //Enable OSPF Process 1.
R2(config-router)#network192.168.2.1 0.0.0.0 area 0 //Advertisethe interface with the IP address of 192.168.2.1 to Area 0 of OSPF Process 1.
R2(config-router)#exit
R3(config)#routerospf 1
R3(config-router)#network192.168.2.2 0.0.0.0 area 0
R3(config-router)#exit
4. Redistribute routes learnt by RIP to the OSPF process on Router R2.
R2(config)#routerospf 1
R2(config-router)#redistribute rip subnets //Redistribute RIP routes to the OSPF process.Subnets must be appended.
R2(config-router)#exit
5. Use an ACL or prefix-list to match the routes to be learnt.
Notes:
1) Both ACL and prefix-list can be used to match route entries. Selecteither of them.
2) If several subnet routes in a network segment need to be matched,the prefix-list is preferred. You can also use an ACL but you need to entermultiple entries.
In the following example, the routeentries 172.16.1.32/27, 172.16.1.48/28, and 172.16.1.56/29 need to be matched,three ACE entries are required in the ACL but only one entry is required in theprefix-list.
1) Use an ACL to match route entries.
Notes:
The ACL is used to match route entrieshere and the mask is set to 0.0.0.0 to precisely match route entries.
R2(config)#ipaccess-list standard 1
R2(config-std-nacl)#10permit 172.16.1.32 0.0.0.0
R2(config-std-nacl)#20permit 172.16.1.48 0.0.0.0
R2(config-std-nacl)#30permit 172.16.1.56 0.0.0.0
R2(config-std-nacl)#exit
2) Use a prefix-list to match route entries.
Notes:
1) The prefix-list can be used only to match route entries. It cannotbe used to filter data packets.
2) The prefix-list matches subnets in a network segment, where geindicates the mask length that a mask length must be greater than or equal towhile le indicates the mask length that a mask length must be smallerthan.
3) The prefix-list is matched from top to bottom, which is the same asthe matching sequence and rules of the ACL.
R2(config)#ip prefix-list ruijie seq 10 permit172.16.1.0/24 ge 28 le 30 //Definea prefix-list named ruijie to match the route prefix 172.16.1.0/24 with thesubnet mask length greater than or equal to 28 and smaller than or equal to 30.
6. Configure route-map.
Notes:
1) route-map can be used to filter routes and modify route attributes.
2) route-map can use multiple matching conditions (including routeentries, metric value, and metric type) whereas distribute-list can be usedonly to match route entries.
3) route-map is matched from top to bottom andthere is an implicit deny any at the end of any route-map.
4) The execution logic of route-map is as follows:
route-map aaapermit 10
match x y z //Multiple match conditions are compiled horizontally, which arein the OR relationship. That is, the match statement is matched as long as one conditionis met.
match a
set b //Multiple set statements are compiled vertically and multiple set actions will be executedsimultaneously.
set c
route-map aaapermit20
match p
match q //Multiple match conditions are compiled vertically, which are inthe AND relationship. That is, the match statement is matched only when all theconditions are met.
set r
route-map aaadeny any (hidden in the system)
The execution logic is as follows:
If (x or y or z)
then set (b and c)
else if (p and q)
then set r
else deny
Match ip address of route-map can be used to match an ACL or prefix-list but onlyeither of them can be selected. See the following examples.
1) Match ip address uses an ACL formatching.
R2(config)#route-mapaaa permit 10
R2(config-route-map)#match ip address 1 //Match route entries in ACL 1.
R2(config-route-map)#set metric-type type-1 //Set the type to 1 for imported external routes.
R2(config-route-map)#set metric 50 //Set metric to 50 for imported external routes.
R2(config-route-map)#exit
2) Match ip address uses a prefix-list formatching.
R2(config)#route-mapaaa permit 10
R2(config-route-map)#match ip address prefix-list ruijie //Match route entries in the prefix-list namedruijie.
R2(config-route-map)#setmetric-type type-1
R2(config-route-map)#setmetric 50
R2(config-route-map)#exit
7. Redistribute RIP routes to the OSPF process onRouter R2 and call route-map for routing control.
Notes:
Route-map can beapplied during routeredistribution or establishment of a BGP neighbor relationship usingthe neighbor command.
R2(config)#routerospf 1
R2(config-router)#redistribute rip subnets route-map aaa//Apply route-map aaa when RIProutes are redistributed to the OSPF process.
R2(config-router)#exit
Supplement:
Theconfiguration commands of applying route-map for establishment of a BGPneighbor relationship are as follows:
R2(config)#routerbgp 1
R2(config-router)#neighbor 10.1.1.1 route-map aaa in //inindicates that control is performed on routes learnt from the neighbor and outindicates that control is performed on routes distributed to the neighbor(route-map is used for the BGP neighbor for routing control. After route-map isconfigured, routes of the BGP neighbor need to be soft reset so that theconfiguration takes effect. Do not perform this operation in peak hours ofservices).
