|
|
Use the information in this chapter to understand the types of interfaces supported on our routers. Our routers support two types of interfaces: physical and virtual interfaces. The physical types of interfaces you have depend on the appliques or interface processors (IPs) you have. The virtual interfaces our routers support include subinterfaces and IP tunnels.
For hardware technical descriptions and information about installing the router interfaces, refer to the hardware installation and maintenance publication for your product. For command descriptions and usage information, refer to the "Interface Commands" chapter of the Router Products Command Reference publication. For a conversion table of the modular products and Cisco 7000 processors, refer to Appendix E of the Router Products Command Reference publication.
This section lists the possible tasks you might perform to configure and maintain the interfaces supported on our routers. The first two sections introduce material that you may need to know in advance of the other tasks.
This chapter describes how to perform these tasks and includes configuration examples at the end of the chapter.
The following sections describe the interfaces and encapsulations that our routers support.
Support for the synchronous serial interface is supplied on the following serial network interface cards or systems:
The MCI and SCI cards can query the appliques to determine their types for use in reports displayed by the EXEC show commands. However, they do so only at system startup, so the appliques must be attached when the system is started. Use the show interfaces and show controllers mci EXEC commands to display the serial port numbers. These commands provide a report for each interface the router supports.
By default, synchronous serial lines use the High-level Data Link Control (HDLC) serial encapsulation method, which provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. The synchronous serial interfaces support the following serial encapsulation methods:
Encapsulation methods are set according to the type of protocol or application you configure on your router. ATM-DXI is described later in this chapter in the section "Configure ATM-DXI." HDLC is described later in this chapter in the section "Reenable HDLC Serial Encapsulation." PPP is described later in this chapter in the section "Configure the Point-to-Point Protocol." The remaining methods are described in their respective chapters describing the protocols or applications. Serial encapsulation methods are also discussed in the Router Products Command Reference publication in the "Interface Commands" chapter under the encapsulation command.
All of our router platforms configured with an auxiliary port support the asynchronous serial interface.
There are two asynchronous serial encapsulation methods:
See the section "Configure PPP or SLIP Encapsulation" later in this chapter for more information about these encapsulation methods.
Support for the Ethernet interface is supplied on one of the following Ethernet network interface cards or systems:
Use the show interfaces, show controllers mci, and show controllers cbus EXEC commands to display the Ethernet port numbers. These commands provide a report for each interface supported by the router.
Currently, there are three common Ethernet encapsulation methods:
The encapsulation method you use depends upon the type of Ethernet media connected to the router and the routing or bridging application you configure. Further detail is provided in the sections "Select the Ethernet Encapsulation" and "Example of Enabling Ethernet Encapsulation" later in this chapter. See also the chapters describing specific protocols or applications.
Support for the Token Ring interface is supplied on one of our Token Ring network interface cards:
Use the show interfaces, show controllers token, and show controllers cbus EXEC commands to display the Token Ring numbers. These commands provide a report for each ring supported by the router.
The Token Ring interface by default uses the SNAP encapsulation format defined in RFC 1042. It is not necessary to define an encapsulation method for this interface.
The Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) is currently supported only on the Cisco 3000. To place calls on the ISDN interface, you must configure it with dial-on-demand routing (DDR). For configuration information about ISDN using dial-on-demand routing (DDR), see the "Configuring Dial-on-Demand Routing" chapter of this document; for command information, refer to the "Dial-on-Demand Routing Commands" chapter of the Router Products Command Reference publication.
The BRI interface includes one ISDN Basic Rate connection. The Basic Rate connection consists of a D channel and two B channels, both of which are full-duplex, 64-kbps channels.
The D channel is used for call setup and network connection teardown. Call setup involves the data link and network connection. D-channel communication is from the router to the ISDN switch.
The B channels transmit user data. The B channels are treated as serial lines and support HDLC and PPP encapsulation. The interface configuration is propagated to each of the B channels. Although each channel is treated as a separate line, you cannot configure the channels separately. A single switch type must be configured for the router as a whole, because B channels are in a permanent rotary group.
The ISDN data link layer interface provided by the router conforms to the specification defined by the CCITT recommendation Q.921. The ISDN network layer interface provided by the router conforms to the specification defined by the CCITT recommendation Q.931.
For a list of ISDN switch types that the ISDN interface supports, see the section "Configure an ISDN Basic Rate Interface" later in this chapter.
Use the show controllers bri EXEC command to display the B and D channel information.
Each of the B channels is treated as a serial line and supports HDLC and PPP encapsulation. The default serial encapsulation is HDLC.
FDDI is an ANSI-defined standard for timed 100-Mbps token passing over fiber-optic cable. An FDDI network consists of two counter token-passing fiber-optic rings. On most networks, the primary ring is used for data communication and the secondary ring is used as a hot standby. The FDDI standard sets total fiber lengths of 2 kilometers for multimode fiber and 10 kilometers for single-mode fiber, both of which are supported by our FDDI interface controller. (The maximum circumference of the FDDI network is only half the specified kilometers because of the wrapping or looping back of the signal that occurs during fault isolation.)
The FDDI standard allows a maximum of 500 stations with a maximum distance between active stations of two kilometers. The FDDI frame can contain a minimum of 22 bytes and a maximum of 4500 bytes. Our implementation of FDDI complies with Version 6.1 of the X3T9.5 FDDI specification, offering a Class A dual-attach interface that supports the fault-recovery methods of the Dual-Attach Stations (DASs).
Support for the Fiber Distributed Data Interface (FDDI) is supplied on one of our FDDI interface cards, as follows:
We also provide support for some of the FDDI MIB variables as described in RFC 1285, "FDDI Management Information Base," published in January 1992 by Jeffrey D. Case of the University of Tennessee and SNMP Research, Inc. One such variable that we support is snmpFddiSMTCFState.
Our FDDI interface by default uses the SNAP encapsulation format defined in RFC 1042. It is not necessary to define an encapsulation method for this interface when using the CSC-FCI interface card or FIP.
The CSC-C2/FCIT interface card and FIP fully support transparent and translational bridging for the following configurations:
When using the CSC-C2/FCIT interface card or FIP, you can specify the encapsulation method. See the section "Enable FDDI Bridging Encapsulation" later in this chapter.
Connection Management (CMT) is an FDDI process that handles the transition of the ring through its various states (off, on, active, connect, and so on) as defined by the X3T9.5 specification. The FIP provides CMT functions in microcode. Information about CMT bits that is received as a result of the FDDI monitoring commands discussed in this section can be helpful if your network server is not successfully establishing a connection to the remote physical connections.
The show interfaces fddi display shows that Physical A (Phy-A) completed CMT with its neighbor. The state is active and the display indicates a Physical B-type neighbor. The neighbor is determined from the received signal bits, as follows:
The received value equals 0x20C. Bit positions 1 and 2 (0 1) indicate a Physical B-type connection.
The transition states displayed indicate that the CMT process is running and actively trying to establish a connection to the remote physical connection. The CMT process requires state transition with different signals being transmitted and received before moving on to the next state. The ten bits of CMT information are transmitted and received in the Signal State. Each state displays the number of times it was entered. In the preceding display, the Next State (Nxt) was entered 11 times.
The CFM state is wrap A in the sample output because the network server has not completed CMT with its neighbor to connect to Physical B.
The display (or nondisplay) of the upstream and downstream neighbor does not affect the ability to route data. The determination of the upstream and downstream neighbors is dependent upon all stations on the ring running the same version of station management (SMT). Since the upstream neighbor is also its downstream neighbor in the sample, there are only two stations in the ring; the network server and the router at address 0800.2008.C52E.
The High-Speed Serial Interface (HSSI) consists of the following components:
The HSSI supports the serial encapsulation methods listed in the section "Synchronous Serial Encapsulation Methods," earlier in this chapter, except for X.25-based encapsulations.
The Cisco 7000's Online Insertion and Removal (OIR) feature allows you to remove and replace CxBus interface processors (IPs) while the system is on line. With minimal disruption of service, you can shut down the IP before removal and restart it after insertion without causing other software or interfaces to shut down.
You do not need to notify the software that you are going to remove or install an interface processor. When the route processor is notified by the system that an interface processor has been removed or installed, it stops routing and scans the system for a configuration change. All interface processors are initialized, and each interface type is verified against the system configuration; then the system runs diagnostics on the new interface. There is a 3- to 5-second disruption to normal operation during interface processor removal. There is an 11- to 15-second disruption during interface processor insertion.
Only an interface of a type that has been configured previously will be brought on line; others require configuration. If a newly installed interface processor does not match the system configuration, the interface is left in an administratively down state until the system operator configures the system with the new interface(s).
