Ulterius Technologies FDN40 Multi Service Business Gateway User Manual Manual
Ulterius Technologies, LLC Multi Service Business Gateway Manual
UserManual.wiki
>
Ulterius Technologies
>
FDN40 User Manual
Manual
Navigation menu
Upload a User Manual
Namespaces
Wiki Guide
HTML
PDF
Info
Views
User Manual
Discussion / Help
Navigation
![CHAPTER 4: RIP Configuration User Manual 78 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 4.5.2.1 CLI Configuration 1. Execute the following commands in the switch FDN40-1. Enter the Global Configuration mode. UltOs# configure terminal Enable RIP globally in the switch FDN40-1. UltOs(config)# router rip Enable RIP over the interface vlan 1 (IP address 10.0.0.1/16). UltOs(config-router)# network 10.0.0.1 Exit from the router configuration mode. UltOs(config-router)# exit 2. View the RIP interface using the following command. UltOs# show ip rip statistics RIP Global Statistics: ---------------------- Total number of route changes is 0 Total number of queries responded is 0 Total number of periodic updates sent is 11 Total number of dropped packets is 0 RIP Interface Statistics: ------------------------- Interface Periodic BadRoutes Triggered BadPackets Admin IP Address Updates Sent Received Updates Sent Received Status ----------- ------------ --------- ------------ ---------- ------ 10.0.0.1 11 0 0 0 Enabled 3. View the RIP route UltOs# show ip rip database 10.0.0.0/8[1] summary route 10.0.0.0/16 directly connected, vlan1 RIP can be enabled on Pseudo wire interface similar to RIP on router port. 4.5.2.2 WEB Configuration RIP can be enabled/ disabled on an IP network through WEB interface using the RIP Interface screen (Navigation - Layer3 Management > RIP > Interface Configuration)](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-78.png)
![CHAPTER 4: RIP Configuration User Manual 90 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Restricts default route installation Restricts default route origination 4. View the RIP route entries for the static routes added in FDN40-1. (Static routes added in FDN40-1 with metric as 3 are redistributed into the RIP domain. In FDN40-2, view the redistributed static routes with metric as 4.) using the following command. UltOs# show ip rip database 10.0.0.0/8 [1] auto-summary 10.0.0.0/16 [1] directly connected, vlan1 50.0.0.0/8 [4] auto-summary 50.0.0.0/8 [4] via 10.0.0.1, vlan1 60.0.0.0/8 [4] auto-summary 60.0.0.0/8 [4] via 10.0.0.1, vlan1 70.0.0.0/8 [4] auto-summary 70.0.0.0/8 [4] via 10.0.0.1, vlan1 80.0.0.0/8 [4] auto-summary 80.0.0.0/8 [4] via 10.0.0.1, vlan1 UltOs# show ip route C 10.0.0.0/16 is directly connected, vlan1 C 30.2.2.0/24 is directly connected, vlan3 R 50.0.0.0/8 [4] via 10.0.0.1 R 60.0.0.0/8 [4] via 10.0.0.1 R 70.0.0.0/8 [4] via 10.0.0.1 R 80.0.0.0/8 [4] via 10.0.0.1 5. Execute the following commands in the switch FDN40-1 to disable redistribution. Enter the Global Configuration mode. UltOs# configure terminal Enable RIP globally in the switch FDN40-1. UltOs(config)# router rip Disable the redistribution of static routes into RIP domain UltOs(config-router)# no redistribute static UltOs(config-router)# end. 6. View in FDN40-2, the RIP route entries for the static routes added in FDN40-1, which are made as unreachable with metric as infinity (16) (Static routes added in FDN40-1 are redistributed into the RIP domain.) using the following command. UltOs# show ip rip database](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-90.png)