V. Verification
Check route entries on Router R3. Route-mapused for routing control is configured correctly if Router R3 successfullylearns route entries 172.16.1.32/28, 172.16.1.48/29, and 172.16.1.56/30, theroutes are of OE1 type, and the cost is changed.
R3#show iproute
Codes: C- connected, S - static, R - RIP, B - BGP
O- OSPF, IA - OSPF inter area
N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1- OSPF external type 1, E2 - OSPF external type 2
i- IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia- IS-IS inter area, * - candidate default
Gateway oflast resort is no set
O E1 172.16.1.32/28 [110/51] via192.168.2.1, 00:03:14, FastEthernet 0/1
O E1 172.16.1.48/29 [110/51] via192.168.2.1, 00:03:14, FastEthernet 0/1
O E1 172.16.1.56/30 [110/51] via192.168.2.1, 00:03:14, FastEthernet 0/1
C 192.168.2.0/24is directly connected, FastEthernet 0/1
C 192.168.2.2/32 is local host.
Features
Policy-Based Routing (PBR) provides a datapacket routing and forwarding mechanism that is more flexible than destinationaddress-based routing and forwarding. PBR flexibly selects a route based on thesource address, destination address, port ID, and packet length of IP/IPv6packets.
Scenarios
An enterprise has two egress paths, some PCsin the intranet access the Internet through one egress path and the other PCsin the intranet access the Internet through the other egress path. In thiscase, the PBR function can be enabled on routers.
I.Networking Requirements
As shown in the following networkingtopology, Router R1 has two egresses to the external network: Router R3 andRouter R4. The intranet 172.16.1.0/24 needs to access the external network throughRouter R3 and the intranet 172.16.2.0/24 needs to access the external networkthrough Router R4.
II. Networking Topology
.files/image116.png)
III. Configuration Tips
1. Configure basic IP addresses.
2. Configure basic IP routes to ensure routes throughout the networkare reachable.
3. Configure ACLs on Router R1 to match the traffic of the intranet.
4. Configure PBR.
5. Apply PBR.
IV. Configuration Steps
1. Configure basic IP addresses.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 192.168.1.1 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 192.168.2.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
R1(config)#interfacegigabitEthernet 0/2
R1(config-GigabitEthernet0/2)#ip address 192.168.3.1 255.255.255.0
R1(config-GigabitEthernet0/2)#exit
Ruijie(config)#hostnameR2
R2(config)#interfacegigabitEthernet 0/0
R2(config-GigabitEthernet0/0)#ip address 192.168.1.2 255.255.255.0
R2(config-GigabitEthernet0/0)#exit
R2(config)#interfacegigabitEthernet 0/1
R2(config-GigabitEthernet0/1)#ip address 172.16.1.1 255.255.255.0
R2(config-GigabitEthernet0/1)#exit
R2(config)#interfacegigabitEthernet 0/2
R2(config-GigabitEthernet0/2)#ip address 172.16.2.1 255.255.255.0
R2(config-GigabitEthernet0/2)#exit
Ruijie(config)#hostnameR3
R3(config)#interfacefastEthernet 0/0
R3(config-if-FastEthernet0/0)#ip address 192.168.2.2 255.255.255.0
R3(config-if-FastEthernet0/0)#exit
Ruijie(config)#hostnameR4
R4(config)#interfacefastEthernet 0/0
R4(config-if-FastEthernet0/0)#ip address 192.168.3.2 255.255.255.0
R4(config-if-FastEthernet0/0)#exit
2. Configure basic IP routes to ensure routes throughout the networkare reachable.
R1(config)#iproute 172.16.0.0 255.255.0.0 192.168.1.2
R2(config)#iproute 100.1.1.0 255.255.255.0 192.168.1.1
R3(config)#iproute 172.16.0.0 255.255.0.0 192.168.2.1
R4(config)#iproute 172.16.0.0 255.255.0.0 192.168.3.1
3. Configure ACLs on Router R1 to match the traffic of the intranet.
R1(config)#ipaccess-list standard 10 //ConfigureACL 10 to match the traffic of intranet 172.16.1.0/24.
R1(config-std-nacl)#10permit 172.16.1.0 0.0.0.255
R1(config-std-nacl)#exit
R1(config)#ipaccess-list standard 20 //ConfigureACL 20 to match the traffic of intranet 172.16.2.0/24.
R1(config-std-nacl)#10permit 172.16.2.0 0.0.0.255
R1(config-std-nacl)#exit
4. Configure PBR.
R1(config)#route-mapruijiepermit10 //Configure a route-mapnamed ruijie.
R1(config-route-map)#matchip address 10 //Match trafficof intranet ACL 10.
R1(config-route-map)#setip next-hop 192.168.2.2 //Setthe next-hop address of IP packets to 192.168.2.2.
