Manuel D’UtilisationTable des matièresINTRODUCTION211.1 PURPOSE AND SCOPE211.2 ACRONYMS211.3 REFERENCES231.4 DOCUMENT CONVENTIONS231.5 GENERAL CONFIGURATIONS241.5.1 CLI Modes241.5.2 SNMP Configurations24SYSTEM FEATURES272.1 TOPOLOGIES272.2 SYSTEM FEATURES / CONFIGURATIONS282.2.1 Configuring the Default IP Address282.2.1.1 CLI Configuration282.2.1.2 WEB Configuration292.2.2 Configuring IP address for an Interface302.2.2.1 CLI Configuration302.2.2.2 WEB Configuration312.2.3 Configuring the Base MAC Address322.2.3.1 CLI Configuration322.2.3.2 WEB Configuration332.2.4 Configuring the Login Authentication Method332.2.4.1 CLI Configuration332.2.4.2 Web Configuration332.2.5 Configuring the Restoration File Name342.2.5.1 CLI Configuration342.2.5.2 Web Configuration352.2.6 Saving the Current Configurations for Restoration362.2.7 Erasing a Saved Configuration File372.2.8 Copying System Logs into Remote Location382.2.8.1 Web Configuration382.2.9 Copying a File from Remote Site/Flash to Remote Site/Flash392.2.9.1 Web Configuration392.2.10 Configuring the Default VLAN Identifier402.2.10.1 CLI Configuration402.2.10.2 WEB Configuration412.2.11 Configuring Switch Clock412.2.11.1 CLI Configuration412.2.11.2 Web Configuration412.2.12 Enabling/Disabling Console CLI through Serial Port412.2.12.1 CLI Configuration412.2.12.2 WEB Configuration422.2.13 Enabling/Disabling HTTP422.2.14 Configuring HTTP Port Number422.2.14.1 CLI Configuration422.2.14.2 Web Configuration432.2.15 Configuring HTTP Authentication scheme432.2.15.1 CLI Configuration432.2.15.2 WEB Configuration452.2.16 Enabling/Disabling Trap Generation on an Interface452.2.16.1 CLI Configuration452.2.16.2 WEB Configuration462.2.17 Configuring an Interface as Switch Port/ Router Port472.2.17.1 CLI Configuration472.2.17.2 Web Configuration472.2.18 Configuring Debug Logging482.2.18.1 CLI Configuration482.2.18.2 Web Configuration482.2.19 Configuring ACL Filters492.2.19.1 CLI Configuration492.2.19.2 WEB Configuration512.2.19.2.1 IP Standard Access List512.2.19.2.2 MAC Access List522.2.20 Software image upgradation532.2.20.1 Software image upgrade through CLI532.2.20.1.1 Upgrade from R1_1_2 image to R1_1_3532.2.20.1.2 Upgrade from R1_1_3 image to > R1_1_3552.2.20.2 Software image upgrade through WEB552.2.21 Setting default OOB IP for system(first time in a new board)572.2.21.1 CLI Configuration572.2.21.2 WEB Configuration58DHCP SERVER593.1 PROTOCOL DESCRIPTION593.2 TOPOLOGY593.3 CONFIGURATION GUIDELINES593.4 DEFAULT CONFIGURATIONS603.5 DHCP CONFIGURATIONS603.5.1 Enabling DHCP server603.5.1.1 CLI Configuration603.5.1.2 WEB Configuration613.5.2 Configuring Offer Reuse Time Out613.5.2.1 CLI Configuration613.5.2.2 WEB Configuration623.5.3 Configuring DHCP Address Pools623.5.3.1 Creating a DHCP Address Pool623.5.3.2 Configuring End IP for the Pool633.5.3.3 Configuring Lease Time633.5.3.4 Configuring Utilization Threshold643.5.3.5 WEB Configuration for DHCP Address Pool653.5.4 Creating an Excluded Address in the Pool653.5.4.1 CLI Configuration653.5.4.2 WEB Configuration663.5.5 Configuring DHCP Pool Options663.5.5.1 Configuring a Domain Name Option663.5.5.2 Configuring DNS Option with Single IP Address673.5.5.3 Configuring NTP Option with Two IP Addresses683.5.5.4 Configuring