ELTEX ESR-10 User manual
ESR service routers
ESR-10, ESR-12V, ESR-12VF, ESR-14VF, ESR-20,
ESR-21, ESR-100, ESR-200, ESR-1000, ESR-1200,
ESR-1500, ESR-1700
User manual, Functionality description (29.10.2020)
Firmware version1.12.0
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
2
Contents
1 Introduction ........................................................................................................................... 10
1.1 Abstract ................................................................................................................................. 10
1.2 Target Audience.................................................................................................................... 10
1.3 Notes and warnings.............................................................................................................. 10
2 Interface management ......................................................................................................... 11
2.1 VLAN Configuration.............................................................................................................. 11
2.1.1 Configuration algorithm .................................................................................................12
2.1.2 Configuration example 1. VLAN removal from the interface.......................................13
2.1.3 Configuration example 2. Enabling VLAN processing in tagged mode ......................14
2.1.4 Configuration example 3. Enabling VLAN processing in tagged and untagged
modes..............................................................................................................................14
2.2 LLDP configuration ............................................................................................................... 15
2.2.1 Configuration algorithm .................................................................................................15
2.2.2 Configuration example ...................................................................................................16
2.3 LLDP MED configuration ...................................................................................................... 17
2.3.1 Configuration algorithm .................................................................................................17
2.3.2 Voice VLAN configuration example...............................................................................18
2.4 Sub-interface termination configuration ............................................................................. 19
2.5 Configuration algorithm ....................................................................................................... 20
2.5.1 Sub-interface configuration example ............................................................................21
2.6 Q-in-Q termination configuration ......................................................................................... 22
2.6.1 Configuration algorithm .................................................................................................22
2.6.2 Q-in-Q configuration example ........................................................................................25
2.7 USB modems configuration ................................................................................................. 25
2.7.1 USB modems configuration algorithm ..........................................................................25
2.7.2 Configuration example ...................................................................................................28
2.8 PPP through E1 configuration.............................................................................................. 29
2.8.1 Configuration algorithm ................................................................................................29
2.8.2 Configuration example ...................................................................................................31
2.9 MLPPP Configuration ........................................................................................................... 32
2.9.1 Configuration algorithm .................................................................................................32
2.9.2 Configuration example ...................................................................................................34
2.10 Bridge configuration ............................................................................................................. 35
2.10.1 Configuration algorithm .................................................................................................36
2.10.2 Example of bridge configuration for VLAN and L2TPv3 tunnel...................................39
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
3
2.10.3 Example of bridge configuration for VLAN ...................................................................40
2.10.4 Configuration example of the second VLAN tag adding/removing ............................41
2.11 Dual-Homing configuration .................................................................................................. 42
2.11.1 Configuration algorithm .................................................................................................42
2.11.2 Configuration example ...................................................................................................42
2.12 Mirroring configuration (SPAN/RSPAN).............................................................................. 43
2.12.1 Configuration algorithm .................................................................................................44
2.12.2 Configuration example ...................................................................................................44
2.13 LACP configuration............................................................................................................... 45
2.13.1 Configuration algorithm .................................................................................................45
2.13.2 Configuration example ...................................................................................................48
2.14 AUX configuration................................................................................................................. 48
2.14.1 Configuration algorithm .................................................................................................48
2.14.2 Configuration examples .................................................................................................50
2.14.3 Adapter soldering schemes ...........................................................................................56
3 Tunneling management........................................................................................................ 57
3.1 GRE tunnel configuration...................................................................................................... 57
3.1.1 Configuration algorithm .................................................................................................57
3.1.2 IP-GRE tunnel configuration example............................................................................61
3.2 DMVPN configuration........................................................................................................... 63
3.2.1 Configuration algorithm .................................................................................................63
3.2.2 Configuration example ...................................................................................................65
3.3 L2TPv3 tunnel configuration................................................................................................ 70
3.3.1 Configuration algorithm .................................................................................................70
3.3.2 L2TPv3 tunnel configuration example...........................................................................72
3.4 IPsec VPN configuration ...................................................................................................... 74
3.4.1 Route-based IPsec VPN configuration algorithm.........................................................74
3.4.2 Route-based IPsec VPN configuration example...........................................................79
3.4.3 Policy-based IPsec VPN configuration algorithm.........................................................84
3.4.4 Policy-based IPsec VPN configuration example ..........................................................89
3.4.5 Remote Access IPsec VPN configuration algorithm....................................................92
3.4.6 Remote Access IPsec VPN configuration example......................................................99
3.5 LT tunnels configuration .................................................................................................... 104
3.5.1 Configuration algorithm .............................................................................................. 104
3.5.2 Configuration example ................................................................................................ 105