R1(config-route-map)#exit
R1(config)#route-mapruijiepermit 20
R1(config-route-map)#matchip address 20
R1(config-route-map)#setip next-hop 192.168.3.2
R1(config-route-map)#exit
Notes:
1) Route-map matches traffic from top tobottom. When traffic matches the PBR, data is forwarded based on the matched policy and the match stops.
2) There is a deny all statement in the route-map. Intranet trafficthat does not match PBR is not discarded but routed and forwarded as normal IPpackets.
3) Set ip next-hop can be used to set thenext-hop IP address or outbound interface of data packets. The next-hop IPaddress is recommended.
6. Apply PBR.
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip policy route-map ruijie //Apply PBR.
R1(config-GigabitEthernet0/0)#exit
Notes:
The PBR must be applied in inboundinterfaces of data packets rather than in outbound interfaces of data packets.Actually, PBR forcibly sets the next hop of data packets when data packets aretransmitted into a router. In outbound interfaces, a router has conducted IProuting on data packets and sends out the data packets. Therefore, PBR does nottake effect in the outbound direction.
V. Verification
Track routes to the external network100.1.1.0/24 by using the source address on Router R2. If the intranet172.16.1.0/24 accesses the external network through R3 and the intranet172.16.2.0/24 accesses the external network through R4, PBR is configuredcorrectly.
R2#traceroute100.1.1.1 source 172.16.1.1
< pressCtrl+C to break >
Tracingthe route to 100.1.1.1
1 192.168.1.1 0 msec 0 msec 0 msec
2 192.168.2.2 10 msec 0 msec10 msec //The intranet172.16.1.0/24 accesses the external network through Router R3.
Otherpaths are omitted here.
R2#traceroute100.1.1.1 source 172.16.2.1
< pressCtrl+C to break >
Tracingthe route to 100.1.1.1
1 192.168.1.1 0 msec 0 msec 0 msec
2 192.168.3.2 10 msec 0 msec10 msec //The intranet172.16.2.0/24 accesses the external network through Router R4.
Otherpaths are omitted here.
Features:
The VPN Routing and Forwarding table (VRF) isused to solve conflicts between local routes. The connection between a PE and aCE should be correlated with a VRF. Each VRF can be assumed as a "virtualrouter" and routing between VRFs is isolated.
A VRF consists of:
1. An independent routing table;
2. A set of interfaces belonging to this VRF;
3. A set of routing protocols only applicable to this VRF.
As forwarding between VRFs is isolated, howis route connectivity between VRFs realized? There are two common methods:static routing and policy-based routing to implement routing across VRFs.
Routing across VRFs through StaticRouting:
Configuration Template 1:
ip route[vrf vrf_name] network mask [interface-type interface-number] [ip-address]
Configuration Example 1:
ip routevrf vpn1 10.0.0.0 255.0.0.0 GigabitEthernet 3/1/0 12.0.0.1
Configuration Explanation 1:
Add a static route to 10.0.0.0/8 segmentin the VRF VPN1. Data packets to this segment are forwarded from the GI3/1/0interface to the next-hop interface 12.0.0.1.
The outbound interface (the GI3/1/0interface in the example) indicates the VRF to which data packets aretransferred, that is, specifies the VRF to which the outbound interfacebelongs. It indicates that the destination segment will be transferred to thisVRF.
//If no VRF is added on an interface, thisinterface belongs to a global VRF, namely a global routing table.
//As VRF transfer is marked by theoutbound interface, configure a static route in the form of outbound interface+ next hop IP address. Otherwise, the ARP resolution will fail and data cannotbe transferred.
Configuration Template 2:
ip route[vrf vrf_name] network mask ip-address global
Configuration Example 2:
ip routevrf vpn1 10.0.0.0 255.0.0.0 12.0.0.1 global
Configuration Explanation 2:
Global indicates a global routing table.
Add a static route to 10.0.0.0/8 segmentin the VRF VPN1. Data packets to this segment are forwarded from the globalrouting table to the next-hop interface 12.0.0.1.
Difference between Configuration Template1 and Configuration Template 2:
"Configuration Template 1"supports routing across VRFs between VRFs, and between any VRF and a globalrouting table.
"Configuration Template 2"supports routing across VRFs between any VRF and a global routing table onlyand cannot support routing across VRFs between any VRFs.
Routing across VRFs Through Policy-basedRouting:
1) Define the ACL interesting traffic.
ipaccess-list extended 100
10 permitip 10.0.0.0 0.255.255.255 any
2) Define policy-based routing.
route-mapinternet permit 10
match ipaddress 100
set vrfvpn1
//set vrf: Routes IPpackets through the specified interface using a VRF instance. The priority ofpolicy-based routing is higher than that of common routing. This command cannotnot be configured together with set ip [default] nexthop or set[default ]interface. Select routes for IP packets that are received fromthe interface and match the match rules using a VRF specified by set vrf,no matter whether this VRF and the interface that receives the packets belongto the same VRF.
