Page 1
Preface Introduction Using RUGGEDCOM ROX II RUGGEDCOM ROX II v2.9 Device Management System Administration Setup and Configuration CLI User Guide Troubleshooting For RX1500, RX1501, RX1510, RX1511, RX1512 01/2016 RC1243-EN-02...
Page 2
Siemens has verified the contents of this document against the hardware and/or software described. However, deviations between the product and the documentation may exist. Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.
1.6 Removable Memory ........................12 Chapter 2 Using RUGGEDCOM ROX II ................2.1 Connecting to RUGGEDCOM ROX II ..................15 2.1.1 Connecting Directly ......................15 2.1.2 Connecting Through the Network ..................17 2.2 Default User Names and Passwords ................... 17 2.3 Logging In ..........................
Page 6
RUGGEDCOM ROX II Table of Contents CLI User Guide 2.6 Using the Command Line Interface ..................... 21 2.6.1 Accessing Different CLI Modes ..................21 2.6.2 Using Command Line Completion ..................22 2.6.3 Displaying Available Commands ..................22 2.6.4 Editing Commands ......................23 2.6.5 Using Output Redirects ....................
Page 7
3.10 Managing the Software Configuration ..................71 3.10.1 Saving the Configuration ....................71 3.10.2 Loading a Configuration ....................71 3.11 Upgrading/Downgrading the RUGGEDCOM ROX II Software ............72 3.11.1 Configuring the Upgrade Source ..................72 3.11.2 Setting Up an Upgrade Server ..................73 3.11.2.1 Configuring the Upgrade Server ................
Page 8
RUGGEDCOM ROX II Table of Contents CLI User Guide 3.12.4 Uninstalling an Application ..................... 79 3.12.5 Managing Application Repositories ................. 80 3.12.5.1 Viewing a List of Repositories ................80 3.12.5.2 Checking the Repository Connection ..............80 3.12.5.3 Adding a Repository .................... 81 3.12.5.4 Deleting a Repository ..................
Page 9
RUGGEDCOM ROX II CLI User Guide Table of Contents 3.19.1 Viewing a List of Serial Ports ..................107 3.19.2 Viewing Serial Port Statistics ..................107 3.19.3 Viewing Transport Connection Statistics ................ 108 3.19.4 Viewing DNP Device Table Statistics ................108 3.19.5 Clearing Serial Port Statistics ..................
Page 10
RUGGEDCOM ROX II Table of Contents CLI User Guide 3.22.4 Viewing the HSPA Network Status for Cellular Modems ..........127 3.22.5 Viewing the CDMA Network Status for Cellular Modems ..........128 3.22.6 Configuring a Cellular Modem Interface ................. 129 3.22.7 Activating a Cellular Modem Account ................130 3.22.7.1 Activating a Cellular Modem Account Over-the-Air ..........
Page 11
RUGGEDCOM ROX II CLI User Guide Table of Contents 3.24.5.2 Viewing a List of Virtual Switch Filters ..............150 3.24.5.3 Adding a Virtual Switch Filter ................150 3.24.5.4 Deleting a Virtual Switch Filter ................151 3.24.6 Managing Filtering Rules ....................151 3.24.6.1 Viewing a List of Rules ..................
Page 12
RUGGEDCOM ROX II Table of Contents CLI User Guide 4.7.1.2 Viewing the Status of a CA Certificate and CRL ............ 166 4.7.1.3 Adding a CA Certificate and CRL ................. 167 4.7.1.4 Deleting a CA Certificate and CRL ............... 168 4.7.2 Managing Private Keys ....................168 4.7.2.1 Viewing a List of Private Keys ................
Page 13
RUGGEDCOM ROX II CLI User Guide Table of Contents Chapter 5 Setup and Configuration .................. 5.1 Configuring a Basic Network ..................... 192 5.1.1 Configuring a Basic IPv4 Network ................... 192 5.1.2 Configuring a Basic IPv6 Network ................... 193 5.2 Configuring ICMP Control ......................193 5.3 Enabling and Configuring CLI Sessions ..................
Page 14
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.11.9.3 Deleting an SNMP Group .................. 215 5.12 Managing Time Synchronization Functions ................216 5.12.1 Configuring the Time Synchronization Settings .............. 217 5.12.2 Configuring the System Time and Date ................. 217 5.12.3 Configuring the System Time Zone ................
Page 15
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.14.3 Adding DHCP Client Ports .................... 236 5.14.4 Deleting a DHCP Client Port ..................236 5.15 Managing the DHCP Server ....................236 5.15.1 Configuring the DHCP Server ..................237 5.15.2 Enabling/Disabling the DHCP Server ................237 5.15.3 Enabling/Disabling the DHCP Relay Support ..............
