Page 1: Table Of Contents
Preface Introduction Using RUGGEDCOM ROX II RUGGEDCOM ROX II Getting Started v2.12 Device Management System Administration CLI User Guide Security IP Address Assignment Layer 2 Layer 3 Serial Server Wireless Tunneling and VPNs Unicast and Multicast Routing Network Redundancy For RX5000, MX5000, MX5000RE...
Page 2 RUGGEDCOM ROX II CLI User Guide...
Page 3: Cli User Guide
Continued Traffic Control and Classification Time Services RUGGEDCOM ROX II Applications v2.12 Troubleshooting CLI User Guide For RX5000, MX5000, MX5000RE 07/2018 RC1402-EN-02...
Page 4 RUGGEDCOM ROX II CLI User Guide...
Page 5 For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept.
Page 6 To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit https://support.automation.siemens.com. Warranty Refer to the License Agreement for the applicable warranty terms and conditions, if any. For warranty details, visit https://www.siemens.com/ruggedcom or contact a Siemens customer service representative. Contacting Siemens Address Telephone E-mail...
Page 7: Preface
1.7.1 Structure of a Syslog Event ....................14 1.7.2 Syslog Event Types ......................15 1.7.3 Logged Security Events ..................... 15 Chapter 2 Using RUGGEDCOM ROX II ................2.1 Default User Names and Passwords ....................19 2.2 Logging In ..........................19 2.3 Logging Out ..........................20 2.4 Using Network Utilities ........................
Page 8: Getting Started
2.7.2 Accessing Service Mode ....................47 2.7.3 Accessing Maintenance Mode ................... 49 Chapter 3 Getting Started ....................3.1 Connecting to RUGGEDCOM ROX II ....................51 3.1.1 Default IP Address ......................51 3.1.2 Connecting Directly ......................51 3.1.3 Connecting Remotely ....................... 52 3.2 Configuring a Basic Network ......................53 3.2.1 Configuring a Basic IPv4 Network ..................
Page 9 RUGGEDCOM ROX II CLI User Guide Table of Contents 4.2.3 Viewing Flash Card Storage Utilization ................58 4.2.4 Viewing CPU/RAM Utilization ..................... 59 4.2.5 Viewing the Slot Status ....................59 4.2.6 Viewing the Slot Sensor Status ..................61 4.2.7 Viewing the Power Controller Status .................. 61 4.3 Viewing the Parts List ........................
Page 10 4.11 Managing the Software Configuration ..................81 4.11.1 Saving the Configuration ....................81 4.11.2 Loading a Configuration ....................81 4.12 Upgrading/Downgrading the RUGGEDCOM ROX II Software ............82 4.12.1 Configuring the Upgrade Source ..................82 4.12.2 Setting Up an Upgrade Server ..................83 4.12.2.1 Configuring the Upgrade Server ................84 4.12.2.2 Adding Software Releases to the Upgrade Server ...........
Page 11: System Administration
RUGGEDCOM ROX II CLI User Guide Table of Contents 4.18.3.3 Deleting a VLAN for a Routable Ethernet Port ............102 Chapter 5 System Administration ................... 5.1 Configuring the System Name and Location ................103 5.2 Configuring the Host Name ....................... 104 5.3 Customizing the Welcome Screen ....................104 5.4 Setting the Maximum Number of Sessions ..................
Page 12 RUGGEDCOM ROX II Table of Contents CLI User Guide 6.3 Enabling/Disabling Brute Force Attack Protection ................. 127 6.4 Enabling/Disabling Compact Flash Card Removal Detection ............128 6.5 Enabling/Disabling SYN Cookies ....................129 6.6 Managing Port Security ......................129 6.6.1 Port Security Concepts ....................130 6.6.1.1 Static MAC Address-Based Authentication ..............
Page 13 RUGGEDCOM ROX II CLI User Guide Table of Contents 6.8.5.2 Adding a Private Key ................... 176 6.8.5.3 Deleting a Private Key ..................176 6.8.6 Managing Public Keys ..................... 176 6.8.6.1 Viewing a List of Public Keys ................177 6.8.6.2 Adding a Public Key ..................... 177 6.8.6.3 Adding an IPSec-Formatted Public Key ..............
Page 14: Ip Address Assignment
RUGGEDCOM ROX II Table of Contents CLI User Guide 6.9.10.5 Deleting an Interface ..................195 6.9.11 Managing Hosts ......................196 6.9.11.1 Viewing a List of Hosts ..................196 6.9.11.2 Adding a Host ....................197 6.9.11.3 Deleting a Host ....................197 6.9.12 Managing Policies ......................198 6.9.12.1 Viewing a List of Policies ..................
Page 15 RUGGEDCOM ROX II CLI User Guide Table of Contents 7.1.5 Configuring IPv6 Neighbor Discovery ................216 7.1.6 Managing IPv6 Network Prefixes ..................218 7.1.6.1 Adding an IPv6 Network Prefix ................218 7.1.6.2 Deleting an IPv6 Network Prefix ................219 7.2 Managing the DHCP Relay Agent ....................219 7.2.1 Configuring the DHCP Relay Agent ..................
Page 16 RUGGEDCOM ROX II Table of Contents CLI User Guide 7.3.9.4 Deleting a Host Group ..................242 7.3.10 Managing DHCP Hosts ....................242 7.3.10.1 Viewing a List of Hosts ..................242 7.3.10.2 Adding a Host ....................243 7.3.10.3 Configuring Host Options ................... 243 7.3.10.4 Deleting Hosts ....................245 7.3.11 Managing Address Pools (IPv4) ..................
Page 17: Layer 2
RUGGEDCOM ROX II CLI User Guide Table of Contents 7.4.1 Managing Domain Names ....................264 7.4.1.1 Viewing a List of Domain Names ................264 7.4.1.2 Adding a Domain Name ..................264 7.4.1.3 Deleting a Domain Name ..................265 7.4.2 Managing Domain Name Servers ..................265 7.4.2.1 Viewing a List of Domain Name Servers ..............
Page 18 RUGGEDCOM ROX II Table of Contents CLI User Guide 8.4.1.1 IGMP ........................289 8.4.1.2 GMRP (GARP Multicast Registration Protocol) ............293 8.4.2 Enabling and Configuring GMRP ..................295 8.4.3 Managing IGMP Snooping ....................295 8.4.3.1 Configuring IGMP Snooping ................. 296 8.4.3.2 Viewing a List of Router Ports ................296 8.4.3.3 Adding a Router Port ...................
Page 19: Serial Server
RUGGEDCOM ROX II CLI User Guide Table of Contents 8.5.6.2 Adding a Forbidden Port ..................313 8.5.6.3 Deleting a Forbidden Port ..................314 8.5.7 Managing VLANs for Interfaces and Tunnels ..............314 Chapter 9 Layer 3 ......................9.1 Layer 3 Switching Concepts ....................... 315 9.1.1 Layer 3 Switch Forwarding Table ..................
Page 20: Wireless
RUGGEDCOM ROX II Table of Contents CLI User Guide 10.2.6 Configuring the Raw Socket Protocol ................335 10.2.7 Deleting a Serial Port Protocol ..................336 10.3 Managing Device Address Tables ....................336 10.3.1 Viewing a List of Device Address Tables ................. 336 10.3.2 Adding a Device Address Table ..................337 10.3.3 Deleting a Device Address Table ..................
Page 21 RUGGEDCOM ROX II CLI User Guide Table of Contents 12.1.4 Managing Virtual Switch Interfaces ................360 12.1.4.1 Viewing a List of Virtual Switch Interfaces ............360 12.1.4.2 Adding a Virtual Switch Interface ................ 361 12.1.4.3 Deleting a Virtual Switch Interface ..............361 12.1.5 Filtering Virtual Switch Traffic ..................362 12.1.5.1 Enabling/Disabling Virtual Switch Filtering ............
Page 22 RUGGEDCOM ROX II Table of Contents CLI User Guide 12.4.4 Managing Dynamic L2TPv3 Tunnels ................380 12.4.4.1 Enabling and Configuring Dynamic L2TPv3 Tunnels ..........380 12.4.4.2 Viewing a List of Dynamic L2TPv3 Tunnels ............381 12.4.4.3 Adding a Dynamic L2TPv3 Tunnel ............... 381 12.4.4.4 Deleting a Dynamic L2TPv3 Tunnel ..............
Page 23 RUGGEDCOM ROX II CLI User Guide Table of Contents 12.7.1 Viewing Statistics for GRE Tunnels ................. 399 12.7.2 Viewing a List of GRE Tunnels ..................400 12.7.3 Adding a GRE Tunnel ....................401 12.7.4 Configuring a DSCP Marking for GRE Tunnel Traffic ............402 12.7.5 Enabling/Disabling Keepalive Messages ................
Page 24: Unicast And Multicast Routing
RUGGEDCOM ROX II Table of Contents CLI User Guide 12.8.10.2 Viewing a List of Addresses for Private Subnets ..........421 12.8.10.3 Adding an Address for a Private Subnet ............. 421 12.8.10.4 Deleting an Address for a Private Subnet ............422 12.8.11 Example: Configuring an Encrypted VPN Tunnel ............422 12.9 Managing 6in4 and 4in6 Tunnels .....................
Page 25 RUGGEDCOM ROX II CLI User Guide Table of Contents 13.6.5.3 Deleting an Area Tag ..................449 13.6.6 Managing Interfaces ..................... 449 13.6.6.1 Viewing a List of Interfaces ................449 13.6.6.2 Configuring an Interface ..................450 13.6.7 Managing LSP Generation ..................... 451 13.6.7.1 Viewing a List of LSP Generation Intervals ............451 13.6.7.2 Adding an LSP Generation Interval ..............
Page 26 RUGGEDCOM ROX II Table of Contents CLI User Guide 13.7.4.2 Tracking Commands ..................468 13.7.5 Managing Network IP Addresses ..................468 13.7.5.1 Viewing a List of Network IP Addresses ............... 468 13.7.5.2 Adding a Network IP Address ................469 13.7.5.3 Deleting a Network IP Address ................469 13.7.6 Managing Network Interfaces ..................
Page 27 RUGGEDCOM ROX II CLI User Guide Table of Contents 13.8.2.7 Configuring Match Rules ..................484 13.8.2.8 Configuring a Set ....................485 13.8.3 Managing Prepended and Excluded Autonomous System Path Filters ........ 485 13.8.3.1 Viewing a List of Prepended Autonomous System Path Filters ........ 486 13.8.3.2 Viewing a List of Excluded Autonomous System Paths ..........
Page 28 RUGGEDCOM ROX II Table of Contents CLI User Guide 13.8.9.2 Adding an Aggregate Address Option ..............501 13.8.9.3 Deleting an Aggregate Address Option ..............501 13.8.10 Managing Redistribution Metrics ................. 501 13.8.10.1 Viewing a List of Redistribution Metrics ............. 501 13.8.10.2 Adding a Redistribution Metric ................502 13.8.10.3 Deleting a Redistribution Metric ................
Page 29 RUGGEDCOM ROX II CLI User Guide Table of Contents 13.9.7 Managing Incoming Route Filters .................. 534 13.9.7.1 Viewing List of Incoming Route Filters ..............534 13.9.7.2 Adding an Incoming Route Filter ................ 535 13.9.7.3 Deleting an Incoming Route Filter ............... 535 13.9.8 Managing Redistribution Metrics ................... 536 13.9.8.1 Viewing a List of Redistribution Metrics ...............
Page 30 RUGGEDCOM ROX II Table of Contents CLI User Guide 13.10.7.7 Configuring Neighbor Discovery ............... 555 13.10.7.8 Viewing a List of LDP Interfaces ................ 555 13.10.7.9 Enabling/Disabling an LDP Interface ..............556 13.11 Managing Virtual Routing and Forwarding (VRF) ..............556 13.11.1 VRF Concepts ......................557 13.11.1.1 VRF and VRF-Lite .....................
Page 31 RUGGEDCOM ROX II CLI User Guide Table of Contents 13.11.12.2 Adding a Neighbor ..................573 13.11.12.3 Configuring the Distribution of Prefix Lists ............574 13.11.12.4 Tracking Commands ..................575 13.11.12.5 Deleting a Neighbor ..................575 13.11.13 Managing Static VRF Routes ..................576 13.11.13.1 Viewing a List of Static VRF Routes ..............576 13.11.13.2 Adding a Static VRF Route ................
Page 32: Network Redundancy
RUGGEDCOM ROX II Table of Contents CLI User Guide 13.13.3.1 Viewing a List of Out-Interfaces ................ 590 13.13.3.2 Adding an Out-Interface ................... 590 13.13.3.3 Deleting an Out-Interface ................. 590 13.14 Managing Dynamic Multicast Routing ..................591 13.14.1 PIM-SM Concepts ....................... 592 13.14.2 Viewing the Status of PIM-SM ..................592 13.14.3 Viewing the Status of Dynamic Multicast Routing ............
Page 33 RUGGEDCOM ROX II CLI User Guide Table of Contents 14.1.6.2 Adding a VRRP Instance ..................610 14.1.6.3 Deleting a VRRP Instance ..................612 14.1.7 Managing VRRP Monitors ....................612 14.1.7.1 Viewing a List of VRRP Monitors ................. 612 14.1.7.2 Adding a VRRP Monitor ..................613 14.1.7.3 Deleting a VRRP Monitor ..................
Page 34 RUGGEDCOM ROX II Table of Contents CLI User Guide 14.3.1 RSTP Operation ......................629 14.3.1.1 RSTP States and Roles ..................629 14.3.1.2 Edge Ports ......................631 14.3.1.3 Point-to-Point and Multipoint Links ..............631 14.3.1.4 Path and Port Costs ................... 631 14.3.1.5 Bridge Diameter ....................632 14.3.1.6 eRSTP .......................
Page 35 RUGGEDCOM ROX II CLI User Guide Table of Contents 14.4.5 Viewing Statistics Collected for RNA Ports ..............661 14.4.6 Clearing Statistics Collected for RNA Ports ..............662 Chapter 15 Network Discovery and Management ............. 15.1 Managing LLDP ........................663 15.1.1 Configuring LLDP ......................664 15.1.2 Viewing Global Statistics and Advertised System Information ...........
Page 36: Traffic Control And Classification
RUGGEDCOM ROX II Table of Contents CLI User Guide Chapter 16 Traffic Control and Classification ..............16.1 Managing Port Mirroring ......................687 16.1.1 Configuring Port Mirroring .................... 688 16.1.2 Managing Egress Source Ports ..................688 16.1.2.1 Viewing a List of Egress Source Ports ..............688 16.1.2.2 Adding an Egress Source Port ................
Page 37: Time Services
RUGGEDCOM ROX II CLI User Guide Table of Contents 16.2.8.1 Viewing a List of Egress Marks ................710 16.2.8.2 Adding an Egress Mark ..................711 16.2.8.3 Deleting an Egress Mark ..................711 16.2.9 Viewing QoS Statistics ....................712 16.3 Managing Classes of Service ....................713 16.3.1 Configuring Classes of Service ..................
Page 38: Applications
RUGGEDCOM ROX II Table of Contents CLI User Guide 17.6 Viewing the NTP Service Status ....................731 17.7 Viewing the Status of Reference Clocks ..................733 17.8 Managing NTP Servers ......................734 17.8.1 Viewing a List of NTP Servers ..................734 17.8.2 Monitoring Subscribers ....................735 17.8.3 Adding an NTP Server ....................
Page 39 RUGGEDCOM ROX II CLI User Guide Table of Contents 19.5 VLANs ............................ 752 xxxix...
Page 40 RUGGEDCOM ROX II Table of Contents CLI User Guide...
Page 41 CLI User Guide Preface Preface This guide describes the CLI user interface for RUGGEDCOM ROX II v2.12 running on the RUGGEDCOM RX5000/ MX5000/MX5000RE. It contains instructions and guidelines on how to use the software, as well as some general theory.
Page 42 NOTE Documents listed are those available at the time of publication. Newer versions of these documents or their associated products may be available. For more information, visit SIOS or consult a Siemens Customer Support representative. Product Notes Product notes are available online via SIOS [https://support.industry.siemens.com/cs/ca/en/ps/16008/pm].
Page 43 RUGGEDCOM ROX II CLI User Guide Preface Document Title Link RUGGEDCOM CROSSBOW User Guide Available upon request Catalogs Document Title Link RUGGEDCOM Modules Catalog for the RUGGEDCOM RX5000 https://support.industry.siemens.com/cs/ww/en/view/109748779 RUGGEDCOM Modules Catalog for the RUGGEDCOM MX5000 https://support.industry.siemens.com/cs/ww/en/view/109748778 RUGGEDCOM Modules Catalog for the RUGGEDCOM MX5000RE https://support.industry.siemens.com/cs/ww/en/view/109748780...
Page 44 System Requirements Each workstation used to connect to the RUGGEDCOM ROX II Rugged CLI interface must meet the following system requirements: • Must have a working Ethernet interface compatible with at least one of the port types on the RUGGEDCOM RX5000/MX5000/MX5000RE •...
Page 45 Siemens Sales representative. Customer Support Customer support is available 24 hours, 7 days a week for all Siemens customers. For technical support or general information, contact Siemens Customer Support through any of the following methods: Online Visit http://www.siemens.com/automation/support-request...
Page 46 RUGGEDCOM ROX II Preface CLI User Guide xlvi Customer Support...
Page 47 • Section 1.7, “Logged Events” Section 1.1 Features and Benefits Feature support in RUGGEDCOM ROX II is driven by feature keys that unlock feature levels. For more information about feature keys, refer to Section 1.2, “Feature Keys”. The following describes the many features available in RUGGEDCOM ROX II and their benefits: •...
Page 48 Ethernet frames. Switches can introduce latency in times of heavy network traffic due to the internal queues that buffer frames and then transmit on a first come first serve basis. RUGGEDCOM ROX II supports Class of Service, which allows time critical traffic to jump to the front of the queue, thus minimizing latency and reducing jitter to allow such demanding applications to operate correctly.
Page 49 • Port Mirroring RUGGEDCOM ROX II can be configured to duplicate all traffic on one port to a designated mirror port. When combined with a network analyzer, this can be a powerful troubleshooting tool. • Port Configuration and Status RUGGEDCOM ROX II allows individual ports to be hard configured for speed, duplex, auto-negotiation, flow control and more.
Page 50 • Brute Force Attack Prevention Protection against Brute Force Attacks (BFAs) is standard in RUGGEDCOM ROX II. If an external host fails to log in to the CLI, NETCONF or Web interfaces after a fixed number of attempts, the host's IP address will be blocked for a period of time.
Page 51 SM module. Section 1.2 Feature Keys Feature keys add features to an existing installation of RUGGEDCOM ROX II. They can be purchased and installed at any time. The following feature keys are currently available: • Layer 3 Standard Edition with Layer 3 Hardware (L3SEL3HW) •...
Page 52 Accessibility hazard – risk of data loss. Do not misplace the passwords for the device. If both the maintenance and boot passwords are misplaced, the device must be returned to Siemens Canada Ltd for repair. This service is not covered under warranty. Depending on the action that must be taken to regain access to the device, data may be lost.
Page 53: Using Ruggedcom Rox Ii
▫ Make sure the default community strings are changed to unique values. • When using RUGGEDCOM ROX II as a client to securely connect to a server (such as, in the case of a secure upgrade or a secure syslog transfer), make sure the server side is configured with strong ciphers and protocols.
Page 54 For more information, refer to Section 6.9, “Managing Firewalls”. • Modbus is deactivated by default in RUGGEDCOM ROX II. If Modbus is required, make sure to follow the security recommendations outlined in this CLI User Guide and configure the environment according to defense-in-depth best practices.
Page 55 Policy • Periodically audit the device to make sure it complies with these recommendations and/or any internal security policies. • Review the user documentation for other Siemens products used in coordination with the device for further security recommendations. Section 1.4 Available Services by Port The following table lists the services available by the device, including the following information: •...
Page 56 Chapter 1 RUGGEDCOM ROX II Introduction CLI User Guide Port Access Services Port Number Port Open Default Authorized HTTPS TCP/443 Open (if configured with login) Open TCP Modbus TCP/502 Open (if configured) Closed IPSec IKE UDP/500 Open (if configured) Closed...
Page 57 RUGGEDCOM ROX II Chapter 1 CLI User Guide Introduction Access Commands/Paths Permitted Notes Administrator Operator Guest /admin/authentication /admin/authentication/password- complexity /admin/logging C/R/U /admin/alarms (status) Administrator and operator can see status of active-alarms, acknowledge and clear alarms /admin/alarms-config/ Administrator and operator cannot create...
Page 58 Chapter 1 RUGGEDCOM ROX II Introduction CLI User Guide Access Commands/Paths Permitted Notes Administrator Operator Guest /admin/install-files (action) /admin/reboot (action) /admin/restore-factory-defaults (action) /admin/set-system-clock (action) /admin/shutdown (action) /apps C/R/U C/R/U /chassis/part-list /chassis/fixed-modules C/R/U /chassis/line-module-list /chassis/line-modules/line-module /interfaces C/R/U /interface C/R/U /routing C/R/U...
Page 59 • Upgrade/Downgrade Firmware – Use the USB Mass Storage device as a portable repository for new or legacy versions of the RUGGEDCOM ROX II firmware. • Backup Files – Configure RUGGEDCOM ROX II to backup important information to the USB Mass Storage device, such as rollbacks, log files, feature keys and configuration files.
Page 60 CLI User Guide Section 1.7 Logged Events RUGGEDCOM ROX II logs all events locally and forwards them automatically to a syslog server if remote logging is enabled. This section defines events and lists the built-in syslog messages generated when specific events occur. NOTE For information about enabling remote system logging, refer to Section 4.10.3, “Configuring Secure...
Page 61 Events of either type are stored locally on the device and transmitted automatically to the syslog server when they occur. Section 1.7.3 Logged Security Events The following are security-related event messages that may be generated by RUGGEDCOM ROX II. Event Category Event Message...
Page 62 Chapter 1 RUGGEDCOM ROX II Introduction CLI User Guide Event Category Event Message Facility Severity Type SE_NETWORK_UNSUCCESSFUL_LOGON (Invalid audit user: LOG_DAEMON Info Alarm Auth.log Username) {Username}/0 no such local user login failed, LOG_AUTHPRIV Notice Alarm Auth.log reason='{Reason}', user ipaddr='0.0.0.0' SE_NETWORK_UNSUCCESSFUL_LOGON (Invalid...
Page 63 RUGGEDCOM ROX II Chapter 1 CLI User Guide Introduction Event Category Event Message Facility Severity Type SE_ACCESS_DENIED audit user: LOG_DAEMON Info Alarm Auth.log {Username}/0 Provided Invalid Password login failed, LOG_AUTHPRIV Notice Alarm Auth.log reason='{Reason}', user ipaddr='{IP Address}' SE_ACCOUNT_LOCKED_TEMP ALARM: BFA from IP {IP...
Page 64 Chapter 1 RUGGEDCOM ROX II Introduction CLI User Guide Event Category Event Message Facility Severity Type SE_PATCH_DEPLOYMENT_FAILED (No differences - No differences detected LOG_DAEMON Notice Event Upgrade ROXFLASH) in target version. Nothing to upgrade SE_PATCH_DEPLOYMENT_FAILED (Failed to Failed to configure...
Page 65 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Using RUGGEDCOM ROX II This chapter describes how to use the RUGGEDCOM ROX II interface. CONTENTS • Section 2.1, “Default User Names and Passwords” • Section 2.2, “Logging In” •...
Page 66 127.0.0.1 using console on ruggedcom ruggedcom# Section 2.3 Logging Out To log out of the device, type exit at the root level. ruggedcom# exit Section 2.4 Using Network Utilities RUGGEDCOM ROX II features built-in troubleshooting tools for pinging hosts, tracing routes and analyzing packets. Logging Out...
Page 67 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Figure 1: Accessories Menu CONTENTS • Section 2.4.1, “Pinging an IPv4 Address or Host” • Section 2.4.2, “Pinging an IPv6 Address or Host” • Section 2.4.3, “Pinging MPLS Endpoints” • Section 2.4.4, “Pinging VRF Endpoints”...
Page 68 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide • For Hosts with IPv4 Addresses ping address iface interface count attempts wait seconds • For Hosts with IPv6 Addresses ping6 address iface interface count attempts wait seconds Where: •...
Page 69 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II ruggedcom# traceroute 192.168.0.7 traceroute to 192.168.0.7 (192.168.0.7), 30 hops max, 60 byte packets * * * * * * * * * * * * * * * Section 2.4.6...
Page 70 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Section 2.4.9 Capturing Packets from a Network Interface Tcpdump is a packet analyzer for TCP/IP and other packets. It can be used to capture packets at a specified network interface and dump them to a terminal or file.
Page 71 CLI User Guide Using RUGGEDCOM ROX II Section 2.5 Using the Command Line Interface This section describes how to use Command Line Interface (CLI) for RUGGEDCOM ROX II. It covers common commands, conventions, and useful techniques. CONTENTS • Section 2.5.1, “Accessing Different CLI Modes”...
Page 72 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Section 2.5.2 Using Command Line Completion Commands and parameters do not need to be entered completely for the CLI to recognize them. By typing the first few letters of a command and pressing Tab, the CLI will display the possible completions. If the first few letters are unique to a specific command, the full command is automatically displayed.
Page 73 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Moving the Cursor Command Description Ctrl-B or Left Arrow Moves the cursor back one character Ctrl-F or Right Arrow Moves the cursor forward one character Esc-B or Alt-B...
Page 74 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Command Description Esc-U Changes the entire word at the cursor's location to uppercase Special Actions Command Description Ctrl-C Aborts a command or clears the command line Ctrl-V or Esc-Q...
Page 75 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II repeat Repeat show term with a given interval save Save output text to a file select Select additional columns Enforce table output until End with the line that matches...
Page 76 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description exclude Excludes lines containing the specified text. Information that is a child of the excluded line is also excluded. Regular expressions can be used with this redirect. For more information about regular expressions, refer to Section 2.5.7, “Using Regular...
Page 77 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description E1 w/ 2x BNC none none power-controller SLOT PROTECTION TEMPERATURE CURRENT VOLTAGE ------------------------------------------------ 2907 3381 For example, show chassis | begin line-modules | notab suppresses the table formatting:...
Page 78 Section 2.5.7 Using Regular Expressions RUGGEDCOM ROX II command line regular expressions are a subset of the regular expressions found in egrep and in the AWK programming language. Regular expressions can be used along with several of the output redirects. For more information about using output redirects, refer to Section 2.5.6, “Using Output...
Page 79 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description Opens a secure shell on another host. Parameters include: ssh [ host | address/name ] { bind-address | address } { • host is the name or IP address of the host. It is mandatory.
Page 80 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Section 2.5.10.1 Basic CLI Commands Use the following commands to perform basic CLI functions. Parameter Description Default: level exit [ level | configuration- mode | no-confirm ] Exits from the current mode.
Page 81 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description screen-length screen-width service prompt config true show-defaults false terminal xterm • history displays the CLI command history. • jobs displays currently running background jobs. For example:...
Page 82 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description Copies a configuration file. After typing the command, press Tab to view a list of available file copy-config current- files. For example, the following command copies the deleted_users file to the...
Page 83 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description standard_config.txt 100% 7673 7.5KB/s 00:00 Securely copies a configuration file from the device to a remote computer. The remote file scp-config-to-url current- computer must have an SCP or SSH (secure shell) service or client installed and running.
Page 84 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description file scp-featurekey-to-url current-filename user@host:/path/new- filename Where: • current-filename is the current filename of the feature key file. • user is a user name with access rights to the remote computer.
Page 85 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Section 2.5.10.3 Interface and Services Commands Operational mode provides commands for restarting and displaying information for various interfaces and services. Parameter Description Sends an AT or reset command to the specified modem. Use auto completion to display a list interfaces modem modem [ at | of available modems.
Page 86 CAUTION! Configuration hazard – risk of data loss/corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens Canada Ltd technicians. Maintenance mode is provided for troubleshooting purposes and all possible commands are not documented. Misuse of maintenance mode commands can corrupt the operational state of the device and render the device inaccessible.
Page 87 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description the device will continue to be blocked from making changes until the session timeout period expires. Section 2.5.10.5 Configuration Mode General Commands Configuration mode provides a set of general commands that allow users to work with configuration data.
Page 88 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description Copies a configured element to a new element. For example, the following command copies copy the userid admin to the new userid wsmith: ruggedcom(config)# copy admin users userid admin smith The new item has all of the attributes of the item from which it is copied.
Page 89 RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description NOTE The no command affects only the parameter or setting of the node explicitly specified in the command. When using no to negate a parameter or setting that has dependencies, clearing the specific parameter does not clear the related dependencies.
Page 90 Runs the rox_flash or rox_upgrade wizards. For more information, refer to Section 4.12.5.2, wizard [ rox_flash | rox_upgrade “Downgrading Using ROXflash” Section 4.12.3, “Upgrading the RUGGEDCOM ROX II Software”. Section 2.6 Configuring the CLI Interface The following commands can be used to configure certain characteristics and customize the CLI interface.
Page 91 Accessing BIST Mode BIST (Built-In-Self-Test) mode is used by RUGGEDCOM ROX II to test and configure internal functions of the device. The method for accessing BIST is different if a new software image has been flashed onto the flash card.
Page 92 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide To access BIST mode normally, do the following: IMPORTANT! Do not connect the device to the network when it is in BIST mode. The device will generate excess multicast traffic in this mode.
Page 93 Configuration hazard – risk of data corruption. Service mode is provided for troubleshooting and advanced configuration purposes and should only be used by Siemens technicians. As such, this mode is not fully documented. Misuse of the commands available in this mode can corrupt the operational state of the device and render it inaccessible.
Page 94 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Connect to RUGGEDCOM ROX II through the RS-232 console connection and a terminal application. For more information, refer to Section 3.1.2, “Connecting Directly”. Reboot the device. For more information, refer to Section 4.5, “Rebooting the...
Page 95 Configuration hazard – risk of data corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens Canada Ltd technicians. As such, this mode is not fully documented. Misuse of the commands available in this mode can corrupt the operational state of the device and render it inaccessible.
Page 96 Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Accessing Maintenance Mode...
Page 97 Getting Started Getting Started This section describes startup tasks to be performed during the initial commissioning of the device. Tasks include connecting to the device and accessing the RUGGEDCOM ROX II CLI, as well as configuring a basic network. CONTENTS •...
Page 98 • Set the terminal type to VT100 • Disable hardware and software flow control Establish a connection to the device and press any key. The login prompt appears. {host name} login: Log in to RUGGEDCOM ROX II. For more information, refer to Section 2.2, “Logging In”. Section 3.1.3 Connecting Remotely The Command Line Interface (CLI) can be accessed securely and remotely using an SSH client.
Page 99 Section 3.2 Configuring a Basic Network RUGGEDCOM ROX II has the following Internet interfaces configured by default: dummy0, fe-cm-1 and switch.0001. The default IP addresses for fe-cm-1 and switch.0001 are configured under the ip » {interface} » ipv4, where {interface} is the name of the interface. The default switch.0001 interface is the VLAN interface and is only seen if there is one or more Ethernet line modules installed.
Page 100 Chapter 3 RUGGEDCOM ROX II Getting Started CLI User Guide Make sure all computers connected to the device can ping one another. Section 3.2.2 Configuring a Basic IPv6 Network To configure a basic IPv6 network, do the following: Connect a computer to the Fast Ethernet port (fe-cm-1) of the device and configure the computer to be on the same subnet as the port.
Page 101 Section 4.1 Displaying Device and Software Information During troubleshooting or when ordering new devices/features, Siemens may request specific information about the device, such as the model, order code or system serial number. To display general information about the device and its software, type:...
Page 102 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide model RX5000 software license "Layer 3 Standard Edition" order code RX5000-L3-MNT-HI-L3SE-CG01-XX-S01-E02-XX-XX rox release "ROX 2.6.0-QA3.14 (2014-08-11 18:00)" system serial number RX5000R-0812-00664 This table or list provides the following information: Parameter...
Page 103 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management show chassis hardware slot-hardware A table or list similar to the following example appears: ruggedcom# show chassis hardware slot-hardware | tab SLOT ORDER FIELD DETECTED MODULE -------------------------------------------------------------------------------- none none none...
Page 104 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description detected-module Synopsis: A string 1 to 60 characters long The installed module's type specifier. This parameter is mandatory. boot-loader-version Synopsis: A string The version of the ROX bootloader software on the installed module.
Page 105 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management Parameter Description This parameter is mandatory. Section 4.2.4 Viewing CPU/RAM Utilization To view the CPU/RAM utilization statistics for each module installed in the device, type: show chassis cpu slot-cpu A table or list similar to the following example appears:...