Default Router693.5.5.5 Configuring Options Specific to Address Pools703.5.5.6 WEB Configuration for DHCP Pool Options713.5.6 Configuring Host Specific Options713.5.6.1 CLI Configuration71RIP734.1 PROTOCOL DESCRIPTION734.2 TOPOLOGY744.3 CONFIGURATION GUIDELINES744.3.1 Configuration in FDN40-1744.3.2 Configuration in FDN40-2754.3.3 Configuration in FDN40-3764.4 DEFAULT CONFIGURATIONS764.5 RIP CONFIGURATIONS764.5.1 Enabling and Disabling RIP764.5.1.1 Enabling RIP764.5.1.2 Disabling RIP774.5.1.3 WEB Configuration774.5.2 Enabling RIP on an IP Network774.5.2.1 CLI Configuration784.5.2.2 WEB Configuration784.5.3 Configuring RIP Security794.5.3.1 CLI Configuration794.5.3.2 WEB Configuration804.5.4.1 CLI Configuration804.5.4.2 WEB Configuration824.5.5 Configuring RIP Neighbor824.5.5.1 CLI Configuration824.5.5.2 WEB Configuration834.5.6 Configuring RIP Passive Interface834.5.6.1 CLI Configuration834.5.6.2 WEB Configuration854.5.7 Configuring Output-delay854.5.7.1 CLI Configuration854.5.7.2 WEB Configuration874.5.8 Configuring Redistribution874.5.8.1 CLI Configuration874.5.8.2 WEB Configuration884.5.8.3 Sample Configuration to Test Redistribution884.5.9 Configuring Default-metric914.5.9.1 CLI Configuration914.5.9.2 WEB Configuration914.5.9.3 Sample Configuration to Test Default-metric914.5.10 Configuring Auto-summary944.5.10.1 CLI Configuration944.5.10.2 WEB Configuration964.5.11 Configuring Interface Specific RIP Parameters964.5.11.1 Configuring RIP Default Route Propagation964.5.11.2 Configuring to Install Default Route97Installation974.5.11.3 Configuring Version for Receiving RIP Advertisement1004.5.11.4 Configuring Version for Transmitting RIP Advertisement1014.5.11.5 Configuring Timer Basic1024.5.11.6 Configuring RIP Split Horizon1034.5.11.7 WEB Configuration for RIP Interface Paramters1044.5.12 Configuring RIP Summary-address1054.5.12.1 CLI Configuration1054.5.12.2 WEB Configuration1054.5.12.3 Sample Configuration to configure RIP summary-address1064.5.13 Configuring Interface Specific Authentication1074.5.13.1 CLI Configuration1074.5.13.2 WEB Configuration1084.5.13.3 Sample Configuration for Enabling Authentication1084.5.13.4 Sample Configuration for Enabling Crypto Authentication1104.5.14 Configuring Debug Level for RIP1134.5.15 Configuring Route Map – RIP1134.5.15.1 Configuring Route Map1144.5.15.1.1 CLI Configuration1144.5.15.1.2 WEB Configuration1144.5.15.2 Configuring Route Map Match Criteria1144.5.15.2.1 CLI Configuration1144.5.15.2.2 WEB Configuration1164.5.15.3 Configuring RIP Distance1164.5.15.3.1 CLI Configuration1164.5.15.3.2 WEB Configuration1174.5.15.4 Configuring Redistribution with Route Map1174.5.15.4.1 CLI Configuration1174.5.15.5 WEB Configuration118VLAN1195.1 PROTOCOL DESCRIPTION1195.2 TOPOLOGY1205.3 CONFIGURATION GUIDELINES1205.4 DEFAULT CONFIGURATIONS1215.5 VLAN CONFIGURATIONS1215.5.1 Configuring Static VLAN1215.5.1.1 CLI Configuration1215.5.1.2 WEB Configuration1235.5.2 Deleting a VLAN1245.5.2.1 CLI Configuration1245.5.2.2 Web Configuration1245.5.3 Enabling VLANs1245.5.4 Classifying Frames to a VLAN1245.5.4.1 Port Based Classification1245.5.4.2 WEB Configuration1255.5.5 Configuring Port Filtering1265.5.5.1 Configuring Acceptable Frametype126NAT1296.1 TOPOLOGY1296.2 CONFIGURATION