![CHAPTER 4: RIP Configuration User Manual 91 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 10.0.0.0/8 [1] auto-summary 10.0.0.0/16 [1] directly connected, vlan1 50.0.0.0/8 [16] via 10.0.0.1, vlan1 60.0.0.0/8 [16] via 10.0.0.1, vlan1 70.0.0.0/8 [16] via 10.0.0.1, vlan1 80.0.0.0/8 [16] via 10.0.0.1, vlan1 7. View the RIP route entries for the redistributed static routes are deleted from the IP routing table. UltOs# show ip route C 10.0.0.0/16 is directly connected, vlan1 C 30.2.2.0/24 is directly connected, vlan3 4.5.9 Configuring Default-metric Refer the Section 4.3 for configuration guidelines and Figure 4-1 for the Setup. The prerequisite configuration needs to be done in the switches (FDN40-1 and FDN40-2) before configuring RIP. 4.5.9.1 CLI Configuration 1. Execute the following commands in the switch FDN40-1 to configure the default-metric. Enter the Global Configuration mode. UltOs# configure terminal Enable RIP globally in the switch FDN40-1. UltOs(config)# router rip Enable RIP over the interface vlan 1 (IP address 10.0.0.1/16). UltOs(config-router)# network 10.0.0.1 Configure default-metric for redistributed routes in the RIP domain. UltOs(config-router)# default-metric 10 Configure redistribution of static routes into RIP domain. UltOs(config-router)# redistribute static Exit from the router configuration mode. UltOs(config-router)# end 4.5.9.2 WEB Configuration RIP default metric can be configured through WEB interface using the RRD RIP Configuration screen. For screenshot, refer section 4.5.8.2. 4.5.9.3 Sample Configuration to Test Default-metric Refer the Section 4.3 for configuration guidelines and Figure 4-1 for the Setup. The prerequisite configuration needs to be done in the switches (FDN40-1 and FDN40-2) before configuring RIP.](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-91.png)
![CHAPTER 4: RIP Configuration User Manual 93 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Routing for Networks : 10.0.0.0 Routing Information Sources : Interface Specific Address Summarisation : Interface vlan1 Sending updates every 30 seconds Invalid after 180 seconds Flushed after 120 seconds Send version is 1 2, receive version is 1 2 Authentication type is none Split Horizon with poissoned reverse is enabled Restricts default route installation Restricts default route origination UltOs# show ip rip database 10.0.0.0/8 [1] auto-summary 10.0.0.0/16 [1] directly connected, vlan1 50.0.0.0/8 [10] auto-summary 50.0.0.0/8 [10] redistributed via 0.0.0.0 60.0.0.0/8 [10] auto-summary 60.0.0.0/8 [10] redistributed via 0.0.0.0 70.0.0.0/8 [10] auto-summary 70.0.0.0/8 [10] redistributed via 0.0.0.0 80.0.0.0/8 [10] auto-summary 80.0.0.0/8 [10] redistributed via 0.0.0.0 5. Execute the following commands in the switch FDN40-1 to disable redistribution. Enter the Global Configuration mode. UltOs# configure terminal Enable RIP globally in the switch FDN40-1. UltOs(config)# router rip Disable route redistribution. UltOs(config-router)# no redistribute static UltOs(config-router)# end. Configure default metric for redistributed routes. UltOs(config-router)# no default-metric Enable static route redistribution. UltOs(config-router)# redistribute static](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-93.png)
![CHAPTER 4: RIP Configuration User Manual 94 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs(config-router)# end. 6. View in FDN40-1, the metric for redistributed RIP route entries as 3 using the following command. UltOs# show ip rip database 10.0.0.0/8[1] summary route 10.0.0.0/16 directly connected, vlan1 50.0.0.0/8[3] summary route 50.0.0.0/8 [3] redistributed via vlan2 60.0.0.0/8[3] summary route 60.0.0.0/8 [3] redistributed via vlan2 70.0.0.0/8[3] summary route 70.0.0.0/8 [3] redistributed via vlan2 80.0.0.0/8[3] summary route 80.0.0.0/8 [3] redistributed via vlan2 4.5.10 Configuring Auto-summary Refer the Section 4.3 for configuration guidelines and Figure 4-1 for the Setup. The prerequisite configuration needs to be done in the switches (FDN40-1 and FDN40-2) before configuring RIP. 4.5.10.1 CLI Configuration 1. Execute the following commands in the switch FDN40-1 to configure auto-summary. Enter the Global Configuration mode. UltOs# configure terminal Enable RIP globally in the switch FDN40-1. UltOs(config)# router rip Enable RIP over the interface vlan 1 (IP address 10.0.0.1/16). UltOs(config-router)# network 10.0.0.1 Disable auto-summary of RIP routes. UltOs(config-router)# auto-summary disable 2. View the disabled auto summarization using the following command. UltOs# show ip protocols Routing Protocol is rip RIP2 security level is Maximum Redistributing : rip Output Delay is disabled Retransmission timeout interval is 5 seconds Number of retransmission retries is 36](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-94.png)