Page 106 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide SLOT DETECTED MODULE STATE STRING UPTIME START DATE TIME -------------------------------------------------------------------------------------------------------------------- none empty ---- 2017-01-12Z 03:19:16Z none empty ---- 0D 0hr 0min 0sec 2017-01-11Z 10:22:45Z none empty ---- 0D 0hr 0min 0sec...
Page 107 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management Section 4.2.6 Viewing the Slot Sensor Status To view information about the slot sensors, type:. show chassis sensors A table or list similar to the following example appears: ruggedcom# show chassis sensors...
Page 108 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description pm-slot Synopsis: { pm1, pm2 } The name of the power module slot as labeled on the chassis. Synopsis: { na, working, damaged } mov-protection The state of the MOV protection circuit.
Page 109 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management RX5000 4FG05 12-86-0015-001 4x 1000LX Singlemode 1310nm LC 25km 12-86-0202-042 12-86-0202-042 RX5000 4FG50 12-86-0015-001 4x 1000LX SFP 12-86-0201-001 12-86-0201-001 RX5000 4FX01 12-86-0018-002 4x 100FX Multimode ST 2km RX5000 4FX02 12-86-0018-001...
Page 110 This includes removing any sensitive, proprietary information. To decommission the device, do the following: Obtain a copy of the RUGGEDCOM ROX II firmware currently installed on the device. For more information, contact Siemens Customer Support.
Page 111 Managing Feature Keys RUGGEDCOM ROX II can be enhanced with additional features at any time by adding feature levels. Feature levels are encoded in feature keys that can be loaded on a device. At the time of ordering, a device feature key is encoded into the electronic signature of the device.
Page 112 Section 4.8.2 Installing Feature Keys When installing a new feature key, RUGGEDCOM ROX II evaluates the new file-based feature key and the device feature key and enables the most capable feature level described by the keys. Feature keys can be installed from a host computer or USB Mass Storage drive.
Page 113 Section 4.9 Managing Files RUGGEDCOM ROX II allows the transfer of select files to and from the device using the following methods: • Install Allows users to upload files from a USB flash drive or from a remote server using a file transfer protocol, such as FTP.
Page 114 RUGGEDCOM RX5000/MX5000/MX5000RE Installation Guide. Make sure the CLI is in Configuration mode. Navigate to admin » backup-files and configure the following parameter(s) as required: NOTE RUGGEDCOM ROX II supports implicit FTP over TLS (FTPS) URLs. Explicit FTP over TLS is not supported. Parameter Description file-type { file-type } Synopsis: ...
Page 115 This parameter is mandatory. Section 4.10 Managing Logs RUGGEDCOM ROX II maintains various logs to record information about important events. Each log falls into one of the following log types: Security Event Logs Information related to the following security events are logged by RUGGEDCOM ROX II: NOTE Passwords can be retried up to 3 times before the login attempt is considered a security event.
Page 116 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide • Section 4.10.4, “Managing Diagnostic Logs” • Section 4.10.5, “Managing Remote Syslog Servers” • Section 4.10.6, “Managing Remote Server Selectors” Section 4.10.1 Viewing Logs Select logs can be viewed directly within the CLI. Otherwise, these and other logs can be downloaded from the device and viewed in a text editor/viewer.
Page 117 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management IMPORTANT! The client (RUGGEDCOM ROX II) and server certificates must by signed by the same CA. CONTENTS • Section 4.10.3.1, “Enabling/Disabling Secure Remote Syslog” • Section 4.10.3.2, “Viewing a List of Permitted Peers”...
Page 118 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.10.3.2 Viewing a List of Permitted Peers To view a list of permitted peers, type:...
Page 119 /var/log/xpath-trace.log WebUI Trace Log /var/log/webui-trace.log CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. CONTENTS • Section 4.10.4.1, “Enabling/Disabling the Developer's Log”...
Page 120 The Developer's log records internal system transactions from the operational view. CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. To enable or disable the Developer's log, do the following: Make sure the CLI is in Configuration mode.
Page 121 CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. To enable or disable the NETCONF Summary log, do the following: Make sure the CLI is in Configuration mode.
Page 122 </rpc-reply> CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. To enable or disable the NETCONF Trace log, do the following: Make sure the CLI is in Configuration mode.
Page 123 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.10.5 Managing Remote Syslog Servers RUGGEDCOM ROX II can support up to 6 event message collectors, or remote Syslog servers. Remote Syslog provides the ability to configure: • IP address(es) of collector(s) •...
Page 124 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide show running-config admin logging server If remote servers have been configured, a table or list similar to the following example appears: ruggedcom# show running-config admin logging server admin logging server 172.30.144.254...
Page 125 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management Section 4.10.5.3 Deleting a Remote Server To delete a remote server, do the following: Make sure the CLI is in Configuration mode. Delete the remote server by typing: no admin logging server address Where: •...
Page 126 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Section 4.10.6.2 Adding a Remote Server Selector To add a remote server selector, do the following: Make sure the CLI is in Configuration mode. Add the remote server selector by typing:...
Page 127 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.11 Managing the Software Configuration Configuration parameters for RUGGEDCOM ROX II can be saved on the device and loaded in the future. CONTENTS •...
Page 128 Section 4.12.5, “Downgrading the RUGGEDCOM ROX II Software” Section 4.12.1 Configuring the Upgrade Source Firmware for upgrading or downgrading RUGGEDCOM ROX II can be uploaded from either an upgrade server or a portable USB Mass Storage drive. For information about setting up an upgrade server, refer to Section 4.12.2, “Setting Up an Upgrade...
Page 129 The target software version. Specify a specific software release in the form of 'rrX.Y.Z' or enter 'current' to upgrade to the latest software release available on the upgrade server. Add the server's SSH/RSA public key to RUGGEDCOM ROX II and add the server to the Known Hosts list. For more information, refer to Section 6.8.8.2, “Adding a Known...
Page 130 Section 4.12.2.2, “Adding Software Releases to the Upgrade Server” Section 4.12.2.1 Configuring the Upgrade Server For RUGGEDCOM ROX II to properly retrieve files from an upgrade server, the following must be configured on the server: • MIME Types The following MIME types must be defined for the chosen upgrade server (e.g. Microsoft IIS Manager, Apache HTTP Server, Lighttpd, etc.) for RUGGEDCOM ROX II to properly retrieve files from the server:...
Page 131 Upgrading the RUGGEDCOM ROX II Software RUGGEDCOM ROX II software upgrades are managed between two partitions. One partition is always active, while the other is always inactive. Software upgrades are always applied to the inactive partition. This allows the active partition to function normally during a software upgrade and for users to roll back a software upgrade to previous version.
Page 132 Device Management CLI User Guide To upgrade the RUGGEDCOM ROX II software, do the following: If the source of the software is a USB Mass Storage drive, insert the drive in the USB port on the device. For more information, refer to the RUGGEDCOM RX5000/MX5000/MX5000RE Installation Guide.
Page 133 Section 4.12.5.2 Downgrading Using ROXflash ROXflash is used to flash any previous version of a RUGGEDCOM ROX II software image to the inactive partition. To obtain a RUGGEDCOM ROX II software image, contact Siemens Customer Support. After a successful software downgrade and reboot, the downgraded partition is activated.
Page 134 To flash the inactive partition with an earlier version of the RUGGEDCOM ROX II software, do the following: Contact Siemens Customer Support and obtain the required firmware version. Two tarball files (*.tar.bz2) are provided: the firmware image and a GPG (GNU Private Guard) signature file.
Page 135 Device”. Section 4.13 Monitoring Firmware Integrity RUGGEDCOM ROX II can perform an integrity check to verify the integrity of running programs and installed files. The integrity check can be invoked in the following ways: • automatically at system start-up • as a scheduled job •...
Page 136 Scheduling a Recurring Firmware Integrity Check Using the RUGGEDCOM ROX II scheduler, the firmware integrity check can be scheduled to run automatically at a specific time and date, either once or on a recurring schedule. For more information about scheduling the firmware integrity check, refer to Section 5.10, “Scheduling...
Page 137 Section 4.14.2, “Configuring the Activation Temperature” Section 4.14.1 Viewing the Fan Controller Status RUGGEDCOM ROX II monitors the status of the fan controller and the individual fan arrays. To view the status of the fan controller, type: show chassis fan-controller status A table or list similar to the following example appears:...
Page 138 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide show chassis fan-controller status fan A table or list similar to the following example appears: ruggedcom# show chassis fan-controller status fan STATE STATUS ----------------------- fanA Normal fanB standby Normal Section 4.14.2 Configuring the Activation Temperature The individual fan arrays are activated by the fan controller based on the activation temperature.
Page 139 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management If fixed modules have been configured, a table or list similar to the following example appears: ruggedcom# show running-config chassis fixed-modules | tab chassis fixed-modules fixed-module SLOT MODULE TYPE PARTNUMBER...
Page 140 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.16 Managing Line Modules RUGGEDCOM RX5000/MX5000/MX5000RE devices feature slots for field-replaceable line modules, which can be used to expand and customize the capabilities of the device to suit specific applications.
Page 141 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management After the device is rebooted, the new line module is automatically detected and operational. If the line module is different from the previous module installed in the same slot, add a configuration for the new line module.
Page 142 Only a previously established link on that port is affected while the socket is empty. Automatic Detection RUGGEDCOM ROX II actively monitors each SFP transceiver port to determine when an SFP transceiver has been inserted or removed. Each event triggers an alarm and is logged in the syslog.
Page 143 Chapter 4 CLI User Guide Device Management Smart SFP enables RUGGEDCOM ROX II to automatically configure the speed and auto-negotiation settings for the socket to match the transceiver. Settings are based on the capabilities read from the SFP transceivers EEPROM. IMPORTANT! All SFP transceivers approved by Siemens support Smart SFP mode.
Page 144 For example: SFP 1000LX SM LC 10 km NOTE If an SFP transceiver remains marked as Unidentified after disabling Smart SFP mode, contact Siemens Customer Support. To enable or disable Smart SFP mode for an SFP transceiver, do the following: Make sure the CLI is in Configuration mode.
Page 145 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management Section 4.18 Managing Routable Ethernet Ports This section describes how to configure routable Ethernet Ports, including the assignment of VLANs. CONTENTS • Section 4.18.1, “Viewing a List of Routable Ethernet Ports” •...
Page 146 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description Default: true Enables/Disables the network communications on this port. auton Enables or disables IEEE 802.3 auto-negotiation. Enabling auto-negotiation results in speed and duplex being negotiated upon link detection; both end devices must be auto- negotiation compliant for the best possible results.
Page 147 RUGGEDCOM ROX II Chapter 4 CLI User Guide Device Management Parameter Description • no-lldp : The local LLDP agent can neither transmit nor receive LLDP frames. • rxTx : The local LLDP agent can both transmit and receive LLDP frames through the port.
Page 148 Chapter 4 RUGGEDCOM ROX II Device Management CLI User Guide Section 4.18.3.2 Adding a VLAN to a Routable Ethernet Port To add a VLAN to a routable Ethernet port, do the following: Make sure the CLI is in Configuration mode. Add the new VLAN by typing:...
Page 149 RUGGEDCOM ROX II Chapter 5 CLI User Guide System Administration System Administration This chapter describes how to perform various administrative tasks related to device identification, user permissions, alarm configuration, certificates and keys, and more. CONTENTS • Section 5.1, “Configuring the System Name and Location”...
Page 150 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide Parameter Description The textual identification of the contact person for this managed node, together with information on how to contact this person. If no contact information is known, the value is the zero-length string.
Page 151 RUGGEDCOM ROX II Chapter 5 CLI User Guide System Administration Make sure the CLI is in Configuration mode. Navigate to admin » session-limits and configure the following parameter(s) as required: Parameter Description max-sessions-total { max-sessions-total } Synopsis: a 32-bit unsigned integer Default: ...
Page 152 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide Parameter Description • peer - The server will ask the client for a client-certificate but not fail if the client does not supply a client-certificate. • fail-if-no-peer-cert - The server requires the client to supply a client certificate.
Page 153 Sessions”. Section 5.7 Managing Alarms The alarm system in RUGGEDCOM ROX II notifies users when events of interest occur. The system is highly configurable, allowing users to: • Enable/disable most alarms, with the exception of mandatory alarms • Configure whether or not an alarm triggers the failsafe relay and illuminates the alarm indicator LED on the device •...
Page 154 Security alarms are for certificate expiry events. This includes warnings 30 days before a certificate is set to expire and when an expired certificate is installed. Services Service alarms are for events related to RUGGEDCOM ROX II services, such as time services, link failover, Dynamic Domain Name Server (DNS) etc. CONTENTS •...
Page 155 RUGGEDCOM ROX II Chapter 5 CLI User Guide System Administration Alarm Type Alarm Description Suggested Resolution maximum operating temperature range of the device. Chassis Module Type Mismatch The configured module type does not Updated the chassis configuration or match the detected module type.
Page 156 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide Section 5.7.3.1 Clearing Alarms Non-conditional alarms must be cleared by the user. Conditional alarms, when configured, are cleared automatically. To clear all clear-able, non-conditional alarms, type: admin clear-all-alarms Alternatively, to clear an individual non-conditional alarm, type:...
Page 157 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.8 Managing Users RUGGEDCOM ROX II allows for up to three user profiles to be configured locally on the device. Each profile corresponds to one of the following access levels: • Guest •...
Page 158 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide User Type Rights Guest Operator Admin Run Commands û û ü CAUTION! Security hazard – risk of unauthorized access and/or exploitation. To prevent unauthorized access to the device, make sure to change the default passwords for all users before commissioning the device.
Page 159 Section 5.8.4 Monitoring Users Users currently logged in to the device are monitored by RUGGEDCOM ROX II and can be viewed through the CLI. RUGGEDCOM ROX II allows administrators to monitor users, log users out, and broadcast message to all users.
Page 160 Section 5.9 Managing Passwords and Passphrases RUGGEDCOM ROX II requires separate passwords or passphrases for logging into the various device modes, such as normal, boot, service and maintenance modes. Default passwords are configured for each user type initially. It is strongly recommended that these be changed before the device is commissioned.
Page 161 Accessibility hazard – risk of data loss. Do not forget the passwords for the device. If both the maintenance and boot passwords are forgotten, the device must be returned to Siemens Canada Ltd for repair. This service is not covered under warranty. Depending on the action that must be taken to regain access to the device, data may be lost.
Page 162 Setting a User Password/Passphrase To set the password/passphrase for a user profile, do the following: NOTE RUGGEDCOM ROX II supports the following special characters in passwords/passphrases: !@#$%^&*()_ +-={}[];:',<.>/?\|`~. Type the following command and then press Enter: admin users userid profile set-password new-password Where profile is the user profile (e.g.
Page 163 Configuration hazard – risk of data corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens technicians. As such, this mode is not fully documented. Misuse of maintenance mode commands can corrupt the operational state of the device and render it inaccessible.
Page 164 If special characters are used, make sure to encapsulate the password in double-quotation marks (") as follows: NOTE RUGGEDCOM ROX II supports the following special characters in passwords/passphrases: !@#$ %^&*()_+-={}[];:',<.>/?\|`~. admin users userid admin set-password new-password new-password-passphrase new-password-repeat new- password-passphrase Where: •...
Page 165 RUGGEDCOM ROX II Chapter 5 CLI User Guide System Administration [4-1]: Debian GNU/Linux, kernel 3.0.0-2-8360e (BIST mode) [4-2]: Debian GNU/Linux, kernel 3.0.0-2-8360e (single-user mode) [4-3]: Debian GNU/Linux, kernel 3.0.0-2-8360e (service mode) ****Boot Partition 6**** [6-0]: Debian GNU/Linux, kernel 3.0.0-2-8360e [6-1]: Debian GNU/Linux, kernel 3.0.0-2-8360e (BIST mode) [6-2]: Debian GNU/Linux, kernel 3.0.0-2-8360e (single-user mode)
Page 166 Enter the inactive partition by typing the associated target number. For example, if the active partition is Boot Partition 4, type 6-0 and press Enter to enter Boot Partition 6. Log in to RUGGEDCOM ROX II. For more information about logging in to RUGGEDCOM ROX II, refer to Section 2.2, “Logging In”.
Page 167 Section 5.10 Scheduling Jobs The RUGGEDCOM ROX II scheduler allows users to create jobs that execute command line interface (CLI) commands at a specific date and time, or in response to specific configuration changes. Typical applications include scheduling the regular clearing of system logs, or performing periodic file transfers to remote servers.
Page 168 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide Parameter Description The name of the scheduled job. The name can be up to 64 characters in length. job-type { job-type } Synopsis: { configchange, periodic } Default: periodic Determines when to launch the scheduled job: •...
Page 169 RUGGEDCOM ROX II Chapter 5 CLI User Guide System Administration Parameter Description For periodic jobs, sets the day of the week on which to run the scheduled job. Valid entries are in the range of 0 to 6, where 0 represents Sunday, 1 represents Monday, and so on.
Page 170 Chapter 5 RUGGEDCOM ROX II System Administration CLI User Guide Deleting a Scheduled Job...
Page 171 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Security This chapter describes how to configure and manage the security-related features of RUGGEDCOM ROX II. CONTENTS • Section 6.1, “Enabling and Configuring CLI Sessions” • Section 6.2, “Enabling and Configuring SFTP Sessions”...
Page 172 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Parameter Description Additional IPv4 or IPv6 addresses and their associated ports on which the CLI will listen for requests from the device. IPv4 addresses and port numbers must be separated by a colon (e.g.
Page 173 Enabling/Disabling Brute Force Attack Protection RUGGEDCOM ROX II features a Brute Force Attack (BFA) protection mechanism to prevent attacks via the CLI, Web interface and NETCONF. This mechanism analyzes the behavior of external hosts trying to access the SSH port, specifically the number of failed logins.
Page 174 Enabling/Disabling Compact Flash Card Removal Detection RUGGEDCOM ROX II features a detection mechanism to notify users when the compact flash card is removed during operation. When enabled, the system will immediately reboot and generate a failsafe alarm when the card is removed.
Page 175 Section 6.5 Enabling/Disabling SYN Cookies RUGGEDCOM ROX II can be configured to transmit SYN cookies when the SYN backlog queue of a socket begins to overflow. This is a technique used to resist SYN flood attacks. To enable or disable the transmission of SYN cookies, do the following: Make sure the CLI is in Configuration mode.
Page 176 In this method, the device validates the source MAC addresses of received frames against the contents in the Static MAC Address Table. RUGGEDCOM ROX II also supports a highly flexible Port Security configuration that provides a convenient means for network administrators to use the feature in various network scenarios.
Page 177 1. Supplicant 2. Authenticator Device 3. LAN 4. Authentication Server IMPORTANT! RUGGEDCOM ROX II supports both Protected Extensible Authentication Protocol (PEAP) and EAP-MD5. PEAP is more secure and is recommended if available in the supplicant. IEEE 802.1x makes use of the Extensible Authentication Protocol (EAP), which is a generic PPP authentication protocol that supports various authentication methods.
Page 178 CLI User Guide Section 6.6.1.4 Assigning VLANS with Tunnel Attributes RUGGEDCOM ROX II supports assigning a VLAN to an authorized port using tunnel attributes, as defined in 3580 [http://tools.ietf.org/html/rfc3580], when the Port Security mode is set to 802.1x or 802.1x/MAC-Auth. In some cases, it may be desirable to allow a port to be placed into a particular VLAN, based on the authentication result.
Page 179 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Parameter Description • per_macaddress - Only packets from authorized MAC addresses are forwarded. Authorized MAC addresses are either preconfigured in the static MAC address table or learned dynamically. • off - Disables security on the port auto-learn { auto-learn } Synopsis: ...
Page 180 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Parameter Description The period of time in seconds (s) the port will wait to receive the authentication server's response to the client's request. If no response is received by the end of this period, the authentication session fails.
Page 181 Managing User Authentication Keys A user authentication key is the public key in an SSH key pair. When using a RUGGEDCOM ROX II user account associated with an authentication key, users can access the device via Secure Shell (SSH) without having to provide a password/passphrase, as long as their workstation holds the matching private key.
Page 182 On the workstation that will access the device, create a pair of RSA-based public and private SSH keys by typing Open the public key and copy its contents. Log in to RUGGEDCOM ROX II. For more information, refer to Section 2.2, “Logging In”.
Page 183 Associating an Authentication Key To associate one of the authentication keys available on the device with a user account, do the following: Log in to RUGGEDCOM ROX II. For more information, refer to Section 2.2, “Logging In”. Make sure the CLI is in Configuration mode.
Page 184 CLI User Guide Disassociating an Authentication Key To disassociate one of the authentication keys from a user account, do the following: Log in to RUGGEDCOM ROX II. For more information, refer to Section 2.2, “Logging In”. Make sure the CLI is in Configuration mode.
Page 185 The PPP service represents incoming PPP connections via a modem. Authentication requests to the PPP service use RADIUS only. In the event that no response is received from any configured RADIUS server, RUGGEDCOM ROX II will not complete the authentication request.
Page 186 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide IMPORTANT! Passwords are case-sensitive. Make sure the CLI is in Configuration mode. Type the following: admin authentication radius [Optional] If port security is enabled on any ports, configuring the following parameter(s) to avoid conflicts...
Page 187 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Parameter Description The IPv4 address of the server. port-udp { port-udp } Synopsis: A 32-bit signed integer between 1 and 65535 Default: 1812 password { password } Synopsis: A string Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 188 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide IMPORTANT! The user authentication mode must be set to tacacsplus_local or tacacsplus_only for users to be authenticated against the TACACS+ server. For more information about setting the authentication mode, refer to Section 6.7.1, “Setting the User Authentication...
Page 189 Web access (SSL). To allow for initial configuration, all RUGGEDCOM ROX II devices are shipped from the factory with a pair of pre- installed default certificates and keys. Certificates and keys for TLS and SSH are also auto-generated during initial boot-up and can be replaced by user-defined certificates and keys.
Page 190 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide cgTpR3rCs4xTUh+URJYCTGEhh1V6jGOjuY8M3pO/iLPrwtZ066uyCqNoJLoptYnLfRDJu8AdWNdxLfXQsSv4XOB8hzYKekyg8bqsE/ w6b5MyE60Xc51f413PMicZz6WhBcuaqvutHxoIqCR6oI7fkLGGyWaeCzWUO02FplVfiJe1vTwAaa5+JAoSdPNzTJKrHvFE18SdEAlwpj4PMVIA7oaEHL Section 6.8.2 Managing the Trusted Certificate Store The Trusted Certificate Store includes an extensive collection of publically available X.509 v3 root certificates. Once enabled and associated with one or more Certified Authorities (CAs), these certificates are available for all HTTPS or FTPS operations.
Page 191 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Enable admin system-ca-certificates use-public-ca-store Disable no admin system-ca-certificates use-public-ca-store Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 6.8.2.3 List of Root Certificates in the Trusted Certificate Store The Trusted Certificate Store adds the following X.509 v3 root certificates when enabled:...
Page 192 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • QuoVadis_Root_CA Subject Name: /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority Fingerprint: DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 Issued: Mar 19 18:33:33 2001 GMT Expires: Mar 17 18:33:33 2021 GMT • DigiCert_Global_Root_G2 Subject Name: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2...
Page 193 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Fingerprint: CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 Issued: Nov 27 20:46:29 2006 GMT Expires: Apr 2 21:42:02 2030 GMT • IGC_A Subject Name: /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/ emailAddress=igca@sgdn.pm.gouv.fr Fingerprint: 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C Issued: Dec 13 14:29:23 2002 GMT Expires: Oct 17 14:29:22 2020 GMT •...
Page 194 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Fingerprint: 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 Issued: Apr 6 07:29:40 2001 GMT Expires: Apr 6 07:29:40 2021 GMT • GeoTrust_Primary_Certification_Authority_-_G3 Subject Name: /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3...
Page 195 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • DST_Root_CA_X3 Subject Name: /O=Digital Signature Trust Co./CN=DST Root CA X3 Fingerprint: DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 Issued: Sep 30 21:12:19 2000 GMT Expires: Sep 30 14:01:15 2021 GMT • Comodo_Secure_Services_root Subject Name: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate...
Page 196 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Issued: Dec 17 09:23:49 2002 GMT Expires: Dec 16 09:15:38 2015 GMT • S-TRUST_Universal_Root_CA Subject Name: /C=DE/O=Deutscher Sparkassen Verlag GmbH/OU=S-TRUST Certification Services/CN=S- TRUST Universal Root CA Fingerprint: 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A Issued: Oct 22 00:00:00 2013 GMT...
Page 197 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: Jul 4 17:20:04 2006 GMT Expires: Jul 4 17:20:04 2031 GMT • ACCVRAIZ1 Subject Name: /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES Fingerprint: 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 Issued: May 5 09:37:37 2011 GMT Expires: Dec 31 09:37:37 2030 GMT •...
Page 198 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • AddTrust_Public_Services_Root Subject Name: /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root Fingerprint: 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5 Issued: May 30 10:41:50 2000 GMT Expires: May 30 10:41:50 2020 GMT • thawte_Primary_Root_CA Subject Name: /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For...
Page 199 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: Jun 21 04:00:00 1999 GMT Expires: Jun 21 04:00:00 2020 GMT • China_Internet_Network_Information_Center_EV_Certificates_Root Subject Name: /C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root Fingerprint: 4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E Issued:...
Page 200 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Fingerprint: 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 Issued: Nov 5 08:35:58 2009 GMT Expires: Nov 5 08:35:58 2029 GMT • COMODO_Certification_Authority Subject Name: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority Fingerprint: 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B Issued: Dec 1 00:00:00 2006 GMT...
Page 201 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • IdenTrust_Commercial_Root_CA_1 Subject Name: /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1 Fingerprint: DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 Issued: Jan 16 18:12:23 2014 GMT Expires: Jan 16 18:12:23 2034 GMT • Juur-SK Subject Name: /emailAddress=pki@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK Fingerprint: 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89...
Page 202 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • TC_TrustCenter_Class_3_CA_II Subject Name: /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II Fingerprint: 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 Issued: Jan 12 14:41:57 2006 GMT Expires: Dec 31 22:59:59 2025 GMT • T-TeleSec_GlobalRoot_Class_2...
Page 203 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: Dec 6 13:49:52 2011 GMT Expires: Dec 1 13:49:52 2031 GMT • RSA_Security_2048_v3 Subject Name: /O=RSA Security Inc/OU=RSA Security 2048 V3 Fingerprint: 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42 Issued: Feb 22 20:39:23 2001 GMT Expires: Feb 22 20:39:23 2026 GMT •...
Page 204 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • Starfield_Class_2_CA Subject Name: /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority Fingerprint: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A Issued: Jun 29 17:39:16 2004 GMT Expires: Jun 29 17:39:16 2034 GMT • Staat_der_Nederlanden_Root_CA_-_G2 Subject Name: /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2...
Page 205 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: May 12 18:46:00 2000 GMT Expires: May 12 23:59:00 2025 GMT • Verisign_Class_1_Public_Primary_Certification_Authority_-_G3 Subject Name: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 1 Public Primary Certification Authority - G3...
Page 206 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • E-Tugra_Certification_Authority Subject Name: /C=TR/L=Ankara/O=E-TuxC4x9Fra EBG BilixC5x9Fim Teknolojileri ve Hizmetleri A.xC5x9E./ OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority Fingerprint: 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 Issued: Mar 5 12:09:48 2013 GMT Expires: Mar 3 12:09:48 2023 GMT • thawte_Primary_Root_CA_-_G2 Subject Name: /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc.
Page 207 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Expires: Jan 12 17:27:44 2042 GMT • Certum_Trusted_Network_CA Subject Name: /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA Fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E Issued: Oct 22 12:07:37 2008 GMT Expires: Dec 31 12:07:37 2029 GMT •...
Page 208 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Issued: Nov 1 17:14:04 2004 GMT Expires: Jan 1 05:37:19 2035 GMT • Swisscom_Root_CA_2 Subject Name: /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2 Fingerprint: 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC Issued: Jun 24 08:38:14 2011 GMT Expires: Jun 25 07:38:14 2031 GMT •...
Page 209 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: Oct 26 08:28:58 2010 GMT Expires: Oct 26 08:28:58 2040 GMT • GlobalSign_Root_CA Subject Name: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA Fingerprint: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C Issued: Sep 1 12:00:00 1998 GMT Expires: Jan 28 12:00:00 2028 GMT •...
Page 210 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • Certum_Root_CA Subject Name: /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA Fingerprint: 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18 Issued: Jun 11 10:46:39 2002 GMT Expires: Jun 11 10:46:39 2027 GMT • EBG_Elektronik_Sertifika_Hizmet_SaÄŸlayÄ±cÄ±sÄ± Subject Name: /CN=EBG Elektronik Sertifika Hizmet SaxC4x9FlayxC4xB1cxC4xB1sxC4xB1/O=EBG BilixC5x9Fim Teknolojileri ve Hizmetleri A.xC5x9E./C=TR...
Page 211 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • AddTrust_Low-Value_Services_Root Subject Name: /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root Fingerprint: CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D Issued: May 30 10:38:31 2000 GMT Expires: May 30 10:38:31 2020 GMT • DigiCert_High_Assurance_EV_Root_CA Subject Name: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA...
Page 212 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • GeoTrust_Primary_Certification_Authority Subject Name: /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority Fingerprint: 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 Issued: Nov 27 00:00:00 2006 GMT Expires: Jul 16 23:59:59 2036 GMT • Equifax_Secure_CA Subject Name: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority...
