3com 10014303 User Manual

3Com Router Configuration Guide for V1.20 http://www.3com.com/ Part No. 10014303 Published January 2004

3) Configure the maximum queue length of the class Configure maximum queue length of the class and configure the drop type as tail drop. Perform the

Table 1-18 Configure exponential of average queue length calculated by WRED Operation Command Configure exponential of average queue length calculate

The discarding mode based on WRED must already have been enabled via the wred ip-precedence command. When the configuration of qos wred is deleted, t

If qos gts is used in the class-policy that is applied to the interface, it can only be applied to the outbound interface. When the class including T

The following is the rule for a policy to be applied in interface view.  A policy configured with various features (including remark, car, gts, af,

In terms of service, service flow 1 must occupy a bandwidth of 10K, service flow 2 must occupy a bandwidth of 20K, under the premise of ensuring voice

[RouterA-qosclass-voip] if-match rtp start-port 16384 end-port 32767 [RouterA-qosclass-voip] quit 5 Configure CBQ policy: [RouterA] qos policy 1 6

Chapter 2 Configuring TACACS+ TACACS+ is facilitated with AAA to control PPP, VPDN, and login access to routers. CISCO ACS is the only application so

2.2 The Basic Message Interaction Flow of TACACS+ For example, use TACACS+ to implement AAA on a telnet user, and the basic message interaction flow

UserHWTACACSClientHWTACACSServerUser logs inAuthentication Start Request packetAuthentication response packet, requesting for the user nameRequest Use

1.1. Introduction 1.1.1. Scope This manual provides configuration information for new software features found in V1.20 of the 3Com Router operating s

 Standby/Primary server switchover interval  The shared key for the AAA negotiation between the router and TACACS+ Server  Set the timeout time wai

 Note: When this command is used without being configured with the parameter shared-key key-string for negotiation, the default key configured using

Caution: 1) The entered key must match the key used by the TACACS+ server. 2) All the leading spaces and ending spaces in a key string will be ignor

2.5 Displaying and Debugging TACACS+ Execute the following commands in all views. Table 2-7 Display and debug AAA and RADIUS Operation Command Displ

2 Configure “mykey” as the shared key for the AAA negotiation with the TACACS+ server. [3Com-HWTACACS-tactemplate1]shared-key mykey [3Com-HWTACACS-t

[3Com-serial0] quit 12 Assign an IP address to the interface Ethernet0. [3Com]interface ethernet 0 [3Com-ethernet0]ip address 10.110.1.10 255.255.0.0

[3Com-HWTACACS-tactemplate1] shared-key mykey [3Com-HWTACACS-tactemplate1] quit 5 Configure the IP address, authentication port, and accounting port

13 Apply the default scheme for accounting on telnet login users. [3Com]login-method accounting-mode login telnet default 14 Enable accounting on Se

Chapter 3 Configuring SSH Terminal Service Secure Shell (SSH) is a feature that provides information about security and powerful authentication funct

To set up a secure and authenticated SSH connection, the server and client must go through the communication procedure that falls into five stages; ve

Chapter 1 Configuring Class-Based Queuing As an extension of WFQ, class based queuing (CBQ) provides users with class definition support. CBQ assigns

Table 3-2 Configure and destroy RSA key-pairs Operation Command Generate RSA key-pairs rsa local-key-pair create Destroy the RSA key-pairs rsa local-

Set a server key-pair updating interval ssh server rekey-interval hours Restore the default updating interval undo ssh server rekey-interval By defaul

when entering key data but they will be deleted by the system. The configured public key must be a consecutive hexadecimal character string coded in t

Perform the following configuration in system view. Table 3-11 Close SSH processes by force Operation Command Kill SSH process(es) by force kill ssh

 Choose the proper SSH version. Generally the client provides several SSH versions. V1.20 supports SSH Server 1.5, so you must choose 1.5 or lower. 