Page 16
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.15.11.2 Adding a Host Group ..................254 5.15.11.3 Configuring Host Group Options ............... 254 5.15.11.4 Configuring a Host Group Client ............... 255 5.15.11.5 Deleting a Host Group ..................256 5.15.12 Managing Custom Host Group Client Configurations ............ 256 5.15.12.1 Viewing a List of Custom Host Group Client Configurations ........
Page 17
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.17.1.5 Protecting Against a SYN Flood Attack ............... 270 5.17.2 Viewing a List of Firewalls .................... 271 5.17.3 Adding a Firewall ......................271 5.17.4 Deleting a Firewall ....................... 272 5.17.5 Working with Multiple Firewall Configurations ..............272 5.17.6 Configuring the Firewall for a VPN ................
Page 18
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.17.14.5 Deleting Rules ....................293 5.17.15 Validating a Firewall Configuration ................293 5.17.16 Enabling/Disabling a Firewall ..................293 5.18 Managing IS-IS ........................294 5.18.1 IS-IS Concepts ......................294 5.18.1.1 IS-IS Routers ....................295 5.18.1.2 Network Entity Title (NET) Addresses ..............
Page 19
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.18.12.2 Adding a Redistribution Metric ................312 5.18.12.3 Deleting a Redistribution Metric ................ 313 5.19 Managing BGP ........................313 5.19.1 Configuring BGP ......................314 5.19.2 Viewing the Status of Dynamic BGP Routes ..............315 5.19.3 Managing Route Maps ....................
Page 20
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.19.7.5 Deleting a Neighbor ..................332 5.19.8 Managing Networks ..................... 332 5.19.8.1 Viewing a List of Networks ................. 333 5.19.8.2 Adding a Network ..................... 333 5.19.8.3 Tracking Commands for a BGP Network ............. 334 5.19.8.4 Deleting a Network ....................
Page 21
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.20.7.1 Viewing a List of Neighbors ................348 5.20.7.2 Adding a Neighbor .................... 348 5.20.7.3 Deleting a Neighbor ..................349 5.20.8 Managing the Prefix List Distribution ................349 5.20.8.1 Viewing a List of Prefix List Distribution Paths ............. 349 5.20.8.2 Adding a Prefix List Distribution Path ..............
Page 22
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.21.6.4 Adding a Route Map Filter Entry ................ 369 5.21.6.5 Deleting a Route Map Filter ................370 5.21.6.6 Deleting a Route Map Filter Entry ..............370 5.21.6.7 Configuring Match Rules ................... 371 5.21.7 Managing Incoming Route Filters ..................
Page 23
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.22.8.2 Adding an IP/VPN Tunnel .................. 390 5.22.8.3 Deleting an IP/VPN Tunnels ................390 5.22.9 Managing VPNv4 Neighbors ..................391 5.22.9.1 Viewing a List of Neighbors ................391 5.22.9.2 Adding a Neighbor .................... 391 5.22.9.3 Deleting a Neighbor ..................
Page 24
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.23.6.1 Configuring Gateways for IPv6 Static Routes ............406 5.23.6.2 Viewing a List of Gateways for IPv4 Static Routes ..........406 5.23.6.3 Adding a Gateway for an IPv4 Static Route ............407 5.23.6.4 Deleting a Gateway for an IPv4 Static Route ............
Page 25
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.26.3.4 Deleting a Router Port ..................428 5.26.4 Managing the Static Multicast Group Table ..............428 5.26.4.1 Viewing a List of Static Multicast Group Entries ........... 429 5.26.4.2 Adding a Static Multicast Group Entry ..............429 5.26.4.3 Deleting a Static Multicast Group Entry ...............
Page 26
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.27.9.3 Deleting a Virtual IP Address ................447 5.28 Managing Link Failover Protection ................... 447 5.28.1 Viewing the Link Failover Log ..................448 5.28.2 Viewing the Link Failover Status ................... 449 5.28.3 Managing Link Failover Parameters ................
Page 27
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.29.7.1 Viewing a List of IKE Algorithms ................ 467 5.29.7.2 Adding an IKE Algorithm ................... 468 5.29.7.3 Deleting an IKE Algorithm .................. 468 5.29.8 Managing the Encapsulated Security Payload (ESP) Protocol ......... 468 5.29.8.1 Configuring ESP Encryption ................
Page 28
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.31.8.1 Viewing a List of IP Addresses ................488 5.31.8.2 Adding an IP Address ..................488 5.31.8.3 Deleting an IP Address ..................488 5.31.9 Managing Remote Daemon Egress Interfaces for Generic Tunnels ........489 5.31.9.1 Viewing a List of Egress Interfaces ..............
Page 29
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.34.3.1 Viewing a List of DSCP-to-CoS Mapping Entries ..........508 5.34.3.2 Adding a DSCP-to-CoS Mapping Entry ............... 508 5.34.3.3 Deleting a DSCP-to-CoS Mapping Entry ............. 508 5.35 Managing MAC Addresses ...................... 509 5.35.1 Viewing a Dynamic List of MAC Addresses ..............
