Zte Zxr10 3800-8 Installation instructions

ZXR10

Router/EthernetSwitch

CommandManual(SecurityVolume)

Version4.8.22

ZTECORPORATION

ZTEPlaza,KejiRoadSouth,

Hi-TechIndustrialPark,

NanshanDistrict,Shenzhen,

P .R.China

518057

Tel:(86)75526771900

Fax:(86)75526770801

URL:http://ensupport.zte.com.cn

E-mail:[email protected]

LEGALINFORMATION

Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionordistributionof

thisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwrittenconsentofZTECORPO-

RATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedbycontractualcondentialityobligations.

Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTECORPORATION

oroftheirrespectiveowners.

Thisdocumentisprovided“asis” ,andallexpress,implied,orstatutorywarranties,representationsorconditionsaredis-

claimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,titleornon-in-

fringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromtheuseoforrelianceonthe

informationcontainedherein.

ZTECORPORATIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplicationscoveringthesubject

matterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTECORPORATIONanditslicensee,

theuserofthisdocumentshallnotacquireanylicensetothesubjectmatterherein.

ZTECORPORATIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.

UsersmayvisitZTEtechnicalsupportwebsitehttp://ensupport.zte.com.cntoinquirerelatedinformation.

TheultimaterighttointerpretthisproductresidesinZTECORPORATION.

RevisionHistory

RevisionNo.RevisionDateRevisionReason

R1.0Dec.28,2008FirstEdition

SerialNumber:sjzl20086542

AboutThisManual..............................................i

CommandIntroduction.....................................1

ManualUseGuide...........................................................1

DescriptionofMan-MachineCommands.............................1

AuxiliaryFunction...........................................................2

CommandMode.............................................................3

ACLConguration..............................................7

aclstandard...................................................................8

aclextended..................................................................8

aclhybrid......................................................................9

acllink..........................................................................9

acluser-dened............................................................10

acl-log.........................................................................11

acl-stat........................................................................11

attach..........................................................................12

clear-acl-statistics.........................................................13

description...................................................................13

deny(StandardFormat).................................................14

deny(ExtendedFormat).................................................14

deny(IPv6StandardFormat)..........................................16

deny(IPv6ExtendedFormat)..........................................16

ipaccess-group.............................................................17

ipaccess-groupIPv6.................................................18

ipaccess-group-senior...................................................18

ipaccess-list.................................................................19

ipv6aclextended..........................................................20

ipv6aclstandard...........................................................20

move...........................................................................21

name...........................................................................21

permit(StandardFormat)...............................................22

permit(ExtendedFormat)...............................................23

permit(IPv6StandardFormat)........................................24

permit(IPv6ExtendedFormat).......................................24

rule(BasicACL)............................................................25

rule(ExtendedACL).......................................................26

rule(Layer2ACL).........................................................28

rule(HybridACL)..........................................................29

rule(User-denedACL)..................................................31

rule(IPv6StandardFormat)...........................................32

rule(IPv6ExtendedFormat)...........................................33

showaccess-listalias.....................................................34

showaccess-listbound...................................................34

showaccess-listbrief.....................................................35

showaccess-listcong...................................................35

showaccess-listseniorbound.........................................35

showaccess-listseniorvlan-bound..................................36

showaccess-listused.....................................................36

showacl.......................................................................36

showacl-statistics.........................................................37

NetworkSecurityConguration......................39

arpprotect...................................................................39

arpsource-ltered.........................................................40

arpto-static..................................................................40

ipverify.......................................................................41

showarparp-to-static....................................................41

showradius..................................................................42

showssh......................................................................42

sshserverauthenticationispgroup...................................43

sshserverauthenticationtype.........................................43

sshserverauthenticationmode.......................................44

sshserverenable..........................................................44

sshservergenerate-key.................................................45

sshserveronly..............................................................45

sshserverversion.........................................................45

urpflog........................................................................46