![CHAPTER 4: RIP Configuration User Manual 99 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Send version is 1 2, receive version is 1 2 Authentication type is none Split Horizon with poissoned reverse is enabled Restricts default route installation Originate default route 3. View in FDN40-1, the default route with next hop as 10.0.0.2 (FDN40-2 interface vlan 1 IP address) and metric as 12 (11+1) using the following command. UltOs# show ip protocols Routing Protocol is rip RIP2 security level is Maximum Redistributing : rip Output Delay is disabled Retransmission timeout interval is 5 seconds Number of retransmission retries is 36 Default metric is 3 Auto-Summarisation of routes is Enabled Routing for Networks : 10.0.0.0 Routing Information Sources : Interface Specific Address Summarisation : Interface vlan1 Sending updates every 30 seconds Invalid after 180 seconds Flushed after 120 seconds Send version is 1 2, receive version is 1 2 Authentication type is none Split Horizon with poissoned reverse is enabled Installs default route received Restricts default route origination UltOs# show ip rip database 0.0.0.0/0 [12] via 10.0.0.2, vlan1 10.0.0.0/8 [1] auto-summary 10.0.0.0/16 [1] directly connected, vlan1 UltOs# show ip route R 0.0.0.0/0 [12] via 10.0.0.2](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-99.png)
![CHAPTER 7: IPSEC Configuration User Manual 144 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. VPN Policy Parameters ------------------------- Policy Name : crypto_map_name Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : None <-- --> None Security Mode : Tunnel Local & Remote Tunnel Term Addr : None <== ==> None Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Disable IKE suite Info [PHASE I] : Encryption Algo : 3DES Hash Algorithm : HMAC SHA1 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 2400 Secs Identity Information : Local Identity Type : Default Local Identity value : Peer Identity Type : Default Peer Identity value : IPSEC suite Info [Phase II] : Protocol : ESP Encryption Algo : Not Confgiured Perfect Forward Secrecy : Not Confgiured Life Time : 800 Secs Crypto Session Status : Inactive Crypto Session Encr Pkts : 0 Crypto Session Decr Pkts : 0 No.of ACTIVE VPN policies = 0 No.of VPN policies configured = 1 7.3.2.2 Configuring VPN Policy Type The VPN policy type defines the policy to be imposed for the authentication of the users. The different policy types available are IPSec manual,](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-144.png)
![CHAPTER 8: IKE Configuration User Manual 168 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 8.2.4 Creating VPN Policy This section lists the CLI configuration steps to create a VPN policy which will define the VPN policy to be negotiated for SA creation. 8.2.4.1 CLI Configuration Enter the Global configuration mode. UltOs# configure terminal Enter the policy configuration mode. UltOs(config)# crypto map sa Exit the policy configuration mode. UltOs(config)#end View the policy created. A policy will be created with the default values. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : None <-- --> None Security Mode : Tunnel Local & Remote Tunnel Term Addr : None <== ==> None Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Disable IKE suite Info [PHASE I] : Encryption Algo : 3DES Hash Algorithm : HMAC SHA1 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 2400 Secs Identity Information : Local Identity Type : Default Local Identity value : Peer Identity Type : Default Peer Identity value : IPSEC suite Info [Phase II] :](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-168.png)