Page 213 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • Cybertrust_Global_Root Subject Name: /O=Cybertrust, Inc/CN=Cybertrust Global Root Fingerprint: 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 Issued: Dec 15 08:00:00 2006 GMT Expires: Dec 15 08:00:00 2021 GMT • Global_Chambersign_Root_-_2008 Subject Name: /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/ serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008...
Page 214 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Expires: Jan 19 03:14:07 2038 GMT • Atos_TrustedRoot_2011 Subject Name: /CN=Atos TrustedRoot 2011/O=Atos/C=DE Fingerprint: 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 Issued: Jul 7 14:58:30 2011 GMT Expires: Dec 31 23:59:59 2030 GMT • Root_CA_Generalitat_Valenciana Subject Name:...
Page 215 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Expires: Aug 1 23:59:59 2028 GMT • Microsec_e-Szigno_Root_CA Subject Name: /C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA Fingerprint: 23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D Issued: Apr 6 12:28:44 2005 GMT Expires: Apr 6 12:28:44 2017 GMT • Izenpe.com Subject Name: /C=ES/O=IZENPE S.A./CN=Izenpe.com...
Page 216 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide • EC-ACC Subject Name: /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC Fingerprint: 28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 Issued: Jan 7 23:00:00 2003 GMT Expires: Jan 7 22:59:59 2031 GMT •...
Page 217 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Issued: Oct 1 00:00:00 1999 GMT Expires: Jul 16 23:59:59 2036 GMT Section 6.8.3 Managing CA Certificates for the Trusted Certificate Store To establish trust between the device and an endpoint (e.g. server, portal, etc.), add the necessary CA certificates to the Trusted Certificate Store.
Page 218 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Section 6.8.3.3 Deleting a CA Certificate from the Trusted Certificate Store To delete a CA certificate from the Trusted Certificate Store, do the following: Make sure the CLI is in Configuration mode.
Page 219 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • certificate is the name of the certificate This table or list provides the following information: Parameter Description issuer Synopsis: A string subject Synopsis: A string not-before Synopsis: A string This certificate is not valid before this date.
Page 220 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Section 6.8.4.3 Adding a CA Certificate and CRL To add a certificate issued by a Certified Authority (CA) and its associated Certificate Revocation List (CRL), do the following: NOTE Only admin users can read/write certificates and keys on the device.
Page 221 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Section 6.8.4.4 Deleting a CA Certificate and CRL To delete a certificate issued by a Certified Authority (CA) and its associated Certificate Revocation List (CRL), do the following: Make sure the CLI is in Configuration mode.
Page 222 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Section 6.8.5.2 Adding a Private Key To add an unsigned private key, do the following: Make sure the CLI is in Configuration mode. Add the private key by typing: security crypto private-key name Where: •...
Page 223 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security • Section 6.8.6.2, “Adding a Public Key” • Section 6.8.6.3, “Adding an IPSec-Formatted Public Key” • Section 6.8.6.4, “Deleting a Public Key” Section 6.8.6.1 Viewing a List of Public Keys To view a list of unsigned public keys, type:...
Page 224 {end} is the either the left (local router) or right (remote router) connection end. Type must be set to rsasig to display the public key. The public key can be copied from the System Public Key form and added to another RUGGEDCOM ROX II device, as described in the following procedure, or to a RUGGEDCOM ROX device.
Page 225 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Section 6.8.6.4 Deleting a Public Key To delete an unsigned public key, do the following: Make sure the CLI is in Configuration mode. Delete the public key by typing: no security crypto public-key name Where name is the name of the public key Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 226 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Section 6.8.7.2 Viewing the Status of a Certificate To view the status of a certificate, type: show security crypto certificate certificate status Where: • certificate is the name of the certificate ruggedcom# show security crypto certificate ssl-cert status...
Page 227 Managing Known Hosts RUGGEDCOM ROX II maintains a Known Hosts list for defining each SSH (SCP) server the device pulls updates or files from. Servers are identified by their host name or IP address. Users can further define a specific port on the server designated for SSH communications and/or an SSH/RSA public key.
Page 228 • port is a specific port on the server configured for SSH communications. If no port is specified, RUGGEDCOM ROX II will access any port on the server that supports SSH. • key is the authorized SSH/RSA public key associated with the server.
Page 229 Internet users from accessing private networks (Intranets) connected to the Internet. When the RUGGEDCOM ROX II firewall is enabled, the router serves as a gateway machine through which all messages entering or leaving the Intranet pass. The router examines each message and blocks those that do not meet the specified security criteria.
Page 230 Section 6.9.16, “Validating a Firewall Configuration” • Section 6.9.17, “Enabling/Disabling a Firewall” Section 6.9.1 Firewall Concepts This section describes some of the concepts important to the implementation of firewalls in RUGGEDCOM ROX II. CONTENTS • Section 6.9.1.1, “Stateless vs. Stateful Firewalls” • Section 6.9.1.2, “Linux netfilter”...
Page 231 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security RUGGEDCOM ROX II implements an IP firewall using a structured user interface to configure iptables rules and netfilter rulesets. Section 6.9.1.3 Network Address Translation Network Address Translation (NAT) enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic.
Page 232 Protecting Against a SYN Flood Attack RUGGEDCOM ROX II responds to SYN packets according to the TCP standard by replying with a SYN-ACK packet for open ports and an RST packet for closed ports. If the device is flooded by a high frequency of SYN packets, the port being flooded may become unresponsive.
Page 233 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security If no firewalls have been configured, add firewalls as needed. For more information, refer to Section 6.9.3, “Adding a Firewall”. Section 6.9.3 Adding a Firewall To add a new firewall, do the following: Make sure the CLI is in Configuration mode.
Page 234 Section 6.9.5 Working with Multiple Firewall Configurations RUGGEDCOM ROX II allows users to create multiple firewall configurations and work with one configuration while another is active. To set one configuration as the working configuration and another as the active configuration, do the following: Make sure the CLI is in Configuration mode.
Page 235 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Configure a host for the interface that carries the unencrypted IPsec traffic. Make sure the VPN zone is associated with the interface. If VPN tunnels to multiple remote sites are required, make sure host entry exists for each or collapse them into a single subnet.
Page 236 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide To configure the firewall for a VPN in a DMZ, do the following: Make sure a basic firewall has been configured. For more information about configuring a firewall, refer to Section 6.9.3, “Adding a Firewall”.
Page 237 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Zone Description Demilitarized zone The firewall itself Vpn1 IPsec connections on w1ppp Vpn2 IPsec connections on w2ppp New zones may be defined as needed. For example, if each Ethernet interface is part of the local network zone, disabling traffic from the Internet zone to the local network zone would disable traffic to all Ethernet interfaces.
Page 238 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Make sure the CLI is in Configuration mode. Add the zone by typing: security firewall fwconfig firewall fwzone zone Where: • firewall is the name of the firewall • zone is the name of the zone...
Page 239 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Section 6.9.10 Managing Interfaces Firewall interfaces are the LAN and WAN interfaces available to the router. Each interface must be placed in a network zone. If an interface supports more than one zone, its zone must be marked as undefined and the interface must use the zone host's setup to define a zone for each subnet on the interface.
Page 240 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Section 6.9.10.2 Adding an Interface To configure an interface for a firewall, do the following: Display the list of available interfaces by typing: show running-config ip Record the name of the chosen interface.
Page 241 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Configure a broadcast address for the interface. For more information configuring a broadcast address, refer Section 6.9.10.4, “Configuring a Broadcast Address”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 242 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide no security firewall fwconfig firewall fwinterface name Where: • firewall is the name of the firewall • name is the name of the interface Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 243 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security If no hosts have been configured, add hosts as needed. For more information, refer to Section 6.9.11.2, “Adding a Host”. Section 6.9.11.2 Adding a Host To add a new host for a firewall, do the following: Make sure the CLI is in Configuration mode.
Page 244 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Make sure the CLI is in Configuration mode. Delete the host by typing: no security firewall fwconfig firewall fwhost name Where: • firewall is the name of the firewall • name is the name of the host Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 245 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Section 6.9.12.1 Viewing a List of Policies To view a list of policies, type: show running-config security firewall fwconfig firewall fwpolicy Where: • firewall is the name of the firewall If policies have been configured, a table or list similar to the following example appears:...
Page 246 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Parameter Description (Optional) The description string for this policy. Configure the source zone for the policy. For more information, refer to Section 6.9.12.3, “Configuring the Source Zone”. Configure the destination zone for the policy. For more information, refer to Section 6.9.12.4, “Configuring...
Page 247 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security no security firewall fwconfig firewall fwpolicy policy Where: • firewall is the name of the firewall • policy is the name of the policy Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 248 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide If no NAT settings have been configured, add NAT settings as needed. For more information, refer to Section 6.9.13.2, “Adding a NAT Setting”. Section 6.9.13.2 Adding a NAT Setting To configure a Network Address Translation (NAT) entry, do the following: Make sure the CLI is in Configuration mode.
Page 249 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Delete the entry by typing: no security firewall fwconfig firewall fwnat name Where: • firewall is the name of the firewall • name is the name of the network address translation entry Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 250 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide If no masquerade or SNAT settings have been configured, add masquerade or SNAT settings as needed. For more information, refer to Section 6.9.14.2, “Adding Masquerade or SNAT Settings”. Section 6.9.14.2 Adding Masquerade or SNAT Settings...
Page 251 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Section 6.9.14.3 Deleting a Masquerade or SNAT Setting To delete a masquerade or SNAT setting, do the following: Make sure the CLI is in Configuration mode. Delete the masquerade or SNAT setting by typing:...
Page 252 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide fwrule Rule2 action accept source-zone man destination-zone man no description If no rules have been configured, add rules as needed. For more information, refer to Section 6.9.15.2, “Adding a Rule”. Section 6.9.15.2 Adding a Rule To configure a rule for a firewall, do the following: Make sure the CLI is in Configuration mode.
Page 253 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Parameter Description • dnat: Forwards the request to another system and (optionally) another port. • dnat-: Only generates the DNAT IPtables rule and not the companion ACCEPT rule. • drop: The connection request is ignored. No notification is sent.
Page 254 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Parameter Description other { other } Synopsis: A string Type a custom definition - this can be a comma-separated list of zones. All zones Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 255 RUGGEDCOM ROX II Chapter 6 CLI User Guide Security Set the firewall as the working configuration by typing: security firewall work-config name Where: • name is the name of the firewall configuration Type commit and press Enter to save the changes. The system validates the firewall configuration and displays the results.
Page 256 Chapter 6 RUGGEDCOM ROX II Security CLI User Guide Enabling/Disabling a Firewall...
Page 257 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment IP Address Assignment This chapter describes features related to the assignment of IP addresses, such as DHCP and DNS. CONTENTS • Section 7.1, “Managing IP Addresses for Routable Interfaces” •...
Page 258 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.1.2 Viewing Statistics for Routable Interfaces To view statistics for all routable interfaces, type: show interfaces ip A table or list similar to the following appears: ruggedcom# show interfaces ip...
Page 259 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Parameter Description This parameter is mandatory. bytes Synopsis: A 64-bit unsigned integer The number of bytes transmitted. This parameter is mandatory. packets Synopsis: A 64-bit unsigned integer The number of packets transmitted.
Page 260 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide 192.168.0.12/24 172.30.150.12/19 switch.0001 switch.0011 192.168.11.1/24 switch.0012 192.168.12.1/24 switch.0014 192.168.14.1/24 If no addresses have been configured, add addresses as needed. For more information, refer to Section 7.1.3.2, “Adding an IPv4 Address”.
Page 261 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Section 7.1.4 Managing IPv6 Addresses This section describes how to manage IPv6 addresses for a routable interface. CONTENTS • Section 7.1.4.1, “Viewing a List of IPv6 Addresses” • Section 7.1.4.2, “Adding an IPv6 Address”...
Page 262 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.1.4.3 Deleting an IPv6 Address To delete an IPv6 address for a routable interface, do the following: Make sure the CLI is in Configuration mode. Delete the address by typing:...
Page 263 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Make sure the CLI is in Configuration mode. Type the following command: ip interface ipv6 nd Where: • interface is the name of the interface Configure neighbor discovery by configuring the following parameter(s) as required:...
Page 264 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 7.1.6 Managing IPv6 Network Prefixes An IPv6-capable interface can use Neighbor Discovery to advertise IPv6 network prefixes to its neighbor on the same link.
Page 265 DHCP servers. When a request is received from a client, RUGGEDCOM ROX II forwards the request to each of the configured DHCP servers. When a reply is received from a server, RUGGEDCOM ROX II forwards the reply back to the originating client.
Page 266 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide • Section 7.2.2, “Assigning a DHCP Server Address” • Section 7.2.3, “Viewing a List of DHCP Client Ports” • Section 7.2.4, “Adding a DHCP Client Port” • Section 7.2.5, “Deleting a DHCP Client Port”...
Page 267 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment ruggedcom# show running-config switch dhcp-relay-agent dhcp-client-ports switch dhcp-relay-agent dhcp-client-ports lm1 1 If no client ports have been configured, add client ports as needed. For more information, refer to Section 7.2.4, “Adding a DHCP Client...
Page 268 Figure 4: Topology – Device as a Relay Agent 1. DHCP Server 2. LAN A 3. Client 2 4. LAN B 5. DHCP Relay Agent (RUGGEDCOM ROX II Device) 6. LAN C 7. Client 1 To configure the device as a DHCP relay agent per the topology, do the following: Configure the device as a DHCP relay agent: Add VLAN 2 and VLAN 3.
Page 269 Section 7.3.1 Viewing a List of Active Leases RUGGEDCOM ROX II can generate a list of active leases. The list includes the start and end times, hardware Ethernet address, and client host name for each lease. To view a list of active leases, do the following: To view a list of active leases, type: •...
Page 270 Device as a DHCP Server to Support a Relay Agent”. [Optional] Configure a separate device as a DHCP relay agent. The relay agent may be a RUGGEDCOM ROX II device, a RUGGEDCOM ROS device, or a third party device with relay agent capabilities.
Page 271 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment [Optional] If a dynamic IP address is needed for the relay agent, create a subnet for the DHCP relay agent. For more information about creating subnets, refer to Section 7.3.8.2, “Adding a Subnet”.
Page 272 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide • For IPv6 services » dhcpserver6 » options Configure the following parameter(s) as required: IMPORTANT! For IPv4 only: If DHCP relay (or Option 82) clients are used on the same subnet as the DHCP server, some clients will try to renew a lease immediately after receiving it by requesting a renewal directly from the DHCP server.
Page 273 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Section 7.3.5.1 Configuring Standard DHCP Client Configuration Options (IPv4) Configuration options for DHCP clients can be configured globally or for an individual shared network, subnet, host group or host. NOTE Options set for individual shared networks, subnets, host groups or hosts override the options set at the global level.
Page 274 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Parameter Description The NIS domain name that the DHCP server offers to the client when it issues the lease to the client. Define the NetBios server settings by configuring the following parameters as required:...
Page 275 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Parameter Description domain-search { domain-search } Synopsis: A string 1 to 773 characters long The domain search list that the server offers to the client when it issues the lease to the client.
Page 276 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.5.4 Adding a Custom DHCP Client Configuration Option To add a custom client option, do the following: NOTE The number of the option (defined by the Internet Assigned Numbers Authority or IANA) and its allowed value must be known before a custom option can be configured.
Page 277 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment NOTE Custom options at the {path} level are only available for IPv4. For example, to access the custom IPv4 options for a shared network named Shared, navigate to: services » dhcpserver » shared-network » Shared » options » client » custom To access custom IPv4 options at the global level, navigate to: services »...
Page 278 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide If no DHCP listen interfaces have been configured, add interfaces as needed. For more information, refer to Section 7.3.6.2, “Adding a DHCP Listen Interface”. Section 7.3.6.2 Adding a DHCP Listen Interface To add a DHCP listen interface, do the following: Make sure the CLI is in Configuration mode.
Page 279 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment multiple virtual networks exist on one physical interface. Each subnet then gets its own subnet definition inside the shared network rather than at the top level. Shared networks contain subnets, groups and hosts.
Page 280 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide • For IPv6 services dhcpserver6 shared-network name Where: • name is the name of the shared network Configure options for the shared network. For more information, refer to Section 7.3.7.3, “Configuring Shared Network Options”.
Page 281 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Parameter Description authorize-server Enables/disables the server's authorization on this client. If enabled, the server will send deny messages to the client that is trying to renew the lease, which the server knows the client shouldn't have.
Page 282 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.8.1 Viewing a List of Subnets To view a list of subnets, type: • For IPv4 show running-config services dhcpserver subnet-name • For IPv6 show running-config services dhcpserver6 subnet6-name...
Page 283 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Parameter Description The shared-network that this host belongs to. Parameter Description network-ip { network-ip } Synopsis: A string 4 to 43 characters long The network IPv6 address for this subnet.
Page 284 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Parameter Description The minimum leased time in seconds that the server offers to the clients. maximum { maximum } Synopsis: A 32-bit unsigned integer Default: 7200 The maximum leased time in seconds that the server offers to the clients.
Page 285 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 7.3.8.4 Deleting a Subnet To delete a subnet, do the following: Make sure the CLI is in Configuration mode.
Page 286 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide options client no hostname no subnetmask no default-route no broadcast no domain no dns-server no static-route no nis server no nis domain If no host groups have been configured, add host groups as needed. For more information, refer to Section 7.3.9.2, “Adding a Host...
Page 287 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Change the mode to Edit Private or Edit Exclusive. Navigate to: • For IPv4 services » dhcpserver » host-groups » {host} » options • For IPv6 services » dhcpserver6 » host-groups » {host} » options Where {host} is the name of the host group.
Page 288 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Parameter Description The subnet that this host belongs to. [Optional] Configure configuration options for DHCP clients at the host group level. For more information, refer to refer to Section 7.3.5.1, “Configuring Standard DHCP Client Configuration Options (IPv4)”...
Page 289 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment • For IPv6 show running-config services dhcpserver6 host If hosts have been configured, a table or list similar to the following example appears: ruggedcom# show running-config services dhcpserver host APE-INT...
Page 290: Navigate To
Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide NOTE Options set at the host level override options set at the DHCP server level. Make sure the CLI is in Configuration mode. Navigate to: • For IPv4 services » dhcpserver » hosts » {host} » options •...
Page 291: For Ipv6
RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Parameter Description The host groups that this host belongs to. • For IPv6 Parameter Description Synopsis: A string 6 to 40 characters long fixed-ip { fixed-ip } The IPv6 address that the server assigns to the matching client.
Page 292 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.11 Managing Address Pools (IPv4) Address pools define a range of IP addresses that can be assigned to DHCP clients belonging to the same subnet. CONTENTS • Section 7.3.11.1, “Viewing a List of Address Pools (IPv4)”...
Page 293: Synopsis: A 32-Bit Unsigned Integer Default
RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Where: • name is the name of the subnet • description is the name of the IP pool Configure the leased time settings by configuring the following parameter(s): Parameter...
Page 294 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.12 Managing Address Pools (IPv6) Address pools define a range of IP addresses that can be assigned to DHCP clients belonging to the same subnet. CONTENTS • Section 7.3.12.1, “Viewing a List of Address Pools (IPv6)”...
Page 295: Synopsis: A 32-Bit Unsigned Integer Default
RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment • ippoolname is the name of the IPv6 pool Configure the leased time settings by configuring the following parameter(s): Parameter Description default { default } Synopsis: A 32-bit unsigned integer Default: ...
Page 296 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.13 Managing IP Ranges (IPv4) An IP range represents the range of IP addresses the DHCP server can assign to clients. IP addresses outside the set range are reserved for statically addressed clients.
Page 297 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment • For a DHCP subnet services dhcpserver subnet-name name options iprange start end end • For an address pool services dhcpserver subnet-name name options ippool description iprange start end end Where: •...
Page 298 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.14.1 Viewing a List of IP Ranges (IPv6) To view a list of IP ranges configured for a DHCP subnet, type: • For DHCP IPv6 subnets show running-config services dhcpserver6 subnet6-name name options iprange6 •...
Page 299 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment Section 7.3.14.3 Deleting an IP Range (IPv6) To delete an IP range from a DHCP subnet or one of its associated address pools, do the following: Make sure the CLI is in Configuration mode.
Page 300 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide dhcpserver6 subnet6-name sub2 options prefix6 2001:db8:28d2:f0:: 2001:db8:28d2:f0:: bits 60 If no prefixes have been configured, add ranges as needed. For more information, refer to Section 7.3.15.2, “Adding an IPv6 Prefix”.
Page 301 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment • prefix is the prefix Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 7.3.16 Managing Temporary Subnets One or more optional IPv6 subnets with temporary addresses can be defined for the server to offer to the client.
Page 302 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide services dhcpserver6 subnet6-name name options temporarysubnet6 temporaryname Where: • name is the name of the subnet • temporaryname is the name of the temporary subnet Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 303 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment subnet6-name sub2 options subnet6 2001:db8:28d2::/64 If no prefixes have been configured, add ranges as needed. For more information, refer to Section 7.3.15.2, “Adding an IPv6 Prefix”. Section 7.3.17.2 Adding a IPv6 Subnet To add a IPv6 subnet, do the following: Make sure the CLI is in Configuration mode.
Page 304 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.3.18 Managing Option 82 Classes for Address Pools Option 82, or the DHCP relay agent information option, helps protect the DHCP server from IP address spoofing and DHCP IP starvation attacks by providing information about the network source of IP address requests. When a DHCP client issues an IP address request, a DHCP relay agent adds Option 82 information to the packet header for the request.
Page 305 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment If no Option 82 classes have been configured, add classes as needed. For more information, refer to Section 7.3.18.2, “Adding an Option 82 Class to an Address Pool”. Section 7.3.18.2 Adding an Option 82 Class to an Address Pool To add an Option 82 class to an address pool, do the following: Make sure the CLI is in Configuration mode.
Page 306 P1, PVID=2 Figure 5: Topology – Device as a DHCP Server 1. DHCP Server (RUGGEDCOM ROX II Device) 2. LAN A 3. Client 2 4. LAN B 5. DHCP Relay Agent 6. LAN C 7. Client 1 To configure the device per the topology, do the following: Configure a separate device as the DHCP relay agent:...
Page 307 CLI User Guide IP Address Assignment Change the PVID of port 2 to PVID 3. If the relay agent being used is a RUGGEDCOM ROX II device, refer to Section 7.2.6, “Example: Configuring the Device as a Relay Agent” for more information.
Page 308 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide 12. Configure the following option82 class for LAN-B_VLAN3 pool: Class Name Remote ID Circuit ID LAN-B_Option 00:0a:dc:00:00:00 00:03:00:02 The Remote ID represents the MAC address of the DHCP relay agent, 00:03 denotes the VLAN ID and 00:02 represents the line module (if applicable) and the port number of the DHCP relay agent where Client 2 is connected.
Page 309 RUGGEDCOM ROX II Chapter 7 CLI User Guide IP Address Assignment default-route 172.16.10.1 no broadcast no domain no dns-server no static-route no nis server no nis domain subnet-name "LAN B-10" network-ip 10.10.10.0/24 shared-network LAN.10-LAN.172 options no unknown-client ippool LAN-B_VLAN3 no unknown-client iprange 10.10.10.10...
Page 310 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide Section 7.4 Managing Static DNS This section describes how to reserve a static or fixed IP address for the device. While it is more common to obtain a random address from a dynamic DNS server, obtaining a fixed address from a static DNS server may be required to connect to Virtual Private Networks (VPNs) or other remote access services that only trust specific IP addresses.
Page 311 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 7.4.2 Managing Domain Name Servers A hierarchical list of domain name servers can be configured for the DNS service. RUGGEDCOM ROX II will contact each server in the order they are listed when domain names require resolution. CONTENTS •...
Page 312 Chapter 7 RUGGEDCOM ROX II IP Address Assignment CLI User Guide If no domain name servers have been configured, add servers as needed. For more information, refer to Section 7.4.2.2, “Adding a Domain Name Server”. Section 7.4.2.2 Adding a Domain Name Server To add a domain name server, do the following: Make sure the CLI is in Configuration mode.
Page 313 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Layer 2 This chapter describes the Layer 2, or Data Link Layer (DLL), features of RUGGEDCOM ROX II. CONTENTS • Section 8.1, “Managing Switched Ethernet Ports” • Section 8.2, “Managing Ethernet Trunk Interfaces”...
Page 314 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide switch lm1 1 auton speed auto duplex auto switchport no flow-control no alias rate-limiting no ingress-limit no egress-limit port-security no shutdown-time no admin-shutdown dot1x no reauth-enable lldp no notify mcast-filtering...
Page 315 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 depended on it and potentially invalidate parts of the device configuration. For example, if a switched Ethernet port is a trunk port, changing it to dedicated routing mode will automatically remove it from the trunk and, therefore, make the trunk invalid.
Page 316 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description ipv6-address-src { ipv6-address-src } Synopsis: { static, dynamic } Default: static Whether the IPv6 address is static or dynamically assigned via DHCPv6. Option DYNAMIC is a common case of a dynamically assigned IPv6 address. This must be static for non- management interfaces.
Page 317 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 NOTE Multicast filtering, CoS and VLAN parameters are only available when the port is in switchport mode. Configure the Multicast filtering settings by configuring the following parameter(s) as required: Parameter...
Page 318 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description • ADVERTISE ONLY : the port will declare all VLANs existing in the switch (configured or learned) but will not learn any VLANs. • ADVERTISE and LEARN : the port will declare all VLANs existing in the switch (configured or learned) and can dynamically learn VLANs.
Page 319 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Parameter Description This parameter is mandatory. out-pkts Synopsis: A 32-bit unsigned integer The number of transmitted good packets. This parameter is mandatory. error-pkts Synopsis: A 32-bit unsigned integer The number of any type of erroneous packets.
Page 320 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description This parameter is mandatory. speed Synopsis: { auto, 1.5M, 2.4M, 10M, 100M, 1G, 10G, 1.776M, 3.072M, 7.2M, 1.2K, 2.4K, 9.6K, 19.2K, 38.4K, 57.6K, 115.2K, 230.4K, 4.8K, 76.8K } Speed (in Megabits-per-second or Gigabits-per-second) This parameter is mandatory.
Page 321 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 pkts 1024to1518 octets 1640 This table or list provides the following information: Parameter Description Synopsis: A 64-bit unsigned integer in-octets The number of octets in received good packets (Unicast+Multicast+Broadcast) and dropped packets.
Page 322 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description This parameter is mandatory. undersize-pkts Synopsis: A 64-bit unsigned integer The number of received packets which meet all the following conditions: 1. The packet data length is less than 64 octets. 2. A Collision Event has not been detected. 3. A Late Collision Event has not been detected.
Page 323 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Parameter Description The number of received and transmitted packets with size of 512 to 1023 octets. This includes received and transmitted packets as well as dropped and local received packets. This does not include rejected received packets This parameter is mandatory.
Page 324 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Section 8.1.8.1 Running a Cable Diagnostic Test To run a cable diagnostic test on a specific port, type: IMPORTANT! When cable diagnostics are performed on a port, any established network link on the port will be dropped and normal network traffic will not be able to pass through either the Port Under Test (PUT) or the Partner Port.
Page 325 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 This list provides the following information: Parameter Description running Synopsis: { true, false } Whether or not a cable test is currently running on this port This parameter is mandatory.
Page 326 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Clearing All Cable Diagnostic Statistics To clear the statistics, type: switch clear-cable-stats-all Clearing Cable Diagnostic Statistics for a Specific Switchport To clear only the statistics for a specific switchport, type:...