4 QoS management ............................................................................................................... 107
4.1 Basic QoS ............................................................................................................................ 107
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
4
4.1.1 Configuration algorithm .............................................................................................. 107
4.1.2 Configuration example ................................................................................................ 110
4.2 Advanced QoS..................................................................................................................... 111
4.2.1 Configuration algorithm .............................................................................................. 111
4.2.2 Configuration example ................................................................................................ 115
5 Routing management ......................................................................................................... 118
5.1 Static routes configuration................................................................................................. 118
5.1.1 Configuration algorithm .............................................................................................. 118
5.1.2 Static routes configuration example .......................................................................... 119
5.2 RIP Configuration................................................................................................................ 121
5.2.1 Configuration algorithm .............................................................................................. 121
5.2.2 RIP configuration example .......................................................................................... 125
5.3 OSFP configuration............................................................................................................. 126
5.3.1 Configuration algorithm .............................................................................................. 126
5.3.2 OSPF configuration example ...................................................................................... 136
5.3.3 OSPF stub area configuration example...................................................................... 137
5.3.4 Virtual link configuration example .............................................................................. 138
5.4 BGP configuration............................................................................................................... 139
5.4.1 Configuration algorithm .............................................................................................. 139
5.4.2 Configuration example ................................................................................................ 149
5.5 BFD configuration ............................................................................................................... 151
5.5.1 Configuration algorithm .............................................................................................. 151
5.5.2 Configuration example of BFD with BGP.................................................................... 154
5.6 PBR routing policy configuration ....................................................................................... 156
5.6.1 Configuration algorithm of Route-map for BGP......................................................... 156
5.6.2 Configuration example 1. Route-map for BGP........................................................... 160
5.6.3 Configuration example 2. Route-map for BGP........................................................... 161
5.6.4 Route-map based on access control lists (Policy-based routing) configuration
algorithm ...................................................................................................................... 162
5.6.5 Route-map based on access control lists (Policy-based routing) configuration
example ........................................................................................................................ 163
5.7 VRF Lite configuration ........................................................................................................ 165
5.7.1 Configuration algorithm .............................................................................................. 165
5.7.2 Configuration example ................................................................................................ 166
5.8 MultiWAN configuration ..................................................................................................... 168
5.8.1 Configuration algorithm .............................................................................................. 168
5.8.2 Configuration example ................................................................................................ 170
5.9 IS-IS configuration .............................................................................................................. 172
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
5
5.9.1 Configuration algorithm .............................................................................................. 173
5.9.2 Configuration example ................................................................................................ 182
6 MPLS technology management......................................................................................... 184
6.1 LDP configuration ............................................................................................................... 184
6.1.1 Configuration algorithm .............................................................................................. 185
6.1.2 Configuration example ................................................................................................ 186
6.2 Configuring session parameters in LDP............................................................................ 189
6.2.1 Algorithm for setting Hello holdtime and Hello interval in the global LDP
configuration ................................................................................................................ 191
6.2.2 Algorithm for setting Hello holdtime and Hello interval for address family............. 191
6.2.3 Algorithm for setting Keepalive holdtime parameter in the global LDP
configuration ................................................................................................................ 191
6.2.4 Algorithm for setting Keepalive holdtime parameter for the specific neighbor ...... 192
6.2.5 Configuration example ................................................................................................ 192
6.3 Configuring session parameters in targeted-LDP............................................................. 193
6.3.1 Algorithm for setting Hello holdtime, Hello interval and Keepalive holdtime for the
LDP process ................................................................................................................. 195
6.3.2 Algorithm for setting Hello holdtime, Hello interval and Keepalive holdtime for the
specific neighbor ......................................................................................................... 195
6.3.3 Configuration example ................................................................................................ 196
6.4 LDP tag filtering configuration........................................................................................... 197
6.4.1 Configuration algorithm .............................................................................................. 197
6.4.2 Configuration example ................................................................................................ 198
6.5 L2VPN Martini mode configuration................................................................................... 199
6.5.1 L2VPN VPWS configuration algorithm....................................................................... 199
6.5.2 L2VPN VPWS configuration example......................................................................... 201
6.5.3 L2VPN VPLS configuration algorithm ........................................................................ 204
6.5.4 L2VPN VPLS configuration example .......................................................................... 205
6.6 L2VPN Kompella mode configuration............................................................................... 209
6.6.1 L2VPN VPLS configuration algorithm ........................................................................ 209
6.6.2 L2VPN VPLS configuration example .......................................................................... 212
6.7 L3VPN configuration .......................................................................................................... 227
6.7.1 Configuration algorithm .............................................................................................. 227
6.7.2 Configuration example ................................................................................................ 229
6.8 MPLS traffic balancing ....................................................................................................... 242