![CHAPTER 8: IKE Configuration User Manual 173 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Enter the policy configuration mode. UltOs(config)# crypto map sa Configure the remote identity. UltOs(config-crypto-map)# )# isakmp peer identity ipv4 35.0.0.2 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured remote identity. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : None <-- --> None Security Mode : Tunnel Local & Remote Tunnel Term Addr : 0.0.0.0 <== ==> 35.0.0.2 Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Disable IKE suite Info [PHASE I] : Encryption Algo : 3DES Hash Algorithm : HMAC SHA1 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 2400 Secs Identity Information : Local Identity Type : Default Local Identity value : Peer Identity Type : IPv4 Peer Identity value : 35.0.0.2 8.2.5.6 Configuring Local Identity This section lists the CLI configuration steps to configure the local identity of type IPv4. Enter the Global configuration mode. UltOs# configure terminal](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-173.png)
![CHAPTER 8: IKE Configuration User Manual 174 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Enter the policy configuration mode. UltOs(config)# crypto map sa Configure the local identity. UltOs(config-crypto-map)# )# isakmp local identity ipv4 35.0.0.1 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured local identity. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : None <-- --> None Security Mode : Tunnel Local & Remote Tunnel Term Addr : 0.0.0.0 <== ==> 35.0.0.2 Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Disable IKE suite Info [PHASE I] : Encryption Algo : 3DES Hash Algorithm : HMAC SHA1 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 2400 Secs Identity Information : Local Identity Type : IPv4 Local Identity value : 35.0.0.1 Peer Identity Type : IPv4 Peer Identity value : 35.0.0.2 8.2.5.7 Configuring Phase 1 Parameters This section provides the configuration details of phase 1 parameters for IKEv1 and IKEv2.](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-174.png)
![CHAPTER 8: IKE Configuration User Manual 175 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 8.2.5.7.1 For IKEv1 This section lists the CLI configuration steps to configure phase 1 parameters for the main mode. Enter the Global configuration mode. UltOs# configure terminal Enter the policy configuration mode. UltOs(config)# crypto map sa Set the phase 1 parameters. UltOs(config-crypto-map)# )# isakmp policy encryption des hash md5 dh group2 exch main lifetime secs 1500 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured phase 1 parameters. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : None <-- --> None Local & Remote Port Range : 0-65535 <-- --> 0-65535 Security Mode : Tunnel Local & Remote Tunnel Term Addr : 0.0.0.0 <== ==> 35.0.0.2 Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Enable IKE suite Info [PHASE I] : Encryption Algo : DES Hash Algorithm : HMAC MD5 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 1500 Secs Identity Information : Local Identity Type : IPv4](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-175.png)
![CHAPTER 8: IKE Configuration User Manual 176 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 8.2.5.7.2 For IKEv2 This section lists the CLI configuration steps to configure phase 1 parameters for IKEv2. Enter the Global configuration mode. UltOs# configure terminal Enter the policy configuration mode. UltOs(config)# crypto map sa Set the phase 1 parameters. UltOs(config-crypto-map)# )# isakmp policy encryption des hash md5 dh group2 lifetime secs 1500 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured phase 1 parameters. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v2 Local & Remote Protected N/W's : None <-- --> None Local & Remote Port Range : 0-65535 <-- --> 0-65535 Security Mode : Tunnel Local & Remote Tunnel Term Addr : 0.0.0.0 <== ==> 35.0.0.2 Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Enable IKE suite Info [PHASE I] : Encryption Algo : DES Hash Algorithm : HMAC MD5 Diffie-Hellman Group : DH Group 2 Life Time : 1500 Secs Identity Information : Local Identity Type : IPv4](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-176.png)
