Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Download as PDF Print this page Share this page

Have a look at the manual 3Com Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 19 3Com manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

View all the pages

Add page 161 to Favourites

image text

Enable zoom

Sub-Interface157
Any packet reaching the null interface will be dropped, which provides another
method for packet filtering: Just sending unnecessary network traffic to Null0
interface, so that there is no need to configure ACL.
For example: Use static routing configuration command ip route-static
192.101.0.0 255.255.0.0 null 0
will drop all the packets sent to network
segment 192.101.0.0.
2Configure operating parameters of the interface
ip unreachables is the only command which can be configured on the Null
interface. It indicates that the router will reply the ICMP unreachable packet when
it receives packets sent to the Null interface.
Please perform the following configurations in Null interface view.
Ta b l e 189 Configure/Remove the sending of ICMP unreachable packet
Sub-InterfaceThe 3Com Router comes up with the concept of “sub-interface” and allows users
to configure multiple sub-interfaces on one physical interfaces on the 3Com
Router series, making it very flexible for configuration.
Sub-interfaces refer to the multiple logical virtual interfaces configured on one
physical interface. These virtual interfaces share the physical layer parameters of
the physical interface, meanwhile, they can be configured with their own link layer
parameters and network layer parameters. Therefore, the multiple virtual
interfaces corresponding to one physical are called “sub-interfaces”.
■In the 3Com Router series, the physical interfaces supporting sub-interface
features include:
■Ethernet interface: When the sub-interface of Ethernet has not been
configured with VLAN id, the sub-interface can only support IPX network
protocol. After configured with VLAN id, it will be able to support both IPX and
IP protocols.
■WAN interface which link layer protocol is frame relay: Its sub-interface can
support IP and IPX network protocols.
WAN interface which link layer protocol is X.25: Its sub-interface can support IP
and IPX network protocols.
Configure Sub-Interface According to different physical interfaces, sub-interface configuration includes:
■Configure sub-interfaces of Ethernet interface
■Configure sub-interfaces of WAN interface which link layer protocol is frame
relay
■Configure sub-interfaces of WAN interface which link layer protocol is X.25
OperationCommand
Configure the sending of ICMP unreachable packetip unreachables
Remove the sending of ICMP unreachable packetundo ip unreachables

Add page 162 to Favourites

image text

Enable zoom

							158CHAPTER 11: CONFIGURING LOGICAL INTERFACE
Configure sub-interfaces of Ethernet interface
1Create and delete Ethernet sub-interfaces
Please use the following commands in all views.
Ta b l e 190   Create and delete Ethernet interface
When using the above commands, if corresponding Ethernet sub-interface has 
been created (the same as sub-number), enter the view of this sub-interface 
directly. Otherwise, first create Ethernet sub-interface with sub-number as the 
specified one, and then enter the view of this sub-interface. 
2Configure relevant working parameters 
If the sub-interface of Ethernet has not been configured with VLAN id, it can only 
support IPX network protocol. Therefore, only IPX network address and other IPX 
working parameters can be configured on this sub-interface. After configured 
with VLAN id, the sub-interface of Ethernet can support IP and IPX. The detailed 
configuration procedure and method are similar to those of the Ethernet interface. 
Please refer to 
Chapter 9 “Configuring LAN Interface” and Chapter 20 
“Configuring IP Address”.
Configure sub-interfaces of WAN interface which link layer protocol is 
frame relay
1Create and delete WAN sub-interfaces
Please use the following commands in all views.
Ta b l e 191   Create and delete WAN sub-interface
When using the above commands, if corresponding WAN sub-interface has been 
created (the same as sub-number), enter the view of this sub-interface directly. 
Otherwise, first create WAN sub-interface with sub-number as the specified one, 
and then enter the view of this sub-interface. 
2Configure relevant working parameters 
The following items can be configured on the sub-interface of WAN interface 
which link layer protocol is frame relay: 
■Frame relay address mapping which is different from the affiliated WAN 
interface (i.e. the main interface)
■IP address which is not in the same network segment as the affiliated WAN 
interface
OperationCommand
Create Ethernet sub-interface and enter its viewinterface ethernet 
number.sub-number
Delete the specified Ethernet sub-interfaceundo interface ethernet 
number.sub-number
OperationCommand
Create WAN sub-interface and enter its viewinterface serial 
number.sub-number [ multipoint | 
point-to-point ]
Delete specified WAN sub-interfaceundo interface serial 
number.sub-number [ multipoint | 
point-to-point ]