6.8.1 Configuration example ................................................................................................ 243
6.9 Operation with the bridge domain within MPLS ............................................................... 243
6.10 Assignment of MTU when operating with MPLS.............................................................. 246
7 Security management......................................................................................................... 252
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
6
7.1 AAA configuration............................................................................................................... 252
7.2 Local authentication configuration algorithm................................................................... 253
7.2.1 AAA configuration algorithm via RADIUS................................................................... 256
7.2.2 AAA configuration algorithm via TACACS ................................................................. 259
7.2.3 AAA configuration algorithm via LDAP ...................................................................... 262
7.2.4 Example of authentication configuration using telnet via RADIUS server ............... 266
7.3 Command privilege configuration ..................................................................................... 266
7.3.1 Configuration algorithm .............................................................................................. 266
7.3.2 Example of command privilege configuration........................................................... 267
7.4 Configuration of logging and protection against network attacks.................................. 267
7.4.1 Configuration algorithm .............................................................................................. 267
7.4.2 Description of attack protection mechanisms........................................................... 270
7.4.3 Configuration example of logging and protection against network attacks............ 273
7.5 Firewall configuration......................................................................................................... 274
7.5.1 Configuration algorithm .............................................................................................. 275
7.5.2 Firewall configuration example................................................................................... 281
7.5.3 Configuration example of application filtering (DPI)................................................. 283
7.6 Access list (ACL) configuration ......................................................................................... 285
7.6.1 Configuration algorithm .............................................................................................. 285
7.6.2 Access list configuration example ............................................................................. 287
7.7 IPS/IDS configuration ......................................................................................................... 288
7.7.1 Base configuration algorithm...................................................................................... 288
7.7.2 Configuration algorithm for IPS/IDS rules autoupdate from external sources ....... 289
7.7.3 Recommended open rule update source ................................................................... 290
7.7.4 IPS/IDS configuration example with auto-update rules ............................................ 293
7.7.5 Basic user rules configuration algorithm ................................................................... 294
7.7.6 Basic user rules configuration example..................................................................... 303
7.7.7 Extended user rules configuration algorithm............................................................. 305
7.7.8 Extended user rules configuration example............................................................... 305
7.8 Eltex Distribution Manager interaction configuration....................................................... 306
7.8.1 Base configuration algorithm...................................................................................... 307
7.8.2 Configuration example: ............................................................................................... 310
8 Redundancy management ................................................................................................. 314
8.1 VRRP configuration............................................................................................................. 314
8.1.1 Configuration algorithm .............................................................................................. 314
8.1.2 Configuration example 1 ............................................................................................. 317
8.1.3 Configuration example 2 ............................................................................................. 318
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
7
8.2 VRRP tracking configuration.............................................................................................. 320
8.2.1 Configuration algorithm .............................................................................................. 320
8.2.2 Configuration example ................................................................................................ 322
9 Remote access configuration ............................................................................................ 325
9.1 Configuring server for remote access to corporate network via PPTP protocol............ 325
9.1.1 Configuration algorithm .............................................................................................. 325
9.1.2 Configuration example ................................................................................................ 328
9.2 Configuring server for remote access to corporate network via L2TP protocol ............ 330
9.2.1 Configuration algorithm .............................................................................................. 330
9.2.2 Configuration example ................................................................................................ 333
9.3 Configuring server for remote access to corporate network via OpenVPN protocol..... 335
9.3.1 Configuration algorithm .............................................................................................. 335
9.3.2 Configuration example ................................................................................................ 339
9.4 Configuring remote access client via PPPoE.................................................................... 341
9.4.1 Configuration algorithm .............................................................................................. 341
9.4.2 Configuration example ................................................................................................ 343
9.5 Configuring remote access client via PPTP...................................................................... 344
9.5.1 Configuration algorithm .............................................................................................. 344
9.5.2 Configuration example ................................................................................................ 346
9.6 Configuring remote access client via L2TP ...................................................................... 347
9.6.1 Configuration algorithm .............................................................................................. 347
9.6.2 Configuration example ................................................................................................ 349
10 Service management.......................................................................................................... 352
10.1 DHCP server configuration................................................................................................. 352
10.1.1 Configuration algorithm .............................................................................................. 352
10.1.2 Configuration example ................................................................................................ 356
10.2 Destination NAT configuration .......................................................................................... 357
10.2.1 Configuration algorithm .............................................................................................. 358
10.2.2 Destination NAT configuration example .................................................................... 360
10.3 Source NAT configuration.................................................................................................. 362
10.3.1 Configuration algorithm .............................................................................................. 362
10.3.2 Configuration example 1 ............................................................................................. 364
10.3.3 Configuration example 2 ............................................................................................. 367