Hardware (MAC-level) addresses for all interfaces on the Cisco 7000 are stored on an electronically erasable programmable read-only memory (EEPROM) component in the route processor (RP) instead of on the individual interface boards. An address allocator in the EEPROM contains a sequential block of 40 addresses (5 interface slots times a maximum of 8 possible ports per slot). Each address is assigned to a specific slot and port address in the chassis, regardless of how the interfaces are configured. This allows interfaces to be replaced online without requiring the system to update routing tables and data structures. Regardless of the types of interfaces installed, the hardware addresses do not change unless you replace the system RP. If you do replace the RP, the hardware addresses of all ports change to those specified in the address allocator on the new RP.
This section discusses fast switching and autonomous switching.
Fast switching allows higher throughput by switching a packet using a cache created by previous packets. Fast switching is enabled by default on all interfaces that support fast switching. The router supports fast switching of the following protocols:
See the separate protocol-specific chapters for more information about fast switching.
This section discusses the router's autonomous switching support. Autonomous switching is a feature that provides faster packet switching by allowing the CiscoBus controller to switch packets independently without having to interrupt the system processor. It is available only in Cisco 7000 systems and in AGS+ systems with high-speed network controller cards. Autonomous switching is disabled by default on all interfaces.
The router supports autonomous switching of the following protocols:
See the separate protocol-specific chapters for more information about autonomous switching.
The router supports the following types of transparent bridging:
The router supports autonomous switching of IP over PPP and IETF Frame Relay-encapsulated traffic.
You can autonomously switch to and from any of the encapsulations listed below:
See the ipx route-cache cbus command in the "Novell IPX Commands" chapter of the Router Products Command Reference publication for more information.
Begin interface configuration in global configuration mode. To configure an interface, follow these steps:
Step 1 Enter the configure EXEC command at the privileged EXEC prompt.
Step 2 Once in the global configuration mode, start configuring the interface by entering the interface command. Identify the interface type followed by the number of the connector or interface card. These numbers are assigned at the factory at the time of installation or when added to a system and can be displayed with the show interfaces EXEC command. A report is provided for each interface the router supports, as seen in the following partial sample display:
Serial 0 is administratively down, line protocol is down
Hardware is MCI Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Use the show hardware EXEC command to see a list of the system software and hardware.
For example, to begin configuring interface Serial 0, you would add the following line to the configuration file:
interface serial 0
Step 3 Follow each interface command with the interface configuration commands your particular interface requires. These command define the protocols and applications that will run on this interface. The commands are collected and applied to the interface command until you enter another interface command, a command that is not an interface configuration command, or you type the Ctrl-Z sequence to get out of configuration mode and return to privileged EXEC mode.
Step 4 Once an interface is configured, you can check its status by entering the EXEC show commands described after the task tables that follow.
The following sections show how to begin to configure each interface type as a separate task. See the section "Examples of Enabling Interface Configuration" at the end of this chapter.
To configure an ISDN Basic Rate Interface (BRI), perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration. | interface bri interface-number |
You must also specify an ISDN switch type. See the sections "Select the ISDN BRI Switch Type" and "Define ISDN Service Profile Identifiers (SPIDs)" later in this chapter for additional information.
To begin to configure a dialer interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration.
For the Cisco 7000 | interface dialer interface-number
interface dialer slot/port |
To begin to configure an Ethernet interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration
For the Cisco 7000 | interface ethernet interface-number
interface ethernet slot/port |
To begin to configure an FDDI interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration
For the Cisco 7000 | interface fddi interface-number
interface fddi slot/port |
To begin to configure a High-Speed Serial Interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration.
For the Cisco 7000 | interface hssi interface-number
interface hssi slot/port |
You can specify a software-only interface called a loopback interface that emulates an interface that is always up. It is supported on all platforms. A loopback interface is a virtual interface that is always up and allows BGP and RSRB sessions to stay up even if the outbound interface is down.
You can use the loopback interface as the termination address for BGP sessions, for RSRB connections, or for establishing a Telnet session from the router's console to its auxiliary port when all other interfaces are down. In applications where other routers will attempt to reach this loopback interface, you should configure a routing protocol to distribute the subnet assigned to the loopback address.
Packets routed to the loopback interface are rerouted back to the router and processed locally. IP packets routed out the loopback interface but not destined to the loopback interface are dropped. This means that the loopback interface does double duty as the Null0 interface.
To configure a loopback interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration.
For the Cisco 7000 | interface loopback interface-number
interface loopback slot/port |
See also the section "Run Interface Loopback Diagnostics" later in this chapter.
The router supports a "null" interface. This pseudo-interface functions similarly to the null devices available on most operating systems. This interface is always up and can never forward or receive traffic; encapsulation always fails. The only interface configuration command that you can specify for the null interface is no ip redirects.
The null interface provides an alternative method of filtering traffic. The overhead involved with using access lists can be avoided by directing undesired network traffic to the null interface.
To specify the null interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration | interface null 0 |
Specify null 0 (or null0) as the interface name and unit. The null interface can be used in any command that has an interface type as an argument. The following example configures a null interface for IP route 127.0.0.0:
ip route 127.0.0.0 255.0.0.0 null 0
To begin to configure a synchronous serial interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration
For the Cisco 7000 | interface serial interface-number
interface serial slot/port |
To begin to configure a Token Ring interface, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Begin interface configuration
For the Cisco 7000 | interface tokenring interface-number
interface tokenring slot/port |
To configure a tunnel interface, use the interface tunnel command in global configuration mode. Before you configure a tunnel interface, see the sections in this chapter entitled "Understand Tunneling" and "Configure IP Tunneling."
| Task | Command |
|---|---|
| Begin interface configuration.
For the Cisco 7000 | interface tunnel interface-number
interface tunnel slot/port |
Only the auxiliary port on a router can be configured as an asynchronous serial interface. To configure an asynchronous serial interface on the router, you must establish asynchronous serial line connections using PPP or SLIP as described in the next section.
PPP and SLIP define methods of sending Internet packets over a standard RS-232 asynchronous serial line. PPP also defines methods for sending IPX packets. The router contains one such port, the "auxiliary" port. To use the asynchronous device as a network interface via PPP or SLIP, complete the following tasks:
The auxiliary port's absolute line number is 1. When you configure an asynchronous interface with the interface async 1 command, you enable asynchronous routing over the auxiliary port to support PPP and SLIP connections to remote routers. The interface number is the same as the absolute line number.
The router automatically associates the interface number 1 with the absolute line number 1 of the auxiliary port, and treats the interface as an asynchronous line. However, to configure the auxiliary port as an asynchronous interface, you must also configure it as an auxiliary line with the line aux 1 command as described in the "Configuring terminal Lines and modem Support" chapter. Follow the line command with the appropriate line configuration commands for modem control, such as speed. Perform the following task in global configuration mode to specify the auxiliary port line as an asynchronous interface:
| Task | Command |
|---|---|
| Specify an asynchronous interface. | interface async 1 |
Only IP packets can be sent across lines configured for SLIP. PPP supports transmission of both IP and IPX packets.
SLIP and PPP are methods of encapsulating datagrams and other network-layer protocol information over point-to-point links. SLIP is the default method. Use the following command in interface configuration mode to configure PPP or SLIP encapsulation on the asynchronous interface:
| Task | Command |
|---|---|
| Configure PPP or SLIP encapsulation on an asynchronous line. | encapsulation {ppp | slip} |
The configured SLIP or PPP encapsulation method applies to an interface configured for dedicated asynchronous mode or dial-on-demand routing (DDR). On an asynchronous interface configured for interactive mode, the encapsulation type is specified by the user with the slip or ppp EXEC command. See "Configure Dedicated or Interactive Mode" later in this chapter.
The async default and async dynamic commands control whether you can specify an address at the EXEC level using the slip and ppp commands or whether an address is forced by the system.
It is common to configure an asynchronous interface both to have a default address and to allow dynamic addressing. In this case, you must choose between the default address or dynamic addressing when you enter the {slip | ppp} default or {slip | ppp} client [@tacacs-server] EXEC command.
This section describes how to:
You can assign a permanent default asynchronous address to a line by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Assign a default IP address to the asynchronous interface. | async default ip address ip-address |
Use the no form of this command to disable the default address. If the server has been configured to authenticate asynchronous connections, you are prompted for a password after entering the slip client [@tacacs-server] or ppp client [@tacacs-server] EXEC command before the line is placed into asynchronous mode.