Page 327 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 If no Ethernet trunk interfaces have been configured, add trunks as needed. For more information, refer to Section 8.2.2, “Adding an Ethernet Trunk Interface”. Section 8.2.2 Adding an Ethernet Trunk Interface To add an Ethernet trunk interface, do the following: Make sure the CLI is in Configuration mode.
Page 328 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description • ADVERTISE ONLY : the port will declare all MCAST addresses existing in the switch (configured or learned) but will not learn any MCAST addresses. • ADVERTISE and LEARN : the port will declare all MCAST Addresses existing in the switch (configured or learned) and can dynamically learn MCAST addresses.
Page 329 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.2.3 Deleting an Ethernet Trunk Interface To delete an Ethernet trunk interface, do the following: Make sure the CLI is in Configuration mode. Delete the interface by typing: no interface trunks id Where: •...
Page 330 Managing MAC Addresses As part of the Layer 2 functionality, RUGGEDCOM ROX II maintains a Media Access Control (MAC) address table, a list of unique MAC addresses for network interfaces that can communicate with the device at the data link layer.
Page 331 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.3.1 Viewing a Dynamic List of MAC Addresses To view a dynamic list of learned MAC addresses, type: show switch mac-tables mac-table A table or list similar to the following example appears:...
Page 332 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide • Configure the address on the device as a static MAC address. For more information, refer to Section 8.3.4.2, “Adding a Static MAC Address”. Section 8.3.2 Purging the Dynamic MAC Address List...
Page 333 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Prioritized MAC addresses are configured when traffic to or from a specific device on a LAN segment is to be assigned a higher CoS priority than other devices on that LAN segment.
Page 334 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Parameter Description learned If set, the system will auto-learn the port upon which the device with this address is located. Synopsis: A string slot { slot } The name of the module location provided on the silkscreen across the top of the device.
Page 335 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.4.1 Multicast Filtering Concepts This section describes some of the concepts important to the implementation of multicast filtering in RUGGEDCOM ROX II. CONTENTS • Section 8.4.1.1, “IGMP” • Section 8.4.1.2, “GMRP (GARP Multicast Registration Protocol)”...
Page 336 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide One producer IP host (P1) is generating two IP multicast streams, M1 and M2. There are four potential consumers of these streams, C1 through C4. The multicast router discovers which host wishes to subscribe to which stream by sending general membership queries to each segment.
Page 337 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 • Packets with a destination IP multicast address in the 224.0.0.X range that are not IGMP are always forwarded to all ports. This behavior is based on the fact that many systems do not send membership reports for IP multicast addresses in this range while still listening to such packets.
Page 338 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Figure 7: Example – Combined Router and Switch IGMP In Operation 1. Producer 2. Multicast Router 1 3. Multicast Router 2 4. Switch 5. Host In this example: • P1, Router 1, Router 2 and C3 are on VLAN 2 •...
Page 339 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.4.1.2 GMRP (GARP Multicast Registration Protocol) The GARP Multicast Registration Protocol (GMRP) is an application of the Generic Attribute Registration Protocol (GARP) that provides a Layer 2 mechanism for managing multicast group memberships in a bridged Layer 2 network.
Page 340 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Example: Establishing Membership with GMRP The following example illustrates how a network of hosts and switches can dynamically join two multicast groups using GMRP. In this scenario, there are two multicast sources, S1 and S2, multicasting to Multicast Groups 1 and 2, respectively.
Page 341 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 • Host H1, connected to Port E2, thus receives the Group 1 multicast. • Source S2 transmits multicast traffic to Port A2, which is then forwarded via port A1, which has previously become a member of Multicast Group 2.
Page 342 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Section 8.4.3.1 Configuring IGMP Snooping To configure IGMP snooping, do the following: Make sure the CLI is in Configuration mode. Navigate to switch » mcast-filtering » igmp-snooping and configure the following parameter(s) as required:...
Page 343 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.4.3.3 Adding a Router Port To add a router port for IGMP snooping, do the following: Make sure the CLI is in Configuration mode. Add the router port by typing:...
Page 344 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide If entries have been established, a table or list similar to the following example appears: ruggedcom# show running-config switch mcast-filtering static-mcast-table switch mcast-filtering static-mcast-table 10 01:00:00:01:01:01 If no entries have been configured, add entries as needed. For more information, refer to Section 8.4.4.2, “Adding...
Page 345 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.4.5 Managing Egress Ports for Multicast Groups This section describes how to configure and manage egress ports for a multicast group. CONTENTS • Section 8.4.5.1, “Viewing a List of Egress Ports”...
Page 346 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide • slot is the name of the module location • port is the port number (or a list of ports, if aggregated in a port trunk) for the module Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 347 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.4.7 Viewing a List of IP Multicast Groups To view a list of all multicast groups, type: show switch mcast-filtering ip-mcast-groups If IP multicast groups have been configured, a table or list similar to the following example appears:...
Page 348 Section 8.5.6, “Managing Forbidden Ports” • Section 8.5.7, “Managing VLANs for Interfaces and Tunnels” Section 8.5.1 VLAN Concepts This section describes some of the concepts important to the implementation of VLANs in RUGGEDCOM ROX II. CONTENTS • Section 8.5.1.1, “Tagged vs. Untagged Frames” •...
Page 349 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Section 8.5.1.2 Native VLAN Each port is assigned a native VLAN number, the Port VLAN ID (PVID). When an untagged frame ingresses a port, it is associated with the port's native VLAN.
Page 350 The native operation mode for an IEEE 802.1Q compliant switch is VLAN-aware. Even if a specific network architecture does not use VLANs, RUGGEDCOM ROX II's default VLAN settings allow the switch to still operate in a VLAN-aware mode, while providing functionality required for almost any network application. However, the IEEE 802.1Q standard defines a set of rules that must be followed by all VLAN-aware switches:...
Page 351 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Figure 9: Using GVRP 1. Switch 2. End Node • Switch B is the core switch, all others are edge switches • Ports A1, B1 to B4, C1, D1, D2 and E1 are GVRP aware •...
Page 352 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide prohibited from sending frames to one another, but are still permitted to send frames to other, non-protected ports within the same VLAN. This protection extends to all traffic on the VLAN, including unicast, multicast and broadcast traffic.
Page 353 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Figure 10: Multiple Overlapping VLANs 1. VLAN 2. Switch Administrative Convenience VLANs enable equipment moves to be handled by software reconfiguration instead of by physical cable management. When a host's physical location is changed, its connection point is often changed as well. With VLANs, the host's VLAN membership and priority are simply copied to the new port.
Page 354 Configuring the Internal VLAN Range RUGGEDCOM ROX II creates and utilizes internal VLANs for internal functions. To provide RUGGEDCOM ROX II with a pool of VLAN IDs to pull from when creating internal VLANs, a range of VLAN IDs must be reserved.
Page 355 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 To configure the internal VLAN range, do the following: Make sure the CLI is in Configuration mode. Navigate to admin » switch-config and configure the following parameter(s) as required: NOTE Internal VLAN ranges are enabled by default whenever a serial module is detected, and are disabled otherwise.
Page 356 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Section 8.5.4 Managing VLANs for Switched Ethernet Ports This section describes how to configure and manage VLANs assigned to switched Ethernet ports. CONTENTS • Section 8.5.4.1, “Viewing VLAN Assignments for Switched Ethernet Ports”...
Page 357 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Make sure the CLI is in Configuration mode. Navigate to switch » vlans » all-vlans » {id}, where {id} is the ID of the VLAN and configure the following parameter(s) as needed: Parameter...
Page 358 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide If static VLANs have been configured, a table or list similar to the following example appears: ruggedcom# show running-config switch vlans static-vlan | tab IGMP SNOOPING MSTI SLOT PORT --------------------------------- If no static VLANs have been configured, add static VLANs as needed.
Page 359 RUGGEDCOM ROX II Chapter 8 CLI User Guide Layer 2 Where: • id is the ID of the VLAN Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 8.5.6 Managing Forbidden Ports Static VLANs can be configured to exclude ports from membership in the VLAN using the forbidden ports list.
Page 360 Chapter 8 RUGGEDCOM ROX II Layer 2 CLI User Guide Where: • name is the name of the static VLAN • slot is the name of the module location • port is the port number (or a list of ports, if aggregated in a port trunk) for the module Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 361 CLI User Guide Layer 3 Layer 3 This chapter describes the Layer 3, or Network layer, features of RUGGEDCOM ROX II. For information about Chapter 13, Unicast and Multicast specific protocols that operate on this network layer, such as RIP, refer to Routing.
Page 362 Chapter 9 RUGGEDCOM ROX II Layer 3 CLI User Guide NOTE In a Layer 2 switched network segment, a VLAN constitutes an IP subnet. • Next-hop gateway Media Access Control (MAC) address: this information is stored in the router's ARP Table.
Page 363 RUGGEDCOM ROX II Chapter 9 CLI User Guide Layer 3 ▫ Protocol ▫ Source TCP/UDP port ▫ Destination TCP/UDP port This learning method is more granular and requires more ASIC resources, but it provides more flexibility in firewall configuration as the rule takes the protocol and TCP/UDP port into consideration to make forwarding decisions.
Page 364 Chapter 9 RUGGEDCOM ROX II Layer 3 CLI User Guide example, a 256 Mbps multicast stream ingressing VLAN 1 and egressing VLANs 2 and 3 requires 768 Mbps (256 Mbps × 3) of ASIC bandwidth. • If a multicast packet should be forwarded to multiple egress VLANs, it egresses those VLANs sequentially rather than concurrently.
Page 365 RUGGEDCOM ROX II Chapter 9 CLI User Guide Layer 3 Make sure the CLI is in Configuration mode. To configure Layer 3 Switching , type: switch layer3-switching Configure the following parameter(s) as required: Parameter Description unicast-mode { unicast-mode } Synopsis: { disabled, auto, static } Default: ...
Page 366 Chapter 9 RUGGEDCOM ROX II Layer 3 CLI User Guide Section 9.3 Managing Static ARP Table Entries This section describes how to configure and manage static ARP table entries. CONTENTS • Section 9.3.1, “Viewing a List of ARP Table Entries” • Section 9.3.2, “Adding a Static ARP Table Entry”...
Page 367 RUGGEDCOM ROX II Chapter 9 CLI User Guide Layer 3 Section 9.3.3 Deleting a Static ARP Table Entry To delete a static ARP table entry, do the following: Make sure the CLI is in Configuration mode. Delete the key by typing:...
Page 368 Chapter 9 RUGGEDCOM ROX II Layer 3 CLI User Guide Parameter Description • Unresolved: the device hasn't resolved the MAC-IP address pair and keeps sending ARP requests periodically. If no ARP table entries have been configured, add static ARP table entries as needed. For more information, refer Section 9.3.2, “Adding a Static ARP Table...
Page 369 RUGGEDCOM ROX II Chapter 9 CLI User Guide Layer 3 Parameter Description in-vlan Synopsis: A 32-bit signed integer Identifies the ingress VLAN. To match the rule, the packet's ingress VLAN must match the number. out-vlans Synopsis: A 32-bit signed integer Identifies the egress VLAN.
Page 370 Chapter 9 RUGGEDCOM ROX II Layer 3 CLI User Guide Section 9.6 Flushing Dynamic Hardware Routing Rules Flushing dynamic hardware routing rules removed dynamic rules from the Routing Rules Summary table. NOTE Only dynamic rules can be flushed. Static rules, enabled by activating hardware acceleration, never age out.
Page 371 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Serial Server This chapter describes how to manage and configure the serial server, including serial ports, protocols, remote hosts and the Device Address Tables. NOTE Serial server functions are dependent on the installation of a serial line module. For more information about available serial line modules, refer to one of the following catalogs: •...
Page 372 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Section 10.1.1 Viewing Serial Port Statistics To view statistics collected for a specific serial port, type: show interfaces serial port A table or list similar to the following example appears: ruggedcom# show interfaces serial port | tab...
Page 373 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Parameter Description parity-errors Synopsis: A 32-bit unsigned integer The number of parity errors on this serial port. This parameter is mandatory. framing-errors Synopsis: A 32-bit unsigned integer The number of framing errors on this serial port.
Page 374 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Parameter Description This parameter is mandatory. transport Synopsis: A string 1 to 8 characters long The transport protocol (UDP or TCP) for this serial port. This parameter is mandatory.
Page 375 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Section 10.1.4 Restarting the Serial Server To restart the serial server, type: interfaces serial restart-serserver Section 10.1.5 Resetting a Serial Port To reset a serial port, type: interfaces serial port name reset Where: •...
Page 376 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Section 10.2.1.1 Raw Socket Applications The raw socket protocol transports streams of characters from one serial port on the device to a specified remote IP address and port. The raw socket protocol supports TCP and UDP transport.
Page 377 Section 10.2.1.3 DNP Applications RUGGEDCOM ROX II supports Distributed Network Protocol (DNP) version 3.0, commonly used by utilities in process automation systems. DNP3 protocol messages specify source and destination addresses. A destination address specifies which device should process the data, and the source address specifies which device sent the message.
Page 378 DNP messages. Address Learning for DNP RUGGEDCOM ROX II implements both local and remote address learning for DNP. A local Device Address Table is populated with DNP Addresses learned for local and remote DNP devices. Each DNP address is associated with either a local serial port or a remote IP address.
Page 379 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server If protocols have been configured, a table or list similar to the following example appears: ruggedcom# show interfaces serial port protocol IFNAME PROTOCOL ------------------- ser-3-1 none ser-3-2 none ser-3-3 none...
Page 380 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Parameter Description aging-timer { aging-timer } Synopsis: A 32-bit signed integer between 60 and 10800 Default: 1000 The length of time a learned DNP device in the Device Address Table may go without any DNP communication before it is removed from the table.
Page 381 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Parameter Description rtu-list { rtu-list } Synopsis: A string The ID of the RTU(s) connected to the serial port. Specify multiple RTUs with a space (e.g. 1 2 3 4) or a comma and space (e.g. 1, 2, 3, 4). A strictly comma-separated list (e.g.
Page 382 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Parameter Description local-port { local-port } Synopsis: A 32-bit signed integer between 1024 and 65535 The local TCP/UDP port to use to accept incoming connections. Synopsis: { tcp, udp } transport { transport } Default: ...
Page 383 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Where: • slot/port is the slot name and port number of the serial port If Device Address tables have been configured, a table or list similar to the following example appears:...
Page 384 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 10.4 Managing Serial Multicast Streaming RUGGEDCOM ROX II supports the ingress and egress of raw-socket UDP serial multicast streams. This section describes how to configure and manage serial multicast streaming. CONTENTS •...
Page 385 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Section 10.4.1.1 Sink vs. Source Ports A serial port can act as either a sink and/or source port: • Sink Port A sink port is a consumer of multicast packets. It registers itself to receive multicast traffic from a known multicast group IPv4 address and destination UDP port and then forwards the traffic along the serial link.
Page 386 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Configure the Local Port, Local Host Multicast IP and Local Host interface(s) for the de-encapsulation of multicast stream(s) into raw-socket serial. For more information, refer to Section 10.6.2, “Adding a Local Host”...
Page 387 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Step 1: Configure ser-1-1 Configure IP addresses for the interfaces (switch.0010 and switch.0020). For more information, refer to Section 7.1.3.2, “Adding an IPv4 Address”. Create a rawsocket connection for ser-1-1: interface serial lm1 1 protocols rawsocket For more information, refer to Section 10.2.3, “Adding a Serial Port...
Page 388 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide For more information, refer to Section 10.8.2, “Adding a Local Host Interface” Type commit and press Enter to save the changes, or type revert and press Enter to abort. Verify the configuration by typing the following:...
Page 389 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server 10.1.1.1/8 10.1.1.2/8 232.1.1.1:5001 232.1.1.1:5001 20.1.2.1/8 20.1.2.2/8 232.1.1.1:5001 232.1.1.1:5001 switch.0010 switch.0020 10.1.0.1/8 20.1.0.1/8 ser-1-1 232.1.1.1:5001 232.2.2.2:6001 ser-1-2 switch.0040 switch.0030 40.1.0.1/8 30.1.0.1/8 30.1.3.1/8 30.1.3.2/8 232.2.2.2:6001 232.2.2.2:6001 40.1.4.1/8 40.1.4.2/8 232.2.2.2:6001 232.2.2.2:6001 Figure 13: Topology - Serial Interfaces Configured as a Source for Multicast Streams 1. Serial Devices ...
Page 390 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide interface switch.0010 interface switch.0020 For more information, refer to Section 10.7.2, “Adding a Remote Host Interface” Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 391 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server protocols rawsocket setrawsocket local-port 10002 setrawsocket transport udp setrawsocket remote-host 232.2.2.2 6001 interface switch.0030 interface switch.0040 Section 10.4.5 Example: Serial Interfaces Configured as a Source and Sink for Multicast Streams This configuration example shows ser-1-1 receiving data on the wire from S1, then creating multiple raw socket connections to send the data to both interfaces switch.0010 and switch.0020.
Page 392 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Configure ser-1-1 and ser-1-2 Configure IP addresses for the interfaces (switch.0010 and switch.0020). For more information, refer to Section 7.1.3.2, “Adding an IPv4 Address”. Create a raw socket connection for ser-1-1:...
Page 393 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server loopback true For more information, refer to Section 10.6.2, “Adding a Local Host” 13. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 394 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide ruggedcom# show running-config interface serial protocols rawsocket setrawsocket remote-host interface serial lm5 1 no alias protocols rawsocket setrawsocket local-port 30001 setrawsocket transport udp setrawsocket remote-host 1.1.1.2 60001 setrawsocket remote-host 232.1.1.1 60001 interface switch.0010...
Page 395 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Section 10.5.3 Deleting a Remote Host To delete a remote host, do the following: Make sure the CLI is in Configuration mode. Delete the remote host by typing: no interface serial slot port protocols rawsocket setrawsocket remote-host address remote-port Where: •...
Page 396 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide If no local hosts have been configured, add hosts as needed. For more information, refer to Section 10.6.2, “Adding a Local Host”. Section 10.6.2 Adding a Local Host To add a local host for a serial port using the raw socket protocol, do the following: NOTE A maximum of two multicast local host entries are permitted per serial interface.
Page 397 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server • local-port is the port number for the local host Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 10.7 Managing Remote Host Interfaces Remote host interfaces are required when the UDP transport connection protocol is selected for the raw socket protocol and when the remote host is a multicast stream.
Page 398 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Section 10.7.2 Adding a Remote Host Interface NOTE A maximum of ten interfaces are permitted for each remote host. To add a remote host interface for a serial port using the raw socket protocol, do the following: Make sure the CLI is in Configuration mode.
Page 399 RUGGEDCOM ROX II Chapter 10 CLI User Guide Serial Server Section 10.8 Managing Local Host Interfaces Local host interfaces are required when the UDP transport connection protocol is selected for the raw socket protocol and when a local host is configured.
Page 400 Chapter 10 RUGGEDCOM ROX II Serial Server CLI User Guide Make sure the CLI is in Configuration mode. Navigate to: interface serial slot port protocols rawsocket setrawsocket local-host local-host interface Where: • slot is the name of the module location •...
Page 401 RUGGEDCOM ROX II Chapter 11 CLI User Guide Wireless Wireless This chapter describes how to configure and manage the various wireless interfaces and utilities available in RUGGEDCOM ROX II. NOTE Some wireless features require the device to be equipped with a specific line module.
Page 402 Chapter 11 RUGGEDCOM ROX II Wireless CLI User Guide Managing Cellular Modem Profiles...
Page 403 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Tunneling and VPNs This chapter describes how to configure various tunnels and Virtual Private Networks (VPNs). CONTENTS • Section 12.1, “Managing Virtual Switches” • Section 12.2, “Managing the Layer2 Tunnel Daemon”...
Page 404 FE-CM-1 is subsequently made a member of the VirtualSwitch vsw-1, the DHCP configuration must be changed to refer to vsw-1. • The virtual switch is implemented in the RUGGEDCOM ROX II software. Therefore, a CPU resource is needed to forward broadcast, multicast and unicast traffic.
Page 405 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs virtualswitch vs1 retain-ip no alias no proxyarp interface fe-cm-1 If no virtual switches have been configured, add virtual switches as needed. For more information, refer to Section 12.1.2, “Adding a Virtual Switch”.
Page 406 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide If ip-address-src or ipv6-address-src is set to static, assign an IP address to the virtual switch if required. For more information, refer to either Section 7.1.3.2, “Adding an IPv4 Address”...
Page 407 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs If no virtual switch interfaces have been configured, add interfaces as needed. For more information, refer to Section 12.1.4.2, “Adding a Virtual Switch Interface”. Section 12.1.4.2 Adding a Virtual Switch Interface...
Page 408 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Delete the chosen virtual switch interface by typing: no interface virtualswitch name interface interface Where: • name is the name assigned to the virtual switch • interface is the name assigned to the interface Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 409 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.1.5.2 Viewing a List of Virtual Switch Filters To view a list of virtual switch filters, type: show running-config security virtualswitch-filter virtualswitch If filters have been configured, a table or list similar to the following example appears:...
Page 410 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.1.5.4 Deleting a Virtual Switch Filter To delete a virtual switch filter, do the following: Make sure the CLI is in Configuration mode. Delete the virtual switch filter by typing:...
Page 411 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.1.6.2 Viewing a List of Rules Assigned to a Virtual Switch Filter To view a list of rules assigned to a virtual switch filter, type: show running-config security virtualswitch-filter virtualswitch name rule Where: •...
Page 412 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description dstmac { dstmac } Synopsis: A string 17 characters long The required destination MAC address for incoming frames. Synopsis: { iso, arp, ipv4, ipv6 } or a string proto { proto } The pre-defined protocol or hex-string (i.e.
Page 413 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Make sure the CLI is in Configuration mode. Delete the filter by typing: no security virtualswitch-filter virtualswitch name rule rule Where: • name is the name of the virtual switch filter •...
Page 414 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.1.7.2 Adding an In/Out Interface To add an in/out interface that can be used by a virtual switch filter, do the following: Make sure the CLI is in Configuration mode.
Page 415 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.1.8.1 Viewing a List of Virtual Switch VLANs To view a list of virtual switch VLANs, type: show running-config interface virtualswitch id vlan Where: • id is the ID assigned to the virtual switch...
Page 416 Managing the Layer2 Tunnel Daemon RUGGEDCOM ROX II is capable of extending the range of services that communicate solely via Layer 2 protocols (i.e. at the level of Ethernet) by tunneling them over routed IP networks. The Layer 2 Tunnel Daemon supports the IEC61850 GOOSE protocol as well as a generic mechanism for tunneling by Ethernet type.
Page 417 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs This table or list provides the following information: Parameter Description remote-ip Synopsis: A string 7 to 15 characters long The IP address of remote daemon. This parameter is mandatory.
Page 418 IP network, although it is also capable of tunneling other Layer 2 protocols. RUGGEDCOM ROX II utilizes L2TPD in conjunction with Libreswan and PPP to provide support for establishing a secure, private connection with the router using the Microsoft Windows VPN/L2TP client.
Page 419 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Parameter Description max-connection { max-connection } Synopsis: A 32-bit unsigned integer between 1 and 10 The maximum number of connections. Synopsis: A 32-bit unsigned integer between 5 and 120...
Page 420 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description The Maximum Transmit Unit (MTU) or maximum packet size transmitted. mru { mru } Synopsis: A 32-bit signed integer between 68 and 9216 Default: 1410 The Maximum Receive Unit (MRU) or maximum packet size passed when received.
Page 421 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs IMPORTANT! RUGGEDCOM ROX II supports a maximum of 128 tunnel sessions, which in turn support a maximum of 128 VLANs each. CONTENTS • Section 12.4.1, “L2TPv3 Tunnel Scenarios” • Section 12.4.2, “Creating an L2TPv3 Tunnel”...
Page 422 To create an L2TPv3 tunnel with another Provider Edge (PE) device, do the following: Create the L2TPv3 Tunnel Interface An L2TPv3 tunnel interface is created automatically by RUGGEDCOM ROX II whenever a session is defined. The interface is listed under ip in the menu and adheres to the following naming convention:...
Page 423 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs l2t-{tunnel-name}-{session-name} For example: l2t-1-2 If the session is assigned a VLAN ID, an additional interface is generated in the form of: l2t-{tunnel-name}-{session-name}.{vlan-id} For example: l2t-1-2.0004 To create the tunnel interface, start by adding a static or dynamic L2TPv3 tunnel. For more information, refer to either Section 12.4.3.3, “Adding a Static L2TPv3 Tunnel”...
Page 424 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Enabling Tunnels tunnel l2tpv3 static enabled Disabling Tunnels no tunnel l2tpv3 static enabled Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 425 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs tunnel l2tpv3 static tunnel name Where name is the name of the tunnel. Configure the following parameter(s) as required: Parameter Description Synopsis: { true, false } enabled Default: false Enables the static L2TPv3 tunnel.
Page 426 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Make sure the CLI is in Configuration mode. Delete the tunnel by typing: no tunnel l2tpv3 static tunnel name Where name is the name of the tunnel. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 427 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.4.4.2 Viewing a List of Dynamic L2TPv3 Tunnels To view a list of dynamic L2TPv3 tunnels, type: show running-config tunnel l2tpv3 dynamic tunnel If tunnels have been configured, a table or list similar to the following example appears:...
Page 428 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description IP address of local interface that is used as Source IP address of outbound traffic over tunnel. transport-encap { transport-encap } Synopsis: { udp, ip } Default: ...
Page 429 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.4.4.4 Deleting a Dynamic L2TPv3 Tunnel To delete a dynamic L2TPv3 tunnel, do the following: Make sure the CLI is in Configuration mode. Delete the tunnel by typing: no tunnel l2tpv3 dynamic tunnel name Where name is the name of the tunnel.
Page 430 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide If no sessions have been configured, add sessions as needed. For more information, refer to Section 12.4.5.2, “Adding a Session”. Section 12.4.5.2 Adding a Session To add a session to a static or dynamic L2TPv3 tunnel, do the following: Make sure the CLI is in Configuration mode.
Page 431 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Parameter Description Lower value of cookie. This value must match with low-value of other endpoint's remote cookie high-value { high-value } Synopsis: A 32-bit unsigned integer Higher value of cookie if the cookie size is 8. This value must match with high-value of...
Page 432 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.4.6 Managing VLANs for L2TPv3 Tunnels This section describes how to manage VLANs for L2TPv3 tunnel sessions. Each session supports up to 128 VLAN membershipts. CONTENTS • Section 12.4.6.1, “Viewing a List of VLANs”...
Page 433 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 12.4.6.3 Deleting a VLAN To delete a VLAN for a static or dynamic L2TPv3 tunnel session, do the following: Make sure the CLI is in Configuration mode.
Page 434 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide the interface and may differ from the original VLAN. The frame will be transmitted with the highest 802.1p priority level (p4). Packets received from the network will also be forwarded to any other remote daemons included in the group.
Page 435 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Parameter Description Synopsis: A string 17 characters long The Multicast Destination MAC Address of the Goose message. This parameter is mandatory. rx-frames Synopsis: A 32-bit unsigned integer The number of frames received through the tunnel.
Page 436 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide tunnel l2tunneld goose tunnel name Where: • name is the name of the GOOSE tunnel Configure the following parameter(s) as required: Parameter Description interface { interface } Synopsis: A string The interface to listen on for GOOSE frames.
Page 437 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.5.5.1 Viewing a List of Remote Daemons To view a list of remote daemons configured for a GOOSE tunnel, type: show running-config tunnel l2tunneld goose tunnel name remote-daemon Where: •...
Page 438 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.6 Managing Generic Tunnels The Layer 2 Tunnel Daemon supports a generic mode of operation based on the Ethernet type of Layer 2 data traffic seen by the router. Multiple tunnels may be configured, each one with: •...
Page 439 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Parameter Description The number of frames received through the tunnel. This parameter is mandatory. Synopsis: A 32-bit unsigned integer tx-frames The number of frames transmitted through the tunnel.
Page 440 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Configure the following parameter(s) as required: Parameter Description ingress-if { ingress-if } Synopsis: A string The interface to listen on for Ethernet type frames. replace-mac Replaces the sender's MAC with the out-interface's MAC.
Page 441 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.6.5.1 Viewing a List of IP Addresses To view a list of remote Layer 2 protocol server IP addresses for a generic tunnel configuration, type: show running-config tunnel l2tunneld generic tunnel remote-daemon...
Page 442 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.6.6 Managing Remote Daemon Egress Interfaces for Generic Tunnels This section describes how to create and manage remote daemon egress interfaces for generic tunnels. CONTENTS • Section 12.6.6.1, “Viewing a List of Egress Interfaces”...
Page 443 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.6.6.3 Deleting an Egress Interface To delete an egress interface for a generic tunnel, do the following: Make sure the CLI is in Configuration mode. Delete the egress interface by typing:...