10.4 Static NAT configuration.................................................................................................... 368
10.4.1 Configuration algorithm .............................................................................................. 368
10.4.2 Static NAT configuration example.............................................................................. 368
10.5 HTTP/HTTPS traffic proxying............................................................................................ 370
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
8
10.5.1 Configuration algorithm .............................................................................................. 370
10.5.2 HTTP proxy configuration example............................................................................ 373
10.6 NTP configuration............................................................................................................... 374
10.6.1 Configuration algorithm .............................................................................................. 374
10.6.2 Configuration example ................................................................................................ 376
11 Monitoring ........................................................................................................................... 379
11.1 Netflow configuration......................................................................................................... 379
11.1.1 Configuration algorithm .............................................................................................. 379
11.1.2 Configuration example ................................................................................................ 380
11.2 sFlow configuration ............................................................................................................ 381
11.2.1 Configuration algorithm .............................................................................................. 381
11.2.2 Configuration example ................................................................................................ 382
11.3 SNMP configuration ........................................................................................................... 383
11.3.1 Configuration algorithm .............................................................................................. 383
11.3.2 Configuration example ................................................................................................ 387
11.4 Zabbix-agent/proxy configuration ..................................................................................... 388
11.4.1 Configuration algorithm .............................................................................................. 388
11.4.2 Zabbix-agent configuration example.......................................................................... 390
11.4.3 Zabbix-agent configuration example.......................................................................... 391
11.5 Syslog configuration........................................................................................................... 394
11.5.1 Configuration algorithm .............................................................................................. 395
11.5.2 Configuration example ................................................................................................ 397
11.6 Integrity check..................................................................................................................... 398
11.6.1 Configuration process ................................................................................................. 398
11.6.2 Configuration example ................................................................................................ 398
11.7 Router configuration file archiving..................................................................................... 398
11.7.1 Configuration process ................................................................................................. 399
11.7.2 Configuration example ................................................................................................ 399
12 BRAS (Broadband Remote Access Server) management................................................ 401
12.1 Configuration algorithm ..................................................................................................... 401
12.2 Example of configuration with SoftWLC ........................................................................... 406
12.3 Example of configuration without SoftWLC...................................................................... 412
12.3.1 Step 1:........................................................................................................................... 412
12.3.2 Step 2:........................................................................................................................... 413
13 VoIP management .............................................................................................................. 419
13.1 SIP profile configuration algorithm.................................................................................... 419
13.2 FXS/FXO ports configuration algorithm............................................................................ 420
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
9
13.3 Dial plan configuration algorithm ...................................................................................... 422
13.4 PBX server configuration algorithm................................................................................... 422
13.5 Registration trunk creation algorithm................................................................................ 424
13.6 VoIP configuration example............................................................................................... 424
13.7 Dial plan configuration example ........................................................................................ 427
13.8 FXO port configuration ....................................................................................................... 429
14 Safe configuration recommendations............................................................................... 431
14.1 General recommendations................................................................................................. 431
14.2 Event logging system configuration .................................................................................. 431
14.2.1 Recommendations....................................................................................................... 432
14.2.2 Warnings....................................................................................................................... 432
14.2.3 Configuration example ................................................................................................ 432
14.3 Password usage policy configuration ............................................................................... 432
14.3.1 Recommendations....................................................................................................... 433
14.3.2 Configuration example ................................................................................................ 433
14.4 AAA policy configuration.................................................................................................... 433
14.4.1 Recommendations....................................................................................................... 434
14.4.2 Warnings....................................................................................................................... 434
14.4.3 Configuration example ................................................................................................ 434
14.5 Remote management configuration................................................................................. 435
14.5.1 Recommendations....................................................................................................... 435
14.5.2 Configuration example ................................................................................................ 436
14.6 Configuration of protection against network attacks mechanisms................................ 436
14.6.1 Recommendations....................................................................................................... 436
14.6.2 Configuration example ................................................................................................ 437
15 FREQUENTLY ASKED QUESTIONS .................................................................................... 438
16 ESR technical support......................................................................................................... 440
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
10
1 Introduction
1.1 Abstract
Today, large-scale communication network development projects are becoming increasingly common. One of
the main tasks in implementation of large multiservice networks is the creation of reliable high-performance
transport network that will serve as a backbone in multilayer architecture of next-generation networks.