The assigned default address is used when the user enters the slip default or ppp default EXEC command. The TACACS server validates the transaction (when enabled), and the line is put into network mode using the address that is in the configuration file. This feature is useful when the user is not required to know the IP address to gain access to a system; for example, users of a server that is available to many students on a campus. Instead of requiring each user to know an IP address, they need only enter the slip default or ppp default EXEC command and let the server select the address to use.
When a line is configured for dynamic assignment of asynchronous addresses, the user enters the slip or ppp EXEC command and is prompted for an address or logical host name. The TACACS validates the address, when enabled, and the line is assigned the given address and put into asynchronous mode. Assigning asynchronous addresses dynamically is also useful when you want to assign set addresses to users. For example, an application on a personal computer that automatically dials in using SLIP and polls for electronic mail messages can be set up to dial in periodically and enter the required IP address and password.
To configure asynchronous dynamic addressing, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Allow the IP address to be assigned at login. | async dynamic address |
The dynamic addressing features of the internetwork allow packets to get to their destinations and back regardless of the router or network they are sent from. For example, if a host such as a laptop computer moves from place to place, it can keep the same address no matter where it is dialing in from. For an example of this command, see the section "Asynchronous Routing and Dynamic Addressing Example" at the end of this chapter.
You can configure the asynchronous interface to be indedicated network or interactive mode.
In dedicated mode, there is no user prompt or EXEC level, so no end-user commands are required to place the line into interface mode. When the interface is configured for dedicated mode, the user cannot change the encapsulation method, address, or other parameters.
To configure an asynchronous interface to be in dedicated network mode, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Place the asynchronous line into dedicated network mode. | async mode dedicated |
For an example of the preceding command, see the section "Dedicated Asynchronous Interface Example" at the end of this chapter.
Alternatively, you can configure an asynchronous line for interactive mode. In interactive mode, the line can be used to make any type of connection, depending on the EXEC command entered by the user. For example, depending on its configuration, the line could be used for Telnet connections, or SLIP or PPP encapsulation. Perform the following task in interface configuration mode to configure an asynchronous line for interactive mode:
| Task | Command |
|---|---|
| Place the asynchronous line in interactive mode. | async mode interactive |
You can enable use of dynamic routing protocols on the asynchronous interface by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure an asynchronous interface for routing. | async dynamic routing |
You can use an asynchronous device as a network interface connection to a remote router via the auxiliary port using the PPP or SLIP protocols. To do so, perform the following task in EXEC mode:
| Task | Command |
|---|---|
| Use the asynchronous device as a network interface from the auxiliary port using the PPP or SLIP protocol | ppp | slip [default | client [@tacacs-server]] [/routing] [/compressed] |
To use the asynchronous device as a network interface using PPP or SLIP, the auxiliary port on the remote router must be configured to act as an asynchronous interface. This is done on the remote router with the interface async 1 command. You must also use the async mode interactive command.
With the default keyword, you can specify a default IP address for asynchronous routing. For this option to be effective, the asynchronous interface on the remote router must have a default IP address specified with the async default ip address command. Or, you can enter an address if the asynchronous interface on the remote router is configured with the async dynamic address command.
The client and TACACs server can be specified either by IP address or by name. Any names used must be in the domain name service (DNS) and must be resolvable to an IP address. The address specified for tacacs-server must be an address of a TACACS server configured with the tacacs-server host command as described in the "Managing the System" chapter.
The /routing keyword enables dynamic routing. To use it, the asynchronous interface on the remote router must be configured for asynchronous routing with the async dynamic routing command.
Using the /compressed keyword, you can set the asynchronous interface to compress packets for more efficient use of the line. To use it, the asynchronous interface on the remote router must have TCP/IP parameters set with the ip tcp header-compression command.
For examples of the ppp and slip commands, see the examples at the end of this chapter.
You can also use the ip access-group command to apply access restrictions to the asynchronous interface and the ip unnumbered command. See the chapter pertaining to IP commands.
To specify a serial interface on the Cisco 7000, use this configuration command:
interface serial slot/portSpecify the serial interface slot number with the argument slot. Specify the port number with the argument port.
The slot argument is the backplane slot number and can be in the range 0 through 4. The port argument is the port number of the fast serial interface processor (FSIP) and can be in the range
0 through 7.
Follow this command with the routing or bridging interface configuration commands for your particular protocol or application, as described in subsequent chapters.
The cyclic redundancy check (CRC) on a serial interface defaults to a length of 16 bits. To change the length of the CRC to 32 bits, complete the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the length of the CRC. | crc size |
All FSIP interface types support nonreturn to zero (NRZ) and nonreturn to zero inverted (NRZI) format.This is a line coding format that is required for serial connections in some environments. NRZ encoding is most common. NRZI encoding is used primarily with RS-232 connections in IBM environments.
The default configuration for all serial interfaces is NRZ format. The default is no nrzi-encoding. To enable NRZI format, complete the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable NRZI encoding format. | nrzi-encoding |
When a DTE does not return a transmit clock, use the following interface configuration command on the Cisco 7000 to enable the internally generated clock on a serial interface:
| Task | Command |
|---|---|
| Enable the internally generated clock on a serial interface. | transmit-clock-internal |
Delays between the SCTE clock and data transmission indicate that the transmit clock signal might not be appropriate for the interface rate and length of cable being used. Different ends of the wire may have variances that differ slightly. Invert the clock signal to compensate for these factors, by completing the following task in interface configuration mode on a Cisco 7000:
| Task | Command |
|---|---|
| Invert the clock signal on an interface | invert-transmit-clock |
You can add a description about an interface to help you remember what is attached to it. This entry is meant solely as a comment to help identify what the interface is being used for. The description will appear in the output of the following commands: show configuration, write terminal, and show interfaces. To add the description, complete the following task in interface configuration mode:
| Task | Command |
|---|---|
| Add a description for an interface. | description string |
For examples of this command, see the examples at the end of this chapter.
Configuring multiple virtual interfaces, or subinterfaces, on a single physical interface allows greater flexibility and connectivity on the network. With subinterfaces, you can provide full connectivity on partially meshed Frame Relay networks.You can also configure subinterfaces on LANs to support multiple IPX encapsulations on the same physical interface.
You can perform the following subinterface configuration tasks:
Subinterfaces can be used in the following situations:
Table 6-1 lists the commands that are supported on subinterfaces.
| Command | Interface Type Supported |
|---|---|
| apollo | Serial only |
| appletalk | Serial only |
| bandwidth | Serial, Ethernet, FDDI, Token Ring |
| bridge-group | Serial only |
| clns | Serial only |
| decnet | Serial only |
| delay | Serial, Ethernet, FDDI, Token Ring |
| description | Serial, Ethernet, FDDI, Token Ring |
| exit | Serial, Ethernet, FDDI, Token Ring |
| frame-relay | Serial only |
| ip | Serial only |
| ipx | Serial, Ethernet, FDDI, Token Ring |
| isis | Serial only |
| iso-igrp | Serial only |
| ntp | Serial only |
| shutdown | Serial, Ethernet, FDDI, Token Ring |
In the following example, interface serial 0.1 is configured to support bridging on Frame Relay DLCI 42.
interface serial 0
encapsulation frame-relay
interface serial 0.1
bridge-group 1
frame-relay interface-dlci 42 broadcast
The commands listed in Table 6-2 support subinterfaces as parameters.
| Command | Command Type |
|---|---|
| bridge group address | Global configuration |
| clns route | Global configuration |
| ip unnumbered | Interface configuration |
| tunnel source | Interface configuration |
| interface | Global configuration |
| ip route | Global configuration |
| routemap match interface | Route-map configuration |
| distribute-list | Router configuration |
| neighbor address update-source | Router configuration |
| passive-interface | Router configuration |
In the following example, the route to IP network 10.0.0.0 is configured to exit the router via subinterface serial 0.1.
ip route 10.0.0.0 255.0.0.0 serial 0.1
The show commands listed in Table 6-3 support subinterfaces as parameters.
| Command | Command Type |
|---|---|
| show apple | EXEC |
| show buffers | EXEC |
| show clns | EXEC |
| show decnet | EXEC |
| show interfaces | EXEC |
| show ip igrp2 neighbors | EXEC |
| show ip ospf neighbor | EXEC |
| show ip ospf interface | EXEC |
| show ip irdp | EXEC |
| show ip interface | EXEC |
| show novell | EXEC |
| show protocols | EXEC |
Frame Relay networks provide multiple point-to-point links, or PVCs (permanent virtual circuits), through the same physical serial interface. Subinterfaces allow blocks of one or more Frame Relay PVCs to be treated as separate subnetworks. Protocols such as IP, IPX, and bridging view each subinterface as a separate interface with its own address and protocol assignments.
A subinterface with a single Frame Relay PVC is modeled as a point-to-point link. A subinterface with multiple Frame Relay PVCs is modeled as a LAN.