Page 30
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.36.7.4 Deleting a Port-Specific Multiple Spanning Tree Instances ........537 5.36.8 Viewing the Status of RSTP ..................538 5.36.9 Viewing RSTP Per-Port Statistics .................. 539 5.36.10 Clearing Spanning Tree Protocol Statistics ..............541 5.37 Managing VLANs ........................
Page 31
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.37.8.5 Deleting a VLAN for a Routable Ethernet Port ............. 559 5.37.8.6 Deleting a VLAN for a T1/E1 Line ..............560 5.38 Managing Network Discovery and LLDP .................. 560 5.38.1 Configuring LLDP ......................561 5.38.2 Viewing Global Statistics and Advertised System Information ..........
Page 32
RUGGEDCOM ROX II Table of Contents CLI User Guide 5.40.1 Configuring Costing for Routable Interfaces ..............591 5.40.2 Viewing Statistics for Routable Interfaces ..............591 5.40.3 Managing IPv4 Addresses .................... 592 5.40.3.1 Viewing a List of IPv4 Addresses ............... 592 5.40.3.2 Adding an IPv4 Address ..................
Page 33
RUGGEDCOM ROX II CLI User Guide Table of Contents 5.41.7.8 Viewing a List of LDP Interfaces ................ 612 5.41.7.9 Enabling/Disabling an LDP Interface ..............612 5.42 Managing the RUGGEDCOM CROSSBOW Application ............613 5.42.1 Enabling/Disabling CROSSBOW ................... 613 5.42.2 Configuring the Client Connection ................. 613 5.42.3 Configuring the SAC Connection ..................
Page 34
RUGGEDCOM ROX II Table of Contents CLI User Guide xxxiv...
CLI User Guide Preface Preface This guide describes the CLI user interface for RUGGEDCOM ROX II v2.9 running on the RUGGEDCOM RX1500/RX1501/RX1510/RX1511/RX1512. It contains instructions and guidelines on how to use the software, as well as some general theory. It is intended for use by network technical support personnel who are familiar with the operation of networks. It is also recommended for use by network and system planners, system programmers, and line technicians.
• RUGGEDCOM RX1500 Data Sheet System Requirements Each workstation used to connect to the RUGGEDCOM ROX II Rugged CLI interface must meet the following system requirements: • Must have a working Ethernet interface compatible with at least one of the port types on the RUGGEDCOM RX1500 •...
Siemens sales representative. Customer Support Customer support is available 24 hours, 7 days a week for all Siemens customers. For technical support or general information, contact Siemens Customer Support through any of the following methods: Online Visit http://www.siemens.com/automation/support-request...
Introduction Introduction Welcome to the RUGGEDCOM ROX II (Rugged Operating System on Linux®) v2.9 CLI User Guide for the RUGGEDCOM RX1500/RX1501/RX1510/RX1511/RX1512. This document details how to configure the RX1500 via the RUGGEDCOM ROX II Command Line Interface (CLI). RUGGEDCOM ROX II also features a Web interface, which is described in a separate CLI User Guide.
Ethernet frames. Switches can introduce latency in times of heavy network traffic due to the internal queues that buffer frames and then transmit on a first come first serve basis. RUGGEDCOM ROX II supports Class of Service, which allows time critical traffic to jump to the front of the queue, thus minimizing latency and reducing jitter to allow such demanding applications to operate correctly.
Page 41
• Port Mirroring RUGGEDCOM ROX II can be configured to duplicate all traffic on one port to a designated mirror port. When combined with a network analyzer, this can be a powerful troubleshooting tool. • Port Configuration and Status RUGGEDCOM ROX II allows individual ports to be hard configured for speed, duplex, auto-negotiation, flow control and more.
Page 42
• Brute Force Attack Prevention Protection against Brute Force Attacks (BFAs) is standard in RUGGEDCOM ROX II. If an external host fails to log in to the CLI, NETCONF or Web interfaces after a fixed number of attempts, the host's IP address will be blocked for a period of time.
Section 1.2 Feature Keys Feature keys add features to an existing installation of RUGGEDCOM ROX II. They can be purchased and installed at any time. Three feature keys are currently available: L2STD, L3STD and L3SEC. By default, each new RX1500/RX1501/ RX1510/RX1511/RX1512 is ordered with a base feature key, which is permanently installed on the device.
Accessibility hazard – risk of data loss. Do not misplace the passwords for the device. If both the maintenance and boot passwords are misplaced, the device must be returned to Siemens Canada Ltd. for repair. This service is not covered under warranty. Depending on the action that must be taken to regain access to the device, data may be lost.