ESR series firewalls could be used in large enterprise networks, SMB networks and operator's networks.
Devices provide high performance and bandwidth, and feature protection of transmitted data.
This manual provides descriptions, algorithms, and examples of how to configure the ESR series service router
functionality (hereafter referred to as the router or device).
1.2 Target Audience
This user manual is intended for technical personnel that performs device installation, configuration and
monitoring via command line interface (CLI) as well as the system maintenance and firmware update
procedures. Qualified technical personnel should be familiar with the operation basics of TCP/IP protocol
stacks and Ethernet networks design concepts.
1.3 Notes and warnings
Notes contain important information, tips or recommendations on device operation and setup.
Warnings inform users about hazardous conditions which may cause injuries or device damage and
may lead to the device malfunctioning or data loss.
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
11
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
2 Interface management
VLAN Configuration
Configuration algorithm
Configuration example 1. VLAN removal from the interface
Configuration example 2. Enabling VLAN processing in tagged mode
Configuration example 3. Enabling VLAN processing in tagged and untagged modes
LLDP configuration
Configuration algorithm
Configuration example
LLDP MED configuration
Configuration algorithm
Voice VLAN configuration example
Sub-interface termination configuration
Configuration algorithm
Sub-interface configuration example
Q-in-Q termination configuration
Configuration algorithm
Q-in-Q configuration example
USB modems configuration
USB modems configuration algorithm
Configuration example
PPP through E1 configuration
Configuration algorithm
Configuration example
MLPPP Configuration
Configuration algorithm
Configuration example
Bridge configuration
Configuration algorithm
Example of bridge configuration for VLAN and L2TPv3 tunnel
Example of bridge configuration for VLAN
Configuration example of the second VLAN tag adding/removing
Dual-Homing configuration
Configuration algorithm
Configuration example
Mirroring configuration (SPAN/RSPAN)
Configuration algorithm
Configuration example
LACP configuration
Configuration algorithm
Configuration example
AUX configuration
Configuration algorithm
Configuration examples
Adapter soldering schemes
2.1 VLAN Configuration
VLAN (Virtual Local Area Network) is a logical (virtual) local area network that represents a group of devices,
which communicate on channel level regardless of their physical location. VLAN operation is based on the use
of additional Ethernet header fields according to 802.1q standard. In fact, VLAN isolates the broadcast domain
by limiting the switching of only those Ethernet frames which have the same VLAN-ID in the Ethernet header.
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
12
2.1.1 Configuration algorithm
Step Description Command Keys
1 Create VLAN esr(config)# vlan
<VID>
<VID> – VLAN identifier, set in the
range of [2..4094].
It is also possible to create multiple
vlan (comma separated), vlan range
(hyphen separated) or combined
entry containing commas and
hyphens.
2 Specify vlan name (optionally) esr(config-vlan)# name
<vlan-name>
<vlan-name> – up to 255 characters.
3 Disable monitoring of the status of
interfaces on which processing of
the given VLAN Ethernet frames is
allowed (optional).
esr(config-vlan)#
force-up
4 Disable the processing of incoming
untagged Ethernet frames based on
the default VLAN's switching table
(VLAN-ID – 1) (optional).
esr(config-if-gi)# no
switchport forbidden
default-vlan
5 Set L2 interface operation mode. esr(config-if-gi)#
mode switchport
6 Set the combined mode of the
physical interface.
esr(config-if-gi)#
mode hybrid
Only for ESR-1000/1200/1500/1700
7 Set L2 interface operation mode esr(config-if-gi)#
switchport access
Only for ESR-10/12V(F)/14VF/
20/21/100/200.