GUIDELINES1306.3 DEFAULT CONFIGURATIONS1306.4 NAT CONFIGURATIONS1306.4.1 Enabling and Disabling NAT on an Interface1306.4.1.1 CLI Configuration1306.4.1.2 WEB Configuration1316.4.2 Enabling and Disabling NAPT1326.4.2.1 CLI Configuration1326.4.2.2 WEB Configuration1336.4.3 Configuring Static NAT and NAPT1346.4.3.1 CLI Configuration1346.4.3.2 WEB Configuration1356.4.4 Configuring Dynamic NAT1366.4.4.1 CLI Configuration1376.4.4.2 WEB Configuration1386.4.5 Configuring Virtual Server1386.4.5.1 CLI Configuration1386.4.5.2 WEB Configuration139IPSEC1417.1 PROTOCOL DESCRIPTION1417.2 TOPOLOGY1427.3 IPSEC CONFIGURATIONS1427.3.1 Enabling VPN Module1427.3.1.1 CLI Configuration1427.3.1.2 WEB Configuration1437.3.2 Configuring VPN IPSec Policy1437.3.2.1 Creating VPN Policy1437.3.2.2 Configuring VPN Policy Type1447.3.2.3 Configuring IPSec mode1457.3.2.4 Configuring Peer Identity1477.3.2.5 Configuring IPSec Session Keys1487.3.2.6 Configuring Access List1497.3.2.7 Binding of Policy1507.3.2.8 Removing Policy from Interface1517.3.2.9 Deleting Policy1527.3.2.10 WEB Configuration for IPSec VPN Policy Parameters1527.3.3 Sample Configuration154IKE1578.1 PROTOCOL DESCRIPTION1578.1.1 IKEv11578.1.1.1 Phase 1 – Main/Aggressive1578.1.1.1.1 Main Mode1578.1.1.1.2 Aggressive Mode1588.1.1.2 Phase 2 - Quick Mode1588.1.2 IKEv21588.2 IKE CONFIGURATIONS1598.2.1 Importing and Deleting RSA Key1598.2.1.1 Importing a RSA Key1598.2.1.2 Deleting a RSA Key Pair1598.2.2 Configuring Certificates1598.2.2.1 Importing a Certificate1598.2.2.2 Deleting a Certificate1618.2.2.3 Importing a CA Certificate1618.2.2.4 Deleting a CA Certificate1638.2.2.5 Importing a Peer Certificate1648.2.2.6 Deleting Peer Certificate1658.2.3 Configuring Remote Identity and Authentication Method1668.2.3.1 Authentication Method Preshered-Key1668.2.3.2 Authentication Method RSA Certificate1668.2.3.3 Deleting a Configured Remote Identity1678.2.3.4 WEB Configuration1678.2.4 Creating VPN Policy1688.2.4.1 CLI Configuration1688.2.4.2 WEB Configuration1698.2.5 Configuring VPN IKE Policy Parameters1708.2.5.1 Configuring IKE Version1708.2.5.2 Configuring Key Mode1708.2.5.2.1 Certificate Mode1708.2.5.2.2 Preshared Key Mode1718.2.5.3 Configuring Peer IP1718.2.5.4 Configuring IPSec Mode1728.2.5.4.1 Tunnel Mode1728.2.5.5 Configuring Remote Identity1728.2.5.6 Configuring Local Identity1738.2.5.7 Configuring Phase 1 Parameters1748.2.5.7.1 For IKEv11758.2.5.7.2 For IKEv21768.2.5.8 Configuring Phase 2 Parameters177ESP Protocol with Integrity1778.2.5.9 Configuring Access-list178Access-list for Tunnel Policy1788.2.5.10 Attaching the Policy to the Interface1798.2.5.11 Removing the Policy from the Interface1798.2.5.12 Deleting the Policy1808.2.5.13 Web Configuration for VPN IKE Policy1808.2.6 Displaying the VPN Statistics1828.2.6.1 CLI Configuration1828.2.6.2 WEB Configuration1828.3 IKE EXAMPLES1838.3.1 General Configuration1838.3.2 Configuring IKEv1 - Tunnel Mode - Preshared key1838.3.2.1 DUT1 Configuration1848.3.2.2 DUT2 Configuration186FIREWALL1899.1 TOPOLOGY1899.2 DEFAULT CONFIGURATIONS1899.3 FIREWALL CONFIGURATIONS1899.3.1 Enabling and Disabling Firewall Module1909.3.1.1 CLI Configuration1909.3.1.2 WEB Configuration1909.3.2 Configuring Firewall Filters for IPv41919.3.2.1 CLI Configuration1919.3.2.2 