3) Apply policy-based routing on the interface.
interfaceGigabitEthernet 3/1/0
ip policyroute-map internet
I. Actual Networking Requirements
The Multiprotocol Label Switching (MPLS) VPNhas been widely used. As known to all, the public network and VPN carried byMPLS cannot access each other because they are across VRFs which isolate thepublic network from the private network.
The networks have a requirement that somenon-VPN services need to be carried by a public network. That is, some servicesare not included in the VPN can be accessed through a public network. Asgenerally VPN services and non-VPN services have no need for mutual access, thetwo can be carried by the same public network.
However, some networks have a specialrequirement that non-VPN services need to access the Internet while theInternet egress belongs to a VRF instance of MPLS VPN. How to realize mutualaccess between non-VPN services and VPN services becomes an issue.
Requirements:
The department A and office MAN belongs to anon-VPN service and needs to realize mutual access with other non-VPN services.
The department A and office MAN needs toaccess the Internet.
Non-VPN services other than the department Aand office MAN cannot access the Internet.
Topology Description:
This topology is the actual topology of anetwork.
The part with yellow shading refers to thepublic network and carries VPN services and non-VPN services at the same time.
At the Internet egress, the interface thatconnects two RSR7716 routers to a RSR7708 router belongs to the VRF Internet.
II. Network Topology
.files/image117.png)
III. Analog Networking Requirements
PC 1 belongs to a non-VPN service and needsto realize mutual access with other non-VPN services.
PC 1 needs to access the Internet.
Non-VPN services other than PC 1 cannotaccess the Internet.
IV. Network Topology
.files/image118.png)
V. Configuration Tips
Data transmission is bidirectional. Ruijieconsiders the route connectivity both from PC 1 to the Internet and from theInternet to PC 1.
From PC 1 to the Internet:
Requirement: PC 1 needs to access the Internet,but non-VPN services other than PC 1 cannot access the Internet. Therefore,implement the VRF policy-based routing in the direction of the ingress GI3/1/0of PE 1. Routing across VRFs is allowed in the PC 1 segment only and blocked inother segments.
Import a default route to the globalrouting table on PE 1 so that non-VPN services on the public network can learnthe default route to the Internet.
From the Internet to PC 1:
PE 1 needs a reverse route. Ruijie usesthe static routing across VRFs to reverse to the PC1 segment.
PE 1 needs to redistribute the staticroute to OSPF in VRF so that the egress router can learn the non-VPN route.
VI. Configuration Steps
Routing across VRFs is generally applied toPEs on the MPLS VPN, but it is VRF transfer in essence and unrelated to theMPLS.Therefore, MPLS VPN configuration is not involved in this example.
PE 1 Configuration:
1. Basic configuration for route connectivity.
ip vrfvpn1
interfaceGigabitEthernet 3/1/0
ippolicy route-map internet
ipaddress 12.0.0.2 255.255.255.0
interfaceGigabitEthernet 3/1/1
ip vrfforwarding vpn1
ipaddress 23.0.0.2 255.255.255.0
interfaceLoopback 0
ipaddress 2.2.2.2 255.255.255.255
routerospf 1
network2.2.2.2 0.0.0.0 area 0
network12.0.0.2 0.0.0.0 area 0
default-information originate always
routerospf 10 vrf vpn1
redistribute static subnets
network23.0.0.2 0.0.0.0 area 0
2. Routing policy from PC 1 to the Internet (via policy-based routing)
route-mapinternet permit 10
matchip address 100
set vrfvpn1
ipaccess-list extended 100
10permit ip 10.0.0.0 0.255.255.255 any
interfaceGigabitEthernet 3/1/0
ippolicy route-map internet
3. Routing policy from the Internet to PC 1 (via static routing)
ip routevrf vpn1 10.0.0.0 255.0.0.0 GigabitEthernet 3/1/0 12.0.0.1
PE 2 Configuration:
interfaceGigabitEthernet 0/0
ip ref
ipaddress 12.0.0.1 255.255.255.0
interfaceGigabitEthernet 0/1
ip ref
ipaddress 10.0.0.254 255.255.255.0
interfaceLoopback 0
ip ref
ipaddress 1.1.1.1 255.255.255.255
routerospf 1
network1.1.1.1 0.0.0.0 area 0
network10.0.0.0 0.0.0.255 area 0
network12.0.0.1 0.0.0.0 area 0
Configuration for the Internet egressrouter
interfaceGigabitEthernet 0/0
ip ref
ipaddress 23.0.0.3 255.255.255.0
interfaceLoopback 0
ip ref
ipaddress 3.3.3.3 255.255.255.255
routerospf 1
redistribute static subnets
network23.0.0.3 0.0.0.0 area 0
default-information originate
ip route0.0.0.0 0.0.0.0 Loopback 0
VII. Verification
1. PC 1 can ping the Internet egress router 3.3.3.3.
PC1#ping3.3.3.3
Sending 5,100-byte ICMP Echoes to 3.3.3.3, timeout is 2 seconds:
<press Ctrl+C to break >
!!!!!