Subinterfaces provide a mechanism for supporting partially meshed Frame Relay networks. In the past, a single network number (such as an IP subnet or an IPX network number) was assigned to an entire Frame Relay network. Most protocols assume transitivity on a logical network; that is, if station A can talk to station B, and station B can talk to station C, then station A should be able to talk to station C directly. This is true on LANs, but is not true on Frame Relay networks unless they are fully meshed. Additionally, certain protocols such as AppleTalk and transparent bridging could not be supported on partially meshed networks because they require "split horizon," in which a packet received on an interface cannot be transmitted out the same interface even if the packet is received and transmitted on different virtual circuits.
Subinterfaces address these limitations by providing a way to subdivide a partially meshed Frame Relay network into a number of smaller, fully meshed (or point-to-point) subnetworks. Each subnetwork is assigned its own network number and appears to the protocols as if it is reachable through a separate interface. (Note that point-to-point subinterfaces can be unnumbered for use with IP, reducing the addressing burden that might otherwise result.)
For example, suppose you have a five-node Frame Relay network (see Figure 6-1) that is partially meshed (Network A). If the entire network is viewed as a single subnetwork (with a single network number assigned), most protocols assume that node A can transmit a packet directly to node E, when in fact it must be relayed through nodes C and D. This can be made to work with certain protocols (for example, IP) but will not work at all with other protocols (for example, AppleTalk) because nodes C and D will not relay the packet out the same interface on which it was received. The only way to make this work fully is to create a fully meshed network (Network B), but that requires a large number of PVCs, which may not be economically feasible.
Using subinterfaces, the Frame Relay network can be subdivided into three smaller networks (Network C) with separate network numbers. Nodes A, B, and C are connected to a fully meshed network, and nodes C and D, as well as nodes D and E are connected via point-to-point networks. In this configuration, nodes C and D would see two subinterfaces, allowing them to forward packets without violating split horizon rules. If transparent bridging is being used, each subinterface is viewed as a separate bridge port.
To configure subinterfaces on a Frame Relay network, perform the following tasks:
| Task | Task |
|---|---|
| Step 1 Configure a serial interface | interface serial interface-number |
| Step 2 Configure Frame Relay encapsulation on the serial interface. | encapsulation frame-relay |
| Step 3 Configure a subinterface. | interface serial interface-numbe.subinterface-number [multipoint | point-to-point] |
| Step 4 Configure the feature you want the subinterface to support. | See the examples that follow. |
In the following example, subinterface 1 models a point-to-point subnet and subinterface 2 models a broadcast subnet:
interface serial 0
encapsulation frame-relay
interface serial 0.1 point-to-point
ip address 10.0.1.1 255.255.255.0
frame-relay interface-dlci 42
interface serial 0.2 multipoint
ip address 10.0.2.1 255.255.255.0
frame-relay map 10.0.2.1 255.255.255.0 17 broadcast
frame-relay map 10.0.2.2 255.255.255.0 18
To use Frame Relay DLCIs 42, 64, and 73 as separate point-to-point links and run transparent bridging over them, the configuration might look like the following example:
interface serial0
encapsulation frame-relay
interface serial 0.1 point-to-point
bridge-group 1
frame-relay interface-dlci 42 broadcast
interface serial 0.2 point-to-point
bridge-group 1
frame-relay interface-dlci 64 broadcast
interface serial 0.3 point-to-point
bridge-group 1
frame-relay interface-dlci 73 broadcast
From the bridging spanning tree algorithm's point of view, each PVC is a separate bridge port, and a frame arriving on a PVC can be relayed back out a separate PVC.
Another use for subinterfaces is to support the use of multiple IPX encapsulations on LAN media. There are a number of ways to encapsulate IPX packets on each LAN medium, and hosts that use different encapsulation techniques cannot communicate with each other. Logically, they are on different networks, and separate IPX network numbers are assigned accordingly. The left side of Figure 6-2 illustrates this situation.
However, a router can be placed on the LAN, and a separate subinterface can be created for each encapsulation type (with distinct IPX network numbers). The router will then switch packets between the two logical networks, converting the encapsulations as necessary. Since separate subinterfaces are used, split horizon rules are not violated.
The right side of Figure 6-2 illustrates the use of subinterfaces on LAN interfaces that use multiple IPX encapsulation methods.
Tunneling provides a way to encapsulate arbitrary packets inside of a transport protocol. This feature is implemented as a virtual interface to provide a simple interface for configuration. The tunnel interface is not tied to specific "passenger" or "transport" protocols, but rather, it is an architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme.
Tunneling has three primary components:
There are several situations where encapsulating traffic in another protocol is useful:
The following are considerations and precautions to observe when configuring tunneling:
%TUN-RECURDOWN Interface Tunnel 0
temporarily disabled due to recursive routing
If you want to configure IP tunneling, you must perform at least the first three tasks in the list that follows. The remaining tunnel configuration tasks are optional.
For examples using these commands, see the tunnel examples at the end of this chapter. To configure AppleTalk tunneling, see the section "Configure AppleTalk Tunneling in the "Configuring AppleTalk" chapter.
In order to configure tunneling, you must configure the tunnel interface by performing the following task in global configuration mode:
| Task | Command |
|---|---|
| Configure the tunnel interface. | interface tunnel n |
In order to configure tunneling, you must specify the tunnel interface's source address by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure the tunnel source. | tunnel source ip address | interface type interface-number |
In order to configure tunneling, you must specify the tunnel interface's destination by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure the tunnel destination. | tunnel destination {host name | ip address} |
The encapsulation mode for the tunnel interface defaults to generic route encapsulation (gre), so this task is considered optional. However, if you want a mode other than gre, you must configure it by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure the tunnel mode. | tunnel mode {cayman | eon | gre | nos} |
Some passenger protocols rely on media checksums to provide data integrity. By default, the tunnel does not guarantee packet integrity. By enabling end-to-end checksums, the routers will drop corrupted packets. To enable such checksums on a tunnel interface, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure end-to-end checksumming. | tunnel checksum |
You can optionally enable an ID key for a tunnel interface. This key must be set to the same value on the tunnel endpoints. Tunnel ID keys can be used as a form of weak security to prevent misconfiguration or injection of packets from a foreign source.
The tunnel ID key is available with generic router encapsulation (GRE) only.
To configure a tunnel ID key, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure a tunnel identification key. | tunnel key key-number |
You can optionally configure a tunnel interface to drop datagrams that arrive out of order. This is useful when carrying passenger protocols that behave poorly when they receive packets out of order (for example, LLC2-based protocols). This option is available with generic router encapsulation (GRE) only.
To use this option, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure a tunnel interface to drop out-of-order datagrams. | tunnel sequence-datagrams |
Complete any of the following tasks in EXEC mode to monitor the IP tunnels you have configured:
The router provides High-level Data Link Control (HDLC) encapsulation for serial lines by default. This encapsulation method provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. Although it is the default, it can be reenabled as the encapsulation method, if necessary, by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Reenable HDLC encapsulation. | encapsulation hdlc |
Ethernet interfaces on the router support several encapsulation methods, depending upon the application type code and media type, as follows:
Establish Ethernet encapsulation by selecting one of the Ethernet encapsulation methods using the appropriate command in interface configuration mode, as follows:
| Task | Command |
|---|---|
| Select ARPA Ethernet encapsulation. | encapsulation arpa |
| Select SAP Ethernet encapsulation. | encapsulation sap |
| Select SNAP Ethernet encapsulation. | encapsulation snap |
For an example of the encapsulation command, see the section "Example of Enabling Ethernet Encapsulation" at the end of this chapter.