Page 444 Section 12.7 Managing Generic Routing Encapsulation Tunnels RUGGEDCOM ROX II can employ the Generic Routing Encapsulation (GRE) protocol to encapsulate multicast traffic and IPv6 packets together and transport them through an IPv4 network tunnel. As such, GRE tunnels can transport traffic through any number of intermediate networks.
Page 445 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs In this example, Router 1 establishes a GRE tunnel to Router 2 using a local router address of 172.16.17.18, a remote router address of 172.19.20.21, and a remote subnet of 192.168.2.0/24.
Page 446 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description • Up - GRE tunnel is up and running; • Down - GRE tunnel interface is inactive or tunnel remote endpoint is not reachable; • Keepalives Disabled - Keepalive messages have been disabled, not able to know if the tunnel remote endpoint is reachable or not This parameter is mandatory.
Page 447 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.7.3 Adding a GRE Tunnel To add a GRE tunnel, do the following: Make sure the CLI is in Configuration mode. Add the GRE tunnel by typing: tunnel gre name Where: •...
Page 448 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description Enables or disables tunnel up and down alarms. Disabling tunnel alarms will prevent alarms from being sent for that tunnel. GRE tunnel alarms may also be controlled for the whole system under admin >...
Page 449 With keepalive messages enabled, RUGGEDCOM ROX II will send keepalive messages to the other endpoint and wait for a response. If a response is not received before the next message is scheduled to be sent, it begins to count the number of consecutive messages sent that did not receive a reply.
Page 450 The IPsec suite of protocols were developed by the Internet Engineering Task Force (IETF) and are required as part of IP version 6. Libreswan is the open source implementation of IPsec used by RUGGEDCOM ROX II. The protocols used by IPsec are the Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE) protocols.
Page 451 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs based on the Diffie-Hellman key exchange protocol, which allows two parties without any initial shared secret to create one in a manner immune to eavesdropping. CONTENTS • Section 12.8.1.1, “IPsec Modes”...
Page 452 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide In secret key cryptography, a single key known to both parties is used for both encryption and decryption. When this form of encryption is used, each router configures its VPN connection to use a secret pre-shared key.
Page 453 To configure IPsec tunnels, do the following: NOTE RUGGEDCOM ROX II supports the creation of policy-based VPNs, which can be characterized as follows: • No IPsec network interfaces have been created. • The routing table is not involved in directing packets to IPsec.
Page 454 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.8.3 Configuring Certificates and Keys To configure certificates and keys for IPsec Tunnels, do the following: Make sure the CLI is in Configuration mode. Add a CA certificate and Certificate Revocation List (CRL). For more information, refer to Section 6.8.4.3,...
Page 455 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs 000 WARNING: Either virtual_private= is not specified, or there is a syntax error in that line. 'left/rightsubnet=vhost:%priv' will not work! 000 WARNING: Disallowed subnets in virtual_private= is empty. If you have...
Page 456 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide • Section 12.8.5.3, “Deleting a Pre-Shared Key” Section 12.8.5.1 Viewing a List of Pre-Shared Keys To view a list of pre-shared keys, type: show running-config tunnel ipsec preshared-key If pre-shared keys have been configured, a table or list similar to the following example appears:...
Page 457 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Make sure the CLI is in Configuration mode. Delete the pre-shared key by typing: no tunnel ipsec preshared-key [ remote-address | local-address ] key key Where: • remote-address is the remote IP address •...
Page 458 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide If no connections have been configured, add connections as needed. For more information, refer to Section 12.8.6.2, “Adding a Connection”. Section 12.8.6.2 Adding a Connection To add a new connection for a VPN, do the following: Make sure the CLI is in Configuration mode.
Page 459 (SA), or restart all SA's to the dead peer. In RUGGEDCOM ROX II, DPD Requests are sent when there is no traffic detected by the peer. How long to wait before sending a DPD Request and how long to wait for a DPD Response is user configurable.
Page 460 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Make sure the CLI is in Configuration mode. Enable dead peer detection by typing: tunnel ipsec connection name dead-peer-detect enabled [ true | false ] Where: • name is the connection name.
Page 461 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs show tunnel ipsec connection name connection-status Where name is the name of the connection. For example: ruggedcom# show tunnel ipsec connection ipsec-12 connection-status connection status "dead peer detect disabled"...
Page 462 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Section 12.8.7.2 Adding an IKE Algorithm To add a new algorithm for the Internet Key Exchange (IKE) protocol, do the following: Make sure the CLI is in Configuration mode. Add the algorithm by typing:...
Page 463 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.8.8 Managing the Encapsulated Security Payload (ESP) Protocol The Encapsulated Security Payload (ESP) employed by IPsec provides encryption and authentication, making sure that messages originated from the expected sender have not been altered in transit.
Page 464 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide esp algorithm aes256 sha1 If no algorithms have been configured, add algorithms as needed. For more information, refer to Section 12.8.8.3, “Adding an ESP Algorithm”. Section 12.8.8.3 Adding an ESP Algorithm To add a new algorithm for the Encapsulated Security Payload (ESP) protocol, do the following: Make sure the CLI is in Configuration mode.
Page 465 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.8.9 Configuring the Connection Ends Each IPsec tunnel has two ends: the local router and the remote router. These are otherwise referred to as the left and right connections, respectively. Both ends can have the same configuration or a unique configuration.
Page 466 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Description type { type } Synopsis: { default, default-route, address } Default: default The next hop type. The default value is 'right side public-ip' unless overwritten by the default connection setting.
Page 467 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.8.10.1 Configuring Private Subnets for Connection Ends To configure a private subnet for either the left (local router) or right (remote router) connection ends in a VPN, do the following: Make sure the CLI is in Configuration mode.
Page 468 Example: Configuring an Encrypted VPN Tunnel This example describes how to configure an encrypted VPN tunnel over a public network using Layer 3 RUGGEDCOM ROX II devices. IMPORTANT! The values shown are specific to the provided topology. Actual values can vary based on the user's configuration.
Page 469 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs 2.2.2.1/30 2.2.2.2/30 192.168.50.1/24 192.168.60.1/24 192.168.50.100/24 192.168.60.100/24 Figure 19: Topology – Site-to-Site Encrypted VPN Tunnel with a Pre-Shared Key 1. Device A 2. IPsec Encrypted VPN Tunnel 3. Device B 4. Client 1 5. Client 2 To configure a VPN tunnel, do the following: Configure a connection name for the VPN.
Page 470 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Parameter Value Type address Value 2.2.2.1 For more information about configuring connection ends, refer to Section 12.8.9, “Configuring the Connection Ends”. Add subnet 192.168.50.0/24 for the left connection end. For more information, refer to Section 12.8.10.3, “Adding an Address for a Private...
Page 471 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Parameter Value Value 2.2.2.2 For more information about configuring connection ends, refer to Section 12.8.9, “Configuring the Connection Ends”. Add subnet 192.168.60.0/24 for the right connection end. For more information, refer to Section 12.8.10.3, “Adding an Address for a Private...
Page 472 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide ike algorithm any any any esp algorithm any any left public-ip type address public-ip value 2.2.2.1 subnet 192.168.50.0/24 right public-ip type address public-ip value 2.2.2.2 subnet 192.168.60.0/24 Device B...
Page 473 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs • Section 12.9.2, “Viewing a List of 6in4 or 4in6 Tunnels” • Section 12.9.3, “Viewing the Status of 6in4/4in6 Tunnels” • Section 12.9.4, “Adding a 6in4 or 4in6 Tunnel” • Section 12.9.5, “Deleting a 6in4 or 4in6 Tunnel”...
Page 474 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide TUNNEL NAME LOCAL IP REMOTE IP STATUS ---------------------------------------------- 192.168.20.10 192.168.20.20 Active Section 12.9.4 Adding a 6in4 or 4in6 Tunnel To add a 6in4 or 4in6 tunnel, do the following: Make sure the CLI is in Configuration mode.
Page 475 • Hub-and-Spoke • Spoke-to-Spoke RUGGEDCOM ROX II supports hub-and-spoke deployments where a central router (the hub) uses Multipoint Generic Routing Encapsulation (mGRE) to establish GRE tunnels with one or more routers (the spokes). When spokes need to send traffic to one another, they send it to the hub first and the hub directs the data packets to the appropriate destination.
Page 476 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide Figure 20: Hub-and-Spoke Topology – Single Hub 1. Hub (Static IP Address) 2. Spoke (Static IP Address) 3. Hub-to-Spoke GRE/IPsec Tunnel Spokes can also be connected to a secondary hub when redundancy is required.
Page 477 Enable the DMVPN service by typing: services nhrp enabled NOTE RUGGEDCOM ROX II supports up to two DMVPN interfaces, each of which can be assigned to different GRE tunnels. Configure a DMVPN interface for each GRE tunnel. For more information, refer to Section 12.10.3.2, “Adding...
Page 478 Where gre-tunnel is the name of the desired GRE tunnel. Configure the following parameter(s) as required: CAUTION! Security hazard – risk of unauthorized access and/or exploitation. For increased security, Siemens recommends configuring a key to authenticate the NHRP interface. Parameter...
Page 479 RUGGEDCOM ROX II Chapter 12 CLI User Guide Tunneling and VPNs Section 12.10.3.3 Deleting a DMVPN Interface To delete a DMVPN interface, do the following: Make sure the CLI is in Configuration mode. Delete the address pool by typing: no services nhrp interface-nhrp gre-tunnel Where gre-tunnel is the name of the desired GRE tunnel.
Page 480 Chapter 12 RUGGEDCOM ROX II Tunneling and VPNs CLI User Guide NOTE Some fields only display when applicable. Field Description Example Status The status of the interface. Status: ok Interface The name of the interface. Interface: gre-t1 Type The NHRP peer type. Possible values: Type: local •...
Page 481 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Unicast and Multicast Routing This chapter describes how to configure, monitor and manage static and dynamic routes unicast and multicast traffic. CONTENTS • Section 13.1, “Viewing the Status of IPv4 Routes”...
Page 482 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide 192.168.0.0/24 switch.0001 kernel This table/list provides the following information: Parameter Description Synopsis: A string destination The network/prefix. gateway Synopsis: A string The gateway address. interface Synopsis: A string The interface name.
Page 483 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description The gateway address. interface Synopsis: A string The interface name. type Synopsis: A string The route type. Synopsis: A string weight The route weight.
Page 484 ICMP redirect messages are sent by routers to hosts to inform them when a better route is available for a particular destination. However, before enabling RUGGEDCOM ROX II to send ICMP messages, be aware that ICMP redirects are simple to forge, allowing attackers to control the path by which packets are forwarded, and are sometimes considered a security risk.
Page 485 Section 13.5.3, “Adding an Event Tracker”. Section 13.5.2 Viewing Event Tracker Statistics RUGGEDCOM ROX II records statistics for each event tracker. To view the statistics for an event tracker, type: show global tracking event statistics A list similar to the following example appears:...
Page 486 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide This list provides the following information: Parameter Description echo-attempts Synopsis: A 32-bit unsigned integer The number of echo attempts. echo-replies Synopsis: A 32-bit unsigned integer The number of echo replies.
Page 487 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description The number of times a failure occurs before changing the tracking state from up to down. This parameter is mandatory. rise { rise } Synopsis: A 32-bit unsigned integer equaling 1 or higher The number of times success occurs before changing the tracking state from down to up.
Page 488 IS-IS routers can be defined as Level-1, Level-2, or both. Level 1 routers form the area, while Level 2 routers form the backbone of the network. By default, RUGGEDCOM ROX II configures areas to be both (or Level-1-2). This allows the device to inter-operate between different areas with minimal configuration.
Page 489 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.1.2 Network Entity Title (NET) Addresses IS-IS routers are identified by their Network Entity Title (NET) address, which is in Network Service Access Point (NSAP) format (RFC 1237 [http://tools.ietf.org/html/rfc1237]).
Page 490 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Configure one or more interfaces on which to perform IS-IS routing. For more information, refer to Section 13.6.6, “Managing Interfaces”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 491 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description System ID The system ID. Interface The name of the interface. The level. Possible levels are 1, 2 and 3, where 3 represents levels 1 and 2.
Page 492 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Spirent-right.00-01 0x0000000f 0x7e8a 0/0/0 Spirent-right.00-00 1463 0x0000000f 0x99a0 0/0/0 Spirent-right.00-01 0x0000000f 0xb0d2 0/0/0 Spirent-right.00-00 1460 0x0000000f 0x80c6 0/0/0 Spirent-right.00-01 0x0000000f 0x97fb 0/0/0 Spirent-right.00-00 1460 0x0000000f 0x1137 0/0/0 Spirent-right.00-01...
Page 493 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.5.1 Viewing a List of Area Tags To view a list of area tags configured for dynamic IS-IS routes, type: show running-config routing isis area If area tags have been configured, a table or list similar to the following example appears:...
Page 494 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description is-type { is-type } Synopsis: { level-1-only, level-2-only, level-1-2 } The IS type for this area: level-1-only, level-2-only or level-1-2. Level-1 routers have neighbors only on the same area. Level-2-only (backbone) can have neighbors on different areas.
Page 495 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.5.3 Deleting an Area Tag To delete an area tag for dynamic IS-IS routes, do the following: Make sure the CLI is in Configuration mode. Delete the area tag by typing:...
Page 496 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.6.6.2 Configuring an Interface When IS-IS is enabled, two interfaces are already configured: fe-cm-01 and switch.0001. To configure optional parameters for these and any other interfaces that have been added for IS-IS, do the following: Make sure the CLI is in Configuration mode.
Page 497 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description Hello interval in seconds, ranging from 1 to 600. Default is 3. hello-multiplier { hello-multiplier } Synopsis: A 16-bit unsigned integer between 2 and 100 Default: ...
Page 498 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.6.7.2 Adding an LSP Generation Interval To add an LSP generation interval to an IS-IS area, do the following: Make sure the CLI is in Configuration mode. Add a new interval by typing:...
Page 499 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.8.1 Viewing a List of SPF Calculation Intervals To view a list of SPF calculation intervals configured for an IS-IS area, type: show running-config routing isis area name spf-interval Where: •...
Page 500 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide • level is the IS type. • seconds is the minimum interval in seconds, ranging from 1 to 120. The default value is 30. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 501 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.9.2 Adding an LSP Lifetime Interval To add an LSP lifetime interval to an IS-IS area, do the following: IMPORTANT! The LSP lifetime interval must be 300 seconds higher than the LSP refresh interval. For more information about LSP refresh intervals, refer to Section 13.6.10, “Managing LSP Refresh...
Page 502 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide NOTE For information about configuring the lifetime of an LSP, refer to Section 13.6.9, “Managing the Lifetime of LSPs”. CONTENTS • Section 13.6.10.1, “Viewing a List of LSP Refresh Intervals”...
Page 503 ID will be forwarded to this router. RUGGEDCOM ROX II supports IS-IS multi-homing, which allows for multiple NETs to be defined for a single router and increases the list of possible traffic sources.
Page 504 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide IMPORTANT! The system identifier must be unique to the network. CONTENTS • Section 13.6.11.1, “Viewing a List of NETs” • Section 13.6.11.2, “Adding a NET” • Section 13.6.11.3, “Deleting a NET”...
Page 505 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.6.11.3 Deleting a NET To delete a Network Entity Title (NET) for an IS-IS area, do the following: Make sure the CLI is in Configuration mode. Delete the NET by typing:...
Page 506 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide ruggedcom# show running-config routing isis area Area_1 redistribute | tab METRIC SOURCE IS TYPE TYPE METRIC ------------------------------------- level-1-2 internal If no redistribution metrics have been configured, add metrics as needed. For more information, refer to Section 13.6.12.2, “Adding a Redistribution...
Page 507 It uses the shortest route available to a given network as the route to use for sending packets to that network. The RUGGEDCOM ROX II RIP daemon is an RFC 1058 [http://tools.ietf.org/rfc/rfc1058.txt] compliant...
Page 508 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.7.1 Configuring RIP To configure dynamic routing using the Routing Information Protocol (RIP) daemon, do the following: Make sure the CLI is in Configuration mode. Navigate to routing » rip and configure the following parameter(s) as required:...
Page 509 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing 192.168.50.0/24 connected interface 0.0.0.0 self 192.168.60.0/24 connected interface 0.0.0.0 self This list provides the following information: Parameter Description network Synopsis: A string The network. Synopsis: A string type The route type.
Page 510 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description from Synopsis: A string Where this route comes from. Synopsis: A string Tag. time Synopsis: A string The route update time. If no dynamic RIP routes have been configured, configure RIP and add routes as needed. For more information about configuring RIP, refer to Section 13.7.1, “Configuring...
Page 511 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.7.3.2 Viewing a List of Prefix Entries To view a list of entries for dynamic RIP prefix lists, type: show running-config routing rip filter prefix-list name entry Where: •...
Page 512 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide routing rip filter prefix-list name entry number Where: • name is the name of the prefix list • number is the sequence number for the entry Configure the following parameter(s) as required:...
Page 513 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing no routing rip filter prefix-list name entry number Where: • name is the name of the prefix list • number is the sequence number for the entry Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 514 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.7.4.2 Tracking Commands Network commands can be tracked using event trackers configured under global » tracking. For more information about event trackers, refer to Section 13.5, “Managing Event Trackers”. A network command is activated based on the event tracker's state. The apply-when parameter determines when the command is activated.
Page 515 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing ruggedcom# show running-config routing rip network ip routing rip network ip 192.168.33.0/24 If no IP addresses have been configured, add addresses as needed. For more information, refer to Section 13.7.5.2, “Adding a Network IP...
Page 516 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.7.6.1 Viewing a List of Network Interfaces To view a list of interfaces configured for a RIP network, type: show running-config routing rip network interface If interfaces have been configured, a table or list similar to the following example appears:...
Page 517 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.7.7 Managing Neighbors Neighbors are other routers with which to exchange routes. CONTENTS • Section 13.7.7.1, “Viewing a List of Neighbors” • Section 13.7.7.2, “Adding a Neighbor” • Section 13.7.7.3, “Deleting a Neighbor”...
Page 518 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide no routing rip network neighbor address Where: • address is the IP address of the neighbor Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 519 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Configure the following parameter(s) as required: Parameter Description prefix-list { prefix-list } Synopsis: A string The name of the prefix list. This parameter is mandatory. If necessary, configure an event tracker to track network commands. For more information, refer to Section 13.7.4.2, “Tracking...
Page 520 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.7.9.1 Viewing a List of Key Chains To view a list of key chains for dynamic RIP routes, type: show running-config routing rip key-chain If key chains have been configured, a table or list similar to the following example appears:...
Page 521 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Make sure the CLI is in Configuration mode. Add the path by typing: routing rip key-chain name Where: • name is the name of the key chain Configure one or more keys for the key chain. For more information, refer to Section 13.7.9.4, “Adding a...
Page 522 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description start { start } Synopsis: A string Sets the time period in which the key on the key chain is considered valid. Synopsis: { infinite } or a string expire { expire } The time at which the key expires.
Page 523 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.7.10 Managing Redistribution Metrics Redistribution metrics redistribute routing information from other routing protocols, static routes or routes handled by the kernel. Routes for subnets that are directly connected to the router, but not part of the RIP networks, can also be advertised.
Page 524 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide no routing rip redistribute [ bgp | ospf | connected | static | kernel ] Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 525 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description The authentication key chain. string { string } Synopsis: A string 1 to 16 characters long The authentication string. Configure the interface settings by typing the following commands:...
Page 526 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide NOTE In complex legacy networks, RIP, OSPF, BGP and IS-IS may all be active on the same router at the same time. Typically, however, only one dynamic routing protocol is employed at one time.
Page 527 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description router-id { router-id } Synopsis: A string 7 to 15 characters long Router ID for BGP. Configure autonomous system path filters. For more information, refer to Section 13.8.5.3, “Adding an...
Page 528 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.2.1 Viewing a List of Route Map Filters To view a list of route map filters for either dynamic BGP routes, type: show running-config routing bgp filter route-map...
Page 529 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Make sure the CLI is in Configuration mode. Add the new filter by typing: routing bgp filter route-map tag Where: • tag is the tag for the route map filter Add one or more entries.
Page 530 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide no routing bgp filter route-map tag Where: • tag is the tag for the route map filter Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 531 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.8.2.8 Configuring a Set To configure matched rules for a route map filter entry, do the following: Make sure the CLI is in Configuration mode. Navigate to routing » bgp » filter » route-map » {tag} » entry » {number} » set, where {tag} is the tag for the route map filter and {number} is the sequence number for the entry.
Page 532 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.3.1 Viewing a List of Prepended Autonomous System Path Filters To view a list of prepended autonomous system path filters configured for a BGP route map entry, type:...
Page 533 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Make sure the CLI is in Configuration mode. Add the path by typing: routing bgp filter route-map name entry number set as-path prepend path Where: • name is the name of the route map •...
Page 534 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.3.6 Deleting an Excluded Autonomous System Path Filter To delete an excluded autonomous system path filter from a BGP route map entry, do the following: Make sure the CLI is in Configuration mode.
Page 535 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing If no prefix lists have been configured, add lists as needed. For more information, refer to Section 13.8.4.3, “Adding a Prefix List”. Section 13.8.4.2 Viewing a List of Prefix Entries...
Page 536 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.4.4 Adding a Prefix Entry To add an entry for a dynamic BGP prefix list, do the following: Make sure the CLI is in Configuration mode. Add the entry by typing:...
Page 537 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.8.4.6 Deleting a Prefix Entry To delete an entry for a dynamic BGP prefix list, do the following: Make sure the CLI is in Configuration mode. Delete the entry by typing:...
Page 538 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.5.2 Viewing a List of Autonomous System Path Entries To view a list of entries for an autonomous system path filter, type: show running-config routing bgp filter as-path name entry Where: •...
Page 539 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • action is the action. • match is the regular expression to match with the autonomous system path. For more information about regular expressions, refer to Section 2.5.7, “Using Regular Expressions”.
Page 540 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide NOTE If neighbors are specified but no networks are specified, the router will receive BGP routing information from its neighbors but will not advertise any routes to them. For more information about networks, refer to Section 13.8.7, “Managing...
Page 541 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing [Optional] Enable the neighbor as a route reflector client by configuring the following parameter: Parameter Description enabled If enabled and Route Reflector enabled, makes this neighbor a client for Route Reflector.
Page 542 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Where: • address is the address of the chosen neighbor • prefix is the chosen BGP prefix list If necessary, configure an event tracker to track network commands. For more information, refer to Section 13.8.6.4, “Tracking Commands for BGP...
Page 543 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.8.7 Managing Networks As opposed to neighbors, which are specific routers with which to exchange routes, networks are groups of routers that are either part of a specific subnet or connected to a specific network interface. They can be used at the same time as neighbors.
Page 544 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.8.7.2 Adding a Network To add a network for the BGP protocol, do the following: Make sure the CLI is in Configuration mode. Add the network by typing:...
Page 545 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Delete the network by typing: no routing bgp network address Where: • address is the IP subnet address and prefix for the network Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 546 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide If necessary, configure options for the address. For more information, refer to Section 13.8.9.2, “Adding an Aggregate Address Option”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 547 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.8.9.2 Adding an Aggregate Address Option To add an option for an aggregate address, do the following: Make sure the CLI is in Configuration mode. Add the path by typing:...
Page 548 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide ruggedcom# show running-config routing bgp redistribute routing bgp redistribute rip no metric If no redistribution metrics have been configured, add metrics as needed. For more information, refer to Section 13.8.10.2, “Adding a Redistribution...
Page 549 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • Section 13.8.11.6, “Example: Clusters in Clusters” • Section 13.8.11.7, “Example: Route Reflection in a VRF Instance” • Section 13.8.11.8, “Example: Route Reflection with VPNv4 Clients” Section 13.8.11.1 Understanding Route Reflectors Route reflectors offer a method for simplifying BGP network topologies and improving scalability.
Page 550 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Figure 24: A Simple BGP Topology With a Route Reflector Route reflectors can also share routes with routers outside of their clusters. These are referred to as non-clients. Non-clients are required to be fully-meshed.
Page 551 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Figure 26: Multiple Clusters Fully-Meshed Route reflectors can also be partially-meshed by combining them in a cluster of their own. Figure 27: Multiple Clusters Partially-Meshed Redundant Route Reflectors To avoid a single point of failure in the BGP network, each cluster should be served by more than one route reflector to provide redundancy in case of failure.
Page 552 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Figure 28: Redundant Route Reflector Topology 1. Cluster 2. Route Reflector Section 13.8.11.2 Configuring the Device as a Route Reflector To configure the device to be a route reflector for a specific cluster, do the following: Make sure the CLI is in Configuration mode.
Page 553 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing BGP Neighbors In an IPv4 Address Family To configure a BPG neighbor that belongs to an IPv4 address family to be a client of the device, do the following: Make sure an IPv4 address family is defined.
Page 554 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Figure 29: Basic Route Reflection Topology Similarly, routes advertised by a non-client (NC1, NC2 or NC3) are forwarded to its BGP neighbors, including the route reflector. The route reflector in turn readvertises the routes to its BGP neighbors, which includes those in its cluster and the eBGP router (R1).
Page 555 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing remote-as 100 no route-reflector-client enabled { Non-Client } neighbor 172.30.150.30 remote-as 100 no route-reflector-client enabled Section 13.8.11.5 Example: Linking Clusters This example demonstrates how to link two multiple clusters together by connecting each route reflector in a full- mesh topology.
Page 556 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Final Configuration Example RR1 (172.30.110.10) routing bgp enabled as-id route-reflector cluster-id 0.1.2.3 { RR2 } neighbor 172.30.110.20 remote-as 100 no route-reflector-client enabled { RR3 } neighbor 172.30.110.30 remote-as 100...
Page 557 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing { RR1 } neighbor 172.30.110.10 remote-as 100 no route-reflector-client enabled { RR2 } neighbor 172.30.110.20 remote-as 100 no route-reflector-client enabled { Client } neighbor 172.30.160.10 remote-as 100 route-reflector-client enabled { Client } neighbor 172.30.160.20...
Page 558 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Final Configuration Example RR1 (172.30.140.10) routing bgp enabled as-id route-reflector enabled route-reflector cluster-id 0.1.2.3 { RR2 } neighbor 172.30.140.20 remote-as 100 route-reflector-client enabled { RR3 } neighbor 172.30.140.30...
Page 559 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing remote-as 100 route-reflector-client enabled Section 13.8.11.7 Example: Route Reflection in a VRF Instance This example demonstrates how to configure BGP route reflection in a VRF instance. Overview In the following topology, router RR is a BGP route reflector configured with a VRF instance (VRF1). The VRF instance is configured with a single IPv4 address family consisting of routers R2 and R3.
Page 560 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Enable the router as a BGP route reflector and set the cluster ID to 5.5.5.5. For more information, refer Section 13.8.11.2, “Configuring the Device as a Route Reflector”. Define an IPv4 address family for VRF1 with the following neighbors: •...
Page 561 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • Neighbor 1.1.2.1 Parameter Value Neighbor IP Address 1.1.2.1 Autonomous System ID • Neighbor 1.1.3.2 Parameter Value Neighbor IP Address 1.1.3.2 Autonomous System ID For more information, refer to Section 13.8.6.2, “Adding a...
Page 562 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Final Configuration Example RR Configuration R1 Configuration global routing bgp enabled definition vrf1 as-id 100 rd 100:1 router-id 5.5.5.1 route-target both 100:1 neighbor 1.1.1.2 ip fe-1-1 remote-as 100...
Page 563 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing 192.168.1.2 true true 192.168.6.0 2.0.0.1 true false 192.168.12.0 192.168.1.2 true true 192.168.13.0 0.0.0.0 true false 32768 The list provides the following information: Parameter Description network Synopsis: A string Network.
