C613-16055-00 REV Ewww.alliedtelesis.comIntroductionThis document contains useful technical tips and tricks for Allied Telesis routers and managed Lay
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 10A simpler way to save the current configurationWith Software Versions 2.8.1 and
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 100How to use the trustprivate parameter on the firewall to block users on the pr
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 101with trustprivate=off, and explicitly configure rules to block access from any
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 102How to use the firewall to control Internet access on the basis of private hos
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 103Configuration on the firewallThe configuration required to enable this process
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 104BUT for the MAC authentication, we need to be able to say that certain MAC add
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 105How to configure a timeout on particular UDP ports in a firewall policyYou can
USA Headquar ters | 19800 Nor th Cr eek Parkwa y | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 11How to store stack dump filesSince Software Version 2.7.6, the router or switch
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 12As mentioned previously, only a maximum of 8 files can be stored in flash at on
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 13How to securely manage remote devices from an Asyn (console) port on a router o
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 14 Connect to the remote device (in this example, the device attached to asyn1) b
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 15 Sending a Break command does not actually disconnect from the Asyn port. There
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 16How to reduce the impact of storms by using QoS policy storm protectionSoftware
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 17The following table explains the basic concepts involved with storm protection.
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 18How to reduce the impact of storms by controlling rapid MAC movementSoftware Ve
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 19To set a thrash action for a trunk, use the command:set lacp priority=priority
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 2This document also contains the following Tips and Tricks from earlier revisions
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 20How to use SNMP to monitor STP and RSTP linksSpanning Tree Protocol is used to
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 21 Now that you have placed the devices in the network, you need to link the devi
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 22Set the Status Variable as follows:1. click on the >> button (next to the
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 23 Now configure the alarms to alert you if a link fails in the STP loop. On the
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 24Finally select the Actions tab. Here you select a colour for the STP link to ch
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 25How to use SNMP to monitor master and slave SwitchBlade controller cardsIf you
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 26Creating an alert when a controller failsPerhaps the easiest way to create an a
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 27Then select the Attributes tab. On the Attributes tab, select the entry called
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 28 The final stage is to add alarms to alert you on screen if a SwitchBlade contr
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 29Enter a name for the filter event, such as “SB controller failure” and enter a
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 3How to capture command output in a text fileInstead of displaying command output
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 30Finally select the Actions tab. Here you select a colour to indicate controller
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 31 If there are some events for which you want to see alerts on the screen, then
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 32Why you need to use an idle timer on a PPPoE linkOn PPPoE interfaces, we recomm
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 33If PPPoE behaved like an always-up Layer 1 link, as described above, re-establi
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 34How to handle RIP route tagsRIP supports route tags from RIPv2 (RFC 1724). They
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 35The following figure shows output of the show ip route command from the router
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 36The following figure shows the BGP route table by using the show bgp route comm
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 37Route compatibility when RIP is set to receive both RIPv1 and RIPv2 routesThe r
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 38Switch_B sends two routes (172.17.0.0/16 and 192.168.0.0/16) to its neighbours,
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 39SolutionSetting Switch_A to accept RIPv2 (and not be compatible with RIPv1) cau
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 4Automatically uploading command output dailyYou can use the create file command,
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 40How to select the right ISAKMP policy during incoming Phase 1 ISAKMP proposalsV
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 41Understanding selectionIn these situations, it is important to appreciate which
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 42• These policies have different ID fields, but when using ISAKMP main mode, the
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 43Why the remote peer VPN router may set up multiple ISAKMP SAs when responding t
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 44The configuration of Router 2 is:create isakmp pol=isakmp peer=any key=1 mode=a
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 45that case, the ISAKMP SAs time out after 24 hours by default. If you have frequ
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 46When you have multiple policies to the same peer, you also need to consider the
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 47About the firewall’s aggressive modeAggressive mode is a state that the firewal
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 48The maximum number of retransmissions may be reached before the session timeout
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 49How to combine firewall standard and enhanced NATIt is possible to use standard
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 5How to automatically capture output when particular events occurOften when we ar
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 50add firewall poli=example rule=25 act=nat int=eth0-1 protocol=udp port=1-65000
