Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Download as PDF Print this page Share this page

Have a look at the manual 3Com Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 19 3Com manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

View all the pages

Add page 171 to Favourites

image text

Enable zoom

MP Overview167
Figure 49 Diagram of PPP negotiation phases
For detailed description of PPP, refer to RFC1661.
MP OverviewMP protocol (PPP Multilink protocol) can bind multiple PPP links, so as to increase
bandwidth. MP protocol can fragment large packets, and then the fragmentation
will be sent to the same destination through different PPP links, so as to decrease
the transmission time of large packets.
The negotiation process in MP mode is as follows (e.g: establishing MP in the
virtual interface template):
1Detect whether the interface of the peer works in MP mode. First begin LCP
negotiation with the peer, negotiating about ordinary LCP parameters and verify
whether the interface of the peer works in MP mode. If the peer does not work in
MP mode, begin NCP negotiation and do not bundle MP.
2Bind the interface to virtual template interface. This can be done in the following
two ways: Bind directly and bind according to username or endpoint. In the
former way, the router does not detect the username and endpoint, and binds the
interface to a specified virtual template interface. In the latter way, the router
binds the interface to the virtual template interface according to the username or
endpoint.
3Perform NCP negotiation. After the interface is bound to a virtual template, the
router will begin NCP negotiation with the NCP parameters for this virtual
template (such as IP address). The NCP parameters configured at the physical
interface are not functional. If NCP negotiation is successful, MP link can be
established, to transport data with wider bandwidth.
Configure PPPPPP configuration includes:
■Configure the link layer protocol of the interface to PPP
■Configure PPP authentication
■Configure AAA authentication and accounting parameter of PPP
■Configure PPP negotiation parameter
■Configure PPP compression
■Configure PPP link quality monitoring
1Configure the Link Layer Protocol of the Interface to PPP
Perform the following configuration in the interface view.
DeadEstablishAuthenticate
TerminateNetwork
UP OPENED
FAIL
FAIL
DOWNCLOSINGSUCCESS/NON

Add page 172 to Favourites

image text

Enable zoom

							168CHAPTER 12: CONFIGURING PPP AND MP
Ta b l e 194   Configure the link layer protocol of the interface to PPP
The default link layer protocol of the interface is PPP.
2Configure PPP Authentication
PPP has two authentication modes: PAP mode and CHAP mode. CHAP 
authentication is more secure.
■Configure PAP authentication
aConfigure the authenticator of PAP authentication
Perform the following configuration in the interface view, and use the user 
command in 
the system view.
Ta b l e 195   Configure the local authenticates the peer in PAP mode
bConfigure the requester of PAP authentication
Perform the following configuration in the interface view.
Ta b l e 196   Configure the peer authenticates the local in PAP mode
While configuring PAP authentication, note following:
■If one side originates the PAP, authenticator should add username and 
password for the requester in the local database (use 
local-user 
command). The requester should send its username and password to the 
authenticator (use 
ppp pap local-user command).
■If one side originates the PAP, authenticator only needs to start PAP 
authentication itself (use 
ppp authentication-mode pap command). The 
requester does not need to configure the command.
■If both sides originate PAP simultaneously, then each side is both 
authenticator and requester. At this time, both sides need to configure all 
the commands supporting the PAP authentication.
■Configure CHAP authentication
aConfigure the authenticator of CHAP authentication
Perform the following configuration in the interface view, and use the 
local-user command in the system view.
OperationCommand
Configure the link layer protocol of the interface to PPPlink-protocol ppp
OperationCommand
Enable PAP authenticationppp authentication-mode pap [ 
callin ] [scheme { default | 
name-list }]
Disable PPP authenticationundo ppp authentication-mode
Add the username and password of the peer 
into the local user listlocal-user user password { 
simple | cipher } password 
service-type ppp
OperationCommand
Configure PAP username and password when 
the peer authenticates the local in PAP modeppp pap local-user username 
password { simple | cipher } 
password
Delete the above configured username and 
password sent during authentication in PAP 
modeundo ppp pap local-user