![CHAPTER 8: IKE Configuration User Manual 177 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. 8.2.5.8 Configuring Phase 2 Parameters This section provides the configuration details of phase 2 parameters for ESP protocol. 8.2.5.8.1 ESP Protocol with Integrity This section lists the CLI configuration steps to configure phase-2 parameters for ESP protocol. Enter the Global configuration mode. UltOs# configure terminal Enter the policy configuration mode. UltOs(config)# crypto map sa Set the phase 2 parameters for ESP. UltOs(config-crypto-map)# )# crypto map ipsec encryption esp des authentication esp sha1 pfs group2 lifetime secs 300 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured phase 2 parameters. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v2 Local & Remote Protected N/W's : None <-- --> None Local & Remote Port Range : 0-65535 <-- --> 0-65535 Security Mode : Tunnel Local & Remote Tunnel Term Addr : 0.0.0.0 <== ==> 35.0.0.2 Interface Name : Not Configured Policy Protocol : any Policy Action : Apply Anti Replay : Enable IKE suite Info [PHASE I] : Encryption Algo : DES Hash Algorithm : HMAC MD5 Diffie-Hellman Group : DH Group 2 Life Time : 1500 Secs Identity Information :](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-177.png)
![CHAPTER 8: IKE Configuration User Manual 178 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Local Identity Type : IPv4 Local Identity value : 35.0.0.1 Peer Identity Type : IPv4 Peer Identity value : 35.0.0.2 IPSEC suite Info [Phase II] : Protocol : ESP Encryption Algo : DES Authenticator : HMAC-SHA1 Perfect Forward Secrecy : DH Group 2 Life Time : 300 Secs 8.2.5.9 Configuring Access-list This section provides the configuration details of access-list for tunnel policy and transport policy. 8.2.5.9.1 Access-list for Tunnel Policy This section lists the CLI configuration steps to configure access-list for tunnel policy. Enter the Global configuration mode. UltOs# configure terminal Enter the policy configuration mode. UltOs(config)# crypto map sa Set the access-list for the tunnel mode. UltOs(config-crypto-map)#access-list apply any source 192.168.1.0 255.255.255.0 destination 192.168.2.0 255.255.255.0 Exit the policy configuration mode. UltOs(config-crypto-map)#end View the configured access-list. UltOs# show crypto map sa VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Inactive Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : 192.168.1.0/24 <-- --> 192.168.2.0/24 Local & Remote Port Range : 0-65535 <-- --> 0-65535](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-178.png)
![CHAPTER 8: IKE Configuration User Manual 185 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. VPN Policy Parameters ------------------------- Policy Name : sa Policy Status : Active Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : 192.168.1.0/24 <-- --> 192.168.2.0/24 Local & Remote Port Range : 0-65535 <-- --> 0-65535 Security Mode : Tunnel Local & Remote Tunnel Term Addr : 35.0.0.1 <== ==> 35.0.0.2 Interface Name : wan 0/1 Policy Protocol : any Policy Action : Apply Anti Replay : Enable IKE suite Info [PHASE I] : Encryption Algo : DES Hash Algorithm : HMAC MD5 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 1500 Secs Identity Information : Local Identity Type : IPv4 Local Identity value : 35.0.0.1 Peer Identity Type : IPv4 Peer Identity value : 35.0.0.2 IPSEC suite Info [Phase II] : Protocol : ESP Encryption Algo : DES Authenticator : HMAC-SHA1 Perfect Forward Secrecy : DH Group 2 Life Time : 300 Secs Crypto Session Status : Inactive Crypto Session Encr Pkts : 0 Crypto Session Decr Pkts : 0](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-185.png)