This mode is the default mode and
is not displayed in the configuration.
esr(config-if-gi)#
switchport trunk
Only for ESR-10/12V(F)/14VF/
20/21/100/200.
esr(config-gi)#
switchport general
Only for ESR-1000/1200/1500/1700.
This mode is the default mode and
is not displayed in the configuration.
8 Configure VLAN list on the interface
in tagged mode
esr(config-if-gi)#
switchport trunk
allowed vlan add <VID>
For ESR-10/12V(F)/14VF/
20/21/100/200.
<VID> – VLAN ID, specified in the
range [2..4094].
It is also possible to create multiple
vlan (with a comma) or vlan range
(with a hyphen).
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
13
Step Description Command Keys
esr(config-if-gi)#
switchport general
allowed vlan add <VID>
tagged
For ESR-1000/1200/1500/1700.
<VID> – VLAN ID, specified in the
range [2..4094].
It is also possible to create multiple
vlan (with a comma) or vlan range
(with a hyphen).
9 Configure VLAN on the interface in
tagged mode (optionally)
esr(config-if-gi)#
switchport trunk
native-vlan <VID>
For ESR-10/12V(F)/14VF/
20/21/100/200.
<VID> – VLAN ID, specified in the
range [2..4094].
esr(config-if-gi)#
switchport general
allowed vlan add <VID>
untagged
For ESR-1000/1200/1500/1700.
<VID> – VLAN identifier, set in the
range of [2..4094].
10 Enable the processing of Ethernet
frames of all created VLANs on the
interface (optionally)
esr(config-if-gi)#
switchport trunk
allowed vlan auto-all
Only for ESR-10/12V(F)/14VF/
20/21/100/200.
esr(config-if-gi)#
switchport general
allowed vlan auto-all
Only for ESR-1000/1200/1500/1700.
2.1.2 Configuration example 1. VLAN removal from the interface
Objective:
On the basis of the factory configuration, remove gi1/0/1 port from VLAN 2.
Solution:
Remove VLAN 2 from gi1/0/1 port:
esr(config)# interface gi 1/0/1
esr(config-if-gi)# switchport general allowed vlan remove 2untagged
esr(config-if-gi)# no switchport general pvid
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
14
2.1.3 Configuration example 2. Enabling VLAN processing in tagged mode
Objective:
Configure gi1/0/1 and gi1/0/2 ports for packet transmission and reception in VLAN 2, VLAN 64, VLAN 2000.
Solution:
Create VLAN 2, VLAN 64, VLAN 2000 on ESR-1000:
esr-1000(config)# vlan 2,64,2000
Specify VLAN 2, VLAN 64, VLAN 2000 for gi1/0/1-2 port:
esr-1000(config)# interface gi1/0/1
esr-1000(config-if-gi)# mode switchport
esr-1000(config-if-gi)# switchport forbidden default-vlan
esr-1000(config-if-gi)# switchport general allowed vlan add 2,64,2000 tagged
2.1.4 Configuration example 3. Enabling VLAN processing in tagged and untagged modes
Objective:
Configure gi1/0/1 ports for packet transmission and reception in VLAN 2, VLAN 64, VLAN 2000 in trunk mode,
configure gi1/0/2 port in access mode for VLAN 2 on ESR-100/ESR -200.
Solution:
Create VLAN 2, VLAN 64, VLAN 2000 on ESR-100/ ESR-200:
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
15
esr(config)# vlan 2,64,2000
Specify VLAN 2, VLAN 64, VLAN 2000 for gi1/0/1 port:
esr(config)# interface gi1/0/1
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport forbidden default-vlan
esr(config-if-gi)# switchport mode trunk
esr(config-if-gi)# switchport trunk allowed vlan add 2,64,2000
Specify VLAN2 to gi1/0/2 port:
esr(config)# interface gi1/0/2
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport access vlan 2
2.2 LLDP configuration
Link Layer Discovery Protocol (LLDP) is a data link layer protocol allowing network equipment to notify the
devices operating in a local network of its existence and to transmit parameters to it as well as to receive
similar information.