VirusScanningConguration..........................47

virus-scanlimit-number.................................................47

virus-scanprotectreactive-port-mode..............................47

virus-scanprotectshutdown-port....................................48

virus-scanset...............................................................48

InternetKeySwitchingProtocol

Commands......................................................51

authentication...............................................................51

clearisakmppolicy........................................................52

clearisakmpsa.............................................................53

debugcryptoisakmp......................................................53

encryption....................................................................54

group...........................................................................54

hash............................................................................55

isakmpenable...............................................................56

isakmpexchange-mode..................................................56

isakmpidentity.............................................................57

isakmpkey...................................................................58

isakmppolicy................................................................58

lifetime........................................................................60

showisakmpexchange-mode..........................................61

showisakmpidentity.....................................................61

showisakmpkey...........................................................61

showisakmppolicy........................................................62

showisakmpsa.............................................................63

IPSecIPv4NetworkSafecommands...............65

clearcryptoipsecsa......................................................65

clearcryptomap...........................................................66

cryptodynamic-map......................................................67

cryptoipseccommit.......................................................68

cryptoipsecpmtudiscover.............................................68

cryptoipsecsaglobal-lifetime.........................................69

cryptoipsectransform-set..............................................70

cryptoipsectransform-setencapsulation-mode.................70

cryptomap...................................................................71

cryptomap...................................................................72

cryptomapisakmpdynamic...........................................73

debugcryptoipsec........................................................74

enableipsec.................................................................74

matchaddress..............................................................74

setpeer.......................................................................75

setpfs.........................................................................76

setpfslevel...................................................................76

setsalifetime...............................................................77

setsession-key.............................................................78

settransform-set...........................................................79

showcryptodynamic-map..............................................79

showcryptoipsectransform-set......................................80

showcryptoipsecsaglobal-lifetime.................................81

showcryptoipsecsa......................................................81

IPSecIPv6NetworkSecurityCommands........83

ipsec............................................................................83

sadadd........................................................................84

sadclear......................................................................85

saddelall......................................................................86

saddelete....................................................................87

sadush......................................................................87

showsad......................................................................88

showspd......................................................................89

spdadd........................................................................90

spddelete....................................................................91

spdush......................................................................93

SYNFLOODProtection.....................................95

tcpsynood-protectenable.............................................95

tcpsynood-protectdefence...........................................95

tcpsynood-protectdisable............................................96

tcpsynood-protectmax-connect....................................97

tcpsynood-protectone-minute......................................97

showtcpsynood-protectall...........................................98

showtcpsynood-protectcong.....................................99

showtcpsynood-protectstatistics................................100

BFDConguration.........................................103

bfd-version.................................................................103

bfdinterval.................................................................103

showbfdneighborsbrief..............................................104

showbfdneighborsdetail.............................................104

showbfdneighborsldp-lsp...........................................104

showbfdneighborsrsvp-lsp..........................................104

L2TPConguration........................................105

clearvpdntunnel........................................................105

force-local-chap..........................................................106

initial-toip..................................................................106

l2tphidden.................................................................106

l2tpsequence.............................................................107

l2tptunnelauthentication.............................................107

l2tptunnelhello..........................................................107

l2tptunnelpassword....................................................107

l2tptunnelreceive-windows..........................................108

l2tptunnelretransmitretries........................................108

l2tptunnelretransmittimeout.......................................108

l2tptunneltimeout......................................................108

lcprenegotiation.........................................................109

localname..................................................................109

mplsl2transportpwe3extension...................................109

mplsl2transportpwe3extensionreectorrepeater..........110

new-random...............................................................110

proxy-authentication....................................................111

service-type................................................................111

showvpdnsession.......................................................111

showvpdntunnel........................................................111

source-ip....................................................................112

user-vpdn-group.........................................................112

virtual-template..........................................................113

vlan-import................................................................113

vpdndefaultvpdn-group..............................................114

vpdnenable................................................................114

vpdnfast-switch..........................................................114

vpdnradius-authenticationvpdn-group..........................115

vpdn-group................................................................115

Tacacs+Conguration...................................117

aaaaccountingcommands............................................117

aaaauthentication.......................................................118

aaaauthorization........................................................118

aaagroup-servertacacs+.............................................119

server........................................................................120