Page 45
▪ Make sure the default community strings are changed to unique values. • When using RUGGEDCOM ROX II as a client to securely connect to a server (such as, in the case of a secure upgrade or a secure syslog transfer), make sure the server side is configured with strong ciphers and protocols.
Page 46
• Use the latest Web browser version compatible with RUGGEDCOM ROX II to make sure the most secure Transport Layer Security (TLS) versions and ciphers available are employed. Additionally, 1/n-1 record splitting...
RUGGEDCOM ROX II Chapter 1 CLI User Guide Introduction Section 1.4 Available Services by Port The following table lists the services available by the device, including the following information: • Services The service supported by the device • Port Number The port number associated with the service •...
Chapter 1 RUGGEDCOM ROX II Introduction CLI User Guide Section 1.5 User Permissions The following table lists the operation, configuration, and action commands permitted to the administrator, operator, and guest users. Types of user access: • Create (C) - can create and remove optional parameters •...
Page 51
• Upgrade/Downgrade Firmware – Use the USB Mass Storage device as a portable repository for new or legacy versions of the RUGGEDCOM ROX II firmware. • Backup Files – Configure RUGGEDCOM ROX II to backup important information to the USB Mass Storage device, such as rollbacks, log files, feature keys and configuration files.
Page 52
RUGGEDCOM ROX II Chapter 1 CLI User Guide Introduction Removable Memory...
Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Using RUGGEDCOM ROX II This chapter describes how to use the RUGGEDCOM ROX II interface. It describes the following tasks: • Section 2.1, “Connecting to RUGGEDCOM ROX II” • Section 2.2, “Default User Names and Passwords”...
Page 54
• Disable hardware and software flow control Establish a connection to the device and press any key. The login prompt appears. Log in to RUGGEDCOM ROX II. For more information about logging in to RUGGEDCOM ROX II, refer to Section 2.3, “Logging In”.
Launch the SSH client on the computer and connect to admin@{ipaddress}, where {ipaddress} is the IP address for the MGMT port. The login prompt appears: Using username "admin". admin@192.168.0.2's password: Log in to RUGGEDCOM ROX II. For more information about logging in to RUGGEDCOM ROX II, refer to Section 2.3, “Logging In”. Section 2.1.2...
Passwords”. IMPORTANT! RUGGEDCOM ROX II features a Brute Force Attack (BFA) protection system to detect potentially malicious attempts to access the device. When enabled, the protection system will block an IP address after 15 failed login attempts over a 10 minute period. The IP address will be blocked for 720 seconds or 12 minutes the first time.
To log out of the device, type exit at the root level. ruggedcom# exit Section 2.5 Using Network Utilities The following sections describe how to use the built-in RUGGEDCOM ROX II network utilities: • Section 2.5.1, “Pinging a Host” • Section 2.5.2, “Dumping Raw Data to a Terminal or File”...
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Section 2.5.2 Dumping Raw Data to a Terminal or File Tcpdump is a packet analyzer for TCP/IP and other packets. It can be used to dump raw data to a terminal or file.
Section 2.6.9, “Common Commands” Section 2.6.1 Accessing Different CLI Modes RUGGEDCOM ROX II provides commands for monitoring and configuring software, hardware and network connectivity. The Command Line Interface (CLI) supports the following modes: Tracing the Route of an IPv4 Address Using MPLS...
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Mode Description Operational Mode Operational mode is the default mode after a user logs in to the device. It allows users to perform general device management actions and provides troubleshooting and maintenance utilities. It is used for viewing the system status, controlling the CLI environment, monitoring and troubleshooting network connectivity, and launching the Configuration mode.
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II ruggedcom# ? Possible completions: admin Configures the general device characteristics autowizard Automatically query for mandatory elements clear Clear parameter commit Confirm a pending commit compare Compare running configuration to another configuration or a file...
Page 62
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Inserting Recently Deleted Text Command Description Ctrl+y Inserts the most recently deleted text at the cursor's location Displaying Previously Entered Commands Command Description Ctrl+p or Up Arrow Shows the previous command in the command history...
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Section 2.6.5 Using Output Redirects Information returned from a CLI term can be processed in various ways using an output redirect term. To specify an output redirect, type | after the CLI term and then type the redirect term. To display the available redirects, type | ? after a CLI term.
Page 64
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description begin Begins the output with the line containing the specified text. Regular expressions can be used with this redirect. For more information about regular expressions, refer to Section 2.6.6, “Using Regular...
Page 65
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description gmtime "Tue Feb 15 08:37:42 2011\n" localtime "Tue Feb 15 03:37:42 2011\n" software-upgrade more Paginates the output. When the output reaches the screen-length setting, the CLI prompts you to press a key for more. Press Enter to advance line-by-line;...