WEB Configuration1949.3.3 Configuring Firewall Access List1969.3.3.1 CLI Configuration1969.3.3.2 WEB Configuration2049.3.4 Configuring Zones2069.3.4.1 CLI Configuration2069.3.4.2 WEB Configuration207IPS-IDS20910.2 TOPOLOGY20910.3 DEFAULT CONFIGURATIONS20910.4 IPS-IDS CONFIGURATIONS21010.4.1 Enabling and Disabling IPS-IDS Module21010.4.1.1 CLI Configuration21010.4.1.2 WEB Configuration21010.4.2 Enabling and Disabling IDS Logging21110.4.2.1 CLI Configuration21110.4.2.2 WEB Configuration21210.4.3 Configuring IDS Logging Size and Log Size Threshold21310.4.3.1 CLI Configuration21310.4.3.2 WEB Configuration21410.4.4 Configuring IPS status in firewall access-list21410.4.4.1 CLI Configuration21410.4.4.2 WEB Configuration21810.4.5 Displaying IPS Categories and IPS Rules22010.4.5.1 CLI Configuration22010.4.5.2 WEB Configuration222POE22311.1 PROTOCOL DESCRIPTION22311.2 TOPOLOGY22311.3 POE CONFIGURATIONS22411.3.1 Enabling POE Module22411.3.1.1 CLI Configuration22411.3.1.2 WEB Configuration22511.3.2 Enabling POE on port22511.3.2.1 CLI Configuration22511.3.2.2 WEB Configuration22611.3.3 To apply power to a POE device22711.3.3.1 CLI Configuration22711.3.3.2 WEB Configuration22811.3.4 To view the PSE status22811.3.4.1 CLI Configuration22811.3.4.2 WEB Configuration229WI-FI23112.1 TOPOLOGY23112.2 CONFIGURATION GUIDELINES23212.3 W I-FI CONFIGURATIONS23212.3.1 Enabling WiFi interfaces23212.3.1.1 CLI Configuration23212.3.1.2 WEB Configuration23312.3.2 Disabling Wi-Fi interface23312.3.2.1 CLI Configuration23312.3.2.2 WEB Configuration23412.3.3 VAP creation and VLAN association23512.3.3.1 CLI Configuration23512.3.3.2 WEB Configuration23612.3.3.2.1 VAP (SSID) Creation23612.3.3.2.2 VLAN Association with VAP23712.3.3.2.3 SSID Summary23712.3.4 VAP deletion23712.3.4.1 CLI Configuration23712.3.4.2 WEB Configuration23812.3.5 Rate-limit Configurations23812.3.5.1 CLI Configurations23812.3.5.2 WEB Configuration23912.3.6 Configuring Mac-Filtering for VAP24012.3.6.1 CLI Configuration24012.3.6.2 WEB Configuration24112.3.7 Configuring Authentication Algorithms for VAP24112.3.7.1 CLI Configuration24112.3.7.1.1 Open Authentication24112.3.7.1.2 WEP Authentication24212.3.7.1.3 WPA2 PSK AUTHENTICATION24312.3.7.2 WEB Configuration24312.4 DISPLAYING THE CONFIGURATIONS24412.5 W I-FI CLIENT ASSOCIATION24612.5.1 CLI Configuration24612.5.2 WEB Configuration247NTP24913.1 PROTOCOL DESCRIPTION24913.2 TOPOLOGY25013.3 CONFIGURATION GUIDELINES25013.4 DEFAULT CONFIGURATIONS25013.5 NTP CONFIGURATIONS25113.5.1 Configuring NTP system25113.5.1.1 Enabling the NTP system25113.5.1.2 Disabling the NTP system25113.5.1.3 Configuring the NTP Client Mode25213.5.1.4 2.WEB Configuration25213.5.1.4.1 Enabling/ Disabling NTP25213.5.1.4.2 Configuring NTP Client Mode25313.5.2 Configuring NTP Server25313.5.2.1 CLI Configuration25313.5.2.2 Web Configuration254QOS25714.1 PROTOCOL DESCRIPTION25714.2 TOPOLOGY25714.3 CONFIGURATION GUIDELINES25814.4 DEFAULT CONFIGURATIONS25814.5 QOS CONFIGURATIONS25814.5.1 Configuring QoS Subsystem25814.5.1.1 Enabling the QoS Subsystem25814.5.1.2 Disabling the QoS Subsystem25914.5.1.3 Making the QoS Subsystem Up25914.5.1.4 WEB Configuration26014.5.2 Configuring Rate-Limiting at Port level (Ingress port-rate limiting)26014.5.2.1 CLI