tacacs-client...............................................................120

tacacsdisable.............................................................121

tacacsenable..............................................................121

tacacs-serverhost.......................................................121

tacacs-serverkey........................................................122

tacacs-serverpacket....................................................122

tacacs-servertimeout..................................................123

RADIUSConguration...................................125

accounting-group........................................................125

accounting-groupalgorithm..........................................126

accounting-groupalias.................................................126

accounting-groupcalling-station-format.........................127

accounting-groupdeadtime...........................................127

accounting-groupipmng..............................................128

accounting-groupipvrf................................................128

accounting-groupinterim-packet-quota..........................129

accounting-grouplocal-buffer........................................129

accounting-groupmax-retries.......................................130

accounting-groupnas-ip-address...................................130

accounting-groupserver...............................................131

accounting-grouptimeout.............................................131

accounting-groupuser-name-format..............................132

accounting-groupvendor..............................................132

authentication-group....................................................133

authentication-groupalgorithm.....................................133

authentication-groupalias............................................134

authentication-groupcalling-station-format.....................134

authentication-groupdeadtime......................................135

authentication-groupipmng.........................................135

authentication-groupipvrf...........................................136

authentication-groupmax-retries..................................136

authentication-groupnas-ip-address..............................137

authentication-groupserver..........................................137

authentication-grouptimeout........................................138

authentication-groupuser-name-format.........................138

authentication-groupvendor.........................................139

radiusauto-change......................................................139

showcongurationradiusall.........................................140

AAAConguration.........................................141

aaaaccounting............................................................141

aaaauthentication.......................................................142

aaaauthorization........................................................142

aaacontrol.................................................................143

aaadefault-isp............................................................143

aaafullaccount............................................................144

aaagroupname...........................................................144

aaakeepalive..............................................................145

aaamultiple-hosts.......................................................145

aaaprotocol...............................................................146

aaaradius-server........................................................146

clearaaa....................................................................147

clearclient..................................................................147

clearlocaluser.............................................................148

createaaa..................................................................148

createlocaluser...........................................................149

localuseraccounting....................................................149

localusermac..............................................................150

localuserport..............................................................150

localuservlan..............................................................151

nas............................................................................151

showaaa....................................................................151

showclient.................................................................154

showlocaluser............................................................155

Dot1xConguration......................................159

dot1xmax-requests.....................................................159

dot1xquiet-period.......................................................159

dot1xre-authentication................................................160

dot1xserver-timeout...................................................160

dot1xsupplicant-timeout..............................................161

dot1xtx-period...........................................................161

showdot1x.................................................................162

CPUProtectionConguration........................163

debugport-upsend......................................................163

port-upsend................................................................164

AboutThisManual

PurposeThismanualprovidesproceduresandguidelinesthatsupportthe

operationofZXR10routerandEthernetswitch.

Intended

Audience

Thismanualisintendedforengineersandtechnicianswhoperform

operationactivitiesonZXR10routerandEthernetswitch.

WhatIsinThis

Manual

Thismanualcontainsthefollowingchapters:

ChapterSummary

Chapter1,Command

Introduction

Thischapterdescribestheusemethod

ofthecommandmanual,command

description,formatconvention,auxiliary

functionandmode.

Chapter2,ACL

Conguration

ThischapterdescribestheACL

congurationandcommandsofthe

Ethernetswitch.

Chapter3,Network

SecurityConguration

ThischapterdescribestheURPFSSH

congurationandviewcommands.

Chapter4,Virus

ScanningConguration

Thischapterdescribestheconguration

andviewcommandsofthevirusscanning.

Chapter5,Internet

KeySwitchingProtocol

Commands

ThischapterdescribesInternetkey

switchingprotocolcommandsandview

commands.ItisappliedtoZXR10GAR.

Chapter6,IPSecIPv4

NetworkSafecommands

ThischapterdescribesIPSecIPv4

congurationcommandsandview

commands.ItisappliedtoZXR10GAR.

Chapter7,IPSec

IPv6NetworkSecurity

Commands

ThischapterdescribesIPSecconguration

andviewcommands.Currently,onlyIPV6

appliesIPSecprotectionfunction,itmeans

thatprovideIPSecprotectionbasedon

transformmodeforroutingprotocolssuch

asOSPFv3BGP4+RIPng.

Chapter8,SYNFLOOD

Protection

Thischapterdescribessynoodprotection

associatedconguration.

Chapter9,BFD

Conguration

ThischapterdescribesBFDconguration

anddebugcommand.

Chapter10,L2TP

Conguration

ThischapterdescribesL2TPconguration

anddebugcommand.

Chapter11,Tacacs+

Conguration

Thischapterdescribestheconguration

commandsofTacacs+T erminalaccess

controlprotocol.

Chapter12,RADIUS

Conguration

Thischapterdescribestheconguration

andviewcommandsoftheRADIUS.