Add page 173 to Favourites

image text

Enable zoom

							Configure PPP169
Ta b l e 197   Configure the local authenticates the peer in CHAP mode
bConfigure the requester of CHAP authentication
Perform the following configuration in the interface view, and use the 
local-user command in the system view.
Ta b l e 198   Configure as the peer authenticates the local in CHAP mode
Generally, when the router configures user list, it configures the command ppp 
chap user username
 and local-user user password { simple | cipher } 
password
, to perform CHAP authentication. While configuring CHAP 
authentication, user of one end is the username of the other, and the password 
must be the same.
In some situation, if the router cannot configure user list then it needs to 
configure the command p
pp chap password { simple | cipher } 
password to perform CHAP authentication.
While configuring CHAP authentication, note the following:
■If one side originates the CHAP, authenticator should add username and 
password for the requester in the local database (use 
local-user 
command), and should send its username to the requester (use ppp chap 
user 
command). The requester should also add username and password 
for the authenticator in its database (use 
local-user command), and send 
its username and password to the authenticator (use
 ppp chap user 
command).
■If one side originates the CHAP, authenticator only needs to start CHAP 
authentication itself (use 
ppp authentication-mode chap command). The 
requester does not need to configure the command.
■If both sides originate CHAP simultaneously, then each side is both 
authenticator and requester. At this time, both sides need to configure all 
the commands supporting the CHAP authentication.
3Configure AAA Authentication and Accounting Parameter of PPP
OperationCommand
Enable CHAP authenticationppp authentication-mode chap [ 
call-in ] [ scheme { default | 
name-list }]
Disable CHAP authenticationundo ppp authentication-mode
Configure the name of the localppp chap user username
Delete the configured name of the localundo ppp chap user
Add the username and password of the peer 
into the local user listlocal-user user password { 
simple | cipher } password
OperationCommand
Configure the name of the localppp chap user username
Delete the configured name of the localundo ppp chap user
Configure the password of the local for 
authentication in CHAP modeppp chap password { simple | 
cipher } password
Delete the password of the local during 
authentication in CHAP modeundo ppp chap password
Add the username and password of the peer 
into the local user listlocal-user user password { 
simple | cipher } password

Add page 174 to Favourites

image text

Enable zoom

							170CHAPTER 12: CONFIGURING PPP AND MP
Whether the PPP user passes the authentication will be finally decided by AAA, 
which can authenticate PPP user at local or at RADIUS server.
Local authentication is to authenticate the local user configured through the 
local-user user password { simple | cipher } password command, and 
RADIUS server authentication is to authenticate using the user database on 
RADIUS server. The specific configuration commands are shown in the following 
table.
Ta b l e 199   Configure AAA authentication and accounting of PPP
For PPP authentication method of AAA, refer to Security. If PPP authentication 
method of AAA is not specified on the interface, please use the default 
authentication method.
4Configure PPP Negotiation Parameter
The following PPP negotiation parameters can be configured:
■Time interval between negotiation timeout
During PPP negotiation, if the response packet of the peer is not received 
within this time interval, PPP will retransmit the packet. The default time 
interval of timeout is 10s, and the value range is 1~10s.
■Some negotiation parameters of NCP
For the configuration of local IP address and the IP address assigned to the 
peer, refer to Network Protocol. For example, if it is necessary for the remote 
end to allocate an IP address for the local end, you can use the 
ip address 
ppp-negotiate 
command, while the remote address command can be used 
to designate the local to assign IP address for the peer.
Ta b l e 200   Configure the time interval of PPP negotiation timeout
5Configure PPP Compression
The current the 3Com Router version supports the Stac compression method. 
Perform the following task in the interface view.
Ta b l e 201   Configure PPP compression
OperationCommand
Enable AAAaaa-enable
Configure PPP authentication method of AAAaaa authentication ppp { 
default | list-name } [ 
method1 | method2 | ...... ]
Configure the local first authentication of AAAaaa authentication local-first
Configure PPP authentication method of AAA at 
the interfaceppp authentication-mode { chap 
| pap } [ default | list-name ]
OperationCommand
Configure the time interval of negotiation timeoutppp timer negotiate 
seconds
Restore the default of time interval of negotiation 
timeoutundo ppp timer negotiate
OperationCommand
Configure as Stac compression permitted on the 
interfaceppp compression stac-lzs
Cancel the Stac compression used by the interfaceundo ppp compression 
stac-lzs