2.2.1 Configuration algorithm
Step Description Command Keys
1 Enable LLDP on the router. esr(config)# lldp
enable
2 Enable the LLDPDU receiving and
proceeding on the physical interface.
esr(config-if-gi)#
lldp receive
3 Enable LLDPDU transmission on the
physical interface.
esr(config-if-gi)#
lldp transmit
8 Set the LLDPDU sending period
(optionally).
esr(config)# lldp
timer <SEC>
<SEC> – time interval in seconds,
takes values of [1..32768].
Default value: 30
4 Set the period during which the router
keeps the information received via
LLDP (optionally)
esr(config)# lldp
hold-multiplier <SEC>
<SEC> – time interval in seconds,
takes values of [1..10].
Default value: 4
5 Set IP address which will be
transmitted to LLDP TLV as the
management-address (optionally).
esr(config)# lldp
management-address
<ADDR>
<ADDR> – IP address, defined as
AAA.BBB.CCC.DDD where each
part takes values of [0..255].
One of the existent is set by
default
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
16
1.
2.
Step Description Command Keys
6 Set the system-description field
which will be transmitted to LLDP
TLV as the system-description
(optionally).
esr(config)# lldp
system-description
<DESCRIPTION>
<DESCRIPTION> – system
description, set by the string of up
to 255 characters.
By default contains the
information of the router model
and firmware version.
7 Set the system-name field which will
be transmitted to LLDP TLV as the
system-name (optionally).
esr(config)# lldp
system-name <NAME>
<NAME> – system name, set by
the string of up to 255 characters.
By default coincides with the
specified hostname
2.2.2 Configuration example
Objective:
Organize the LLDPDU exchange and proceeding between ESR-1 and ESR-2 routers.
Solution:
R1 configuration
Enable LLDP globally on the router:
esr(config)# lldp enable
Enable the receiving and transmission of LLDPDU on the gi 1/0/1 interface.
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# lldp receive
esr(config-if-gi)# lldp transmit
R2 configuration
Enable LLDP globally on the router:
esr(config)# lldp enable
Enable the receiving and transmission of LLDPDU on the gi 1/0/1 interface.
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
17
•
•
•
•
•
•
•
•
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# lldp receive
esr(config-if-gi)# lldp transmit
To view LLDP neighbors information, use the following command:
esr# show lldp neighbors
To view more detailed information on the certain interface neighbor, use the following command:
esr# show lldp neighbors gigabitethernet 1/0/1
To view LLDP statistics, use the following command:
esr# show lldp statistics
2.3 LLDP MED configuration
LLDP MED is LLDP standard enhancement which allows to transmit network policies: VLAN ID, DSCP, priority.
2.3.1 Configuration algorithm
Step Description Command Keys
1 Enable LLDP on the router esr(config)# lldp
enable
2 Enable LLDPDU transmission
on the physical interface.
esr(config-if-gi)#
lldp transmit
3 Enable MED LLDP
enhancement on the router
esr(config)# lldp med
fast-start enable
4 Create network policy. esr(config)# network-
policy <NAME>
<NAME> – network-policy name, set by
the string of up to 31 characters.
5 Specify the application type. esr(config-net-
policy)# application
<APP_TYPE>
<APP-TYPE> – type of the application
for which network-policy will be
enabled.
Takes the following values:
voice;
voice-signaling;
guest-voice;
guest-voice-signaling;
softphone-voice;
video-conferencing;
streaming-video;
video-signaling.
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
18
•
•
•
•
•
•
•
•
•
Step Description Command Keys
6 Set the DSCP value (optional). esr(config-net-
policy)# dscp <DSCP>
<DSCP> – DSCP code value, takes
values in the range of [0..63].
7 Set the CoS value (optional). esr(config-net-
policy)# priority
<PRIORITY>
<COS> – priority value, takes the
following values:
best-effort – COS0;
background – COS1;
excellent-effort – COS2;
critical-applications – COS3;
video – COS4;
voice – COS5;
internetwork-control – COS6;
network-control – COS7.
8 Set VLAN ID value. esr(config-net-
policy)# vlan <VID>
[tagged]
<VID> – VLAN ID, takes values of
[1..4094];
tagged – key, during the
installation of which, the
subscriber device will send
Ethernet frames of the specified
application in a tagged form.