CondentialandProprietaryInformationofZTECORPORATIONi

ZXR10CommandManual(SecurityVolume)

ChapterSummary

Chapter13,AAA

Conguration

Thischapterdescribestheconguration

andviewcommandsofAAA.

Chapter14,Dot1x

Conguration

Thischapterdescribestheconguration

andviewcommandsofDot1x.

Chapter15,CPU

ProtectionConguration

Thischapterdescribestheconguration

andviewcommandsofCPUprotection.

Documentation

Thefollowingdocumentationisrelatedtothismanual:

�ZXR10Router/EthernetSwitchCommandManual(Command

IndexVolume)

�ZXR10Router/EthernetSwitchCommandManual(Ethernet

SwitchVolume)

�ZXR10Router/EthernetSwitchCommandManual(BasicCon-

gurationVolumeI)

�ZXR10Router/EthernetSwitchCommandManual(BasicCon-

gurationVolumeII)

�ZXR10Router/EthernetSwitchCommandManual(BasicCon-

gurationVolumeIII)

�ZXR10Router/EthernetSwitchCommandManual(RemoteAc-

cessVolume)

�ZXR10Router/EthernetSwitchCommandManual(IPv4Rout-

ingVolumeI)

�ZXR10Router/EthernetSwitchCommandManual(IPv4Rout-

ingVolumeII)

�ZXR10Router/EthernetSwitchCommandManual(MPLSVol-

ume)

�ZXR10Router/EthernetSwitchCommandManual(QoSVol-

ume)

�ZXR10Router/EthernetSwitchCommandManual(Network

ManagementVolume)

�ZXR10Router/EthernetSwitchCommandManual(Multicast

Volume)

�ZXR10Router/EthernetSwitchCommandManual(IPv6Vol-

ume)

�ZXR10Router/EthernetSwitchCommandManual(Voiceand

VideoServiceVolume)

iiCondentialandProprietaryInformationofZTECORPORATION

Chapter1

CommandIntroduction

TableofContents

ManualUseGuide...............................................................1

DescriptionofMan-MachineCommands.................................1

AuxiliaryFunction...............................................................2

CommandMode.................................................................3

ManualUseGuide

Thecommandsinothervolumesareclassiedbyfunctionalmod-

ules,andeachfunctionalmodulecorrespondstoachapterand

thecommandsinthechapterareorganizedintheformoflevel2

directoryandintheorderofa–z.

Tosearchacommand,doasfollows:

1.FindthedesiredcommandbyreferringtoZXR10Router/Eth-

ernetSwitchCommandManual—CommandIndex.

2.Findcommanddetailsbythevolume,chapter/sectionandpage

oftheobtainedcommand.

DescriptionofMan-Machine

Commands

EachMMLcommandisdescribedbythefollowingitems:

�Function

Itdescribesthefunctionimplementedbythiscommand.

�CommandMode

Itdescribesthemodeinwhichthiscommandcanbeexecuted.

�Format

Itdescribesthecompleteformatofthiscommand,including

thenoformatifpossible.

�ParameterDescription

Itdescribesparametersinthiscommandintheformandpre-

scribestherangeanddefaultvalue.Ifdifferentproductshave

CondentialandProprietaryInformationofZTECORPORATION1

ZXR10CommandManual(SecurityVolume)

differentparameterrangesordefaultvalues,anadditional

formisusedfordescription.

�Default

Thedefaultvalueisavailableinthecasethatthiscommandis

notset.Thedefaultparametervalueisnotdescribedherefor

valueselection.

Additionaldescriptionshallbegivenifdifferentproductshave

differentdefaultvalues.

�Instructions

Firstdescribestheplatformversioninformationaboutthis

command.Forexample,“TheplatformversionX.X.XXorlater

supportsthiscommand”indicatesthiscommandisprovided

fromthebeginningoftheplatformversionX.X.XX.Thiscom-

mandisprovidedfromtheplatformversion2.6bydefault.

Seconddescribestheusemethodandprecautionsofthiscom-

mand.

�Example

Itdescribestheuseofthiscommandinanexample.

�RelatedCommands

Liststhecommand(s)relatedtothiscommand.

�HistoryCommand

Itdescribeshistoryversioninformationrelatedtothiscom-

mandifacommandischangedafterversionupgrade.

Donotdescribethehistorycommandifthisentrydoesnotexist.