You can specify the type of Ethernet Network Interface Module configuration on the Cisco 4000 model. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Select a 15-pin Ethernet connector. | media-type aui |
| Select an RJ45 Ethernet connector. | media-type 10baset |
You can extend the twisted-pair 10BaseT capability beyond the standard 100 meters by reducing the squelch (signal cutoff time). To do so, perform the first task that follows in interface configuration mode. You can later restore the squelch by performing the second task.
| Task | Command |
|---|---|
| Reduce the squelch. | squelch reduced |
| Return squelch to normal. | squelch normal |
You can map a Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI) to a Frame Relay DLCI by performing the following tasks in interface configuration mode:
| Task | Command |
|---|---|
| Step 1 Specify the encapsulation method. | encapsulation atm-dxi |
| Step 2 Map a given VPI and VCI to a Frame Relay DLCI. | atm-dxi map protocol address VPI VCI [broadcast] |
You can convert the HSSI interface into a 45 MHz clock master by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Convert the HSSI interface into a 45 MHz clock master. | hssi internal-clock |
You can enable the Maintenance Operation Protocol (MOP) on an interface by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable MOP. | mop enabled |
You can enable an interface to send out periodic MOP system identification messages on an interface by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable MOP message support. | mop sysid |
The Token Ring interface on the CSC-1R, CSC-2R and IGS/TR can run at either 4 or 16 Mbps. These Token Ring interfaces do not default to any particular ring speed; you must select the speed the first time you use them.
 | Caution Configuring a ring speed that is wrong or incompatible with the connected Token Ring causes the ring to beacon, which effectively takes the ring down and makes it nonoperational. |
Configure the ring speed on the CSC-1R or CSC-2R and IGS/TR Token Ring interfaces by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Select the ring speed. | ring-speed speed |
Our Token Ring interfaces support early token release, a method whereby the interface releases the token back onto the ring immediately after transmitting rather than waiting for the frame to return. This feature can help to increase the total bandwidth of the Token Ring. To configure the interface for early token release, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable early token release. | early-token-release |
The Integrated Services Digital Network Basic Rate Interface (ISDN BRI) supports a variety of central office switches. Table 6-4 lists the ISDN switch types supported by the ISDN interface. If you are going to configure an interface with the interface bri command, you must also select a switch, using the following command in global configuration mode:
| Task | Command |
|---|---|
| Select the central office switch type. | isdn switch-type switch-type |
| Keyword | Switch Type |
|---|---|
| basic-1tr6 | German 1TR6 ISDN switches |
| basic-5ess | AT&T basic rate switches |
| basic-dms100 | NT DMS-100 basic rate switches |
| basic-net3 | NET3 ISDN switches (UK and others) |
| ntt | Japanese NTT ISDN switches |
| vn2 | French VN2 ISDN switches |
| vn3 | French VN3 ISDN switches |
All ISDN devices subscribe to services provided by an ISDN service provider, usually a telephone company. However, only some service providers use Service Profile Identifiers (SPIDs) to define the services subscribed to by the ISDN device that is accessing the ISDN service provider. The service provider assigns the ISDN device one or more SPIDs when you first subscribe to the service. If you are using a service provider that requires SPIDs, your ISDN device cannot place or receive calls until it sends a valid, assigned SPID to the service provider when accessing the switch to initialize the connection.
Currently, only the DMS-100 switch type requires SPIDs. The AT&T 5ESS switch may support a SPID, but it is recommended that you set up that ISDN service without SPIDs. In addition, SPIDs only have significance at the local access ISDN interface. Remote routers are never sent the SPID.
A SPID is usually a ten-digit telephone number with some optional numbers. However, service providers may use different numbering schemes. For the DMS-100 switch type, two SPIDs are assigned, one for each B-channel. Once your service provider has assigned you SPIDs, you must define these SPIDs on the router so that when access to the switch is attempted, the router has the valid information available.
To define the SPIDs and the local directory number (ldn) on the router, perform the following tasks in interface configuration mode (after specifying interface bri 0):
| Task | Command |
|---|---|
| Define a SPID and ldn for the B1-channel | isdn spid1 spid-number [ldn] |
| Define a SPID and ldn for the B2-channel | isdn spid2 spid-number [ldn] |
See the "Configuring Dial-on-Demand Routing" chapter for information about configuring dial-on-demand routing (DDR) and the "Dial-on-Demand Routing Commands" chapter of the Router Products Command Reference publication for specific DDR commands.
You can determine when ISDN Terminal Endpoint Identifier (TEI) negotiation occurs. The default is for negotiation to occur when the router is powered on. Use this command with care.
To define when TEI negotiation will occur, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Determine when ISDN TEI negotiation occurs. | isdn tei [first-call | powerup] |
Using special FDDI interface configuration commands, you can perform the following tasks:
The following sections describe these tasks.
The CSC-C2/FCIT interface card and FIP fully support transparent and translational bridging for the following configurations:
This task places the CSC-C2/FCIT interface or FIP into encapsulation mode when doing bridging. In transparent mode, the FCIT interface or FIP interoperates with earlier versions of the CSC-FCI encapsulating interfaces when performing bridging functions on the same ring. When using the CSC-C2/FCIT interface card or FIP, you can specify the encapsulation method by performing the following task in interface configuration mode:
When you are translationally bridging, you have to route routable protocols and translationally bridge the rest (such as LAT).
The CSC-FCI interfaces are always in encapsulating bridge mode, so disabling applies only to
CSC-C2/FCIT interfaces.
We are currently aware of problems with the following protocols when bridged between Token Ring and other media: AppleTalk, DECnet, IP, Novell IPX, Phase IV, VINES, and XNS. Further, the following protocols may have problems when bridged between FDDI and other medias: Novell IPX and XNS. We recommend that these protocols be routed whenever possible.
You can set the FDDI token rotation time to control ring scheduling during normal operation and to detect and recover from serious ring error situations. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the FDDI token rotation time. | fddi token-rotation-time microseconds |
The FDDI standard restricts the allowed time to be greater than 4000 microseconds and less than 165,000 microseconds. As defined in the X3T9.5 specification, the value remaining in the token rotation timer (TRT) is loaded into the token holding timer (THT). Combining the values of these two timers provides the means to determine the amount of bandwidth available for subsequent transmissions.
You can set the transmission timer to recover from a transient ring error by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the FDDI valid transmission timer. | fddi valid-transmission-time microseconds |
You can set the FDDI control transmission timer to control the FDDI TL-Min time, which is the minimum time to transmit a Physical Sublayer or PHY line state before advancing to the next Physical Connection Management or PCM state as defined by the X3T9.5 specification. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the FDDI control transmission timer. | fddi tl-min-time microseconds |
You can modify the C-Min timer on the PCM from its default value of 1600 microseconds by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the c-min timer on the PCM. | fddi c-min |
You can change the TB-Min timer in the PCM from its default value of 100 milliseconds. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set TB-Min timer in the PCM. | fddi tb-min |
You can change the FDDI timeout timer in the PCM from its default value of 100 milliseconds. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the timeout timer in the PCM. | fddi t-out |
You can disable and reenable SMT frame processing for diagnostic purposes. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Disable SMT frame processing. | no fddi smt-frames |
| Enable SMT frame processing. | fddi smt-frames |
You can enable the duplicate address detection capability on the FDDI. If the FDDI finds a duplicate address, it displays an error message and shuts down the interface. To enable duplicate address checking, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable duplicate address checking capability. | fddi duplicate-address-check |
You can set the FDDI bit control to control the information transmitted during the Connection Management (CMT) signaling phase. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set the FDDI bit control. | fddi cmt-signal-bits signal-bits {phy-a | phy-b} |
You can control whether the CMT onboard functions are on or off. The CSC-FCI and CSC-C2/FCIT interface cards and FIP provide CMT functions in microcode. These functions are separate from those provided on the processor card and are accessed through EXEC commands.
The default is for the FCIT and FIP CMT functions to be on. A typical reason to disable is when you work with new FDDI equipment and have problems bringing up the ring. If you disable the CMT microcode, the following actions occur:
To disable the CMT microcode, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Disable the FCIT CMT functions. | no fddi if-cmt |
In normal operation, the FDDI interface is operational once the interface is connected and configured. You can start and stop the processes that perform the CMT function and particularly, allow the ring on one fiber to be stopped. To do so, perform either of the following tasks in EXEC mode:
| Task | Command |
|---|---|
| Start CMT processes on FDDI ring. | cmt connect [interface-name [phy-a | phy-b]] |
| Stop CMT processes on FDDI ring. | cmt disconnect [interface-name [phy-a | phy-b]] |
The preceding tasks are not done during normal operation of FDDI; they are performed during interoperability tests.
FDDI interface configuration is not required for dual homing. The FDDI interface recognizes that it is attached to two M ports on the concentrators and automatically supports dual homing.
You can set the maximum number of unprocessed FDDI Station Management (SMT) frames that will be held for processing. This command is useful if the router you are configuring gets bursts of messages arriving faster than the router can process them. To set the number of frames, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Set SMT message queue size. | smt-queue-threshold number |
The Point-to-Point Protocol (PPP), described in RFCs 1331 and 1332, is a method of encapsulating Network Layer protocol information over point-to-point links.
The current implementation of PPP supports option 4, Link Quality Monitoring and option 5, Magic Number configuration options. The software always sends option 5 and will negotiate for option 4 if so configured. All other options are rejected.
We support the following upper-layer protocols: Bridging, CLNS, DECnet, IP, IPX, VINES,
and XNS.
The software provides PPP as an encapsulation method. It also provides the Challenge Handshake Authentication Protocol (CHAP) on serial interfaces running PPP encapsulation. The following sections describe the tasks to configure these features.