Successrate is 100 percent (5/5), round-trip min/avg/max = 1/12/20 ms
Features
The RSR10-02E, RSR20-04E, and RSR20-14E/Frouters have fixed switch ports. These routers are designed using a newarchitecture and therefore, the configuration is different from that of theNMX-24ESW switch module. The fixed switch modules have the followingcharacteristics:
1. You cannot log in to fixed switch modules and they do not need to bemanaged separately (there is no centralized or distributed management).
2. All configurations of fixed switch modules are completed on therouter CLI (integrated routing and switching are implemented).
3. The method for configuring the switching function of fixed switchmodules is the same as the configuration method on the switch.
Configuration Examples
(Note: The following configurationis completed on the router CLI.)
1. Create VLAN 10 and VLAN 20.
Ruijie#configterminal
Enterconfiguration commands, one per line. End with CNTL/Z.
Ruijie(config)#vlan10
Ruijie(config-vlan)#exi
Ruijie(config)#vlan20
2. Configure the SVI addresses for VLAN 10 and VLAN 20.
Ruijie(config)#interfacevlan 10
Ruijie(config-if-VLAN10)#ip address 10.0.0.1 255.255.255.0
Ruijie(config-if-VLAN10)#exit
Ruijie(config)#interfacevlan 20
Ruijie(config-if-VLAN20)#ip address 20.0.0.1 255.255.255.0
3. Configure attribute of switch ports.
Ruijie(config)#interfacefastEthernet 1/1
Ruijie(config-if-FastEthernet1/1)#switchport mode access
Ruijie(config-if-FastEthernet1/1)#switchport access vlan 10
Ruijie(config-if-FastEthernet1/1)#exit
Ruijie(config)#interfacefastEthernet 1/2
Ruijie(config-if-FastEthernet1/2)#switchport mode access
Ruijie(config-if-FastEthernet1/2)#switchport access vlan 20
Ruijie(config-if-FastEthernet1/2)#exit
Ruijie(config)#interfacefastEthernet 1/3
Ruijie(config-if-FastEthernet1/3)#switchport mode trunk
A standard ACL can only match source IPaddresses.
Application Scenario
I.Networking Requirements
The intranet IP address PC1 192.168.1.2 isprohibited from accessing the Internet, but other IP addresses are not prohibited.
II. Network Topology
.files/image119.jpg)
III. Configurations Tips
1. Configure a standard ACL in global mode.
2. Apply the standard ACL on the intranet interface.
3. Save the configuration.
IV. Configuration Steps
1. Configure a standard ACL in global mode
Notes:
(2) A standard ACL can onlymatch source IP addresses, but an extended ACL canmatch five elements of the data stream (source IP address, destination IPaddress, source port, destination port, and protocol number).
(3) An ACL matches the ACE entries from top to down (according to theascending order of the sequence numbers of the ACE entries). After finding amatch, the ACL executes the action (allow/deny) of the related ACE entry anddoes not match any other ACE entries.
(4) An ACL contains animplicit ACE entry (deny any) that denies alltraffic.(4) To prohibit a certain network segment while allowing other networksegments, after configuring an ACE entry denying the traffic, add an ACE entry"permit any" to allow other traffic.
Ruijie(config)#ipaccess-list standard 1 //Creates a standard ACL 1
Ruijie(config-std-nacl)#10deny 192.168.1.2 0.0.0.0 //Configuresthe ACL entry with a sequence number of 10 to match the IP address 192.168.1.2(IP address + wildcard mask)
Ruijie(config-std-nacl)#20permit any // Configures topermit other traffic
Ruijie(config-std-nacl)#exit
2. Call the standard ACL on the intranet interface
Ruijie(config)#interfacefastEthernet 0/0
Ruijie(config-if-FastEthernet0/0)#ip access-group 1 in //Appliesthe ACL 1 on the intranet interface
3. Save the configuration
Ruijie(config-if-FastEthernet0/0)#end
Ruijie#write //Verifies and saves the configuration
V. Verification
Test whether the intranet PCs can access theInternet. If PC1 cannot access the Internet but other PCs can, theconfiguration is correct.
1. Show configuration of the ACL.
Ruijie#showaccess-lists
ipaccess-list standard 1
10 deny192.168.1.2 0.0.0.0
20 permitany
2. Show application of the ACL on the interface.
Ruijie#showip access-group
ipaccess-group 1 in
Applied Oninterface FastEthernet 0/0.
Function Introduction:
An extended ACL can match five elements ofthe data stream (source IP address, destination IP address, source port,destination port, and protocol number).
Application Scenario:
During security policy setting, an extendedACL can be used to control partial traffic from certain IP addresses or anetwork segment. For example, to prohibit an IP address from accessingwebsites, an extended ACL can be written with the source IP address being theaforesaid IP address, the destination IP address being any IP address, and thedestination port being 80 (the HHTP port is 80).