Add page 175 to Favourites

image text

Enable zoom

							Configure MP171
In MP working mode, it is not recommended to use PPP compression. To configure 
PPP compression negotiation on the virtual interface, PPP compression must be 
configured on Virtual-template interface before the subordinate physical interface 
can accept the PPP compression negotiation.
6Configure PPP Link Quality Monitoring
PPP link quality monitoring can be a real time monitoring the PPP link quality 
(including PPP links bound to MP). When link quality is lower than the Disabled 
Quality Percentage, link will be disabled. When link quality restores to the 
Restoring Link Quality Percentage, link will be automatically resumed. To ensure 
that links do not repeatedly oscillate between disabled status and restored status, 
there will be certain time delay when PPP link quality monitoring resumes the link.
Perform the following configuration in interface view.
Ta b l e 202   Configure PPP link quality monitoring
By default, the parameter resumptive-percentage is equal to 
forbidden-percentage.
Before PPP link quality monitoring is enabled, PP interface sends keepalive packets 
every period. After the function is enabled, PPP interface will replace the keepalive 
packets by LQR packets, that is, PPP interface will send LQR packets every period, 
in order to monitor the link.
When link quality is normal, the system will calculate the link quality in each LQR 
packet. If the calculation results turn out to be unqualified for two consecutive 
times, the link will be disabled. After the link is disabled, the system will calculate 
the link quality in every ten LQR packets. The link will be resumed only if the 
calculation results of link quality are qualified for three consecutive times. 
Therefore, the link can only be resumed at least 30 keepalive periods after it is 
disabled. If the keepalive period is set too long, it may cause no resumption of 
links for a long time.
Configure MPThe following section describes the configuration tasks of MP application on 
virtual template. Please Refer to Dial-up to know about MP configuration under 
BDR mode (Including MP on the interfaces of ISDN BRI/PRI).
MP application on virtual template configuration includes:
■Create Virtual Template
■Configure Operating Parameters of Virtual Template
■Configure the Physical Interface to work in MP Mode
■Bind the Physical Interface to a Virtual Template
OperationCommand
Enable PPP link quality monitoring functionppp lqc forbidden-percentage 
[ resumptive-percentage ]
Disable PPP link quality monitoring functionundo ppp lqc

Add page 176 to Favourites

image text

Enable zoom

							172CHAPTER 12: CONFIGURING PPP AND MP
■Configure MP Protocol Parameters
1Create Virtual Template
Ta b l e 203   Create/Delete virtual template
2Configure Operating Parameters of Virtual Template
Comparing virtual template interface with general physical interface, users can 
find that the link layer protocol supports only PPP and the network protocol 
supports IP and IPX. Therefore the following operating parameters can be set:
■Set operating parameters of PPP
■Set IP address of virtual interface
■Set IP address (or IP address pool) allocated to PPP peer
■Set packet filtering rule on virtual interface
There is no difference in configuring the parameters for virtual template and for 
general interface. See specific configuration in related sections such as PPP 
configuration of Operation Manual - Link Layer Protocol, IP address configuration 
of Operation Manual - Network Protocol and RADIUS configuration of Operation 
Manual - Security.
3Configure the Physical Interface to work in MP Mode
Perform the following configuration in interface view.
Ta b l e 204   Configure the physical interface to work in MP mode
By default, interface does not work in MP mode.
4Bind the Physical Interface to a Virtual Template
The physical interface can be bound to a virtual template in two ways.
■Bind directly
Perform the following configuration in interface view.
Ta b l e 205   Bind the physical Interface to a Virtual Template
After this command is configured, the system will not check the username and 
endpoint when performing MP binding, namely, the commands 
ppp mp 
binding-mode
 and ppp mp user will not take effect.
OperationCommand
Create and enter MP virtual template 
interfaceinterface virtual-template 
number
Delete the specified MP virtual template 
interfaceundo interface virtual-template 
number
OperationCommand
Configure the link layer protocol of the interface to PPPlink-protocol ppp
Configure the interface to work in MP modeppp mp
Configure the interface to work in common modeundo ppp mp
OperationCommand
Bind the physical Interface to a Virtual 
Templateppp mp interface 
virtual-template 
interface-number
Remove the physical interface’s binding to a 
virtual template interfaceundo ppp mp interface