You can enable the Point-to-Point Protocol on serial lines to encapsulate IP and serial IP (SLIP) datagrams. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable PPP encapsulation. | encapsulation ppp |
PPP echo requests are used as keepalives to minimize disruptions to the end users of your network. The no keepalive command can be used to disable echo requests.
Access control using Challenge Handshake Authentication Protocol (CHAP) is available on all serial interfaces. The authentication feature will reduce the risk of security violations on your router.
When CHAP is enabled, a remote device (a PC, workstation, or server) attempting to connect to the local router is requested, or challenged, to respond. The required response is an encrypted version of a secret password, or secret, plus a random value and the name of the remote device.
By transmitting this response, the secret is never transmitted, preventing other devices from stealing it and gaining illegal access to the system. Without the proper response, the remote device cannot connect to the local router.
CHAP transactions occur only at the time a link is established. The local router does not request a password during the rest of the call. (The local router can, however, respond to such requests from other devices during a call.)
To use CHAP, you must perform the following tasks:
For an example of CHAP, see the section "CHAP with an Encrypted Password Example" at the end of this chapter. CHAP is specified in the IETF RFC 1334 "The PPP Authentication Protocols" by Brian Lloyd of Lloyd and Associates and William A. Simpson of Computer Systems Consulting Services. CHAP is specified as an additional authentication phase of the PPP Link Control Protocol.
Link Quality Monitoring (LQM) is available on all serial interfaces running PPP. LQM will monitor the link quality, and if the quality drops below a configured percentage, the link will be taken down. The percentages are calculated for both the incoming and outgoing directions. The outgoing quality is calculated by comparing the total number of packets and bytes sent with the total number of packets and bytes received by the peer. The incoming quality is calculated by comparing the total number of packets and bytes received with the total number of packets and bytes sent by the peer.
When LQM is enabled, Link Quality Reports (LQRs) are sent every keepalive period. LQRs are sent in place of keepalives. All incoming keepalives are responded to properly. If LQM is not configured, keepalives are sent every keepalive period and all incoming LQRs are responded to with an LQR.
LQR is specified in the IETF RFC-1333, "PPP Link Quality Monitoring" by William A. Simpson of Computer Systems Consulting Services.
To enable LQM on the interface, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable LQM on the interface. | ppp quality percentage |
The percentage argument specifies the link quality threshold. That percentage must be maintained, or the link is deemed to be of poor quality and taken down.
Magic Number support is available on all serial interfaces. When using PPP, PPP will always attempt to negotiate for Magic Numbers, which are used to detect looped-back nets. The link may or may not be taken down upon looped-back detection, depending on the use of the down-when-looped command.
The dial backup service provides protection against WAN downtime by allowing you to configure a backup serial line via a circuit-switched connection.
To configure dial backup, associate a secondary serial interface as a backup to a primary serial interface. This feature requires that an external modem, CSU/DSU device, or ISDN terminal adapter (TA) attached to a circuit-switched service be connected on the secondary serial interface. The external device must be capable of responding to a DTR signal (DTR active) by auto-dialing a connection to a preconfigured remote site.
The dial backup software keeps the secondary line inactive (DTR inactive) until one of the following conditions is met:
These conditions are defined using the interface configuration commands described later in this section.
When the software detects a lost Carrier Detect signal from the primary line device or finds that the line protocol is down, it activates DTR on the secondary line. At that time, the modem, CSU/DSU, or ISDN terminal adapter (TA) must be set to dial the remote site. When that connection is made, the routing protocol defined for the serial line will continue the job of transmitting traffic over the dialup line.
You also can configure the dial backup feature to activate the secondary line based upon traffic load on the primary line.
The software monitors the traffic load and computes a five-minute moving average. If this average exceeds the value you set for the line, the secondary line is activated, and depending upon how the line is configured, some or all of the traffic will flow onto the secondary dialup line.
You also can specify a value that defines when the secondary line should be disabled and the amount of time the secondary line can take going up or down.
The tasks to configure dial backup are as follows:
Perform these tasks in interface configuration mode as follows:
See examples of these commands at the end of this chapter.
When an interface has a backup interface configured, it is often desirable that the backup interface be enabled when the primary interface is either down or in loopback. By default, the backup is only enabled if the primary interface is down. By using the down-when-looped command, the backup interface will also be enabled if the primary interface is in loopback. To achieve this condition, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure an interface to tell the system it is down when loopback is detected. | down-when-looped |
If testing an interface with the loopback command, down-when-looped should not be configured, or packets will not be transmitted out the interface that is being tested.
It is possible to send back-to-back data packets over serial interfaces faster than some hosts can receive them. You can specify a minimum dead time after transmitting a packet to alleviate this condition. This setting is available for serial interfaces on the MCI and SCI interface cards, for the HSSI, and for the IGS serial interface. Perform one of the following tasks, as appropriate for your system, in interface configuration mode:
You can configure pulsing DTR signals on all serial interfaces.When the serial line protocol goes down (for example, because of loss of synchronization) the interface hardware is reset and the DTR signal is held inactive for at least the specified interval. This function is useful for handling encrypting or other similar devices that use the toggling of the DTR signal to resynchronize.To configure DTR signal pulsing, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure DTR signal pulsing. | pulse-time seconds |
You can configure the clock rate for appliques (connector hardware) on the serial interface of the MCI and SCI cards to an acceptable bit rate. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure the clock rate on serial interfaces. | clockrate bps |
On the Cisco 4000 platform, you can specify the serial Network Interface Module timing signal configuration. When the board is operating as a DCE and the DTE provides terminal timing (SCTE or TT), you can configure the DCE to use SCTE from the DTE. When running the line at high speeds and long distances, this strategy prevents phase shifting of the data with respect to the clock.
To configure the DCE to use SCTE from the DTE, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Configure the DCE to use SCTE from the DTE. | dce-terminal-timing-enable |
When the board is operating as a DTE, you can use the dte-invert-txc command to invert the TXC clock signal it gets from the DCE that the DTE uses to transmit data. Use this command if the DCE cannot receive SCTE from the DTE, the data is running at high speeds, and the transmission line is long. Again, this prevents phase shifting of the data with respect to the clock.
To configure the interface so that the router inverts the TXC clock signal, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Specify timing configuration to invert TXC clock signal. | dte-invert-txc |
Each interface has a hold-queue limit. This limit is the number of data packets that the interface can store in its hold queue before rejecting new packets. When the interface empties one or more packets from the hold queue, it can accept new packets again. You can specify the hold-queue limit of an interface in interface configuration mode as follows:
| Task | Command |
|---|---|
| Specify the maximum number of packets allowed in the hold queue. | hold-queue length {in | out} |
Higher-level protocols use bandwidth information to make operating decisions. For example, IGRP uses the minimum path bandwidth to determine a routing metric. The TCP protocol adjusts initial retransmission parameters based on the apparent bandwidth of the outgoing interface. Perform the following task in interface configuration mode to set a bandwidth value for an interface:
| Task | Command |
|---|---|
| Set a bandwidth value. | bandwidth kilobits |
The bandwidth setting is a routing parameter only; it does not affect the physical interface.
Higher-level protocols might use delay information to make operating decisions. For example, IGRP can use delay information to differentiate between a satellite link and a land link. To set a delay value for an interface, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Set a delay value for an interface. | delay tens-of-microseconds |
The delay configuration command sets an informational parameter only; you cannot adjust the actual delay of an interface with this configuration command.
You can control the size of the transmit queue available to a specified interface on the MCI and SCI cards. To limit the size, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Limit the size of the transmit queue. | tx-queue-limit number |
Each interface has a default maximum packet size or maximum transmission unit (MTU) size. This number generally defaults to 1500 bytes. On serial interfaces, the MTU size varies, but cannot be set smaller than 64 bytes. To adjust the maximum packet size, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Adjust the maximum packet size or MTU size. | mtu bytes |
On the Cisco 4000, you can invert the TXC clock signal that the board gets from the DCE when it operates as a DTE. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Invert the TXC clock signal. | dte-invert-txc |
On a synchronous serial interface on the Cisco 4000, you can prevent phase shifting of data with respect to the clock. When the board is operating as a DCE and the DTE provides terminal timing (SCTE or TT), the dce-terminal-timing enable command causes the DCE to use SCTE from the DTE. Perform the following task in interface configuration mode to prevent phase shifting:
| Task | Command |
|---|---|
| Configure the DCE to use SCTE from the DTE. | dce-terminal-timing enable |
You can perform the following tasks to monitor and maintain the interfaces:
The following sections describe the administrative tasks you perform to keep the interfaces up and running.