Add page 163 to Favourites

image text

Enable zoom

							Sub-Interface159
■IPX network number which is different from that of the affiliated WAN 
interface, and other IPX working parameters
■Virtual circuit of the sub-interface 
Please see chapters in Operation Manual - Link Layer Protocol and Operation 
Manual - Network Protocol for details about the above configurations. 
Configure sub-interfaces of WAN interface which link layer protocol is X.25
1Create and delete WAN sub-interfaces
The command is the same as above.
2Configure relevant working parameters 
The following items can be configured on the sub-interface of WAN interface 
which link layer protocol is X.25:
■X.25 address mapping different from the affiliated WAN interface (i.e. the main 
interface)
■IP address which is not in the same network segment as the affiliated WAN 
interface
■IPX network number which is different from that of the affiliated WAN 
interface, and other IPX working parameters
■Virtual circuit of the sub-interface
Please see chapters in the Operation Manual - Link Layer Protocol and Operation 
Manual - Network Protocol for details about the above configurations, and 
sub-interface monitoring and maintenance. No further details are provided here. 
Typical WAN sub-interface configuration example
I. Networking Requirements
As shown below, WAN interface Serial0 of router A is connected with router B and 
router C via public frame relay network. By configuring sub-interfaces on Serial0 
of router A, LAN 1 can simultaneously access LAN 2 and LAN 3 via Serial0. 
II. Networking Diagram
Figure 48   Networking diagram of WAN sub-interface configuration example
III. Configuration Procedure
1Enter the view of WAN interface Serial0 of router A
[Router]interface serial 0
2Select frame relay link layer protocol
Router ARouter B
Router C
Frame relay
Ethernet 1
Serial0DLCI=50 202.38.160.1
202.38.161.2
129.9.0.0
Ethernet 3Ethernet 2
DLCI=60DLCI=70
DLCI=80 202.38.160.2
202.38.161.1129.10.0.0
129.11.0.0

Add page 164 to Favourites

image text

Enable zoom

							160CHAPTER 11: CONFIGURING LOGICAL INTERFACE
[Router-Serial0]link-protocol fr
3Specify DTE as its frame relay terminal type
[Router-Serial0]fr interface-type dte
4Create sub-interface Serial 0.1 on WAN interface Serial0 of router A in point-to 
point mode, and enter its view
[Router]interface serial 0.1 point-to-point
5Set its IP address to 202.38.160.1 and address mask to 255.255.255.0.
[Router-Serial0.1]ip address 202.38.160.1 255.255.255.0
6Allocate a virtual circuit with DLCI 50 to it.
[Router-Serial0.1]fr dlci 50
7Create sub-interface Serial 0.2 on WAN interface Serial0 of router A in point-to 
point mode, and enter its view
[Router]interface serial 0.2 point-to-point
8Set its IP address to 202.38,161.1 and address mask to 255.255.255.0.
[Router-Serial0.2]ip address 202.38.161.1 255.255.255.0
9Allocate a virtual circuit with DLCI 60 to it.
[Router-Serial0.2]fr dlci 60
10Configure the static route from router A to LAN2 and LAN3.
[Router]ip route-static 129.10.0.0 255.255.0.0 202.38.160.2
[Router]ip route-static 129.11.0.0 255.255.0.0 202.38.161.2
Configurations of router B and router C are omitted here. For fault diagnosis and 
troubleshooting of sub-interface, please see chapters in Operation Manual - Link 
Layer Protocol and Operation Manual - Network Protocol in this manual. 
Standby Center Logic 
ChannelThe standby center not only provides mutual backup between respective 
interfaces, but also chooses a certain virtual circuit belonging to X.25 or frame 
relay as the main interface or standby interface of the standby center. Please see 
relevant chapters in Operation Manual – Reliability for details about the standby 
center.
To facilitate configuration, the user can specify relevant logic channel for the 
above-mentioned virtual circuit and configure working parameters of the standby 
center in the logic channel.
Configure Standby 
Center Logic ChannelFor detailed description, monitoring and maintenance, typical configuration 
example, fault diagnosis and troubleshooting oriented to the configurations of the 
standby center logic channel, please see Operation Manual – Reliability.
Virtual-Template and 
Virtual InterfaceVirtual-template as the name implies, is a template used to configure a virtual 
interface, mainly used in VPN and MP.
After setting up the connection of VPN session, it is necessary to create a virtual 
interface to exchange data with the opposite end. At this times configuration and