I.Networking Requirements
PC1 is prohibited from accessing the Webservice of 100.100.100.100 (TCP port80), but other traffic is all permitted.
II. Network Topology
.files/image120.png)
III. Configurations Tips
1. Configure an extended ACL in global mode
2. Apply the extended ACL on the intranet interface
3. Save the configuration
IV. Configuration Steps
1. Configure an extended ACL in global mode
(1) The number of a standard ACL ranges from 1 to 99 and from 1300 to1999. The number of an extended ACL ranges from 100 to 199 and from 2000 to2699.
(2) A standard ACL can onlymatch source IP addresses, but an extended ACL canmatch five elements of the data stream (source IP address, destination IPaddress, source port, destination port, and protocol number).
(3) An ACL matches the ACE entries from top to down (according to theascending order of the sequence numbers of the ACE entries). After finding amatch, the ACL executes the action (allow/deny) of the related ACE entry anddoes not match any other ACE entries.
(4) An ACL contains animplicit ACE entry (deny any) that denies alltraffic.To prohibit a certain network segment while allowing other networksegments, after configuring an ACE entry denying the traffic, add an ACE entry"permit any" to allow other traffic.
Ruijie(config)#ipaccess-list extended 100
Ruijie(config-ext-nacl)#10deny tcp 192.168.1.2 0.0.0.0 100.100.100.100 0.0.0.0 eq 80 //Configures an extended ACL to prohibit theintranet PC1192.168.1.2 fromaccessingPort80 of 100.100.100.100.
Ruijie(config-ext-nacl)#20permit ip any any //Configures topermit other traffic (mandatory)
Ruijie(config-ext-nacl)#exit
2. Apply the extended ACL on the intranet interface
Ruijie(config)#interfacefast Ethernet 0/0
Ruijie(config-if-FastEthernet0/0)#ip access-group 254.00 cm //Appliesthe ACL on the interface
3. Save the configuration
Ruijie(config-if-FastEthernet0/0)#end
Ruijie#write //Verifies and saves theconfiguration
V. Verification
1. Test whether theintranet PC1 can access the Web service of100.100.100.100 and other traffic. If PC1 cannot access the Web service of100.100.100.100 but can access other traffic, the configuration is correct.
2. Show configuration of the ACL.
Ruijie#showaccess-lists
ip access-listextended 100
10 denytcp host 192.168.1.2 host 100.100.100.100 eq www
20 permitip any any
3. Show application of the ACL on the interface.
Ruijie#showip access-group
ipaccess-group 100 in
Applied Oninterface Fast Ethernet 0/0.
Function Introduction:
Reflexive ACLs can be used for one-wayaccess. A temporary access list is automatically generated based on the L3 andL4 information of the traffic originated by the intranet. The temporary accesslist is created according to the following principles: the protocol is notchanged, the source IP address and the destination IP address are exchanged,and the source port and the destination port are exchanged. The router allowstraffic to enter the intranet only when the L3 and L4 information of thereturned traffic exactly matches that of the temporary access list createdbased on the outbound traffic.
Application Scenario
During security policy setting,standard/extended ACLs can be used to match IP traffic. Besides, reflexive ACLscan also be used to meet one-way access demands. Only when one end activelyinitiates an access session, the return packets from the peer can be passed. Ifthe peer actively initiates an access session, the access is denied by the ACL.
I.Networking Requirements
The loopback 0 address 1.1.1.1 of R1 canactively access loopback 0 3.3.3.3 of R3, but R3 cannot actively access R1, soas to realize one-way access from R1 to R3.。
II. Network Topology
.files/image121.png)
III. Configurations Tips
1. Complete basic configuration for each device, including theconfiguration of interface IP addresses and routers.
2. Configure a reflexive ACL on R2.
IV. Configuration Steps
1. Complete basic configuration for each device, including theconfiguration of interface IP addresses and routers
Omitted.
3. Configure a reflexive ACL
R2(config)#ipaccess-list extended 100
R2(config-ext-nacl)#permitip host 1.1.1.1 host 3.3.3.3
R2(config)#intergi0/0
R2(config-if-GigabitEthernet0/0)#ip access-group 100 in reflect
R2(config)#ipaccess-list extended 101
R2(config-ext-nacl)#denyip any any
R2(config)#intergi0/1
R2(config-if-GigabitEthernet0/0)#ip access-group 101 in
V. Verification
1. After configuration, the ping from loopback 0 of R1 to loopback 0 ofR3 shows to be successful.
R1#ping3.3.3.3 source 1.1.1.1
Sending 5,100-byte ICMP Echoes to 3.3.3.3, timeout is 2 seconds:
<press Ctrl+C to break >
!!!!!
Successrate is 100 percent (5/5), round-trip min/avg/max = 10/12/20 ms
2. The ping from loopback 0 of R3 to loopback 0 of R1 is failed.
R3#ping1.1.1.1 source 3.3.3.3
Sending 5,100-byte ICMP Echoes to 1.1.1.1, timeout is 2 seconds:
<press Ctrl+C to break >
.....