Configuration26014.5.2.2 WEB Configuration26014.5.3.1 CLI Configuration26114.5.3.2 WEB Configuration26114.5.4.1 CLI Configuration26214.5.4.2 WEB Configuration26314.5.4.2.1 Shape Template26314.5.4.2.2 Queue Table26414.5.5 Configuring Queue Template26414.5.5.1 CLI Configuration26414.5.5.2 WEB Configuration26514.5.5.2.1 QueueTemplate26514.5.5.2.2 Queue Table26614.5.6 Configuring Queue Map26614.5.6.1 CLI Configuration26614.5.6.2 WEB Configuration26714.5.6.2.1 QueueTemplate26714.5.7 Configuring Scheduler26714.5.7.1 CLI Configuration26714.5.7.2 WEB Configuration268OSPF26915.1 PROTOCOL DESCRIPTION26915.2 TOPOLOGY27015.3 CONFIGURATION GUIDELINES27115.3.1 Configuration in FDN40-127115.3.2 Configuration in FDN40-227115.3.3 Configuration in FDN40-327215.3.4 Configuration in FDN40-427315.3.5 Configuration in FDN40-527315.3.6 Configuration in FDN40-627415.3.7 Configuration in FDN40-727515.3.8 Configuration in FDN40-627515.3.9 Configuration in FDN40-927615.4 DEFAULT CONFIGURATIONS27615.5 OSPF CONFIGURATIONS27915.5.1 Enabling and Disabling OSPF27915.5.1.1 CLI Configuration27915.5.1.2 WEB Configuration27915.5.2 Configuring Router-id28015.5.2.1 CLI Configuration28015.5.2.2 WEB Configuration28015.5.3 Configuring OSPF Interface28115.5.3.1 CLI Configuration28115.5.3.2 WEB Configuration28315.5.4 Configuring OSPF Interface Parameters28415.5.4.1 CLI Configuration28415.5.4.2 WEB Configuration28415.5.5 Configuring OSPF Interface Priority28415.5.5.1 CLI Configuration28415.5.5.2 WEB Configuration28515.5.6 Configuring LSA Retransmission Level28515.5.6.1 CLI Configuration28515.5.6.2 WEB Configuration28615.5.7 Configuring Hello Interval28615.5.7.1 CLI Configuration28615.5.7.2 WEB Configuration28615.5.8 Configuring Dead Interval28615.5.8.1 CLI Configuration28715.5.8.1 WEB Configuration28715.5.9 Configuring Network Type28715.5.10 Configuring Interface Cost28715.5.10.1 CLI Configuration28715.5.10.2 WEB Configuration28815.5.11 Configuring OSPF Authentication28815.5.11.1 Configuring Simple Password Authentication28915.5.11.1.1 CLI Configuration28915.5.11.1.2 WEB Configuration29115.5.11.2 Configuring Message-Digest Authentication29215.5.11.2.1 CLI Configuration29215.5.11.2.2 WEB Configuration29315.5.11.3 Configuring Message-Digest with key constants29415.5.11.3.1 CLI Configuration29415.5.11.3.2 WEB Configuration29515.5.11.4 Configuring NULL Authentication29515.5.11.4.1 CLI Configuration29515.5.11.4.2 WEB Configuration29615.5.12 Configuring Passive Interface29615.5.12.1 CLI Configuration29615.5.12.2 WEB Configuration29815.5.13 Configuring OSPF Area Parameters29815.5.13.1 Configuring Stub Area29815.5.13.1.1 CLI Configuration29915.5.13.1.2 WEB Configuration29915.5.13.2 Configuring ASBR Router30015.5.13.2.1 CLI Configuration30015.5.13.2.2 WEB Configuration30015.5.13.3 Configuring Redistribution30015.5.13.3.1 CLI Configuration30015.5.13.3.2 WEB Configuration30715.5.13.4 Configuring NSSA Area30715.5.13.4.1 CLI Configuration30715.5.13.4.2 WEB Configuration30715.5.13.5 Configuring Summary Address30715.5.13.5.1 CLI Configuration30715.5.13.5.2 WEB Configuration30815.5.13.6 Configuring Area-default Cost30915.5.13.6.1 CLI Configuration30915.5.13.6.2 WEB Configuration31715.5.13.7 Configuring NSSA asbr-default-route translator31815.5.13.7.1 CLI