Add page 177 to Favourites

image text

Enable zoom

							Configure MP173
■Bind according to username or endpoint
Here the username refers to the received remote username when PPP link 
performs PAP or CHAP authentication. Endpoint is the unique mark of a router 
and refers to the received remote endpoint when performing LCP negotiation. 
The system can implement MP binding according to the received username or 
endpoint and bind the interfaces that have the same username or endpoint to 
the same virtual template interface.
aSpecify the conditions for MP binding
Perform the following configuration in the system view.
Ta b l e 206   Specify the conditions for MP binding
By default, Performs MP binding according to both username and endpoint.
■Performs MP binding according to both username
First of all, two-way authentications (CHAP or PAP) need to be configured on 
the interface. See configuration procedure in basic PPP configuration tasks.
Associate the PPP username with the virtual template interface. The interface 
with the same username will be bound to the same virtual template interface.
Ta b l e 207   Associate the PPP username with the virtual template interface
■Bind according to endpoint
The endpoint is determined automatically when the router is started, and 
each router has its own endpoint. The interfaces with the same endpoint 
will be bound to the same virtual template interface.
The endpoint is generated by the router automatically, and the user cannot 
change the configuration.
5Configure MP Protocol Parameters
aConfigure maximum number of links that MP channel permits to bind
Ta b l e 208   Configure maximum number of links MP channel permits binding
OperationCommand
Perform MP binding according to usernameppp mp binding-mode 
authentication
Perform MP binding according to endpointppp mp binding-mode descriptor
Perform MP binding according to both 
username and endpointppp mp binding-mode both
Restore the default binding conditionsundo ppp mp binding-mode
OperationCommand
Associate the PPP username with the virtual 
template interfaceppp mp user user-name bind 
virtual-template number
Dissociate e the PPP username with the virtual 
template interfaceundo ppp mp user user-name
OperationCommand
Set maximum link number MP channel permits for 
bindingppp mp max-bind binds
Restore default value of maximum link number MP 
channel permits for bindingUndo ppp mp max-bind binds

Add page 178 to Favourites

image text

Enable zoom

							174CHAPTER 12: CONFIGURING PPP AND MP
By default, the maximum link number of links that MP channel permits to bind 
is 16.
bConfigure the maximum number of fragments received by MP channel
Ta b l e 209   Configure the maximum number of fragments received by MP channel
By default, the maximum number of fragments that MP channel permits to 
receive is 4.
cConfigure the maximum number of fragments that MP channel permits to 
send
Ta b l e 210   Configure the maximum number of fragments that MP channel permits to 
send
By default, the maximum number of fragments that MP channel permits to 
send is 1.
dConfigure virtual Baud rate of the interface
In MP channels, system controls load balancing in different links according to 
Baud rate of interfaces. The higher the interface Baud rate, the larger the data 
flow it can carry.
For synchronous serial interfaces operating in DTE mode, Baud rate is calculated in 
line with 64000 bps without exception.
Generally, the actual sending capability is basically identical to its interface 
Baud rate. However, in some special cases, the difference between them is 
large. For example, when asynchronous serial interfaces of two routers are 
connected via Modems, the actual transmission speed is decided by the line 
quality, after the Modem negotiations. In this case, the speed is usually slower 
than the preset interface Baud rate. Moreover, for synchronous serial interfaces 
running under DTE mode, system cannot obtain their correct Baud rate.
In the above cases, you should set the virtual Baud rate on interfaces. When 
virtual Baud rate (must not be 0) is set on an interface, system will substitute 
virtual Baud rate for interface Baud rate to control flows. Proper application of 
virtual Baud rate can make full use of the total link bandwidth and reduce 
network delay time, while the irrational configuration runs the opposite.
Perform the following configuration in interface view.
Ta b l e 211   Configure virtual Baud rate on interface
OperationCommand
Set the number of maximum fragments MP channel 
permits to receive ppp mp max-receive-frags 
frags
Restore default value of the number of maximum 
fragments MP channel permits to receiveundo ppp mp 
max-receive-frags
OperationCommand
Set the number of maximum fragments MP channel 
permits to sendppp mp max-send-frags frags
Restore default value of the number of maximum 
fragments MP channel permits to sendundo ppp mp max-send-frags
OperationCommand
Set virtual Baud rate on interfacevirtualbaudrate baudrate