Page 564 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description version Synopsis: A 32-bit signed integer BGP version. Synopsis: A string Remote AS number. msgrcvd Synopsis: A 32-bit signed integer Number of received BGP messages.
Page 565 Whenever there is a change in the routing policy due to a configuration change, the BGP session must be reset for the new policy to take effect. RUGGEDCOM ROX II allows users to perform either a hard or soft reset on both incoming and outbound sessions, as selected.
Page 566 Unlike static routing, OSPF takes link failures and other network topology changes into account. OSPF also differs from RIP in that it provides less router to router update traffic. The RUGGEDCOM ROX II OSPF daemon (ospfd) is an RFC 2178 [http://tools.ietf.org/html/rfc2178] compliant...
Page 567 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • Section 13.9.9, “Managing Routing Interfaces” • Section 13.9.10, “Managing Message Digest Keys” Section 13.9.1 OSPF Concepts When an OSPF configured router starts operating, it issues a hello packet. Routers having the same OSPF Area, hello-interval and dead-interval timers will communicate with each other and are said to be neighbors.
Page 568 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description opaque-lsa Enables the Opaque-LSA capability (RFC2370). passive-default Synopsis: { true, false } Default: true Default passive value for new interface. refresh-timer { refresh-timer } Synopsis: ...
Page 569 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description area Synopsis: A string Area. To view the status of the dynamic OSPF neighbor configured on the device, type: show routing status ospf neighbor If an OSPF neighbor have been configured, a table or list similar to the following example appears:...
Page 570 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide 192.168.212.0 0.0.0.1 22.22.22.22 0x80000008 192.168.212.0/24 as-external METRIC This list provides the following information: Router Parameter Description area Synopsis: A string Area. Parameter Description area Synopsis: A string Area ID.
Page 571 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • For VRF Routes via OSPF routing ospf vrf vrf filter prefix-list Where: • vrf is the name of the chosen VRF If prefix lists have been configured, a table or list similar to the following example appears:...
Page 572 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Add the list by typing: • For Standard OSPF Routes routing ospf filter prefix-list name • For VRF Routes via OSPF routing ospf vrf vrf filter prefix-list name Where: •...
Page 573 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description ge { ge } Synopsis: An 8-bit unsigned integer between 1 and 32 The minimum prefix length to match ipaddress within subnet. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 574 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.9.5 Managing Areas Network areas determine the regions within which routes are distributed to other routers. The subnets at a particular router can be added to its OSPF Area. The router will advertise these subnets to all routers in its area.
Page 575 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • For VRF Routes via OSPF routing ospf vrf vrf area id network/prefix Where: • vrf is the name of the chosen VRF • id is the ID for the OSPF area. The ID must be in the format of A.B.C.D.
Page 576 In RUGGEDCOM ROX II, route maps are configured to filter routes based on their metric value, which defines the cost of the route. Once a match is found, the assigned action is taken.
Page 577 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.9.6.2 Viewing a List of Route Map Filter Entries To view a list of entries for a route map filter for either OSPF, type: • For Standard OSPF Routes show running-config routing ospf filter route-map tag entry •...
Page 578 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.9.6.4 Adding a Route Map Filter Entry To add an entry for an route map filter, do the following: Make sure the CLI is in Configuration mode. Add the new filter by typing: •...
Page 579 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • For VRF Routes via OSPF no routing ospf vrf vrf filter route-map tag Where: • vrf is the name of the chosen VRF • tag is the tag for the route map filter Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 580 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description prefix-list { prefix-list } Synopsis: A string The prefix list name. Parameter Description prefix-list { prefix-list } Synopsis: A string The prefix list name.
Page 581 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing If no route filters have been configured, add filters as needed. For more information, refer to Section 13.9.7.2, “Adding an Incoming Route Filter”. Section 13.9.7.2 Adding an Incoming Route Filter To add a route filter for incoming advertised routes, do the following: Make sure the CLI is in Configuration mode.
Page 582 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.9.8 Managing Redistribution Metrics Redistribution metrics redistribute routing information from other routing protocols, static routes or routes handled by the kernel. Routes for subnets that are directly connected to the router, but not part of the OSPF areas, can also be advertised.
Page 583 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Where: • vrf is the name of the chosen VRF Configure the following parameter(s) as required: Parameter Description metric-type { metric-type } Synopsis: An 8-bit signed integer between 1 and 2 Default: ...
Page 584 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.9.9.1 Viewing a List of Routing Interfaces To view a list of routing interfaces for an OSPF network, type: • For Standard OSPF Routes show running-config routing ospf interface •...
Page 585 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Lower values will also put limits on the number of routes that can be distributed within an OSPF network area, as will running over slower links. IMPORTANT! The dead-interval and number of Hellos per second must be identical on every router in an OSPF network area.
Page 586 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description Default: 1 Priority of interface. Synopsis: { true, false } passive Default: true Whether an interface is active or passive. Passive interfaces do not send LSAs to other routers and are not part of an OSPF area.
Page 587 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.9.10.1 Viewing a List of Message Digest Keys To view a list of message digest keys for an OSPF routing interface, type: • For Standard OSPF Routes show running-config routing ospf interface name message-digest-key •...
Page 588 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Make sure the CLI is in Configuration mode. Delete the key by typing: • For Standard OSPF Routes no routing ospf interface name message-digest-key id • For VRF Routes via OSPF...
Page 589 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing 2.2.2.2/32 192.168.10.1 imp-null 3.3.3.3/32 imp-null 4.4.4.4/32 imp-null 5.5.5.5/32 192.168.20.2 imp-null 6.6.6.6/32 192.168.20.2 imp-null 10.200.16.0/20 172.30.128.0/19 imp-null 192.168.10.0/24 imp-null 192.168.20.0/24 imp-null 192.168.100.0/24 192.168.10.1 imp-null 192.168.200.0/24 192.168.20.2 imp-null This table provides the following information:...
Page 590 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description outgoing-interface Synopsis: A string The outgoing interface. Synopsis: A string next-hop The destination next hop router. uptime Synopsis: A string The time this entry has been up.
Page 591 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing --------------------- switch.0010 switch.0020 This table provides the following information: Parameter Description mpls-interfaces Synopsis: A string The interface that has been enabled for MPLS. status Synopsis: A string The operational status.
Page 592 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Disable no mpls interface-mpls interface enable Where: • interface is the name of the interface Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 593 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing If no static label binding has been configured, configure binding as needed. For more information about configuring static-binding, refer to Section 13.10.5.3, “Adding a Static Label”. Section 13.10.5.2 Viewing a List of Static Labels...
Page 594 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description router. Penultimate Hop Popping (PHP) reduces the number of label lookups that need to be performed by the egress router • explicit null - The label has a value of 0, meaning that, in place of a pop operation, the...
Page 595 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing LABEL LABEL INTERFACE NEXT HOP -------------------------------------------- switch.0010 192.168.10.2 switch.0010 192.168.10.2 This table provides the following information: Parameter Description local-label Synopsis: A string The incoming (local) label. outgoing-label Synopsis: ...
Page 596 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Configure the following parameter(s) as required: Parameter Description out-interface { out-interface } Synopsis: A string The outgoing interface. This parameter is mandatory. next-hop { next-hop } Synopsis: A string 7 to 15 characters long or a string 6 to 40 characters long The destination next-hop router (IPv4 or IPv6 format).
Page 597 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • Section 13.10.7.4, “Viewing the Status of the LDP Neighbor Connection Information” • Section 13.10.7.5, “Viewing the Status of the LDP Neighbor Discovery Information” • Section 13.10.7.6, “Configuring LDP” • Section 13.10.7.7, “Configuring Neighbor Discovery”...
Page 598 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide If LDP discovery interfaces have been configured, a table similar to the following example appears: ruggedcom# show mpls ldp status discovery status discovery local id 4.4.4.4 interfaces INTERFACE...
Page 599 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.10.7.4 Viewing the Status of the LDP Neighbor Connection Information To view the status of the LDP neighbor connection on the device, type: show mpls ldp status neighbor connection-information...
Page 600 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide KEEPALIVE PEER ID PEER IP INTERFACE LOCAL IP HOLDTIME INTERVAL ----------------------------------------------------------------------- 2.2.2.2 192.168.10.1 switch.0010 192.168.10.2 180s 6.6.6.6 192.168.20.2 switch.0020 192.168.20.1 180s This table or list provides the following information:...
Page 601 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description The session holdtime (in seconds), used as the keepalive timeout to maintain the Label Distribution Protocol (LDP) session in the absence of LDP messages from the session peer.
Page 602 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.10.7.9 Enabling/Disabling an LDP Interface To enable or disable an LDP interface, do the following: Make sure the CLI is in Configuration mode. Enable/disable the LDP interface by typing the following commands:...
Page 603 Both also provide a level of security for those interfaces forward to the VRFs. Under full VRF, MPLS is used in conjunction with IP/VPNs to provide a greater level of security than VRF-Lite. RUGGEDCOM ROX II supports both VRF and VRF-Lite simultaneously. Use of full VRF interfaces and VRF-Lite interfaces can be mixed.
Page 604 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.11.2 Viewing VRF Interface Statistics To view statistics for interfaces associated with a VRF instance, type: show interfaces vrf vrf ip Where: • vrf is the chosen VRF list...
Page 605 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Parameter Description This parameter is mandatory. dropped Synopsis: A 32-bit unsigned integer The number of packets dropped by the receiving device. This parameter is mandatory. bytes Synopsis: A 64-bit unsigned integer The number of bytes transmitted.
Page 606 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Configure one or more IP/VPN tunnels for each interface. For more information, refer to Section 13.11.8.2, “Adding an IP/VPN Tunnel”. Add one or more BGP neighbors to the VPNv4 address family. For more information, refer to Section 13.11.9.2, “Adding a...
Page 607 Section 13.11.5 Managing VRF Definitions VRF definitions represent individual Customer Edge (CE) routers in the VRF topology. RUGGEDCOM ROX II supports up to eight definitions in total, each composed of a unique VRF name, an optional description and a Route Distinguisher (RD). The Route Distinguisher is an 8 octet field typically made up of an AS number or IP address followed by a colon (:) and the site ID (e.g.
Page 608 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Where: • name is the name for definition. The name must be unique and not exceed 32 characters or contain spaces. The first character must also not be a special character. Only the following special characters are permitted in the remainder of the name: hyphen (-), underscore (_), colon (:), and period (.).
Page 609 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing parameter enables users to specify which prefixes they wish to import to other neighbors and which ones to export. CONTENTS • Section 13.11.6.1, “Viewing a List of Route Targets”...
Page 610 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.11.6.3 Deleting a Route Target To delete a route target, do the following: Make sure the CLI is in Configuration mode. Delete the definition key by typing: no global vrf definition name routing-target [ export | import | both ] community Where: •...
Page 611 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing If no VRF definitions have been configured, add definitions as needed. For more information, refer to Section 13.11.5.2, “Adding a VRF Definition”. Section 13.11.7.2 Adding a VRF Instance and Configuring OSPF To add a VRF instance and configure OSPF, do the following: Make sure the CLI is in Configuration mode.
Page 612 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description The metric type for default route. route-map { route-map } Synopsis: A string The route map name. external { external } Synopsis: A 32-bit unsigned integer between 1 and 255 The administrative distance for external routes.
Page 613 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing NOTE VRF maintains a table listing each interface belonging to each IP/VPN tunnel. CONTENTS • Section 13.11.8.1, “Viewing a List of IP/VPN Tunnels” • Section 13.11.8.2, “Adding an IP/VPN Tunnel”...
Page 614 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.11.8.3 Deleting an IP/VPN Tunnels To delete an IP/VPN tunnel, do the following: Make sure the CLI is in Configuration mode. Delete the address by typing: no routing bgp address-family vpnv4 neighbor address Where: •...
Page 615 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.11.9.2 Adding a Neighbor To add a new VPNv4 neighbor, do the following: Make sure the CLI is in Configuration mode. Add the neighbor by typing: routing bgp address-family vpnv4 neighbor address Where: •...
Page 616 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.11.10.1 Viewing a List of IPv4 Address Families To view a list of IPv4 address families configured for VRF, type: show running-config routing bgp address-family ipv4 vrf If IPv4 address families have been configured, a table or list similar to the following example appears:...
Page 617 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Make sure the CLI is in Configuration mode. Delete the IPv4 address family by typing: no routing bgp address-family ipv4 vrf vrf Where: • vrf is the name of the associated VRF definition Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 618 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide If no redistributions have been configured, add them as needed. For more information, refer to Section 13.11.11.2, “Adding a Redistribution”. Section 13.11.11.2 Adding a Redistribution To add a redistribution for an IPv4 address family, do the following: Make sure the CLI is in Configuration mode.
Page 619 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • Section 13.11.12.2, “Adding a Neighbor” • Section 13.11.12.3, “Configuring the Distribution of Prefix Lists” • Section 13.11.12.4, “Tracking Commands” • Section 13.11.12.5, “Deleting a Neighbor” Section 13.11.12.1 Viewing a List of Neighbors...
Page 620 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Parameter Description send-community { send-community } Synopsis: { standard, extended, both, none } Default: both Identifies the send Community. Default is both. remote-as { remote-as } Synopsis: ...
Page 621 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Where: • vrf is the chosen VRF instance • address is the address of the chosen neighbor • prefix is the chosen BGP prefix list If necessary, configure an event tracker to track network commands. For more information, refer to Section 13.11.12.4, “Tracking...
Page 622 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide • address is the IP address of the neighbor Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 13.11.13 Managing Static VRF Routes Routing information can be shared between routers using dynamic routing data or they can be manually configured.
Page 623 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing routing vrf vrf ipv4 route subnet Where: • vrf is the chosen VRF instance • subnet is the subnet (network/prefix) of the static route If the device has a Layer 3 switch installed, configure the following parameter(s) as required: NOTE Only TCP and UDP traffic flows will be accelerated by the IP/Layer 3 switch fabric.
Page 624 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide no routing vrf vrf ipv4 route subnet Where: • vrf is the chosen VRF instance • subnet is the subnet (network/prefix) of the static route Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 625 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing routing vrf vrf ipv4 route subnet via gateway Where: • vrf is the chosen VRF instance. • subnet is the subnet (network/prefix) of the static route • gateway is the gateway address for the static route...
Page 626 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide show running-config routing vrf vrf ipv4 route dev Where: • vrf is the chosen VRF instance. If gateway addresses have been configured, a table or list similar to the following example appears:...
Page 627 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing • subnet is the subnet (network/prefix) of the static route • interface is the name of the interface for the static route Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 628 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.12.2 Adding an IPv4 Static Route To add an IPv4 static route, do the following: Make sure the CLI is in Configuration mode. IMPORTANT! If the route is to be configured as a black hole route, make sure the subnet matches that of another static route.
Page 629 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Configure the next hop IP address (gateway) or interface. Only one can be configured per static route. For more information, refer to Section 13.12.6.1, “Configuring Gateways for IPv6 Static Routes”...
Page 630 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide In the case of IPv6 static routes, only one gateway can be selected per route. CONTENTS • Section 13.12.6.1, “Configuring Gateways for IPv6 Static Routes” • Section 13.12.6.2, “Viewing a List of Gateways for IPv4 Static Routes”...
Page 631 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.12.6.3 Adding a Gateway for an IPv4 Static Route To add a gateway address for an IPv4 static route, do the following: Make sure the CLI is in Configuration mode.
Page 632 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide • Section 13.12.7.3, “Adding an Interface for an IPv4 Static Route” • Section 13.12.7.4, “Deleting an Interface for an IPv4 Static Route” Section 13.12.7.1 Configuring Interfaces for IPv6 Static Routes To configure an interface for an IPv6 static route, do the following: Make sure the CLI is in Configuration mode.
Page 633 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Add the gateway address by typing: routing ipv4 route subnet dev interface Where: • subnet is the subnet (network/prefix) of the static route • interface is the name of the interface for the static route...
Page 634 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Make sure the CLI is in Configuration mode. Enable static multicast routing by typing: routing multicast static enable Configure the following parameter(s) as required: Parameter Description enabled Enables static multicast routing service Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 635 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.13.2.2 Adding a Static Multicast Group To add a static multicast group, do the following: Make sure the CLI is in Configuration mode. Add the multicast group by typing:...
Page 636 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Section 13.13.3.1 Viewing a List of Out-Interfaces To view a list of out-interfaces, type: show runing-config routing multicast static mcast-group out-interface If out-interfaces have been configured, a table or list similar to the following example appears:...
Page 637 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.14 Managing Dynamic Multicast Routing The PIM-SM feature is used for Dynamic Multicast Routing. PIM-SM stands for Protocol Independent Multicast - Sparse Mode. It is a dynamic multicast routing protocol that can dynamically prune and maintain multicast routes.
Page 638 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide • Section 13.14.9, “Managing Multicast Group Prefixes” Section 13.14.1 PIM-SM Concepts When a PIM router receives a subscription from a host, e.g. Host A, for particular multicast traffic, the directly attached designated router (DR) sends a PIM join message for this multicast group towards the rendezvous point (RP).
Page 639 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing NOTE A default routing protocol with a local address of 169.254.0.1 always appears when the show routing status pim-sm command is run. This internal routing protocol is a placeholder to reserve the source-specific multicast address range.
Page 640 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide If multicast routes have been configured, a table or list similar to the following example appears: ruggedcom# show routing status multicast SOURCE GROUP INTERFACE INTERFACE ------------------------------------------------------ 192.168.11.101 225.0.0.1 switch.0011...
Page 641 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Section 13.14.6 Setting the Device as an RP Candidate To set the device as an RP candidate, do the following: Make sure the CLI is in Configuration mode. Set the device as an RP candidate by typing:...
Page 642 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide ge-sm-1 false switch.0001 true group-prefix PREFIX -------------- 225.0.0.1/32 225.0.0.2/32 If no PIM-SM interfaces have been configured, enable interfaces as needed. For more information about enabling PIM-SM interfaces, refer to Section 13.14.7.2, “Enabling/Disabling a PIM-SM...
Page 643 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing and/or the RP assignment does not change often. It is important though that all static RP addresses be mirrored on all PIM-SM enabled devices in the multicast domain.
Page 644 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Delete the chosen RP address by typing: no routing multicast dynamic pim-sm rp-address static-address Where static-address is the Static RP (Rendezvous Point) address Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 645 RUGGEDCOM ROX II Chapter 13 CLI User Guide Unicast and Multicast Routing Where prefix is the prefix for the multicast group (e.g. 225.1.2.0/24). Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 646 Chapter 13 RUGGEDCOM ROX II Unicast and Multicast Routing CLI User Guide Deleting a Multicast Group Prefix...
Page 647 Chapter 14 CLI User Guide Network Redundancy Network Redundancy This chapter describes protocols and features that allow RUGGEDCOM ROX II to operate with redundancy, protecting the network from crippling service disruptions from single points of failure. CONTENTS • Section 14.1, “Managing VRRP”...
Page 648 Network Redundancy CLI User Guide Section 14.1.1 VRRP Concepts This section describes some of the concepts important to the implementation of the Virtual Router Redundancy Protocol (VRRP) in RUGGEDCOM ROX II. CONTENTS • Section 14.1.1.1, “Static Routing vs. VRRP” • Section 14.1.1.2, “VRRP Terminology”...
Page 649 CLI User Guide Network Redundancy On RUGGEDCOM RX5000/MX5000/MX5000RE devices with RUGGEDCOM ROX II v2.3 or higher installed, if the router with the highest priority is in a fault state, the backup VRRP Router can delay its transition to becoming the Master router.
Page 650 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Two or more VRRP instances can be assigned to be in the same VRRP Group, in which case, they can failover together. An Example of VRRP Groups In the next example, both host 1 and host 2 use a gateway of 192.168.3.10. The external side can access the internal side by gateway 192.168.2.10.
Page 651 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.1.1.3 Connection Synchronization When failover occurs, hosts must typically either reconnect manually to the backup firewall, or wait for the connection to automatically reconnect. This can sometimes take several minutes.
Page 652 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description state Synopsis: A string The VRRP instance state. This parameter is mandatory. priority Synopsis: A string The VRRP instance priority. This parameter is mandatory. time-change Synopsis: A string The time of change to the current state.
Page 653 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy • Section 14.1.4.3, “Deleting a VRRP Tracker” Section 14.1.4.1 Viewing a List of VRRP Trackers To view a list of VRRP trackers, type: show running-config services vrrp trackers If trackers have been configured, a table or list similar to the following example appears:...
Page 654 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description weight { weight } Synopsis: A 32-bit signed integer between -254 and 254 The amount by which to increase or decrease the router's priority. When negative, the priority decreases by this amount when the tracker falls.
Page 655 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy ruggedcom# show running-config services vrrp group services vrrp group group1 If no VRRP groups have been configured, add groups as needed. For more information, refer to Section 14.1.5.2, “Adding a VRRP Group”.
Page 656 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide • Section 14.1.6.3, “Deleting a VRRP Instance” Section 14.1.6.1 Viewing a List of VRRP Instances To view a list of VRRP instances, type: show running-config services vrrp instance If instances have been configured, a table or list similar to the following example appears:...
Page 657 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Parameter Description vrrp-version { vrrp-version } Synopsis: An 8-bit unsigned integer between 2 and 3 Default: 2 Configure VRRP version for this instance. interface { interface } Synopsis: A string The interface that will host the VRIP when the router becomes the VRRP Master.
Page 658 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Section 14.1.6.3 Deleting a VRRP Instance To delete a VRRP instance, do the following: Make sure the CLI is in Configuration mode. Delete the instance by typing: no services vrrp instance name Where: •...
Page 659 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.1.7.2 Adding a VRRP Monitor To add a VRRP monitor, do the following: Make sure the CLI is in Configuration mode. Add the instance by typing: services vrrp instance name monitor interface Where: •...
Page 660 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Section 14.1.8.1 Viewing a List of Track Scripts To view a list of track scripts, type: show running-config services vrrp instance name monitor Where: • name is the name of the VRRP instance...
Page 661 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Delete the track script by typing: no services vrrp instance name track-script tracker Where: • name is the name of the VRRP instance • tracker is the name of the tracker to use to monitor the VRRP instance Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 662 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Add the instance by typing: services vrrp instance name vrip address Where: • name is the name of the VRRP instance • address is the address and subnet Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 663 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy IMPORTANT! Well-formed stateful firewall rules are required. For more information, refer to Section 6.9.1.1, “Stateless vs. Stateful Firewalls”. Configure a firewall with stateful firewall rules to control inbound and outbound traffic. For more information, refer to Section 6.9.3, “Adding a...
Page 664 To add a dedicated link, do the following: Make sure the CLI is in Configuration mode. NOTE RUGGEDCOM ROX II supports up to four dedicated links. Add a dedicated link by typing: services conn-sync dedicated-link name Where name is the name of the dedicated link.
Page 665 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Make sure the CLI is in Configuration mode. Delete the dedicated link by typing: no services conn-sync dedicated-link name Where name is the name of the dedicated link. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 666 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description name Synopsis: A string The conn-sync dedicated link interface name. Synopsis: A string state The conn-sync dedicated link status. role Synopsis: A string The conn-sync dedicated link role.
Page 667 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.2.1 Viewing the Link Failover Log To view the link failover log, do the following: Make sure the CLI is in Configuration mode. Display the log by typing: services link-failover log A table or list similar to the following appears: ruggedcom(config)# services link-failover switch.0001 log...
Page 668 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide show services link-failover status A table or list similar to the following appears: ruggedcom# show services link-failover status MAIN BACKUP MAIN BACKUP LINK LINK PING TIME OF LAST STATE INTERFACE...
Page 669 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy link-failover switch.0001 enabled backup fe-1-1 transfer-default-route backup-gateway 192.168.1.2 backup te1-2-1c01ppp priority second transfer-default-route target 10.10.10.10 If no parameters have been configured, add parameters as needed. For more information, refer to Section 14.2.3.2, “Adding a Link Failover...
Page 670 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description The delay time, in seconds, that the main trunk is down before starting the backup trunk. main-up-timeout { main-up-timeout } Synopsis: A 32-bit signed integer between 0 and 65536 Default: ...
Page 671 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy services link-failover switch.0001 backup fe-1-1 transfer-default-route backup-gateway 192.168.1.2 backup te1-2-1c01ppp priority second transfer-default-route If no backup interfaces have been configured, add backup interfaces as needed. For more information, refer to Section 14.2.4.2, “Adding a Link Failover Backup...
Page 672 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 14.2.4.3 Deleting a Link Failover Backup Interface To delete a link failover backup interface, do the following: Make sure the CLI is in Configuration mode.
Page 673 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy If no ping targets have been configured, add targets as needed. For more information, refer to Section 14.2.5.2, “Adding a Link Failover Ping Target”. Section 14.2.5.2 Adding a Link Failover Ping Target...
Page 674 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide While the test is running, monitor the status of the test to observe the main and backup link status, ping test results, state change, backup state, and backup interface information. As the test progresses, this information changes as link failover switches from the main interface to the backup interface.
Page 675 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy • Section 14.3.8, “Viewing the Status of RSTP” • Section 14.3.9, “Viewing RSTP Per-Port Statistics” • Section 14.3.10, “Clearing Spanning Tree Protocol Statistics” Section 14.3.1 RSTP Operation The IEEE 802.1D Spanning Tree Protocol (STP) was developed to enable the construction of robust networks that incorporate redundancy while pruning the active topology of the network to prevent loops.
Page 676 IMPORTANT! Purely for purposes of management, RUGGEDCOM ROX II introduces two more states: Disabled and Link Down. The Disabled state refers to links for which RSTP has been disabled. The Link Down state refers to links for which RSTP is enabled but are currently down.
Page 677 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.3.1.2 Edge Ports A port may be designated as an Edge Port if it is directly connected to an end station. As such, it cannot create bridging loops in the network and can thus directly transition to forwarding, skipping the listening and learning stages.
Page 678 • When the age exceeds the value of the maximum age parameter the next bridge to receive the message immediately discards it. To achieve extended ring sizes, Siemens's eRSTP™ uses an age increment of ¼ of a second. The value of the maximum bridge diameter is thus four times the configured maximum age parameter.
Page 679 Section 14.3.1.7 Fast Root Failover Siemens’s Fast Root Failover feature is an enhancement to RSTP that may be enabled or disabled. Fast Root Failover improves upon RSTP’s handling of root bridge failures in mesh-connected networks, resulting in slightly increased failover times for some non-root bridge scenarios.
Page 680 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Section 14.3.2 RSTP Applications This section describes various applications of RSTP. CONTENTS • Section 14.3.2.1, “RSTP in Structured Wiring Configurations” • Section 14.3.2.2, “RSTP in Ring Backbone Configurations” • Section 14.3.2.3, “RSTP Port Redundancy”...
Page 681 Enable RSTP Fast Root Failover option. This is a proprietary feature of Siemens. In a mesh network with only RUGGEDCOM devices in the core of the network, it is recommended to enable the RSTP Fast Root Failover option to minimize the network downtime in the event of a Root bridge failure.