Configuration31815.5.13.7.2 WEB Configuration31815.5.13.8 Configuring NSSA Area Translation Role31815.5.13.8.1 CLI Configuration31815.5.13.8.2 WEB Configuration31915.5.13.9 Configuring Stability Interval for NSSA31915.5.13.9.1 CLI Configuration31915.5.13.9.2 WEB Configuration32015.5.13.10 Configuring ABR-Type32015.5.13.10.1 CLI Configuration32015.5.13.10.2 WEB Configuration32115.5.13.11 Configuring RFC 1583 Compatibility32115.5.13.11.1 CLI Configuration32115.5.13.11.2 WEB Configuration32115.5.13.12 Configuring Default-information Originate Always32215.5.13.12.1 CLI Configuration32215.5.13.12.2 WEB Configuration32215.5.13.13 Configuring Redist-Config32215.5.13.13.1 CLI Configuration32215.5.13.13.2 WEB Configuration32815.5.13.14 Configuring Neighbor32915.5.13.14.1 CLI Configuration32915.5.13.14.2 WEB Configuration33015.5.13.15 Configuring Virtual link33015.5.13.15.1 CLI Configuration33015.5.13.15.2 WEB Configuration33115.5.13.16 Configuring Area-range33115.5.13.16.1 CLI Configuration33115.5.13.16.2 WEB Configuration33615.5.14 Configuring Route Map - OSPF33615.5.14.1 Configuring Route Map33615.5.14.1.1 CLI Configuration33615.5.14.1.2 WEB Configuration33715.5.14.2 Configuring Route Map Match Criteria33715.5.14.2.1 CLI Configuration33715.5.14.2.2 WEB Configuration33815.5.14.3 Configuring OSPF Distance33815.5.14.3.1 CLI Configuration33815.5.14.3.2 WEB Configuration33915.5.14.4 Configuring Redistribution with Route Map33915.5.14.4.1 CLI Configuration33915.5.14.4.2 WEB Configuration34015.5.14.5 Topology Configuration for OSPF Testing34015.5.14.6 Redistribution Topology34415.5.14.6.1 Redistribution Interface Configuration34515.5.14.6.2 Redistribution Protocol Configuration34515.5.14.7 OSPF Inbound Filtering with Route Map34915.5.14.7.1 Interface Configuration34915.5.14.7.2 Protocol Configuration350DHCP RELAY AGENT35516.1 PROTOCOL DESCRIPTION35516.2 TOPOLOGY35616.3 CONFIGURATION GUIDELINES35616.4 DEFAULT CONFIGURATIONS35616.5 ENABLING DHCP RELAY35716.5.1.1 CLI Configuration35716.5.1.2 WEB Configuration35816.6 CONFIGURING A DHCP SERVER ADDRESS35816.6.1.1 CLI Configuration35816.6.1.2 WEB Configuration35916.7 ENABLING RELAY AGENT INFORMATION35916.7.1.1 CLI Configuration35916.7.1.2 WEB Configuration36016.8 CONFIGURING RELAY AGENT SUB-OPTIONS36016.8.1.1 CLI Configuration36016.8.1.2 WEB Configuration36116.9 ENABLING TRACES FOR DHCP RELAY361RAVPN36917.1 PROTOCOL DESCRIPTION36917.2 TOPOLOGY37017.3 RAVPN CONFIGURATIONS37017.3.1 Enabling VPN Module37017.3.1.1 CLI Configuration37017.3.1.2 WEB Configuration37117.3.2 Configuring pool IP address37117.3.2.1 CLI Configuration37117.3.2.2 WEB Configuration37217.3.3 Configuring RAVPN Policy Type37217.3.3.1 CLI Configuration37217.3.3.2 WEB Configuration37317.3.4 Configuring IPSec mode37417.3.4.1 CLI Configuration37417.3.5 Configuring Peer Identity37517.3.5.1 CLI Configuration37517.3.5.2 WEB Configuration37617.3.6 Configuring IPSec Session Keys37717.3.6.1 CLI Configuration37717.3.6.2 WEB Configuration37817.3.7 Configuring Access List37917.3.7.1 CLI Configuration37917.3.7.2 WEB Configuration38017.3.8 Binding of Policy38017.3.8.1 CLI Configuration38017.3.8.2 WEB Configuration38117.3.9 Removing Policy from Interface38217.3.9.1 CLI Configuration38217.3.9.2 WEB Configuration38317.3.10 Deleting