AuxiliaryFunction

TheauxiliaryfunctionforZXR10devicesisasfollows.

1.Inanycommandmode,enteraquestionmark(?)afterthe

DOSpromptofthesystem,alistofavailablecommandsinthe

commandmodewillbedisplayed.Withthecontext-sensitive

helpfunction,thekeywordsandparameterlistsofanycom-

mandscanbeobtained.

i.Inanycommandmode,enteraquestionmark"?"afterthe

DOSpromptofthesystem,andalistofallcommandsin

themodeandthebriefdescriptionofthecommandswill

bedisplayed.

ii.Inputthequestionmarkbehindacharacterorcharacter

stringtoviewthelistofcommandsorkeywordsbeginning

withthischaracterorcharacterstring.Notethatthereis

nospacebetweenthecharacter(string)andthequestion

mark.

iii.PressTABbehindthecharacterstring.Ifthecommandor

keywordbeginningwiththischaracterstringisunique,it

shallbecompletedwithaspaceattheend.Notethatthere

isnospacebetweenthecharacterstringandtheTAB.

2CondentialandProprietaryInformationofZTECORPORATION

Chapter1CommandIntroduction

iv.Inputaquestionmarkafteracommand,akeywordora

parameter ,thenextkeywordorparametertobeinputwill

belisted,andalsoabriefexplanationwillbegiven.Note

thataspacemustbeenteredbeforethequestionmark.

2.Ifincorrectcommand,keywordorparameterisinput,theerror

isolationisofferedwith^intheuserinterfaceafteryoupress

ENTER.The^isbelowtherstcharacteroftheinputincorrect

command,keywordorparameter .

3.ZXR10router/Ethernetswitchallowsthecommandorkey-

wordtobeabbreviatedintoacharacterorcharacterstringthat

uniquelyidentiesthiscommandorkeyword.Forexample,the

showcommandcanbeabbreviatedtoshorsho.

4.Theuserinterfacesupportsthefunctionofrecordinginput

commands.Amaximumoftenhistorycommandscanbe

recorded.Thefunctionisveryusefulinre-invocationofalong

orcomplicatedcommandoringress.

Tore-invokeacommandfromtherecordbuffer ,conductone

ofthefollowingoperations,asshownbelow.

CommandFunction

PressCTRL-Porthe

uparrowkey

Re-invokesthelatestcommandinthe

recordbuffer .Repeatthesekeysto

invokeoldcommandsforwards.

PressCTRL-Northe

downarrowkey

Rollsthecommandsdownward.Whenthe

lastcommandlineisreached,onemore

operationwillrollthecommandsfromthe

beggingofthebuffercyclically.

Inanymode,executetheshowhistorycommandtolistthe

latestcommandsinputinthismode.

CommandMode

Thecommandmodesinthismanualareshownbelow.

ModePromptAdmis-

sion

Mode

Entry

Command

Functions

Exec

mode

ZXR10>entersdirectly

afterlogging

thesystem

Viewssimple

information

Privi-

leged

mode

ZXR10#Exec

mode

enableCongures

system

parameters

Global

cong-

uration

mode

ZXR10(config)#Privi-

leged

mode

configure

terminal

Congures

globalservice

parameters

CondentialandProprietaryInformationofZTECORPORATION3

ZXR10CommandManual(SecurityVolume)

ModePromptAdmis-

sion

Mode

Entry

Command

Functions

Inter-

face

cong-

uration

mode

ZXR10(config-

if)#Global

cong-

uration

mode

interfaceCongures

port

parameters

andselects

aporttype

dependingon

thekeyword

Subin-

terface

mode

ZXR10(config-

subif)#Global

cong-

uration

mode

interfaceCongures

subinterface

parameters

ofthe

NPCI/NPCT

VLAN

data-

base

cong-

uration

mode

ZXR10(vlan-

db)#Privi-

leged

mode

vlandatab

ase

Createsor

deletesVLANs

inbatches

VLAN

cong-

uration

mode

ZXR10(config-

vlan)#Global

cong-

uration

mode

vlanCongures

VLAN

parameters

MSTP

cong-

uration

mode

ZXR10(config-

mstp)#Global

cong-

uration

mode

spanning-t

reemstconf

iguration

Congures

MSTP

parameters

Basic

ACL

cong-

uration

mode

ZXR10(config-

basic-acl)#Global

cong-

uration

mode

aclbasicDenesbasic

ACLrule

Ex-

tended

ACL

cong-

uration

mode

ZXR10(config-

ext-acl)#Global

cong-

uration

mode

aclextendDenes

extendedACL

rule

Line

cong-

uration

mode

ZXR10(config-

line)#Global

cong-

uration

mode

lineconsole

line<1~64

>(GAR)