The software contains commands that you can enter at the EXEC prompt to display information about the interface including the version of the software and the hardware, the controller status, and statistics about the interfaces. The following table lists some of the interface monitoring tasks. (The full list of show commands can be displayed by entering the show ? command at the EXEC prompt.) These commands are fully described in the Router Products Command Reference publication.
Perform the following commands in EXEC mode:
This section applies to the Cisco 7000 only. The port adapter cable connected to each port determines the electrical interface type and mode of the port. The default mode of the ports is DCE, which allows you to perform a loopback test on any port without having to attach a port adapter cable. Although DCE is the default, there is no default clock rate set on the interfaces. When there is no cable attached to a port, the software actually identifies the port as "Universal, Cable Unattached" rather than either as a DTE or DCE interface.
Use the show controller cxbus command to show information about the interface port. The following example shows an interface port (2/0) that has an RS-232 DTE cable attached and a second port (2/1) that does not have a cable attached:
7000# show controller cxbus
Switch Processor 7, hardware version 11.1 microcode version 1.4
512 Kbytes of main memory, 128 Kbytes cache memory, 299 1520 byte buffers
Restarts: 0 line down, 0 hung output, 0 controller error
FSIP 2, hardware version 3, microcode version 1.0
Interface 16 - Serial2/0, electrical interface is RS-232 DTE
31 buffer RX queue threshold, 101 buffer TX queue limit, buffer size 1520
Transmitter delay is 0 microseconds
Interface 17 -Serial2/1, electrical interface is Universal (cable unattached)
31 buffer RX queue threshold, 101 buffer TX queue limit, buffer size 1520
To change the electrical interface type or mode of a port online, replace the serial adapter cable and use software commands to restart the interface and, if necessary, reconfigure the port for the new interface. At system startup or restart, the FSIP polls the interfaces and determines the electrical interface type of each port (according to the type of port adapter cable attached). However, it does not necessarily repoll an interface when you change the adapter cable online. To ensure that the system recognizes the new interface type, shut down and reenable the interface after changing the cable.
To clear the interface counters shown with the show interfaces command, enter the following command at the EXEC prompt:
| Task | Command |
|---|---|
| Clear the interface counters.
For the Cisco 7000. | clear counters [type-keyword number] |
The command clears all the current interface counters from the interface unless the optional arguments (for the Cisco 7000, type, slot, and port) are specified to clear only a specific interface type from a specific slot and port number.
Complete the following tasks in EXEC mode to clear and reset interfaces. Under normal circumstances, you do not need to clear the hardware logic on interfaces.
You can disable an interface. Doing so disables all functions on the specified interface and marks the interface as unavailable on all monitoring command displays. This information is communicated to other network servers through all dynamic routing protocols. The interface will not be mentioned in any routing updates. On serial interfaces, this command causes the DTR signal to be dropped. On Token Ring interfaces, this command causes the interface to deinsert from the ring. On FDDI interfaces, this command causes the optical bypass switch, if present, to go into bypass mode.
To shut down an interface and then restart it, perform the following tasks in interface configuration mode:
| Command | Task |
|---|---|
| Shut down an interface. | shutdown |
| Reenable an interface. | no shutdown |
To check whether an interface is disabled, use the EXEC command show interfaces. An interface that has been shut down is shown as administratively down in the show interfaces command display. See examples in the section "Interface Shutdown Examples" at the end of this chapter.
One reason to use the shutdown command is if you want to change the electrical interface type or mode of a Cisco 7000 port online. You replace the serial adapter cable and use software commands to restart the interface, and if necessary, reconfigure the port for the new interface. At system startup or restart, the FSIP polls the interfaces and determines the electrical interface type of each port (according to the type of port adapter cable attached). However, it does not necessarily repoll an interface when you change the adapter cable online. To ensure that the system recognizes the new interface type, shut down using the shutdown command, and reenable the interface after changing the cable. Refer to your hardware documentation for more details.
You can use a loopback test on lines to detect and distinguish equipment malfunctions between line and modem or CSU/DSU (Channel Service Unit/Digital Service Unit) problems on the network server. If correct data transmission is not possible when an interface is in loopback mode, the interface is the source of the problem. The DSU may have similar loopback functions you can use to isolate the problem if the interface loopback test passes. If the device does not support local loopback, this function will have no effect.
You can specify hardware loopback tests on the Ethernet and synchronous serial interfaces, and all Token Ring interfaces (except the CSC-R 4-megabit card) that are attached to CSU/DSUs and that support the local loopback signal. The CSU/DSU acts as a Data Communications Equipment (DCE) device; the router acts as a Data Terminal Equipment (DTE) device. The local loopback test generates a CSU loop--a signal that goes through the CSU/DSU to the line, then back through the CSU/DSU to the router. The ping command can also be useful during loopback operation.
The loopback tests are available on the following interfaces:
The following sections describe each test.
The HSSI supports the following tests:
These tests apply only when the device supports them and are used to check the data communications channels. The tests are usually performed at the line port rather than the DTE port of the remote CSU/DSU.
The internal loopback concepts are illustrated in Figure 6-6.
You can configure an internal loop on the HSSI applique by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Loop internally on the HSSI applique. | loopback applique |
Once enabled, the loopback applique command loops the packets on the applique, thereby establishing a loopback inside the router. This command is useful for sending pings to yourself to check the functionality of the applique. The HSSI applique (HSA card) uses an internal 44.736-MHz crystal clock during the applique loopback to drive its internal circuits. Refer to your hardware installation and maintenance publication for more information.
This command is functionally equivalent to entering the loopback command with no arguments; however, when the HSCI card is installed, the configuration displayed after the write terminal command is entered will show loopback applique set.
You can loop packets to DTE within the CSU/DSU at the DTE interface, when the device supports this function. Doing so is useful for testing the DTE-to-DCE cable. To loop the packets to DTE, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Loop packets to DTE internally. | loopback dte |
You can loop packets completely through the CSU/DSU to configure a CSU loop, when the device supports this feature. Doing so is useful for testing the DCE device (CSU/DSU) itself. To configure a CSU loop, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Loop packets completely through the CSU/DSU. | loopback line |
You can loop packets through the CSU/DSU, over the DS3 link, and to the remote CSU/DSU and back. To do so, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Loop packets through the CSU/DSU to a remote CSU/DSU over the Digital Signal Level 3 (DS-3) link. | loopback remote |
This command applies only when the device supports the remote function. It is used for testing the data communication channels. The loopback usually is performed at the line port, rather than the DTE port, of the remote CSU/DSU.
The HSA applique on the HSSI contains an LED that indicates the LA, LB, and LC signals transiting through the devices. The CSU/DSU uses the LC signal to request a loopback from the router. The CSU/DSU may want to do this so that its own network management diagnostics can independently check the integrity of the connection between the CSU/DSU and the router.
When the CSU/DSU asserts the LC signal and the router enables the external loopback, the connection is blocked by the loopback and the router no longer has access to the data communication channel.
Figure 6-7 illustrates the extent of the signal during an external loopback request.
By default, this feature is disabled on the router. To enable this feature to support those CSU/DSUs that support this function, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable a two-way, internal and external loopback request on HSSI from DSU/CSU. | hssi external-loop-request |
If your CSU/DSU does not support this feature, it should not be enabled in the router. This prevents spurious line noise from accidentally tripping the external loopback request line, which would interrupt the normal data flow.
A useful diagnostic is available that allows fault isolation of possible defects on the HSCI card. This diagnostic is not part of the normal system diagnostics, but is offered to help technicians test for controller defects at installation or when the system is upgraded. The diagnostic involves recabling the HSCI card and then entering a diagnostic script. The tasks required to perform this diagnostic are described in the hardware installation and maintenance publication for your router.
The MCI and SCI serial interface cards support the loopback function when a CSU/DSU or equivalent device is attached to the router. To enable loopback mode on them, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable loopback through a CSU/DSU to configure a CSU loop on the MCI and SCI synchronous serial interfaces. | loopback |
The Ethernet interfaces on the MCI and MEC cards support loopback mode. To enable loopback mode on them, perform the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable loopback to verify that the interface receives back every packet it sends. | loopback |
The router software provides an Ethernet loopback server that supports DEC, Intel, and Xerox systems specified by the "blue book," a joint specification written by Digital Equipment Corporation (DEC), Intel, and Xerox that defines the Ethernet protocol. The loopback server responds to forward data loopback messages sent either to the server's MAC address or to the broadcast address. Currently, the Ethernet loopback server does not respond to the loopback assistance multicast address.
Use the Ethernet loopback server to test communications between your internetworking products and DEC systems that do not support the IP ping command, such as DECnet-only VMS systems.