Section 2.6.6 Using Regular Expressions RUGGEDCOM ROX II command line regular expressions are a subset of the regular expressions found in egrep and in the AWK programming language. Regular expressions can be used along with several of the output redirects. For more information about using output redirects, refer to Section 2.6.5, “Using Output...
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Character Description Example • Each AS set delimiter (e.g. { and }) • Each AS confederation delimiter (e.g. ( and )) • The beginning and end of the line Therefore, the underscore can be used to match AS values.
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide In this example, a command is issued to ports 1, 2 and 4 on LM1, LM2 and LM4: ruggedcom(config)# interface switch lm1-2,4 1-2,4 When available, the range parameter can be included before the value range: ruggedcom(config)# interface switch range lm1-3 1-6 Section 2.6.9...
Page 69
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description Shows selected configuration information. Use auto completion to show [ admin | chassis | interface | interfaces | display the list of options available at each configuration level. For...
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description auto completion to see a list of configuration options. Use | and one or more output redirects to restrict the information to be shown. Section 2.6.9.2 File Commands Operational mode provides commands for managing log, configuration and feature key files on the device.
Page 71
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description Copies a configuration file. After typing the command, press Tab to file copy-config current-filename new-filename view a list of available files. For example, the following command...
Page 72
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description • current-filename is the current filename of the configuration file. • new-filename is the new filename for the configuration file. To use the current filename, specify the current filename or exclude this parameter from the command.
Page 73
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description • host is the host name or IP address of the remote computer. • path path is the path to the feature key file on the remote computer.
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description • user is a user name with access rights to the remote computer. • host is the host name or IP address of the remote computer.
Boots to a previous software release on the alternate partition. admin software-upgrade rollback-reboot maint-login CAUTION! Configuration hazard – risk of data loss/corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens Canada Ltd. technicians. Maintenance mode is provided for Administration Commands...
Page 76
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description troubleshooting purposes and all possible commands are not documented. Misuse of maintenance mode commands can corrupt the operational state of the device and render the device inaccessible.
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Section 2.6.9.5 Configuration Mode General Commands Configuration mode provides a set of general commands that allow users to work with configuration data. Parameter Description Exits the configuration session without saving changes.
Page 78
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide Parameter Description Copies a configured element to a new element. For example, the copy following command copies the userid admin to the new userid wsmith: ruggedcom(config)# copy admin users userid admin...
Page 79
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II Parameter Description Moves an existing IPv4 address to a new position in the list move [ after | before | first | last | ipv4 ] of addresses. The address can be moved to the first or last (default) position in the list, or before or after another address.
Page 80
Validates the current configuration. validate Runs the rox_flash or rox_upgrade wizards. For more information, wizard [ rox_flash | rox_upgrade ] refer to Section 3.11.5.2, “Downgrading Using ROXflash” Section 3.11.3, “Upgrading the RUGGEDCOM ROX II Software”. Configuration Mode General Commands...
Section 2.8 Accessing Different Modes Aside from normal mode, there are three additional modes within RUGGEDCOM ROX II that offer various controls over the operating system. The following sections describe how to access the different modes within RUGGEDCOM ROX II: •...
Accessing BIST Mode BIST (Built-In-Self-Test) mode is used by RUGGEDCOM ROX II to test and configure internal functions of the device. The method for accessing BIST is different if a new software image has been flashed onto the flash card.
Page 83
RUGGEDCOM ROX II Chapter 2 CLI User Guide Using RUGGEDCOM ROX II 'l' List the available boot targets 'c' Exit to the boot loader command line Will reboot after 60 seconds of inactivity NOTE In the example above, the text Auto booting [4-0] indicates the active partition is Boot Partition 4.
Changes made to the configuration in this mode will override the current configuration settings (e.g. IP addresses, VLAN settings, etc.), but are discarded following a system reboot. Connect to RUGGEDCOM ROX II through the RS-232 console connection and a terminal application. For more information, refer to Section 2.1.1, “Connecting...
To access maintenance mode, do the following: CAUTION! Configuration hazard – risk of data corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens Canada Ltd. technicians. As such, this mode is not fully Accessing Maintenance Mode...
Page 86
Chapter 2 RUGGEDCOM ROX II Using RUGGEDCOM ROX II CLI User Guide documented. Misuse of the commands available in this mode can corrupt the operational state of the device and render it inaccessible. IMPORTANT! Changes made to the configuration in this mode will override the current configuration settings (e.g. IP addresses, VLAN settings, etc.), but are discarded following a system reboot.