Page 682 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Figure 38: Example - Ring Backbone Configuration To design a ring backbone configuration with RSTP, do the following: Select the design parameters for the network. What are the requirements for robustness and network fail-over/recovery times? Typically, ring backbones are chosen to provide cost effective but robust network designs.
Page 683 Disable RSTP Fast Root Failover option. This is a proprietary feature of Siemens. In RUGGEDCOM ROX II, the RSTP Fast Root Failover option is enabled by default. It is recommended to disable this feature when operating in a Ring network.
Page 684 MST region. RUGGEDCOM ROX II supports 16 MSTIs in addition to the IST. Each MSTI has a topology that is independent of others. Data traffic originating from the same source and bound to the same destination, but on different VLANs on different MSTIs, may therefore travel a different path across the network.
Page 685 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy The CST (Common Spanning Tree) spans the entire bridged network, including MST regions and any connected STP or RSTP bridges. An MST region is seen by the CST as an individual bridge, with a single cost associated with its traversal.
Page 686 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Role Description The Master Port, which is unique in an MSTP region, is the CIST Root Port of the CIST Regional Root, and provides the minimum cost path to the CIST Root for all MSTIs.
Page 687 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Compatibility with STP and RSTP No special configuration is required for the bridges of an MST region to connect fully and simply to non-MST bridges on the same bridged network. Careful planning and configuration is, however, recommended to arrive at an optimal network design.
Page 688 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description The version (either only STP or Rapid STP or Multiple STP) of the Spanning Tree Protocol (STP) to support. hello-time { hello-time } Synopsis: A 32-bit unsigned integer between 1 and 10 Default: ...
Page 689 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Parameter Description The Rapid Spanning Tree Protocol (RSTP) standard does not address network security. RSTP must process every received Bridge Protocol Data Unit (BPDU) and take an appropriate action. This opens a way for an attacker to influence RSTP topology by injecting RSTP BPDUs into the network.
Page 690 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Section 14.3.5 Configuring STP for Switched Ethernet Ports and Ethernet Trunk Interfaces To configure the Spanning Tree Protocol (STP) for a switched Ethernet port, do the following: Make sure the CLI is in Configuration mode.
Page 691 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Parameter Description The cost to use in cost calculations, when the cost style parameter is set to STP in the bridge RSTP parameters configuration. Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others.
Page 692 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide ROOT ROOT ROOT TOTAL INSTANCE ROOT BRIDGE PORT PORT PATH STATUS PRIORITY ROOT MAC PRIORITY BRIDGE MAC SLOT PORT COST CHANGES --------------------------------------------------------------------------------------------- none 00:00:00:00:00:00 00:00:00:00:00:00 none 00:00:00:00:00:00 00:00:00:00:00:00 none 00:00:00:00:00:00...
Page 693 Adding a Multiple Spanning Tree Instance To add a Multiple Spanning Tree Instance (MSTI), do the following: NOTE RUGGEDCOM ROX II supports up to 16 MSTIs. Make sure the CLI is in Configuration mode. IMPORTANT! Since each MSTI acts as an independent RSTP instance, its configuration is similar to that of RSTP.
Page 694 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Where: • id is the ID for the Multiple Spanning Tree Instance Configure the following parameter(s) as required: Parameter Description bridge-priority { bridge-priority } Synopsis: { 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 } Default: ...
Page 695 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.3.7.1 Viewing Per-Port Multiple Spanning Tree Instance Statistics To view Multiple Spanning Tree Instance (MSTI) statistics for individual switched Ethernet ports and/or Ethernet trunk interfaces, type: show switch spanning-tree port-msti-id...
Page 696 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description • Backup: The port is attached to a LAN that is serviced by another port on the bridge. It is not used but is standing by. • Alternate: The port is attached to a bridge that provides connectivity to the root bridge. It is not used but is standing by.
Page 697 To add a Multiple Spanning Tree Instance (MSTI) for a switched Ethernet port or an Ethernet trunk interface, do the following: NOTE RUGGEDCOM ROX II supports up to 16 MSTIs per port/interface. Make sure the CLI is in Configuration mode. IMPORTANT! Since each MSTI acts as an independent RSTP instance, its configuration is similar to that of RSTP.
Page 698 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Configure the following parameter(s) as required: Parameter Description mstp-priority { mstp-priority } Synopsis: { 0, 16, 32, 64, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240 } Default: ...
Page 699 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Section 14.3.8 Viewing the Status of RSTP To view the status of the RSTP network, type: show switch spanning-tree rstp-status A list similar to the following appears: ruggedcom# show switch spanning-tree rstp-status...
Page 700 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description regional-root-mac Synopsis: A string 17 characters long The bridge identifier of the Internal Spanning Tree (IST) regional root bridge for the Multiple Spanning Tree (MST) region this device belongs to.
Page 701 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Parameter Description This parameter is mandatory. total-top-changes Synopsis: A 32-bit unsigned integer A count of topology changes in the network, as detected on this bridge through link failures or as signaled from other bridges. Excessively high or rapidly increasing counts signal network problems.
Page 702 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Parameter Description • Backup: The port is attached to a LAN that is serviced by another port on the bridge. It is not used but is standing by. • Alternate: The port is attached to a bridge that provides connectivity to the root bridge. It is not used but is standing by.
Page 703 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Parameter Description tx-tcns Synopsis: A 32-bit unsigned integer The number of configuration messages transmitted from this port. This parameter is mandatory. Section 14.3.10 Clearing Spanning Tree Protocol Statistics To clear all Spanning Tree Protocol statistics, type: switch spanning-tree clear-stp-stats Section 14.4...
Page 704 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide Redundant Network Access (RNA) provides instead hitless network recovery by deploying the Parallel Redundany Protocol (PRP). CONTENTS • Section 14.4.1.1, “Parallel Redundancy Protocol (PRP)” • Section 14.4.1.2, “Supervision Frames” • Section 14.4.1.3, “PRP Requirements”...
Page 705 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy Figure 40: Parallel Redundancy Protocol (PRP) 1. VDAN 2. RedBox (RUGGEDCOM MX5000 or MX5000RE) 3. SAN 4. DAN Section 14.4.1.2 Supervision Frames RedBoxes are required to send supervision frames on behalf of the VDANs they facilitate. For this, there is a separate proxy nodes table that lists the MAC address for each associated VDAN.
Page 706 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide NOTE Setting life-check-interval to 0 will disable the generation of supervision frames. interface switch slot port rna life-check-interval interval Where: • slot is the slot where the chosen PRP module resides.
Page 707 RUGGEDCOM ROX II Chapter 14 CLI User Guide Network Redundancy show interfaces switch rna nodesTable A table similar to the following appears: ruggedcom# show interfaces switch rna nodesTable INTERFACE LRE TIME LRE TIME LRE REM STATS LRE NODES LRE NODES MAC...
Page 708 Chapter 14 RUGGEDCOM ROX II Network Redundancy CLI User Guide A list similar to the following appears: ruggedcom# show interfaces switch lm4 1 rna node count proxy node count 1 device-addr 00:10:94:00:24:01 Port A and Port B Type the following command to view activity on the redundancy network at the physical port level.
Page 709: Network Discovery And Management
Section 15.3, “Managing NETCONF” Section 15.1 Managing LLDP RUGGEDCOM ROX II supports the Link Layer Discovery Protocol (LLDP), a Layer 2 protocol for automated network discovery. LLDP is an IEEE standard protocol (IEEE 802.11AB) that allows a networked device to advertise its own basic networking capabilities and configuration.
Page 710 TTL TLV containing 0 in its information field. CAUTION! Security hazard – risk of unauthorized access and/or exploitation. LLDP is not secure by definition. Avoid enabling LLDP on devices connected to external networks. Siemens recommends using LLDP only in secure environments operating within a security perimeter. NOTE LLDP is implemented to keep a record of only one device per Ethernet port.
Page 711 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Parameter Description The delay in seconds between successive LLDP frame transmissions initiated by the value or status changed. The recommended value is set by the following formula: 1 is less than or equal to txDelay less than or equal to (0.25 * Tx Interval)
Page 712 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide A table or list similar to the following appears: ruggedcom# show switch net-discovery lldp local-system local-system local chassis subtype macAddress local chassis id 00:0a:dc:ff:9a:00 local system name R12.localdomain...
Page 713 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management man address "" man address if id system caps "" system caps enabled "" chassis subtype macAddress port subtype interfaceName man address subtype other man address if subtype unknown...
Page 714 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide Parameter Description port-subtype Synopsis: { interfaceAlias, portComponent, macAddress, networkAddress, interfaceName, agentCircuitId, local } The port subtype information received from a remote Link Layer Discovery Protocol (LLDP) agent.
Page 715 The Simple Network Management Protocol (SNMP) is used by network management systems and the devices they manage. It is used to report alarm conditions and other events that occur on the devices it manages. In addition to SNMPv1 and SNMPv2, RUGGEDCOM ROX II also supports SNMPv3, which offers the following features: •...
Page 716 • Section 15.2.9, “Managing SNMP Group Access” Section 15.2.1 MIB Files and SNMP Traps The current MIB files supported by RUGGEDCOM ROX II can be downloaded from the https://www.siemens.com/ruggedcom. NOTE SNMP traps are not configurable in RUGGEDCOM ROX II. The MIB files support the following SNMP traps:...
Page 717 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Standard Trap and Description coldStart A coldStart trap signifies that the SNMP entity, supporting a notification originator application, is reinitializing itself and that its configuration may have been altered.
Page 718 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide Standard Trap and Description RFC 3895 DS1-MIB ds1LineStatusChange A ds1LineStatusChange trap is sent when the status of a dsx1Line instance changes. The value of the trap is the value of one or more of the following instances: •...
Page 719 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Parameter Description If set, all traffic/traps originating from this device shall use the configured IP Address for the Source IP. auth-failure-trap-notify { auth-failure-trap- Synopsis: { none, snmpv1_trap, snmpv2_trap, snmpv2_inform, snmpv3_trap,...
Page 720 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide Parameter Description This parameter is mandatory. unknown-engine-ids Synopsis: A 32-bit unsigned integer The total number of packets received by the SNMP engine which were dropped because they referenced an snmpEngineID that was not known to the SNMP engine.
Page 721 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Section 15.2.5.1 Viewing a List of SNMP Communities To view a list of SNMP communities configured on the device, type: show running-config admin snmp snmp-community name If communities have been configured, a table or list similar to the following example appears:...
Page 722 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide • name is the name of the community Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 15.2.6 Managing SNMP Target Addresses This section describes how to manage SNMP target addresses.
Page 723 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Parameter Description A descriptive name for the target (ie. 'Corportate NMS'). enabled Synopsis: { true, false } Default: true Enables/disables this specific target. target-address { target-address } Synopsis: ...
Page 724 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide Section 15.2.6.3 Deleting an SNMP Target Address To delete an SNMP target address, do the following: Make sure the CLI is in Configuration mode. Delete the SNMP target address by typing:...
Page 725 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Section 15.2.7.2 Adding an SNMP User To add an SNMP user, do the following: Make sure the CLI is in Configuration mode. Add the SNMP user by typing: admin snmp snmp-user id name Where: •...
Page 726 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide no admin snmp snmp-user id name Where: • id is the ID for the user • name is the name of the user Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 727 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management Add the SNMP security model by typing: admin snmp snmp-security-to-group model name { group | group } Where: • model is the security model. Options include range, v1, v2c and v3.
Page 728 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide GROUP MODEL LEVEL NAME NAME VIEW NAME ------------------------------------------------------------------------ initial noAuthNoPriv all-of-mib all-of-mib all-of-mib initial authNoPriv all-of-mib all-of-mib all-of-mib initial authPriv all-of-mib all-of-mib all-of-mib testgroup noAuthNoPriv all-of-mib all-of-mib all-of-mib...
Page 729 Engineering Task Force (IETF). NETCONF provides functions to download, upload, change, and delete the configuration data on network devices. RUGGEDCOM ROX II devices also support the ability to collect data and perform direct actions on the device, such as rebooting the device, clearing statistics, and restarting services.
Page 730 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide IMPORTANT! Before configuring an idle timeout on a device managed by RUGGEDCOM NMS, make sure NMS is configured to support a timeout period for NETCONF sessions. Navigate to admin » netconf and configure the following parameter(s) as required:...
Page 731 RUGGEDCOM ROX II Chapter 15 CLI User Guide Network Discovery and Management A table or list similar to the following example appears: ruggedcom# show admin netconf netconf statistics in bad hellos in sessions dropped sessions in rpcs in bad rpcs...
Page 732 Chapter 15 RUGGEDCOM ROX II Network Discovery and Management CLI User Guide Viewing NETCONF Statistics...
Page 733: Traffic Control And
Traffic Control and Classification Traffic Control and Classification Use the traffic control and classification subsystems to control the flow of data packets to connected network interfaces. RUGGEDCOM ROX II also features tools for traffic analysis and characterization. CONTENTS • Section 16.1, “Managing Port Mirroring”...
Page 734 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide • Section 16.1.3, “Managing Ingress Source Ports” Section 16.1.1 Configuring Port Mirroring To configure port mirroring, do the following: Make sure the CLI is in Configuration mode. Navigate to switch » port-mirroring.
Page 735 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification If no egress source ports have been configured, add egress source ports as needed. For more information, refer to Section 16.1.2.2, “Adding an Egress Source Port”. Section 16.1.2.2 Adding an Egress Source Port To add an egress source port for port mirroring, do the following: Make sure the CLI is in Configuration mode.
Page 736 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Section 16.1.3.1 Viewing a List of Ingress Source Ports To view a list of ingress source port for port mirroring, type: show running-config switch port-mirroring ingress-src If ingress source ports have been configured, a table or list similar to the following example appears:...
Page 737 Section 6.9, “Managing Firewalls”. RUGGEDCOM ROX II allows up to four different firewall configurations, enabling users to quickly change between configurations. Users can quickly assess different configurations without needing to save and reload any part of the configuration. In contrast, there is only one traffic control configuration.
Page 738 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide • Advanced Mode In advanced mode, each interface to be managed is assigned a total bandwidth for incoming and outgoing traffic. Classes are then defined for each interface, each with its own minimum assured bandwidth and a maximum permitted bandwidth.
Page 739 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Section 16.2.2 Managing Traffic Control Interfaces Traffic control interfaces define interfaces used for traffic shaping, mainly for outbound bandwidth and the outgoing device. NOTE Traffic control interfaces can only be configured in basic mode. For more information about setting the traffic control mode, refer to Section 16.2.1, “Enabling and Configuring Traffic...
Page 740 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Where: • interface is the name of the traffic control interface Configure the following parameter(s) as required: Parameter Description iptype { iptype } Synopsis: { ipv4, ipv6, ipv4ipv6 } Default: ...
Page 741 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Section 16.2.3 Managing Traffic Control Priorities Traffic control priorities define priorities used for traffic shaping. NOTE Traffic control priorities can only be configured in basic mode. For more information about setting the traffic control mode, refer to Section 16.2.1, “Enabling and Configuring Traffic...
Page 742 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Make sure the CLI is in Configuration mode. Add the static MAC address by typing: qos traffic-control basic-configuration tcpriority name Where: • name is the name of the traffic control priority entry...
Page 743 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 16.2.4 Managing Traffic Control Classes Traffic control classes define classes for traffic shaping. Optionally, they can also define parameters for Type of Service (ToS), which is an eight-bit field in the IPv4 header.
Page 744 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Section 16.2.4.2 Adding a Traffic Control Class To add a new traffic control class, do the following: Make sure the CLI is in Configuration mode. Add the static MAC address by typing:...
Page 745 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Parameter Description maxbw-unit { maxbw-unit } Synopsis: { none, kilobits, megabits } Default: none (per second) only if max-bandwidth is a single numerical value priority { priority } Synopsis: ...
Page 746 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Section 16.2.5.1 Viewing a List of Traffic Control Devices To view a list of traffic control devices, type: show running-config qos traffic-control advanced-configuration tcdevices If devices have been configured, a table or list similar to the following example appears:...
Page 747 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Parameter Description Maximum outgoing bandwidth... This is the maximum speed that can be handled. Additional packets will be dropped. This is the bandwidth that can be refrred-to as 'full' when defining classes.
Page 748 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Section 16.2.6.1 Viewing a List of Traffic Control Rules To view a list of traffic control rules, type: show running-config qos traffic-control advanced-configuration tcrules If rules have been configured, a table or list similar to the following example appears:...
Page 749 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Parameter Description This parameter is mandatory. protocol { protocol } Synopsis: { tcp, udp, icmp, all } or a string Default: all The protocol to match.
Page 750 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Configuring a Set Mark Make sure the CLI is in Configuration mode. Select the Set option by typing: qos traffic-control advanced-configuration tcrules name mark-choice set Where: • name is the name of the traffic control rule...
Page 751 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification • name is the name of the traffic control rule Configure the following parameter(s): Parameter Description logic-op { logic-op } Synopsis: { and, or } A logical operation to perform on the current mark: AND/OR.
Page 752 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Parameter Description op-chain { op-chain } Synopsis: { forward, prerouting } Default: forward A chain in which the operation will take place. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 753 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Section 16.2.6.4 Deleting aTraffic Control Rule To delete a traffic control rule, do the following: Make sure the CLI is in Configuration mode. Delete the traffic control rule by typing:...
Page 754 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide • For Virtual Switches show running-config interface virtualswitch id vlan vlan-id qosmap Where: ▫ id is the ID of the virtual switch ▫ vlan-id is the ID given to the VLAN...
Page 755 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Configure the following parameter(s) as required: Parameter Description ingress { ingress } Synopsis: An 8-bit unsigned integer between 0 and 255 Map the ingress to a mark.
Page 756 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Section 16.2.8 Managing Egress Markers for QoS Maps Egress markers for QoS maps are used to assign priority to traffic that shares the same mark as one of the egress marks configured for the device.
Page 757 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification If no egress marks have been configured, add egress marks as needed. For more information, refer to Section 16.2.8.2, “Adding an Egress Mark”. Section 16.2.8.2 Adding an Egress Mark To add an egress mark for a QoS Map, do the following: Make sure the CLI is in Configuration mode.
Page 758 Section 16.2.9 Viewing QoS Statistics RUGGEDCOM ROX II provides statistics for traffic going through each class that has been configured. Packets are assigned to classes on the outbound interface based on rules. If a packet matches the specified criteria, it is considered to be a member of the class and is forwarded to that class.
Page 759 Classes of Service (CoS) provides the ability to expedite the transmission of certain frames and port traffic over others. The CoS of a frame can be set to Normal, Medium, High or Critical. By default, RUGGEDCOM ROX II enforces Normal CoS for all traffic.
Page 760 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide ▫ The Differentiated Services Code Point (DSCP) component of the Type Of Service (TOS) field, if the frame is IP ▫ The default CoS for the port Each frame’s CoS will be determined once the first examined parameter is found in the frame.
Page 761 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Section 16.3.2 Managing Priority-to-CoS Mapping Assigning CoS to different IEEE 802.1p priority values in the frame is done by defining priority-to-CoS mapping table entries. CONTENTS • Section 16.3.2.1, “Viewing a List of Priority-to-CoS Mapping Entries”...
Page 762 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Parameter Description cos { cos } Synopsis: { N/A, normal, medium, high, crit } Default: normal The Class of Service (CoS) assigned to received tagged frames with the specified IEEE 802.1p priority value.
Page 763 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification DSCP -------------- normal high medium normal normal If no entries have been configured, add entries as needed. For more information, refer to Section 16.3.3.2, “Adding a DSCP-to-CoS Mapping Entry”.
Page 764 The flow analyzer queries one or more flow collectors for flow data and then analyzes the data with a focus on intrusion detection and traffic profiling. RUGGEDCOM ROX II acts as a flow exporter, collecting data from ingress (incoming) and/or egress (outgoing) packets and then forwarding them as flow records to one or more collectors.
Page 765 RUGGEDCOM ROX II includes user-configurable timers for inactive and active flows. NOTE RUGGEDCOM ROX II does not retain a record of flows sent. Therefore, any NetFlow packets dropped due to congestion or packet corruption will be lost permanently. Flow Records...
Page 766 Define one or more interfaces from which to monitor traffic. For more information, refer to Section 16.4.7.2, “Adding a NetFlow Interface”. Define one or more NetFlow collectors to which RUGGEDCOM ROX II can send flows. For more information, refer to Section 16.4.8.2, “Adding a NetFlow Collector”.
Page 767 Both durations can be adjusted to reduce or increase either the size of the NetFlow packets and/or the speed at which they are delivered. To control how RUGGEDCOM ROX II manages active and inactive flows, do the following: Make sure the CLI is in Configuration mode.
Page 768 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 16.4.7 Managing NetFlow Interfaces RUGGEDCOM ROX II requires an interface from which to collect NetFlow data, but can be configured to monitor multiple interfaces if needed. Each interface can be configured to monitor packets entering (ingress) and/or exiting (egress).
Page 769 Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 16.4.8 Managing NetFlow Collectors RUGGEDCOM ROX II can be configured to forward flows to up to four NetFlow collectors. CONTENTS • Section 16.4.8.1, “Viewing a List of NetFlow Collectors”...
Page 770 “Adding a NetFlow Collector”. Section 16.4.8.2 Adding a NetFlow Collector To define a NetFlow collector to which RUGGEDCOM ROX II will send flows, do the following: Make sure the CLI is in Configuration mode. Add the collector by typing: NOTE A single server can host multiple NetFlow collectors, each monitoring a specific UDP port.
Page 771 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Section 16.4.8.4 Deleting a NetFlow Collector To delete a NetFlow collector, do the following: Make sure the CLI is in Configuration mode. Delete the collector by typing: NOTE A single server can host multiple NetFlow collectors, each monitoring a specific UDP port. It is important to specify both the IP address and port number when deleting a NetFlow collector.
Page 772 Section 16.4.10 Example: Exporting Flows to Multiple Collectors This example describes how to configure RUGGEDCOM ROX II to forward NetFlow data to two NetFlow collectors. In the following topology, the NetFlow exporter (RUGGEDCOM ROX II) is collecting data on packets traversing two interfaces.
Page 773 RUGGEDCOM ROX II Chapter 16 CLI User Guide Traffic Control and Classification Verify the NetFlow collectors are receiving flows from the device. Final Configuration Example services netflow enabled engine-id 10 timeouts active-timeout 1800 timeouts inactive-timeout 15 collector 172.30.142.124 2 enabled collector 172.30.142.224 1...
Page 774 Chapter 16 RUGGEDCOM ROX II Traffic Control and Classification CLI User Guide Example: Exporting Flows to Multiple Collectors...
Page 775 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Time Services RUGGEDCOM ROX II offers the following time-keeping and time synchronization features: • Local hardware time keeping and time zone management • NTP (Network Time Protocol) client and server CONTENTS •...
Page 776 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide Add restrictions for the remote NTP servers. For more information, refer to Section 17.8.6.2, “Adding a Server Restriction”. 10. Enable and configure the NTP service. For more information, refer to Section 17.5, “Enabling and Configuring the NTP Service”.
Page 777 To enable and configure the NTP service, do the following: Make sure the CLI is in Configuration mode. Navigate to services » ntp and configure the following parameters: NOTE RUGGEDCOM ROX II supports both IPv4 and IPv6 addresses. Parameter Description enabled Synopsis: ...
Page 778 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide ============================================================================== *142.3.100.2 .GPS. 937 1024 38.104 -0.273 0.802 172.30.149.45 .INIT. 16 u - 1024 0.000 0.000 0.000 +206.186.255.226 128.138.140.44 413 1024 58.578 0.143 27.963 x206.186.255.227 CHU_AUDIO(1) 927 1024 58.034 10846.0 30.289...
Page 779 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Tally Code Description This tally code indicates the peer is the system peer, but the synchronization distance is derived from a Pulse- Per-Second (PPS) signal. Section 17.7 Viewing the Status of Reference Clocks...
Page 780 Managing NTP Servers RUGGEDCOM ROX II can periodically refer to a remote NTP server to correct any accumulated drift in the onboard clock. RUGGEDCOM ROX II can also serve time via SNTP (Simple Network Time Protocol) to hosts that request it.
Page 781 Time Services Section 17.8.2 Monitoring Subscribers RUGGEDCOM ROX II monitors the subscriptions of up to 600 hosts (e.g. clients, servers and peers) that are connected to the NTP server. To view the list of subscriber hosts, type: show services ntp status monitor-list...
Page 782 Server Keys”. Add the NTP server by typing: NOTE RUGGEDCOM ROX II supports both IPv4 and IPv6 addresses. services ntp server IP Address Where: • IP Address is the address of the remote NTP server Configure the following parameter(s) as required:...
Page 783 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Section 17.8.4 Deleting an NTP Server To delete an NTP server configured on the device, do the following: Make sure the CLI is in Configuration mode. Delete the NTP server by typing:...
Page 784 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide Section 17.8.5.2 Adding a Server Key To add a server key, do the following: Make sure the CLI is in Configuration mode. Add the key by typing: services ntp key id Where: •...
Page 785 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Section 17.8.6.1 Viewing a List of Server Restrictions To view a list of NTP server restrictions, type: show running-config services ntp restrict If restrictions have been configured, a table or list similar to the following example appears:...
Page 786 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide Parameter Description • noserve: Denies all packets except ntpq(8) and ntpdc(8) queries. • noquery: Denies ntpq(8) and ntpdc(8) queries. • nopeer: Denies packets which result in mobilizing a new association.
Page 787 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Section 17.9.1 Enabling and Configuring NTP Multicast Clients The NTP multicast client enables the NTP server to receive advertisements from other NTP servers. To enable and configure the NTP multicast client, do the following: Make sure the CLI is in Configuration mode.
Page 788 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide • Section 17.9.3.2, “Adding a Broadcast/Multicast Address” • Section 17.9.3.3, “Deleting a Broadcast/Multicast Address” Section 17.9.3.1 Viewing a List of Broadcast/Multicast Addresses To view a list of broadcast/multicast addresses, type: show running-config services ntp broadcast...
Page 789 RUGGEDCOM ROX II Chapter 17 CLI User Guide Time Services Parameter Description key { key } Synopsis: A string Authentication key. Synopsis: A 32-bit signed integer between 1 and 4 ntp-version { ntp-version } The version of the NTP protocol used to communicate with this host. Change this only if it is known that the host requires a version other than 4.
Page 790 Chapter 17 RUGGEDCOM ROX II Time Services CLI User Guide Deleting a Broadcast/Multicast Address...
Page 791 RUGGEDCOM products (e.g. RUGGEDCOM CROSSBOW). They are installed and upgraded the same as the RUGGEDCOM ROX II operating system, in that they are first installed on the inactive partition and are only activated after a reboot. This makes it possible to decline or undo the installation if the application creates undesirable results.
Page 792 • name is the name of the application to uninstall as it appears in the repository configuration. To uninstall more than one application, use a comma separated list. Section 18.5 Managing Application Repositories Before any RUGGEDCOM ROX II application can be installed or upgraded, a connection to its repository on the upgrade server must be configured. CONTENTS •...
Page 793 Section 18.5.4, “Deleting a Repository” Section 18.5.1 Viewing a List of Repositories To view a list of RUGGEDCOM ROX II application repositories, type: show running-config admin software-upgrade apps repository If repositories have been configured, a table or list similar to the following example appears:...
Page 794 Chapter 18 RUGGEDCOM ROX II Applications CLI User Guide Where: • name is the name of the repository as it appears in the application configuration. Consult the release notes for the appplication. Configure the following parameter(s) as required: Parameter Description Synopsis: ...
Page 795 Do not transfer file-based feature keys between devices. Contact a Siemens Canada Ltd sales representative to order a feature key matching the serial numbers of the hardware in the destination device.
Page 796 Chapter 19 RUGGEDCOM ROX II Troubleshooting CLI User Guide Problem Solution A link seems fine when traffic levels are low, A possible cause of intermittent operation is that of a duplex mismatch. If one end of the link but fails as traffic rates increase OR a link can...
Page 797 RUGGEDCOM ROX II Chapter 19 CLI User Guide Troubleshooting Problem Solution Unable to connect or disconnect some IGMP is not broken. This may in fact be proper switch behavior. switch ports, and multicast goes everywhere. When the switch detects a change in the network topology through RSTP, it acts to avoid loss Is IGMP broken? of multicast traffic.
Page 798 Chapter 19 RUGGEDCOM ROX II Troubleshooting CLI User Guide Problem Solution Is it possible that the port has migrated to STP? If the port is connected to the LAN segment by shared media and STP bridges are connected to that media, then convergence after link failure will be slow.