Add page 165 to Favourites

image text

Enable zoom

Virtual-Template and Virtual Interface161
dynamically create a virtual interface based on the configuration parameters of the
template.
Similarly, after multiple PPP links are bound as MP, a virtual interface also needs to
be created to exchange data with the opposite end. At this time, select an
interface template to dynamically create a virtual interface.
Configure
Virtual-Template In VPN and MP application environments, the system automatically creates and
deletes virtual interface, which is completely transparent to the user. The user only
needs to configure VPN or MP at corresponding physical interface, create and
configure virtual-template and then build up relation between the virtual-template
and relevant physical interface.
Virtual-template configuration includes:
■Create and delete virtual-template
■Set working parameters of the virtual-template
■Build up corresponding relation between the virtual-template and relevant
physical interface.
1Create and delete virtual-template
Please use the following commands in all views.
Ta b l e 192 Create or delete virtual-template
Here, number stands for template number of virtual-template ranging 1 to 25, i.e.
the user can create up to 25 virtual-templates.
In executing interface virtual-template command, if corresponding
virtual-template has been created, then directly enter the view of this
virtual-template. Otherwise, first create the virtual-template with specified
template number.
In deleting the virtual-template, make sure that all of its derived virtual interfaces
have been removed and this virtual-template is not in use any more.
2Set work parameters of virtual-template
Compared with normal physical interface, the virtual-template has the following
features: the link layer protocol only supports PPP, and the network protocol
supports IP and IPX. Therefore, the following working parameters can be set:
■Set working parameters of PPP
■Set IP address of virtual interface
■Set IP address (or IP address pool) allocated to PPP opposite end
Settings of these parameters on virtual-template are the same as those on normal
interface. Please see related chapters of PPP configuration in Operation Manual –
Link Layer Protocol, IP address configuration in Operation Manual – Network
Protocol and RADIUS configuration in Operation Manual – Security for
configuration details.
OperationCommand
Create virtual-template and enter its viewinterface virtual-template
number
Delete the virtual-templateundo interface
virtual-template number

Add page 166 to Favourites

image text

Enable zoom

							162CHAPTER 11: CONFIGURING LOGICAL INTERFACE
3Create corresponding relation between the virtual-template and related physical 
interface
In VPN application environment, it is necessary to build up corresponding relations 
between L2TP group and virtual-template. In MP application environment, it is 
necessary to build up corresponding relations between MP and virtual-template. 
Please see chapters in Operation Manual – VPN and Operation Manual – Link 
Layer Protocol for detailed description.
Display and Debug 
Virtual-Template and 
Virtual InterfaceThe virtual interface, automatically created by the system if necessary, will work by 
using parameters of related virtual-template. So, its unnecessary for manual 
configuration. The virtual interface will be deleted because of low-layer link 
disconnection or user intervention.
The following command can be used to display the state of virtual-template in all 
views.
Ta b l e 193   Display state of the specified virtual-template
TroubleshootingBefore checking and eliminating faults of virtual-template, first find out the 
virtual-template is used to create VPN virtual access interface or MP virtual 
interface, then locate the fault of the virtual-template in actual application 
environment. 
Fault 1: Fail to create virtual interface. 
Troubleshooting: the reasons may be as follows:
■The virtual-template is not configured with IP address. Therefore, PPP 
consultation fails and the virtual interface cant turn to Up state.
■The virtual-template is not configured with IP address (or IP address pool) 
allocated to the opposite end. If it is required to allocate addresses to the 
opposite end in actual application, the virtual interface cannot meet the 
requirement, nor turn to Up state.
■PPP authentication parameter is set incorrectly. If the opposite end is not the 
user defined by the router, PPP consultation will also fail.
Please see related chapters of Operation Manual – VPN and Operation Manual – 
Link Layer Protocol for more methods of fault diagnosis and troubleshooting of 
virtual-template.
OperationCommand
Display the state of the specified 
virtual-templatedisplay interfaces 
virtual-template 
virtual-template-number