Section 3.1 Determining the Product Version During troubleshooting or when ordering new devices, Siemens Canada Ltd. personnel may request specific information about the device, such as the model, order code or serial number. To display general information about the product, type:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide --------------------------------------------------------------------------------- main RX1501 8 Gigabit Layer 3 w/ 6 LM slots and 1 PM slots 2010.09RR12 14-23 This table or list provides the following information: Parameter Description slot Synopsis: { ---, pm1, pm2, main, sm, lm1, lm2, lm3, lm4, lm5, lm6, swport, eth, serport, celport, cm, em, trnk } The slot name, as marked on the silkscreen across the top of the chassis.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description The %usage of the current partition. Section 3.2.4 Viewing CPU/RAM Utilization To view the CPU/RAM utilization statistics for each module installed in the device, type: show chassis cpu slot-cpu...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management This table or list provides the following information: Parameter Description slot Synopsis: { ---, pm1, pm2, main, sm, lm1, lm2, lm3, lm4, lm5, lm6, swport, eth, serport, celport, cm, em, trnk } The slot name, as marked on the silkscreen across the top of the chassis.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.3 Viewing the Parts List To view a list of parts installed in the device, type: show running-config chassis part-list If jobs have been configured, a table or list similar to the following example appears:...
This includes removing any sensitive, proprietary information. To decommission the device, do the following: Obtain a copy of the RUGGEDCOM ROX II firmware currently installed on the device. For more information, contact Siemens Customer Support.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Log in to RUGGEDCOM ROX II. For more information, refer to Section 2.3, “Logging In”. Flash the RUGGEDCOM ROX II firmware obtained in Step 1 to the inactive partition and reboot the device.
Section 3.9 Managing Logs RUGGEDCOM ROX II maintains various logs to record information about important events. Each log falls into one of the following log types: Security Event Logs Information related to the following security events are logged by RUGGEDCOM ROX II: NOTE Passwords can be retried up to 3 times before the login attempt is considered a security event.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide All log files are organized in the log directory (/var/log) according to the facility and priority at which they have been logged. Remote Syslog sends the requested logs to the remote server(s) at whichever facility and priority they were initially logged, after filtering the logs based on the selectors configured for the server.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.9.2 Deleting Logs To delete all logs stored on the device, type: admin delete-logs Section 3.9.3 Configuring a Source IP Address for Remote Syslog Messages IP packets for remote syslog messages include a destination IP address and a source IP address. The source IP address is the interface from which the message is sent (e.g.
CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. The following sections describe how to configure and manage diagnostic logs: •...
CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. To enable or disable the SNMP log, do the following: Make sure the CLI is in Configuration mode.
CAUTION! Configuration hazard – risk of reduced performance. Enabling diagnostic logging will significantly affect the performance of RUGGEDCOM ROX II. Only enable diagnostic logging when directed by Siemens. To enable or disable the XPATH Trace log, do the following: Make sure the CLI is in Configuration mode.
Secure remote syslog encrypts all system logs sent to syslog servers using an Secure Sockets Layer (SSL) certificate signed by a Certified Authority (CA). IMPORTANT! The client (RUGGEDCOM ROX II) and server certificates must by signed by the same CA. The following sections describe how to enable and configure secure remote syslog: •...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide [Optional] Define one or more match patterns or permitted peers. Permitted peers compare the server's host name to the common name defined in the SSL certificate. For more information, refer to Section 3.9.5.3,...
Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 3.9.6 Managing Remote Syslog Servers RUGGEDCOM ROX II can support up to 6 event message collectors, or remote Syslog servers. Remote Syslog provides the ability to configure: • IP address(es) of collector(s) •...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide admin logging server address Where: • address is the IP address of the remote server Configure the following parameter(s) as required: Parameter Description enabled Synopsis: typeless Enables/disables the feed to the remote logging server.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.9.7.1 Viewing a List of Remote Server Selectors To view a list of remote server selectors, type: show running-config admin logging server address selector Where: • address is the IP address of the remote server.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description comparison { comparison } Synopsis: { same_or_higher, same } Default: same_or_higher The message severity levels to include in the log: <itemizedlist><listitem><emphasis role="bold">same:</ emphasis> includes only messages of the severity level selected in the <emphasis>Level</emphasis>...
Device Management Section 3.10 Managing the Software Configuration Configuration parameters for RUGGEDCOM ROX II can be saved on the device and loaded in the future. The following sections describe how to save and load the RUGGEDCOM ROX II software configuration: •...
Section 3.11.1 Configuring the Upgrade Source Firmware for upgrading or downgrading RUGGEDCOM ROX II can be uploaded from either an upgrade server or a portable USB Mass Storage drive. For information about setting up an upgrade server, refer to Section 3.11.2, “Setting Up an Upgrade...
Section 3.11.2.2, “Adding Software Releases to the Upgrade Server” Section 3.11.2.1 Configuring the Upgrade Server For RUGGEDCOM ROX II to properly retrieve files from an upgrade server, the following must be configured on the server: • MIME Types The following MIME types must be defined for the chosen upgrade server (e.g. Microsoft IIS Manager, Apache HTTP Server, Lighttpd, etc.) for RUGGEDCOM ROX II to properly retrieve files from the server:...