III. Choose the SSH version Click “SSH” under “Connection” in the left “Category” of the interface, then the following interface appears. Figure 3-2

Figure 3-3 SSH Client login interface (in password authentication mode ) After you have entered the correct user name and password, you can implement

Figure 3-4 PuTTY Generator Software interface (1) Choose “SSH1(RSA)” or “SSH2 RSA” as the parameter and enter the number of bits in the key. Click [G

Figure 3-5 PuTTY Key Generator interface (2)  Enter a passphrase, if you want to use one.  Save the key After you have generated the keys, you have

If you need to perform an RSA authentication, you must specify the RSA private key file. If you only need to perform the password authentication, it i

policing upon congestion. If no congestion occurs, the priority class is permitted to use bandwidth exceeding the assigned value. In case of congestio

Figure 3-7 SSH Client login interface (in RSA authentication mode) After you have entered the correct username, you can perform the SSH connection. I

 Note: If a local key-pair exists, you can omit this step.  Authenticate login users with the password approach [3Com] protocol inbound ssh 5 [3Co

Chapter 4 Configuring NTP As provisioned in RFC1305, Network Time Protocol (NTP) is a protocol of the TCP/IP suite, which is used to synchronize the

 Upon the departure of the NTP message, Router B adds its timestamp 11:00:02am (T3) again.  Upon the receipt of the response, Router A adds a new ti

 Configure the NTP server mode  Configure the NTP peer mode  Configure the NTP broadcast server mode  Configure NTP broadcast client mode  Config

Table 4-2 Configure NTP peer mode Operation Command Configure NTP peer mode ntp-service unicast-peer X.X.X.X [ version number | authentication-key ke

Table 4-4 Configure NTP broadcast client mode Operation Command Configure NTP broadcast client mode ntp-service broadcast-client Disable NTP broadcas

Table 4-6 Configure NTP multicast client mode Operation Command Configure NTP multicast client mode ntp-service multicast-client [ X.X.X.X ] Disable

4.2.4 Specify Reliable Key You must specify a key to be a reliable one before it can be used for authentication. For example, if two routers want to

Table 4-11 Set an external reference clock or the local clock as the NTP master clock Operation Command Set an external reference clock or the local

Table 1-2 Define/delete the rule matching all packets Operation Command Define the rule matching all packets if-match [logic-not ] any Delete the rul

Table 4-13 Set the right for accessing the NTP services provided by the local router Operation Command Set the right for accessing the NTP services p

Perform the debugging command in all views to debug the NTP information. Table 4-15 Display and debug the NTP information Operation Command Display t

4.3.2 ntp-service source-interface disable Syntax ntp-service source-interface disable undo ntp-service source-interface disable View Interface view

version: Defines NTP version number. number: NTP version number in the range of 1 to 3. authentication-keyid: Defines an authentication key. keyid: Th

4.3.4 ntp-service unicast-server Syntax ntp-service unicast-server X.X.X.X [ version number | authentication-keyid keyid | source-interface { interfa

This command declares that the local time server is the remote server specified by X.X.X.X. X.X.X.X represents a host address, which must not be a b

Chapter 5 Configuring X2T The X.25 to TCP switch (X2T) technology can interconnect X.25 and IP networks and enables access between X.25 and IP hosts.

 Configure X2T route I. Enabling X.25 Switching Before configuring X2T, you must enable X.25 switching. Perform the following configuration in system

forwarding route Delete the X.25-to-IP X2T forwarding route undo translate x25 x.121-address 2) Configuring an IP-to-X.25 X2T forwarding route Perfo

2 Configure the interface at the X.25 network side. [3Com]interface serial 0 [3Com-Serial0]link-protocol x25 dce [3Com-Serial0]x25 x121-address 1111

The matching rules of the source MAC address are only meaningful for the policies in inbound direction and the interface of Ethernet type. 5) Define

Chapter 6 Configuring Additional ISDN Support ISDN configuration includes the following tasks: • Configuring the ISDN signaling type. • Configuring

Configure the router to become ACTIVE to start data exchange before receiving CONNECT ACK messages. undo isdn waitconnectack Configure the interval fo

These can optionally be removed from the SETUP message. 6.2.3 ATT 5ESS (Lucent 5E) Table 6-5 Required ATT 5ESS Commands Operation Command Disable the

Restore the SETUP message. undo isdn ignore llc Configure the router to wait for CONNECT ACK message replies from the connected exchange until switchi

Use the corresponding command to configure the value of ip precedence during the configuration; otherwise, the configuration of the if-match ip preced

Perform the following configurations in the system view. Table 1-12 Define the policy and enter the policy view Operation Command Define the policy a

configured with a maximum bandwidth, the system will assign the class an individual queue, called the default queue. Theoretically, each class can b