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 51Why the switch has many “interface is UP” and “interface is DOWN” log messagesW
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 52How to gather useful debugging information for a suspected memory leakSituation
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 53The output of show buffer scan is also in the output of show debug, but it is i
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 54Figure 3 on page 54 and Figure 4 on page 54 show the second show time and show
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 55After the third show time and show buffer scan commands, the memory address has
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 56Once an address has been identified from the repeated show buffer scan command
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 57Example output from the show buffer scan=0007cc20 command (Continued)Figure 7 o
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 58Screen outputs showing details of these commands are shown below in Figure 8 on
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 59Figure 10: .Example output from the dump commandFigure 11: .Example output from
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 6Create a script called (for example) capture.scp, containing the following comma
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 60Figure 13: Example output from the dump a=0aab5b0c command.Why unexpected SNMP
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 61How to deal with spoofed packetsSpoofed packets are packets that have arrived i
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 62How to interrupt text flow that is continuously streaming to the CLIA keyboard
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 63How to set an inactivity timeout on console and TTY connectionsIt is possible t
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 64Figure 22: Example output from the show asyn commandManager > set asyn=0 idl
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 65How to set Summer Time and time zonesYou can configure the switch or router to
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 66Figure 23: Example output from the show summertime commandIt is also possible t
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 67How to ensure that system traffic is given priority when your switch is very bu
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 68On 8948_A we can see that the CPU is busy and the default queue (2) is overload
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 69First, give priority to routing protocol traffic sent to the CPU, by using the
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 7Run the script and send the output to a syslog serverAlternatively (or on older
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 70How to enable and install a release on the SwitchBlade with two controllersThis
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 71If the switch is running a version prior to 2.7.5AThe above procedure was not a
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 72How to fix switch port speed but still negotiate duplexIt is possible to fix th
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 73How to make private and public VLANs share the same uplinkOn AT-8600, AT-8700XL
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 74RSTP BPDU detection featuresWith RSTP it is never a good thing to have RSTP BPD
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 75How to allocate a WAN IP address to a PPP peer, and create a separate route to
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 76How to reflect TOS onto L2TP tunnelled packetsIt is possible to configure the r
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 77Router 1 configuration#L2TP configurationenable l2tpenable l2tp server=both# Co
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 78Router 2 configurationIn this example we are using a PPP template on Router 2,
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 79The screenshot below shows an ethereal capture of a packet from IP address 172.
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 8The output of a script that is called from a trigger can be sent to the log. The
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 80How to use Ping or Trace using Domain Name Service (DNS)It is possible to ping
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 81How OSPF metrics are calculated If O
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 82AS External route typesThere are two types of AS external routes—Type-1 and Typ
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 83Filtering OSPF static routes with a whitelist or blacklist route mapOSPF can be
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 84Now we add the commands for the filtering. In the following configuration outpu
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 85Once this “blacklist” route map has been applied on the ASBR, show ip route sho
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 86WhitelistNow change a little bit of the IP config—the action taken on matching
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 87How to identify and combat worm attacksThis Tip describes a method for dealing
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 88Use the following commands on AT-8600, AT-8700XL, AT-8800, AT-8900, AT-9900, x9
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 89Whether encryption is performed in hardware or softwareWhen no hardware encrypt
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 9How to upgrade the GUI when upgrading to Software Version 2.8.1The naming conven
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 90When an AT-AR011 v2 ECMAC is installed—AR300 Series routers, AR410, AR410S, AR7
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 91How and when to use VRRP IP address adoptionVRRP IP address adoption is when th
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 92Support for RADIUS accounting for 802.1x dynamic VLAN assignmentSupport for RAD
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 93How to configure the firewall to allow outward-going pings but to block inward-
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 94How to use firewall NAT to translate subnetsThis Tip gives an example of how yo
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 95A configuration example is shown below:create vlan="vlan10" vid=10add
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 96Correct use of firewall NAT when FTP does not use port 21Active and passive FTP
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 97How to enable the firewall enhanced fragment handling modeWhen using the firewa
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 98That packet gets dropped when it reaches the firewall. The results in the clien
Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 99How to use the HTTP proxy (application gateway)The firewall's HTTP proxy i
Comments to this Manuals