![CHAPTER 8: IKE Configuration User Manual 187 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Policy Name : sa Policy Status : Active Policy Type : IKE Pre-shared Ike Version : v1 Local & Remote Protected N/W's : 192.168.2.0/24 <-- --> 192.168.1.0/24 Local & Remote Port Range : 0-65535 <-- --> 0-65535 Security Mode : Tunnel Local & Remote Tunnel Term Addr : 35.0.0.2 <== ==> 35.0.0.1 Interface Name : wan 0/1 Policy Protocol : any Policy Action : Apply Anti Replay : Enable IKE suite Info [PHASE I] : Encryption Algo : DES Hash Algorithm : HMAC MD5 Diffie-Hellman Group : DH Group 2 IKE Exchange Mode : Main Life Time : 1500 Secs Identity Information : Local Identity Type : IPv4 Local Identity value : 35.0.0.2 Peer Identity Type : IPv4 Peer Identity value : 35.0.0.1 IPSEC suite Info [Phase II] : Protocol : ESP Encryption Algo : DES Authenticator : HMAC-SHA1 Perfect Forward Secrecy : DH Group 2 Life Time : 300 Secs Crypto Session Status : Inactive Crypto Session Encr Pkts : 0 Crypto Session Decr Pkts : 0](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-187.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 314 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Options : (No ToS Capability, DC) LS Type : NSSA External Link Link State ID : 90.0.0.0 Advertising Router : 10.2.2.9 LS Seq Number : 0x80000001 Checksum : 0xc84f Length : 36 NSSA External Link States (Area 0.0.0.2) ---------------------------------------------- LS age : 300 Options : (No ToS Capability, DC) LS Type : NSSA External Link Link State ID : 0.0.0.0 Advertising Router : 10.4.0.2 LS Seq Number : 0x80000002 Checksum : 0x120 Length : 36 UltOs# show ip ospf summary-address Display of Summary addresses for Type5 and Type7 from redistributed routes OSPF External Summary Address Configuration Information ----------------------------------------------------- Network Mask Area Effect TranslationState ------- ---- ---- ------ --------------- 90.0.0.0 255.0.0.0 0.0.0.2 advertiseMatching enabled UltOs# show ip route O 0.0.0.0/0 [2] via 10.2.2.2 C 10.2.2.0/24 is directly connected, vlan2 O 10.4.0.0/16 [2] via 10.2.2.2 C 12.0.0.0/8 is directly connected, vlan11 S 90.1.0.0/16 [1] via 10.2.2.2 S 90.2.0.0/16 [1] via 10.2.2.2 S 90.3.0.0/16 [1] via 10.2.2.2 S 90.4.0.0/16 [1] via 10.2.2.2 S 90.5.0.0/16 [1] via 10.2.2.2](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-314.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 343 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs(config)# router ospf UltOs(config-router)# redistribute all UltOs(config-router)#end UltOs# UltOs(config)# router rip UltOs(config-router)# redistribute all UltOs(config-router)#end 4. View the routes at R4. UltOs# show ip route Vrf Name: default C 12.0.0.0/8 is directly connected, vlan1 O 13.0.0.0/8 [2] via 34.0.0.3 O 15.0.0.0/8 [10] via 34.0.0.3 C 24.0.0.0/8 is directly connected, vlan24 C 34.0.0.0/8 is directly connected, vlan34 O 70.0.0.0/8 [10] via 34.0.0.3 5. Set the administrative distance 130 to the OSPF router in R4. UltOs# configure terminal UltOs(config)# router ospf UltOs(config-router)# distance 130 route-map aa UltOs(config-router)# exit 6. Force routes updates in R1. UltOs(config)# router ospf UltOs(config-router)# no redistribute all UltOs(config-router)# redistribute all UltOs(config-router)# exit UltOs(config)# router rip UltOs(config-router)# no redistribute all UltOs(config-router)# redistribute all UltOs(config-router)# exit 7. View the routes at R4. UltOs# show ip route C 12.0.0.0/8 is directly connected, vlan1 O 13.0.0.0/8 [2] via 34.0.0.3 R 15.0.0.0/8 [2] via 24.0.0.2 C 24.0.0.0/8 is directly connected, vlan24](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-343.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 344 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. C 34.0.0.0/8 is directly connected, vlan34 R 70.0.0.0/8 [5] via 24.0.0.2 8. Reset the administrative distance to the OSPF router in R4. UltOs# configure terminal UltOs(config)# router ospf UltOs(config-router)# no distance 130 route-map aa UltOs(config-router)# exit 9. Force routes updates in R1. UltOs(config)# router ospf UltOs(config-router)# no redistribute all UltOs(config-router)# redistribute all UltOs(config-router)# exit UltOs(config)# router rip UltOs(config-router)# no redistribute all UltOs(config-router)# redistribute all UltOs(config-router)# exit 10. View the routes at R4. UltOs# show ip route C 12.0.0.0/8 is directly connected, vlan1 O 13.0.0.0/8 [2] via 34.0.0.3 O 15.0.0.0/8 [10] via 34.0.0.3 C 24.0.0.0/8 is directly connected, vlan24 C 34.0.0.0/8 is directly connected, vlan34 O 70.0.0.0/8 [10] via 34.0.0.3 15.5.14.6 Redistribution Topology This section provides the sample configuration for testing redistribution of routes into OSPF with route map.](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-344.