Siemens RUGGEDCOM ROX II User Manual

Table of Contents

3. Navigate to

3 Navigate to

4 Configure the Leased Time Settings by Configuring the Following Parameter(S)

5 Configure the Client Settings by Configuring the Following Parameter(S)

Quick Links

Chapters

Summary of Contents for Siemens RUGGEDCOM ROX II

Page 1: Table Of Contents

Page 3: Cli User Guide

Page 7: Preface

Page 8: Getting Started

Page 11: System Administration

Page 14: Ip Address Assignment

Page 17: Layer 2

Page 19: Serial Server

Page 20: Wireless

Page 24: Unicast And Multicast Routing

Page 32: Network Redundancy

Page 36: Traffic Control And Classification

Page 37: Time Services

Page 38: Applications

Page 53: Using Ruggedcom Rox Ii

Page 290: Navigate To

Page 291: For Ipv6

Page 293: Synopsis: A 32-Bit Unsigned Integer Default

Page 295: Synopsis: A 32-Bit Unsigned Integer Default

Page 709: Network Discovery And Management

Page 733: Traffic Control And

Siemens RUGGEDCOM ROX II User Manual

Table of Contents

3. Navigate to

3 Navigate to

4 Configure the Leased Time Settings by Configuring the Following Parameter(S)

5 Configure the Client Settings by Configuring the Following Parameter(S)

Quick Links

Chapters

Related Manuals for Siemens RUGGEDCOM ROX II

Summary of Contents for Siemens RUGGEDCOM ROX II

Table of Contents