Add page 179 to Favourites

image text

Enable zoom

							Display and Debug PPP175
By default, virtual Baud rate is not set on interface. 
Display and Debug 
PPPPlease use the display and debugging commands in all views.
Ta b l e 212   Display and debug PPP
Typical PPP 
Configuration 
Example
PAP Authentication 
ExampleI. Configuration Requirement
As shown in Figure 50, Router1 and Router2 are interconnected through interface 
Serial0, and router Router1 (authenticator) is required to authenticate router 
Router2 (requester) in PAP mode.
II. Networking Diagram
Figure 50   Networking diagram of PAP and CHAP authentication example
III. Configuration Procedure
1Configure Router1 (authenticator):
aAdd a user with name Router2 and password hello to the local database
[Router]local-user Router2 password simple hello
bConfigure to start PAP authentication at this side
[Router]interface serial 0
[Router-Serial0]ppp authentication-mode pap
2Configure Router 2 (requester):
aConfigure this side to be authenticated by the opposite side with username 
Router2 and password hello
[Router]interface serial 0 
[Router-Serial0]ppp pap local-user Router2 password simple hello
CHAP Authentication 
ExampleI. Configuration Requirement
In Figure 50, Router1 is required to authenticate Router2 in CHAP mode.
Disable applying the setting of virtual Baud rate on 
interfaceundo virtualbaudrate
OperationCommand
Display Multilink PPP informationdisplay ppp mp [ interface type 
number ]
Enable the debugging of PPPdebugging ppp { event | lqr | 
negotiation | packet | all }
Quidway 2
Quidway 1Router 2Router 1

Add page 180 to Favourites

image text

Enable zoom

							176CHAPTER 12: CONFIGURING PPP AND MP
II. Configuration Procedure
1Configure Router1:
aAdd a user with name Router2 and password hello to the local database
[Router]local-user Router2 password simple hello
bSet local username as Router1
[Router]interface serial 0
[Router-Serial0]ppp chap user Router1
cConfigure to start CHAP authentication at this side
[Router-Serial0]ppp authentication-mode chap
2Configure router Router2:
aAdd a user with name Router1 and password hello to the local database
[Router]local-user Router1 password simple hello
bSet local username as Router2
[Router]interface serial 0
[Router-Serial0]ppp chap user Router2
Ty p i c a l  M P  
Configuration 
ExampleI. Configuration Requirement
In Figure 51, two B channels of E1 interface of router-a are bound to the B channel 
of router-b, and the other two B channels are bound to router-c. Suppose that 
four B channels on router-a are serial2:1, serial2:2, serial2:3 and serial2:4, the 
names of interfaces of two B channels on router-b are serial2:1 and serial2:2, and 
the names of interfaces of two B channels on router-c are serial2:1 and serial2:2.
II. Networking Diagram
Figure 51   Networking diagram of MP configuration example
III. Configuration Procedure
1Configure router-a:
aAdd a user for router-b and router-c respectively
[Router]local-user router-b password simple router-b
router-arouter-b
router-c
DDNTower System
Desktop System
Tower System
Desktop System
Tower System
Desktop System

All 3Com manuals Comments (0)