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 348 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. Vrf Name: default C 11.0.0.0/8 is directly connected, vlan130 C 12.0.0.0/8 is directly connected, vlan1 C 20.0.0.0/8 is directly connected, vlan23 O 91.0.0.0/8 [10] via 20.0.0.2 5. In R2, modify the route map aa. UltOs# configure terminal UltOs(config)# route-map aa permit 1 UltOs(config-rmap-aa)# no match destination ip 91.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# match destination ip 92.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# exit 6. In R3, verify 91.0.0.0/8 is removed from the general routing table and 92.0.0.0/8 is present in the general routing table. UltOs# show ip route Vrf Name: default C 11.0.0.0/8 is directly connected, vlan130 C 12.0.0.0/8 is directly connected, vlan1 C 20.0.0.0/8 is directly connected, vlan23 O 92.0.0.0/8 [10] via 20.0.0.2 7. In R2, add/remove static routes. UltOs# configure terminal UltOs(config)# ip route 93.0.0.0 255.0.0.0 vlan 24 UltOs(config)# no ip route 92.0.0.0 255.0.0.0 vlan 24 UltOs(config)# end 8. In R3, verify 92.0.0.0/8 is removed from the general routing table and verify 93.0.0.0/8 is present in the general routing table. UltOs# show ip route Vrf Name: default C 11.0.0.0/8 is directly connected, vlan130 C 12.0.0.0/8 is directly connected, vlan1 C 20.0.0.0/8 is directly connected, vlan23 O 93.0.0.0/8 [10] via 20.0.0.2 9. Delete the route map aa. UltOs# configure terminal UltOs(config)# no route-map aa 1 UltOs(config)# no route-map aa 2](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-348.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 349 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs(config)# end 10. In R3, verify that all the connected routes and static routes are present in the general routing table. UltOs# show ip route Vrf Name: default C 11.0.0.0/8 is directly connected, vlan130 C 12.0.0.0/8 is directly connected, vlan1 C 20.0.0.0/8 is directly connected, vlan23 O 91.0.0.0/8 [10] via 20.0.0.2 O 93.0.0.0/8 [10] via 20.0.0.2 15.5.14.7 OSPF Inbound Filtering with Route Map This section provides the sample configuration for testing OSPF inbound filtering with route map. Figure 15-9: Distribute-list In Topology Configurations 15.5.14.7.1 Interface Configuration Table 15-4: IPv4 Addresses of Interfaces in the Routers – OSPF Inbound Filtering](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-349.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 352 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs#configure terminal UltOs(config)# interface vlan 12 UltOs(config-if)# shutdown UltOs(config-if)# end UltOs# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# shutdown UltOs(config-if)# 4. In R2, create route map aa and enable incoming filtering of routes in OSPFv2 with route map aa. UltOs# configure terminal UltOs(config)# route-map aa permit 10 UltOs(config-rmap-aa)# exit UltOs(config)# route-map aa deny 1 UltOs(config-rmap-aa)# match destination ip 150.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# match destination ip 91.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# end UltOs(config)# router ospf UltOs(config-router)# distribute-list route-map aa in UltOs(config-router)# 5. Start interfaces Vlan12 and Vlan23. UltOs(config)# interface vlan 12 UltOs(config-if)# no shutdown UltOs(config-if)# end UltOs(config-if)# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# no shutdown UltOs(config-if)#end 6. Wait for one minute for all the route updates, and verify the routes in R2. UltOs# show ip route Vrf Name: default C 10.0.0.0/8 is directly connected, vlan12 C 12.0.0.0/8 is directly connected, vlan1 O 20.0.0.0/8 [2] via 10.0.0.1 C 30.0.0.0/8 is directly connected, vlan23](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-352.