Double escaping allows special double encoded characters, such as +, % and &, in a URI. As some files in RUGGEDCOM ROX II upgrade/downgrade packages may contain a + sign in their file names, double escaping must be enabled for the upgrade server. If double escaping is not enabled, some files will be un-retrievable and the upgrade will fail.
Page 113
To upgrade the RUGGEDCOM ROX II software, do the following: If the source of the software is a USB Mass Storage drive, insert the drive in the USB port on the device. For more information, refer to the RUGGEDCOM RX1500/RX1501/RX1510/RX1511/RX1512 Installation Guide.
Section 3.11.5.2, “Downgrading Using ROXflash” Section 3.11.5.1 Rolling Back a Software Upgrade To activate a previous version of the RUGGEDCOM ROX II software stored on the inactive partition, do the following: Make sure the CLI is in Configuration mode. Stopping/Declining a Software Upgrade...
Section 3.11.5.2 Downgrading Using ROXflash ROXflash is used to flash any previous version of a RUGGEDCOM ROX II software image to the inactive partition. To obtain a RUGGEDCOM ROX II software image, contact Siemens Customer Support. After a successful software downgrade and reboot, the downgraded partition is activated.
ROX products (e.g. RUGGEDCOM CROSSBOW, RUGGEDCOM ELAN, etc.). They are installed and upgraded the same as the RUGGEDCOM ROX II operating system, in that they are first installed on the inactive partition and are only activated after a reboot. This makes it possible to decline or undo the installation if the application creates undesirable results.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.12.2 Installing an Application To install an application, do the following: Make sure the CLI is in Configuration mode. Make sure a repository for the application has been configured before installing the application. For more information, refer to Section 3.12.5.3, “Adding a...
CLI User Guide Section 3.12.5 Managing Application Repositories Before any RUGGEDCOM ROX II application can be installed or upgraded, a connection to its repository on the upgrade server must be configured. NOTE Multiple applications can be installed or upgraded at the same time. Therefore, multiple repositories may be configured.
Managing Feature Keys RUGGEDCOM ROX II can be enhanced with additional features at any time by adding feature levels. Feature levels are encoded in feature keys that can be loaded on a device. At the time of ordering, a device feature key...
Mass Storage drive, and can be moved from device to device. NOTE Some RUGGEDCOM ROX II features are only available through the purchase of feature levels. For more information about the available feature levels, refer to the product data sheet for the device available at www.siemens.com/ruggedcom...
Section 3.13.2 Installing Feature Keys When installing a new feature key, RUGGEDCOM ROX II evaluates the new file-based feature key and the device feature key and enables the most capable feature level described by the keys. Feature keys can be installed from a host computer or USB Mass Storage drive.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide • path is the directory path to the feature key file on the USB Mass Storage drive. • current-filename is the current name of the feature key file. • new-filename is the new name of the feature key file on the device. This parameter is optional. The current filename will be used if a new filename is not provided.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.14.2 Adding a Fixed Module Configuration To add a configuration for a fixed module, do the following: Make sure the CLI is in Configuration mode. Add the module by typing:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.15.1 Removing a Line Module To remove a line module from the chassis, do the following: Shut down the device. The device will shutdown for a period of time before rebooting and restarting. The default time-out period is 300 seconds (five minutes).
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management SLOT MODULE TYPE ENABLED BYPASS ------------------------------------------------------------------- SM 88 Gigabit Layer 3 w/ 2x 10G SFP+ slots 4x 10/100/1000TX RJ45 none none 16x 10/100TX RJ45 16x 10/100TX RJ45 16x 10/100TX RJ45 If no line modules have been configured, install line module as needed.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide NOTE An M12 line module with bypass control is required for this feature. To enable or disable controlled bypass for M12 line modules, do the following: Log in to the defective router.
Section 3.16.3, “Adding an Event Tracker”. Section 3.16.2 Viewing Event Tracker Statistics RUGGEDCOM ROX II records statistics for each event tracker. To view the statistics for an event tracker, type: show global tracking event statistics A list similar to the following example appears:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description min-rtt Synopsis: A string The minimum of the round trip time (in milliseconds). average-rtt Synopsis: A string The average of the round trip time (in milliseconds). Synopsis: A string max-rtt The maximum of the round trip time (in milliseconds).
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 3.16.4 Deleting an Event Tracker To delete an event tracker, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide no ingress-limit no egress-limit port-security no shutdown-time no admin-shutdown dot1x no reauth-enable lldp no notify mcast-filtering no gmrp no inspect-tos vlan pvid 1 no gvrp-mode spanning-tree no restricted-role no restricted-tcn Section 3.17.2...
Page 131
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management NOTE Switched Ethernet ports in dedicated routing port mode cannot be trunk ports. NOTE The configuration for a switched Ethernet port in switchport mode can be restored when it is removed from a trunk.