Congures

parameters

relatedto

serialport

andtelnet

connection

Layer

2ACL

cong-

uration

mode

ZXR10(config-

link-acl)#Global

cong-

uration

mode

acllinkDeneslayer

2ACLrule

4CondentialandProprietaryInformationofZTECORPORATION

Chapter1CommandIntroduction

ModePromptAdmis-

sion

Mode

Entry

Command

Functions

Hybrid

ACL

cong-

uration

mode

ZXR10(config-

hybd-acl)#Global

cong-

uration

mode

aclhybridDeneshybrid

ACLrule

Router

stand-

ardACL

mode

ZXR10(config-

std-nacl)#Global

cong-

uration

mode

ipaccess-listDenesrouter

standardACL

rule

Router

ex-

tended

ACL

mode

ZXR10(config-

ext-nacl)#Global

cong-

uration

mode

ipaccess-listDenesrouter

extendedACL

rule

routerripCongures

RIP

parameters

routerospfCongures

OSPF

parameters

routerisisCongures

IS-IS

parameters

routerbgpCongures

BGP

parameters

router

pimsm

Congures

PIM-SM

parameters

ipv6router

rip

Congures

RIPng

parameters.

Route

cong-

uration

mode

ZXR10(config-

router)#Global

cong-

uration

mode

ipv6router

ospf

Congures

OSPFv3

parameters

VRF

cong-

uration

mode

ZXR10(config-

vrf)#Global

cong-

uration

mode

ipvrfCongures

VRF

parameters

VFIcon-

gu-

ration

mode

ZXR10(config-

vfi)#Global

cong-

uration

mode

vfiCongures

VPLSrelated

parameters

CondentialandProprietaryInformationofZTECORPORATION5

ZXR10CommandManual(SecurityVolume)

ModePromptAdmis-

sion

Mode

Entry

Command

Functions

Route

cong-

uration

mode

(RIP)

address-fam

ilyipv4vrf

Congures

RIPVRF

parameters

IPv4ad-

dress

family

cong-

uration

mode

ZXR10(config-

router-af)#

Route

cong-

uration

mode

(BGP)

address-fam

ilyvpnv4

address-fam

ilyipv4vrf

Congures

BGPVPN

andVRF

parameters

Route

cong-

uration

mode

(BGP4+)

address-fam

ilyipv6

Congures

BGP4+

unicast

addressfamily

IPv6

unicast

address

family

cong-

uration

mode

ZXR10(config-

router-af)#

Route

cong-

uration

mode

(IS-

ISv6)

address-fam

ilyipv6

Congures

IS-ISv6

addressfamily

Route

map

cong-

uration

mode

ZXR10(config-

route-map)#Global

cong-

uration

mode

route-mapCongures

routemap

matchingitem

andoperation

Channe-

lization

cong-

uration

mode

ZXR10(config-

control)#Global

cong-

uration

mode

controlCongures

channelization

force1,ce3

andcpos3

Dial

peer

cong-

uration

mode

ZXR10(config-

voip100)#Global

cong-

uration

mode

dial-peer

voice

Congures

business

relatedto

integrated

service

Voice

port

cong-

uration

mode

ZXR10(config-

voice-port)#Global

cong-

uration

mode

voice-portCongures

voiceservice

IPSec

cong-

uration

mode

ZXR10(config-

ipsec)#Global

cong-

uration

mode

ipsecCongures

IPv6IPSec

protection

Diagno-

sismode

ZXR10(diag)#Privi-

leged

mode

diagnoseTestsCPU

andmemory

usage

6CondentialandProprietaryInformationofZTECORPORATION

Chapter2

ACLConfiguration

TableofContents

aclstandard.......................................................................8

aclextended......................................................................8

aclhybrid..........................................................................9

acllink..............................................................................9

acluser-dened................................................................10

acl-log.............................................................................11

acl-stat............................................................................11

attach..............................................................................12

clear-acl-statistics.............................................................13

description.......................................................................13