Successrate is 0 percent (0/5)
Features:
NAT: refers to Network Address Translation. Duringnormal data forwarding, the source and destination addresses at the IP headerand the port number are not changed. However, when NAT is enabled, the packetheader contents are changed, implementing functions such as hiding realaddresses of inside and outside hosts, enabling multiple hosts to share a fewIP addresses to access inside and outside networks, implementing overlapping ofIP addresses, and server load balance.
Port Address Translation (PAT): also known as Network Address Port Translation (NAPT) or port reusingof NAT. It is used to implement network address translation by mapping anddistinguishing data streams based on IP addresses and port numbers so thatmultiple inside hosts can access an outside network using one or a few legal IPaddresses.
NAT terms:
Inside local: inside local address (the realaddress of an inside host, generally a private address).
Inside global: inside global address (theaddress of an inside host for accessing outside networks after NAT; it is alegal IP address allocated by ISP).
Outside local: outside local address (theaddress of an outside host after NAT; it is generally a private IP address.When an inside host accesses the outside host, the outside host is consideredas an inside host instead of an outside host.)
Outside global: outside global address (thereal address of an outside host; it is a legal IP address on the Internet).
The PPPOE implementation of the products issimilar to that of senior DDR (DDR Profiles).An Ethernet interface is bound toa logic dialer interface, and the logic dialer interface implements specificnegotiation.
Application Scenario
An enterprise rents the broadband dialingline of a Telecom operator to access Internet resources.
I.Networking Requirements
Intranet users use the RG-RSR router toaccess Internet, and the Internet line is the ADSL dialing line.
II. Network Topology
.files/image122.jpg)
III. Configurations Tips
1. Configure dialing.
3. Configure the default route.
IV. Configuration Steps
1. Enable PPPOE on the physical interface
Ruijie>enable
Ruijie#configureterminal
Ruijie(config)#interfaceFastEthernet 0/0
Ruijie(config-if-FastEthernet0/0)#pppoe enable //Enables PPPOE
Ruijie(config-if-FastEthernet0/0)# pppoe-client dial-pool-number 5 no-ddr //Binds the Ethernet interface tothe dialer pool 5
Ruijie(config-if-FastEthernet0/0)# ip ref //Enable Ruijie ExpressForwarding (REF). If the command is not identified, REF is enabled by default.
Ruijie(config-if-FastEthernet0/0)#exit
2. Configure the logic dialer interface
Ruijie(config)#interfacedialer 0
Ruijie(config-if-dialer0)# ip ref //EnablesREF. If the command is not identified, ref is enabledby default.
Ruijie(config-if-dialer0)#encapsulation ppp //EncapsulatesPPP
Ruijie(config-if-dialer0)#ppp chap hostname pppoe //Configuresthe CHAP-encrypted user name: pppoe
Ruijie(config-if-dialer0)#ppp chap password pppoe /Configuresthe CHAP-encrypted password: pppoe
Ruijie(config-if-dialer0)#ppp pap sent-username pppoe password pppoe //Configures PAP-encrypted user name and password
Ruijie(config-if-dialer0)#ip address negotiate //Negotiatesto obtain the IP address
Ruijie(config-if-dialer0)#dialer pool 5 //Associatesthe dialer pool 5
Ruijie(config-if-dialer0)#dialer-group 1 //Rulesstimulating dialing
Ruijie(config-if-dialer0)#dialer idle-timeout 300 //Thedialer is disconnected when the idle time of 300s times out
Ruijie(config-if-dialer0)#mtu 1492
Ruijie(config-if-dialer0)#exit
Ruijie(config)#access-list1 permit any
Ruijie(config)#dialer-list1 protocol ip permit //Globaldialer list
3. Configure NAT
Ruijie(config)#access-list 100permit ip any any //Defines the data stream to execute NAT. The parameter is set to "any" here.
Ruijie(config)#ipnat pool ruijie prefix-length 24 //Configures the NAT address pool to "ruijie"and match 24bits mask.
Ruijie(config-ipnat-pool)#addressinterface dialer 0 match interface dialer 0 //Configures IP NAT translation. To forward data fromdialer 0, use the address of dialer 0 for NAT.
Ruijie(config-nat-pool)#exit
Ruijie(config)#ipnat inside source list 100 pool ruijie overload // Configures the NAT policy. "100" indicatesaccess-list 100 and "ruijie" indicates the address pool of NAT.