Policy38317.3.10.1 CLI Configuration38317.3.10.2 WEB Configuration38317.3.11 Sample Configuration38517.3.11.1 RAVPN Server Configuration386Figure 6-1: Configuration for Basic System Features27Figure 6-2: Configuration for Advanced System Features27Figure 7-1: DHCP - Topology 159Figure 13-1: RIP Topology 174Figure 13-2: RIP Topology 274Figure 16-1: Topology for VLAN Configuration120Figure 17-1 - NAT Topology129Screen 17-3: Static NAT and NAPT136Figure 18-1: IPSec Topology142Figure 18-2: Topology Diagram for Sample IPSec Configuration154Figure 19-1: IKE Topology183Figure 20-1: Firewall Topology189Figure 20-5: IPS Topology209Screen 20-7: IPS Basic Settings - Disabling IPS-IDS global status211Screen 20-14: Firewall Access List – View IPS status220Figure 21-1: Wi-Fi Topology231Figure 22-1: NTP Topology250Figure 23-1: QOS Topology257Figure 24-1: OSPF Topology270Screen 24-2: OSPF Basic Settings281Figure 24-2: Topology For Testing Authentication289Figure 24-3: Topology For Configuration of stub area, ASBR and route redistribution301Figure 24-4: Topology For NSSA, summary address and area-default Cost Configuration310Figure 24-5: Topology For testing default-information originate always and redist-config323Figure 24-6: Topology For testing virtual link and route summarization332Figure 24-7: Topology Configuration for OSPF Testing340Figure 24-8: Redistribution Topology Configuration345Figure 24-9: Distribute-list In Topology Configurations349Figure 29-1: DHCP – Topology356Figure 30-1: RAVPN - Topology370Screen 30-1: VPN Policy - VPN Module Status371Screen 30-2: RAVPN Pool IP Address configuration372Screen 30-3: RAVPN Policy Type Configuration374Screen 30-4: Peer Identity Configuration377Screen 30-5: IPSec Session Keys Configuration379Screen 30-6: Access List Configuration380Screen 30-7: Binding of Policy382Screen 30-8: Removal of Policy from Interface383Screen 30-9: Deleting Policy384Figure 30-2: RAVPN Topology – Sample Configuration385Screen 2-1: Factory Default Settings30Screen 2-2: IPv4 Interface Setings31Screen 2-3: System Information- Login Authentication34Screen 2-4: Restore Configuration36Screen 2-5: Log Transfer39Screen 2-6: Log Transfer39Screen 2-7: HTTP Configuration45Screen 2-8: Port Basic Settings47Screen 2-9: IP Standard ACL Configuration52Screen 2-10: MAC ACL Configuration52Screen 2-11: Image Upgradation using normal56Screen 2-12: Image Upgradation using FallBack57Screen 2-13: IP Erase configuration58Screen 3-1: DHCP Basic Settings61Screen 3-2: DHCP Pool Settings65Screen 3-3: DHCP Server IP Exclude Setings66Screen 3-4: DHCP Pool Options Settings71Screen 4-1: RIP VRF Creation77Screen 4-2: RIP Interface79Screen 4-3: RIP Basic Settings80Screen 4-4: RIP Neighbour List83Screen 4-5: RIP Interface - Passive85Screen 4-6: RRD RIP Configuration88Screen 4-7: RIP Interface - Parameters105Screen 4-8: RIP Interface Specific Address Summarization106Screen 4-9: RIP Security Settings108Screen 4-10: RouteMap Creation114Screen 4-11: RouteMap Match116Screen 5-1: Static VLAN Configuration124Screen 5-2: VLAN Port Settings126Screen 6-1: Interface NAT Settings screen - NAT Status132Screen 6-2: Interface NAT Settings screen - NAPT Status134Screen 6-4: Address Pool screen138Screen 6-5: Virtual Server Configuration139Screen 