deny(StandardFormat).....................................................14

deny(ExtendedFormat).....................................................14

deny(IPv6StandardFormat)..............................................16

deny(IPv6ExtendedFormat)..............................................16

ipaccess-group.................................................................17

ipaccess-groupIPv6.....................................................18

ipaccess-group-senior.......................................................18

ipaccess-list.....................................................................19

ipv6aclextended..............................................................20

ipv6aclstandard...............................................................20

move...............................................................................21

name...............................................................................21

permit(StandardFormat)...................................................22

permit(ExtendedFormat)...................................................23

permit(IPv6StandardFormat)............................................24

permit(IPv6ExtendedFormat)...........................................24

rule(BasicACL)................................................................25

rule(ExtendedACL)...........................................................26

rule(Layer2ACL).............................................................28

rule(HybridACL)..............................................................29

rule(User-denedACL)......................................................31

rule(IPv6StandardFormat)...............................................32

rule(IPv6ExtendedFormat)...............................................33

showaccess-listalias.........................................................34

showaccess-listbound.......................................................34

showaccess-listbrief.........................................................35

showaccess-listcong.......................................................35

showaccess-listseniorbound.............................................35

showaccess-listseniorvlan-bound......................................36

showaccess-listused.........................................................36

showacl...........................................................................36

showacl-statistics.............................................................37

CondentialandProprietaryInformationofZTECORPORATION7

ZXR10CommandManual(SecurityVolume)

aclstandard

PurposeUsethiscommandtoenterstandardACLcongurationmode,

DeletestandardACLconguredwithnoformofthiscommand.

CommandModesGlobalconguration

Syntaxaclstandard{number<acl-number>|name<acl-name>|

alias<acl-alias>}

noaclstandard{number<acl-number>|name<acl-name>|

alias<acl-alias>}

Syntax

Descriptionnumber<acl-numb

er>

StandardACLnumber ,range:1~99or

1000~1499

name<acl-name>StandardACLname,notmorethan31

characters

alias<acl-alias>ACLalias,notmorethan31characters

InstructionsThealiascanbeconguredonlyfornumberACL.Thealiasmust

beconguredbeforeitisusedwiththenamecommand.

ExampleThisexampledescribeshowtoenterstandardACLconguration

mode.

ZXR10(config)#aclstandardnumber1

ZXR10(config-std-acl)#exit

ZXR10(config)#aclstandardnameacl1

ZXR10(config-std-acl)#

Commands

showacl

aclextended

PurposeUsethiscommandtoenterextendedACLcongurationmode.

DeletetheconguredextendedACLwithnoformofthiscom-

mand.

CommandModesGlobalconguration

Syntaxaclextended{number<acl-number>|name<acl-name>|

alias<acl-alias>}

noaclextended{number<acl-number>|name<acl-name>|

alias<acl-alias>}

Syntax

Descriptionnumber<acl-numb

er>

ExtendedACLnumber ,range:100~199or

1500~1999

name<acl-name>StandardACLname,notmorethan31

characters

alias<acl-alias>ACLalias,notmorethan31characters

8CondentialandProprietaryInformationofZTECORPORATION

Other manuals for ZXR10 3800-8

Table of contents

Popular Network Router manuals by other brands

ActionTec

ActionTec Wireless-Ready user manual

TRENDnet

TRENDnet TEW21BRM user guide

Huawei

Huawei WS7206 quick start guide

Asus

Asus RT-ACRH12 quick start guide

Optical Systems Design

Optical Systems Design OSD2524 quick start guide

GLOBAL WIFI

GLOBAL WIFI NINJA WIFI 303ZT user manual

HP StorageWorks e1200-160 user guide

Cisco

Cisco E-Series user manual

Upvel

Upvel UR-101AU user manual

Cisco

Cisco 220 Series Smart Plus Administration guide

Macsense

Macsense PalmRouter PR-100 quick start guide

Cimetrics

Cimetrics B3075 quick start

HPE

HPE 2530 Quick setup guide

Perle

Perle IOLAN STG8 quick start guide

Alcatel-Lucent

Alcatel-Lucent 7450 ESS Series Configuration guide

ADTRAN

ADTRAN TRACER 5045 Quick reference guide

Perle

Perle P1705 Reference manual

NETGEAR

NETGEAR RT311 Specifications

Zte ZXR10 3800-8 Installation instructions

Popular Network Router manuals by other brands