To originate a loop test on your VMS system with a Cisco server, use the DEC Network Control Program (NCP) command Loop Circuit. For more information about the Loop Circuit command, consult the DECnet VAX documentation. Cisco network servers support all options that can be specified by the VMS hosts.
You can place the FDDI (CSC-FCI) into loopback mode by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable loopback to verify that the FDDI (CSC-FCI) interface receives back every packet it sends. | loopback |
You can place all of the Token Ring interface cards except the 4-MB CSC-R card into loopback mode by performing the following task in interface configuration mode:
| Task | Command |
|---|---|
| Enable loopback to verify that the Token Ring interface receives back every packet it sends. | loopback |
Use the configuration examples in this section to help you understand some aspects of interface configuration. More complex and realistic examples appear in the chapters that describe special interface configuration and routing and bridging configuration.
The following example illustrates how to begin interface configuration. It assigns Point-to-Point (PPP) encapsulation to interface serial 0.
interface serial 0
encapsulation ppp
The same example on a Cisco 7000 requires the following commands:
interface serial 1/0
encapsulation ppp
These commands enable standard Ethernet Version 2.0 encapsulation on the Ethernet interface processor in slot 4 on port 2 of a Cisco 7000:
interface ethernet 4/2
encapsulation arpa
The following example assigns an IP address to an asynchronous interface and places the line in dedicated network mode:
interface async 1
async default ip address 182.32.7.51
async mode dedicated
!
The following example assumes that users are restricted to certain servers designated as asynchronous servers, but that normal terminal users can access anything on the local network.
! access list for normal connections
access-list 1 permit 131.108.0.0 0.0.255.255
!
access-list 2 permit 131.108.42.55
access-list 2 permit 131.108.111.1
access-list 2 permit 131.108.55.99
!
line 1
speed 19200
flow hardware
modem inout
interface async 1
async mode interactive
async dynamic address
ip access-group 1 out
ip access-group 2 in
The following example shows a simple configuration that allows routing and dynamic addressing. In this configuration, the router will act as either a telecommuting server or a router, depending on whether the user specifies /routing in the EXEC slip or ppp command.
interface async 1
async dynamic routing
async dynamic address
async mode interactive
In the following example, a line that is in asynchronous mode is using PPP encapsulation (see
Figure 6-8). The IP address of the PC is ntpc (assuming that the name ntpc is in the DNS so that it can be resolved to a real IP address). The person typing this command is on a PC running a terminal emulator program.
Router> ppp ntpc@server1 /routing /compressed
The following example shows how to make a connection when a permanent address has been assigned and dynamic addressing is not allowed. An authentication request is sent to the TACACS server, and if it is approved, the line is placed in SLIP mode and the IP address is displayed.
Router> slip
Entering SLIP mode.
Your IP address is 192.31.7.28, MTU is 1500 bytes
The following example illustrates the prompts displayed and the response required when dynamic addressing is used to assign the SLIP address.
Router> slip
IP address or hostname? 192.31.6.15
Password:
Entering SLIP mode
Your IP address is 192.31.6.15, MTU is 1500 bytes
The following example illustrates the implementation of header compression on the interface with the IP address 128.66.2.1.
Router> slip /compressed 128.66.2.1
Password:
Entering SLIP mode.
Interface IP address is 128.66.2.1, MTU is 1500 bytes.
Header compression is On.
In the following example, header compression is configured as passive, so the status of header compression will be assigned by the user-level slip or ppp command.
Router> slip 1.0.0.1@check
Password:
Entering SLIP mode.
Interface IP address is 1.0.0.1, MTU is 1500 bytes
Header compression will match your system.
The following example illustrates how to add a description about an interface that will appear in configuration files and monitoring command displays.
interface ethernet 0
description First Ethernet in network 1
ip address 101.13.15.78 255.255.255.0
The following example for a Cisco 7000 describes an administration network attached to the Ethernet processor in slot 2, port 4:
interface ethernet 2/4
description 2nd floor administration net
This example turns off the Ethernet interface in slot 2 at port 4:
interface ethernet 2/4
shutdown
This example turns the interface back on:
interface ethernet 2/4
no shutdown
This example illustrates how to shut down a Token Ring interface:
interface tokenring 0
shutdown
The following example shows an IP tunneling configuration with commented (!) explanations:
!Creates the interface
interface tunnel 0
!enables IPX on the interface
novell network 1e
!enables appletalk
appletalk cable-range 4001-4001 128
!enables IP
ip address 10.1.2.3. 255.255.255.0
!enables DECnet
DECnet cost 4
!sets the source address, or interface, for packets
tunnel source ethernet 0
!determines where the encapsulated packets are to go
tunnel destination 131.108.14.12
!sets the encapsulator protocol
tunnel mode gre
!computes a checksum on passenger packets if protocol doesn't already have reliable !checksum
tunnel checksum needed
!sets the id key
tunnel key 42
!set to drop out of order packets
tunnel sequence-datagrams
In Figure 6-9, Router A is configured as follows:
interface ethernet 0
description physics department AppleTalk lan
AppleTalk cable-range 4001-4001 32
interface fddi 0
description connection to campus backbone
ip address 36.0.8.108 255.255.255.0
interface tunnel 0
tunnel source fddi 0
tunnel destination 36.0.21.20
appletalk cable-range 5313-5313 1
Router B is configured as follows:
interface ethernet 0
description chemistry department appletalk lan
AppleTalk cable-range 9458-9458 3
interface fddi 0
description connection to campus backbone
ip address 36.0.21.20 255.255.255.0
interface tunnel 0
tunnel source fddi 0
tunnel destination 36.0.8.108
appletalk cable-range 5313-5313 2
In Figure 6-10, Router A is configured as follows:
interface ethernet 0
description boston office
ip address 10.1.1.1 255.255.255.0
novell network 1e
interface serial 0
description connection to NEARnet
ip address 192.13.2.1 255.255.255.0
interface tunnel 0
tunnel source serial 0
tunnel destination 131.108.5.2
ip address 10.1.2.1 255.255.255.0
novell network 1f
The following commands illustrate Router B's configuration:
interface ethernet 0
description menlo park office
ip address 10.1.3.1 255.255.255.0
novell network 31
interface serial 4
description connection to BARRnet
ip address 131.108.5.2 255.255.255.0
interface tunnel 0
tunnel source serial 4
tunnel destination 192.13.2.1
ip address 10.1.2.2 255.255.255.0
novell network 1f
The following configuration examples enable CHAP on interface serial 0 of three routers.
hostname yyy
interface serial 0
encapsulation ppp
ppp authentication chap
username xxx password secretxy
username zzz password secretzy
hostname xxx
interface serial 0
encapsulation ppp
ppp authentication chap
username yyy password secretxy
username zzz password secretxz
hostname zzz
interface serial 0
encapsulation ppp
ppp authentication chap
username xxx password secretxz
username yyy password secretzy
When you look at the configuration file, the passwords will be encrypted and the display will look similar to the following:
hostname xxx
interface serial 0
encapsulation ppp
ppp authentication chap
username yyy password 7 121F0A18
username zzz password 7 1329A055
The following example configures serial 1 as a secondary line that activates only when the primary line (serial 0) goes down. The secondary line will not be activated because of load on the primary.
interface serial 0
backup interface serial 1
backup delay 30 60
The secondary line is configured to activate 30 seconds after the primary line goes down and to remain on for 60 seconds after the primary line is reactivated.
The same example on the Cisco 7000 would be as follows:
interface serial 1/1
backup interface serial 2/2
backup delay 30 60
The following example configures the secondary line (serial 1) to be activated only when the load of the primary line reaches a certain threshold.
interface serial 0
backup interface serial 1
backup load 75 5
In this case, the secondary line will not be activated when the primary goes down. The secondary line will be activated when the load on the primary line is greater than 75 percent of the primary's bandwidth. The secondary line will then be brought down when the aggregate load between the primary and secondary lines fits within 5 percent of the primary bandwidth.
The same example on the Cisco 7000 would be as follows:
interface serial 1/1
backup interface serial 2/2
backup load 75 5
This example configures the secondary line to activate once the traffic threshold on the primary line exceeds 25 percent.
interface serial 0
backup interface serial 1
backup load 25 5
backup delay 10 60
Once the aggregate load of the primary and the secondary lines return to within 5 percent of the primary bandwidth, the secondary line is deactivated. The secondary line waits 10 seconds after the primary goes down before activating, and remains active for 60 seconds after the primary returns and becomes active again.
The same example on the Cisco 7000 is as follows:
interface serial 1/1
backup interface serial 2/2
backup load 25 5
backup delay 10 60
|
|