7-1: VPN Policy - VPN Module Status143Screen 7-2: VPN IPSec153Screen 8-1: VPN Global Setings167Screen 8-2: VPN Policy169Screen 8-3: VPN IKE181Screen 8-4: VPN Statistics182Firewall Configurations189Screen 9-1: Firewall Basic Settings191Screen 9-2: Firewall Filter Configuration195Screen 9-3: Firewall - ACL Configuration205Screen 9-4: Firewall Interface Configuration208Screen 10-1: IPS Basic Settings - Enabling IPS-IDS global status211Screen 10-2: IPS Basic Settings - Disabling IPS-IDS global status211Screen 10-3: IPS Basic Settings - Enabling IDS logging status212Screen 10-4: IPS Basic Settings - Disabling IDS logging status213Screen 10-5: IPS Basic Settings - Configure IDS logging file size214Screen 10-6: IPS Basic Settings - Disabling IDS logging status214Screen 10-7: Firewall Access List - Configure IPS status as enabled219Screen 10-8: Firewall Access List - Configure IPS status as disabled219To view IPS status in the firewall access-list219Screen 10-9: Firewall Access List – View IPS status220Screen 10-10: IPS Signature – Display signatures for not-suspicious category222Screen 11-1: POE Basic Settings225Screen 11-2: POE Port Configuration227Screen 11-3: POE Port Configuration228Screen 11-4: PSE Configuration229Screen 12-1: AP RadioSettings - Enabling Radio Interfaces233Screen 12-2: AP RadioSettings - Disabling Wi-Fi Interface234Screen 12-3: AP RadioSettings - Creating VAP (SSID)236Screen 12-4: VAP237Screen 12-5: SSID Summary237Screen 12-6: AP RadioSettings - Deleting VAP (SSID)238Screen 12-7: Rate Limit239Screen 12-8: VAP - MAC Filtering241Screen 12-9: VAP – Authentication with WEP244Screen 12-10: AP Radio Statistics247Screen 13-1: NTP Basic Settings253Screen 13-2: NTP Client Mode253Screen 13-3: NTP Server Configurations255Screen 14-1: QoS Basic Settings260Screen 14-2: Ingress Rate Limiting261Screen 14-3: Storm-Control262Screen 14-4: Shape Template Configurations264Screen 14-5: Queue Configurations264Screen 14-10: QueueTemplate Configurations266Screen 14-11: Queue Configurations266Screen 14-12: Queue Map Configurations267Screen 14-6: Scheduler Configurations268Screen 15-1: OSPF VRF Creation279Screen 15-3: OSPF Interface Configuration283Screen 15-4: OSPF Area Configuration299Screen 15-5: OSPF Area Aggregation309Screen 15-6: OSPF RRD Route Configuration329Screen 15-7: OSPF Virtual Interface Configuration331Screen 16-1: DHCP Relay Configuration358Screen 16-2: DHCP Relay Interface Configuration361Table 1-1- Acronyms used in the Document21Table 1-2: Document Conventions23Table 1-3: General Configurations24Table 7-1: Default Configurations60Table 16-1: Default Configurations121Table 20-1: IPv4 Addresses of Interfaces and Hosts189Table 20-1: IPv4 Addresses of Interfaces and Hosts209Table 21-1: Wi-Fi Topology Description231Table 22-2: Default Configurations250Table 23-1: QOS Topology Description257Table 23-2: Default Configurations258Table 24-1: Default Configurations276Table 24-2 IPv4 Addresses of Interfaces in the Routers Topology – OSPF Testing341Table 24-3: IPv4 Addresses of Interfaces in the Routers – Redistribution Topology345Table 24-4: IPv4 Addresses of Interfaces in the Routers – OSPF Inbound Filtering349Table 29-1: Default Configurations356Taille: 5,9 MoPages: 388Language: EnglishOuvrir le manuel