9 Set a network policy on the
interface.
esr(config-if-gi)#
lldp network-policy
<NAME>
<NAME> – network-policy name, set by
the string of up to 31 characters.
2.3.2 Voice VLAN configuration example
Voice VLAN — VLAN ID, in receiving of which an IP phone switches to the trunk mode with the specified VLAN
ID for VoIP traffic reception and transmission. VLAN ID transmission is performed by LLDP MED
enhancement.
Objective:
VoIP traffic and data traffic should be grouped in different VLANs - vid 10 for data and vid 20 for VoIP - and
the sending of Voice VLAN from the gi 1/0/1 ESR port should be configured. Voice VLAN should be supported
and enabled on the IP phone.
Solution:
First create VLAN 10 and 20 and configure the gi 1/0/1 interface in the trunk mode:
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
19
esr(config)# vlan 10,20
esr(config-vlan)# exit
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport mode trunk
esr(config-if-gi)# switchport trunk allowed vlan add 10,20
esr(config-if-gi)# exit
Enable LLDP and MED capability in LLDP globally on the router:
esr(config)# lldp enable
esr(config)# lldp med fast-start enable
Create and configure network policy in the way that VLAN ID 20 is specified for the voice application:
esr(config)# network-policy VOICE_VLAN
esr(config-net-policy)# application voice
esr(config-net-policy)# vlan 20 tagged
esr(config-net-policy)# exit
Configure LLDP on the interface and set a network policy:
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# lldp transmit
esr(config-if-gi)# lldp receive
esr(config-if-gi)# lldp network-policy VOICE_VLAN
esr(config-if-gi)# exit
2.4 Sub-interface termination configuration
To terminate Ethernet frames of a certain VLAN on a specific physical interface, you need to create a sub-
interface with the number of VLAN, frames of which will be terminated. When creating two sub-interfaces
having the same VLAN but located on different physical/aggregated interfaces, switching of Ethernet frames
between these sub-interfaces will not be possible as external segments will be separate broadcast domains.
For data exchange between subscribers of different sub-interfaces (even with the same VLAN-ID) routing will
be used, i.e. data exchange will occur at the third level of the OSI model.
ESR service routers.ESR-Series. Functionality description. Version 1.12.0
20
2.5 Configuration algorithm
Step Description Command Keys
1 Create a sub-interface of a physical
interface (possible if the physical
interface is in routeport or hybrid
mode).
esr(config)#
interface
gigabitethernet
<PORT>.<S-VLAN>
or
interface
tengigabitethernet
<PORT>.<S-VLAN>
or
interface port-
channel <CH>.<S-VLAN>
<PORT> – physical interface number.
<CH> – aggregated interface number.
<S-VLAN> – identifier of created S-
VLAN.
If a physical interface is included in
bridge-group, it will be impossible to
create sub-interface.
2 Specify sub-interface description
(optionally).
esr(config-subif)#
description
<DESCRIPTION>
<DESCRIPTION> – interface
description, set by the string of up to
255 characters.
3 Specify VRF instance, in which the
given sub-interface will operate
(optionally).
esr(config-subif)# ip
vrf forwarding <VRF>
<VRF> – VRF name, set by the string of
up to 31 characters.
4 Specify the IPv4/IPv6 address and
subnet mask for the interface to be
configured or enable IP address
obtain dynamically.
esr(config-subif)# ip
address <ADDR/LEN>
<ADDR/LEN> – IP address and subnet
mask length, defined as
AAA.BBB.CCC.DDD/EE where each
part AAA-DDD takes values of [0..255]
and EE takes values of [1..32].
For advanced IPv4 addressing
features see section IP addressing
configuration.
esr(config-subif)#
ipv6 address <IPV6-
ADDR/LEN>
<IPV6-ADDR/LEN> – IP address and
prefix of a subnet, defined as
X:X:X:X::X/EE where each X part takes
values in hexadecimal format [0..FFFF]
and EE takes values of [1..128].
For advanced IPv6 addressing
features see section IPv6 addressing
configuration.
You can specify several IPv4/IPv6
addresses separated by commas. Up
to 8 IPv4/IPv6 addresses can be
assigned to the interface.
esr(config-subif)# ip
address dhcp
For advanced DHCP client operation
features, see sectionDHCP client
management.
This manual suits for next models
11
Table of contents
Other ELTEX Wireless Router manuals