Add page 167 to Favourites

image text

Enable zoom

							IV
LINK LAYER PROTOCOL
Chapter 12Configuring PPP and MP
Chapter 13Configuring PPPoE Client
Chapter 14Configuring SLIP
Chapter 15Configuring ISDN Protocol
Chapter 16Configuring LAPB and X.25
Chapter 17Configuring Frame Relay
Chapter 18Configuring HDLC
Chapter 19Configuring Bridge

Add page 168 to Favourites

image text

Enable zoom

Add page 169 to Favourites

image text

Enable zoom

							12
CONFIGURING PPP AND MP
This chapter contains information on the following topics:
■PPP Overview
■MP Overview
■Configure PPP
■Configure MP
■Display and Debug PPP
■Typical PPP Configuration Example
■Typical MP Configuration Example
■Fault Diagnosis and Troubleshooting of PPP
PPP OverviewThe Point-to-Point Protocol (PPP) provides a standard method for transporting 
multi-protocol datagram over point-to-point links. It gains wide applications since 
it can provide user authentication, support synchronous/asynchronous lines and 
can be expanded easily.
PPP defines a whole set of protocols, including link control protocol (LCP), network 
control protocol (NCP) and authentication protocols (PAP and CHAP). Of them:
■Link Control Protocol is used to negotiate some parameters of the link and is 
responsible for creating and maintaining the link.
■Network Control Protocol is used to negotiate the parameters of network layer 
protocol.
PPP Authentication Mode
1PAP authentication
PAP (Password Authentication Protocol) is a 2-way handshake authentication 
protocol and it transmits username and password in plain text over the Internet. 
The process of PAP authentication is as follows:
The requester repeatedly sends its username/password combination across the link 
until the authenticator responds with an acknowledgment or until the link is 
broken. The authenticator may disconnect the link if it determines that the 
username/password combination is not valid. 
2CHAP authentication
CHAP (Challenge-Handshake Authentication Protocol) is a 3-way handshake 
authentication protocol. It only sends the username but not the password across 
the link. The process of CHAP is as follows:

Add page 170 to Favourites

image text

Enable zoom

166CHAPTER 12: CONFIGURING PPP AND MP
The authenticator sends some randomly generated packets to the requester
(challenge), and at the same time it sends its configured username to the
requester.
When the requester receives the challenge, it will look for the user password
according to the authenticators username and its own user list. If it finds the user
in the user list with the same name as the authenticators username, the requester
builds the response with its own password, serial number of packet using MD5
algorithm, and sends the generated response and its configured username to the
authenticator (response).
After receiving the response from the requester, the authenticator does the same
encryption as the requester with the saved password, serial number of packet
using MD5 algorithm. Then it compares the encryption result with the response
from requester, and returns the response according to the comparison result
(Acknowledge or Not Acknowledge).
3Phases of PPP negotiation:
aWhen the physical layer is unavailable, the link is in Dead phase. A link shall start
from the Dead phase. When the physical layer becomes available, PPP link enters
the Establish phase.
bIn Establish phase, PPP link carries out LCP negotiation, including negotiation
of working mode (SP or MP), authentication mode and maximum transmission
unit etc. After the successful LCP negotiation, the status of LCP is Open,
indicating that the link has been established.
cIf the authentication is not configured, it begins NCP negotiation. At this time,
the status of LCP is still Open, while the status of NCP is changed from Initial
to Request-sent.
dIf the authentication is configured (the remote verifies the local or the local
verifies the remote), it enters Authenticate phase to start CHAP or PAP
authentication. If the authentication fails, it enters Te r m i n a t e phase, the link is
removed and LCP turns down. After successful authentication, the NCP
negotiation begins. At this time, the status of LCP is still Open, while the status
of NCP is changed from Initial to Request-sent.
eNCP negotiation supports the negotiations of IPCP and IPXCP, of which IPCP
negotiation mainly includes the IP addresses of two partners. One or more
network layer protocols is selected and configured through NCP negotiation.
The selected network layer protocol must be configured successfully before this
network layer protocol sends packets through this link.
fPPP link will remain in communication status until a specific LCP or NCP frame
closes this link or some external events take place (for example, the
intervention of user).
Phases of PPP negotiation are shown in the following diagram.

All 3Com manuals Comments (0)