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 353 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. C 100.0.0.0/8 is directly connected, vlan120 O 120.0.0.0/8 [2] via 30.0.0.3 O 130.0.0.0/8 [2] via 10.0.0.1 7. In R2, shutdown interfaces: Vlan12 and Vlan23. UltOs# configure terminal UltOs(config)# interface vlan 12 UltOs(config-if)# shutdown UltOs(config-if)# end UltOs# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# shutdown 8. Modify the route map aa. UltOs# configure terminal UltOs(config)# route-map aa deny 1 UltOs(config-rmap-aa)# no match destination ip 150.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# match destination ip 130.0.0.0 255.0.0.0 UltOs(config-rmap-aa)# end 9. Start interfaces Vlan12 and Vlan23. UltOs(config)# interface vlan 12 UltOs(config-if)# no shutdown UltOs(config-if)# end UltOs(config-if)# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# no shutdown UltOs(config-if)#end 10. Wait for one minute for all the route updates and verify the routes in R2. UltOs# show ip route C 10.0.0.0/8 is directly connected, vlan12 C 12.0.0.0/8 is directly connected, vlan1 O 20.0.0.0/8 [2] via 10.0.0.1 C 30.0.0.0/8 is directly connected, vlan23 C 100.0.0.0/8 is directly connected, vlan120 O 120.0.0.0/8 [2] via 30.0.0.3 O 150.0.0.0/8 [2] via 30.0.0.3 11. In R2, shutdown interfaces Vlan12 and Vlan23. UltOs(config-router)# end; configure terminal](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-353.png)
![CHAPTER 15: OSPF `FDN40ConfigUM/20160505 354 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs(config)# interface vlan 12 UltOs(config-if)# shutdown UltOs(config-if)# end UltOs# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# shutdown 12. Delete the route map aa. UltOs# configure terminal UltOs(config)# no route-map aa 1 UltOs(config)# end 13. Start interfaces Vlan12 and Vlan23. UltOs(config)# interface vlan 12 UltOs(config-if)# no shutdown UltOs(config-if)# end UltOs(config-if)# configure terminal UltOs(config)# interface vlan 23 UltOs(config-if)# no shutdown UltOs(config-if)#end 14. Wait for one minute for all the route updates, and verify the routes in R2. UltOs# show ip route Vrf Name: default C 10.0.0.0/8 is directly connected, vlan12 C 12.0.0.0/8 is directly connected, vlan1 O 20.0.0.0/8 [2] via 10.0.0.1 C 30.0.0.0/8 is directly connected, vlan23 O 91.0.0.0/8 [10] via 30.0.0.2 C 100.0.0.0/8 is directly connected, vlan120 O 120.0.0.0/8 [2] via 30.0.0.3 O 130.0.0.0/8 [2] via 10.0.0.1 O 150.0.0.0/8 [2] via 30.0.0.3](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-354.png)
![CHAPTER 17: DHCP RELAY AGENT `FDN40ConfigUM/20160505 363 © Ulterius Technologies, LLC 2016. Confidential & Proprietary. UltOs(config-vlan)# exit UltOs(config)# ip route 30.0.0.0 255.0.0.0 20.0.0.2 UltOs(config) # end 2. View the VLAN configurations and route configuration using the following commands. UltOs# show ip interface vlan 2 vlan2 is up, line protocol is up Internet Address is 20.0.0.1/8 Broadcast Address 20.255.255.255 UltOs# show vlan id 2 Vlan database ------------- Vlan ID : 2 Member Ports : lan0/1 Untagged Ports : lan0/1 Forbidden Ports : None Name : lan Status : Permanent Egress Ethertype : 0x8100 MacLearning Admin-Status : Disabled MacLearning Oper-Status : Enabled -------------------------------------------------UltOs# show ip route C 12.0.0.0/8 is directly connected, vlan1 C 20.0.0.0/8 is directly connected, vlan2 S 30.0.0.0/8 [1] via 20.0.0.2 3. Create vlan2 with port1 as member port and vlan3 with port2 as member port in FDN40-2. UltOs# configure terminal UltOs(config)# vlan 2 UltOs(config-vlan)# ports lan 0/1 untagged lan 0/1 UltOs(config-vlan)# exit UltOs(config)# interface vlan 2 UltOs(config-if)# shutdown UltOs(config-if)# ip address 20.0.0.2 255.0.0.0 UltOs(config-if)# no shutdown UltOs(config-if)# exit](https://usermanual.wiki/Ulterius-Technologies/FDN40/User-Guide-3043598-Page-363.png)