Ruijie(config)#interfacedialer 0
Ruijie(config-if-dialer0)#ip nat outside //Indicates an Internet NAT interface
Ruijie(config-if-dialer0)#interface fastEthernet 0/1
Ruijie(config-if-FastEthernet0/1)#ip nat inside //Indicatesan intranet NAT interface
Ruijie(config-if-FastEthernet0/1)#ip address 192.168.1.1 255.255.255.0 //Configures an intranet IP address as the intranetgateway
Ruijie(config-if-FastEthernet0/1)#ip ref
4. Configure the default route
Ruijie(config)#iproute 0.0.0.0 0.0.0.0 dialer 0
V. Verification
1. Check whether dialing is successful
Ruijie#showip interface brief
Interface IP-Address(Pri) OK? Status
FastEthernet0/0 no address YES DOWN
FastEthernet0/1 192.168.1.1/24 YES UP
dialer0 222.168.1.2 YES UP
Note: If theconfiguration is correct, the IP address is displayed after "dialer0".
2. After the IP address, mask and gateway of an intranet computer are configuredto 192.168.1.x, 255.255.255.0 and 192.168.1.1 respectively, and the DNS iscorrectly configured, the computer can access Internet.
Introduction:
This section introduces basic network accessconfigurations for routers without switching interfaces. The router modelsinclude RSR1002, RSR20-04, RSR20-14, RSR20-18, RSR20-24, RSR30-44 (withoutNMX-24ESW card), RSR30-X, RSR50 series, and RSR77 series. It is common that therouters have routing interfaces but do not have switching interfaces. Ifmultiple PCs need to access the Internet, a switch is needed in the insidenetwork. This section introduces how to access Internet through NAT and how tomap the inside network server to the Internet.
Features:
Port Address Translation (PAT): also known as Network Address Port Translation (NAPT).It is usedto implement network address translation by mapping and distinguishing datastreams based on IP addresses and port numbers of outside interfaces so thatmultiple inside hosts can access an outside network using IP addresses of theoutside interfaces. It is often used when there is only one public networkaddress.
Address pool translation: It is used to implement network address translation by mapping anddistinguishing data streams based on IP addresses and port numbers of thepublic address pool so that multiple inside hosts can access the outsidenetwork using a few public IP addresses. It is often used when one outboundinterface has multiple public IP addresses.
Static NAT: Itis used to map IP addresses of inside hosts to public IP addresses in the oneto one manner, or map IP addresses and port numbers of inside hosts to publicIP addresses and port numbers in the one to one manner. It is often used to mapan IP address of an inside host to a public IP address, or map a port of aninside server to a port of a public address so that the inside server can beaccessed through the public IP address or public IP address + port number.
Scenarios
An enterprise can rent a private line of anoperator for network access. The following describes three scenarios forrelevant functions:
Scenario 1: When there is only one public IPaddress, the IP addresses of all inside network users need to be translatedinto the IP address of the outside network interface, so that all insidenetwork users can access the outside network.
Scenario 2: When there is a public IP addresssegment, the IP addresses of all inside network users need to be translatedinto the IP addresses in the public IP address segment, so that the insidenetwork users can access the outside network.
Scenario 3: The inside network server ismapped to a public IP address so that outside network users can access theresources on the inside network server through the public IP address.
I.Networking Requirements
An RSR router is used as the Internet egress,and all inside PC gateways are on this router. The router is used to access theoutside network, the IP address (port number) of the inside network server ismapped to a public IP address (port number), so as to provide services foroutside users.
II. Network Topology
.files/image123.png)
III. Configurations Steps
1. Configure basic IP addresses.
2. Configure basic IP routes.
3. Configure the DHCP server.
4. Define the inside network port and outside network port for NAT.
5. Configure ACLs on R1, and match the inside network traffic for NAT.
6. Configure a NAT policy for scenario 1.
7. Configure a NAT policy for scenario 2.
8. Configure a NAT policy for scenario 3.
IV. Configuration Steps
1. Configure basic IP addresses.
Ruijie(config)#hostnameR1
R1(config)#interfacegigabitEthernet 0/0
R1(config-GigabitEthernet0/0)#ip address 172.168.1.254 255.255.255.0
R1(config-GigabitEthernet0/0)#exit
R1(config)#interfacegigabitEthernet 0/1
R1(config-GigabitEthernet0/1)#ip address 192.168.2.1 255.255.255.0
R1(config-GigabitEthernet0/1)#exit
3. Configure basic IP routes.
R1(config)#iproute 0.0.0.0 0.0.0.0 192.168.2.2 // Configures the outbound route to the default route ofthe Internet.
4. Configure the DHCP server.
Ruijie(conf)#servicedhcp //Enables the DHCP service.
Ruijie(conf)#ip dhcp pool ruijie //ruijie refersto the name of the DHCP address pool, and can be named at random.
Ruijie(dhcp-config)#netw172.16.1.0 255.255.255.0 //Indicatesthe network segment of the IP addresses from which a computer will obtain an IPaddress.
Ruijie(dhcp-config)#default-router172.16.1.254 //Indicates thegateway address of the f0/1 interface connected to the computer, that is, theIP address of the f0/1 interface.
Ruijie(dhcp-config)#dns-server202.96.113.34 202.96.13.35 //Indicatesthe computer's DNS. The former one is the active DNS, and the latter one is thestandby DNS.
5.
Global / EN