Page 132
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description proxyarp Synopsis: typeless Enables/Disables whether the VLAN will respond to ARP requests for hosts other than itself mtu { mtu } Synopsis: An integer between 68 and 1500...
Page 133
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description Disabling notifications will prevent sending notifications and generating alarms for a particular interface from the LLDP agent. NOTE Multicast filtering, CoS and VLAN parameters are only available when the port is in switchport mode.
MAC address. Access is granted if the MAC address appears on the Static MAC Address table. NOTE RUGGEDCOM ROX II only supports the authentication of one host per port that has the port security mode set to 802.1x or 802.1x/MAC-Auth.
Page 135
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management IMPORTANT! Do not apply port security on core switch connections. Port security is applied at the end of the network to restrict admission to specific devices. To configure port security for a switched Ethernet port, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description reauth-period { reauth-period } Synopsis: An integer between 60 and 86400 Default: 3600 The time between successive reauthentications of the supplicant. reauth-max { reauth-max } Synopsis: An integer between 1 and 10...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description in-octets The number of octets in received good packets. (Unicast+Multicast +Broadcast) and dropped packets. out-octets The number of octets in transmitted good packets. in-pkts The number of received good packets (Unicast+Multicast +Broadcast) and dropped packets.
Page 138
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description dropped packets. in-pkts The number of received good packets (Unicast+Multicast +Broadcast) and dropped packets. in-bcast-pkts The number of good broadcast packets received. in-mcast-pkts The number of good multicast packets received.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description 1. The packet data length is greater that 1536 octets. 2. The packet has invalid CRC. collisions The number of received packets for which a Collision Event has been detected.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.17.7 Resetting a Switched Ethernet Port To reset a switched Ethernet port, type: interfaces switch slot port reset-port Where: • slot is the name of the module location • port is the port number (or a list of ports, if aggregated in a port trunk) for the module Section 3.17.8...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Enter the calibration value and run the cable diagnostic test a few more times. The distance to the OPEN fault should now be similar to the cable length. Use the distance value to determine the calibration value.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description fail-count Failure Count Section 3.17.8.3 Clearing Cable Diagnostic Statistics The following describes how to clear the statistics collected when cable diagnostic tests are performed. All of the statistics or only those for a specific switchport can be cleared.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management no on-demand no alias lldp no notify Section 3.18.2 Configuring a Routable Ethernet Port To configure a routable Ethernet port, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description Enables/Disables whether the port will respond to ARP requests for hosts other than itself. on-demand Synopsis: typeless This interface is up or down on demand of link fail over.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.19.1 Viewing a List of Serial Ports To view a list of serial ports configured on the device, type: show running-config interface serial A table or list similar to the following example appears:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description rx-chars The number of bytes received by the serial port. rx-packets The number of packets received by the serial port. packet-errors The number of packet errors on this serial port.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management show interfaces serial dnp-device-table A table or list similar to the following appears: ruggedcom# show interfaces serial dnp-device-table | tab DEVICE SERIAL ADDRESS REMOTE IP PORT --------------------------------- ser-3-1 10.200.22.199 This table or list provides the following information:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description Provides the option to enable or disable this interface. When unchecked (i.e disabled), the interface will prevent all frames from being sent and received on that interface. Synopsis: A string 1 to 64 characters long alias { alias } The SNMP alias name of the interface.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.20 Managing Serial Port Protocols The following sections describe how to configure and manage serial port protocols: • Section 3.20.1, “Serial Port Protocol Concepts” • Section 3.20.2, “Viewing a List of Serial Port Protocols”...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Host And Remote Roles The raw socket protocol can either initiate or accept a TCP connection for serial encapsulation. It can establish a connection initiated from a remote host, vice versa, or bidirectionally.
DNP messages. Address Learning for DNP RUGGEDCOM ROX II implements both local and remote address learning for DNP. A local Device Address Table is populated with DNP Addresses learned for local and remote DNP devices. Each DNP address is associated with either a local serial port or a remote IP address.
TCP/UDP port number, a learning network interface and an aging timer. DNP Broadcast Messages DNP addresses 65521 through 65535 are reserved as DNP3 broadcast addresses. RUGGEDCOM ROX II supports DNP3 broadcast messages. DNP broadcast messages received on local serial ports are transmitted to all IP Addresses in the Device Address Table (whether learned or statically configured).
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.20.3 Adding a Serial Port Protocol To add a serial port protocol, do the following: Make sure the CLI is in Configuration mode. Add the protocol by typing: interface serial slot port protocols protocol Where: •...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.20.5 Configuring the Modbus TCP Protocol To configure the modbus TCP protocol for a serial port, do the following: Make sure the CLI is in Configuration mode. Navigate to interface » serial » {interface} » protocols » tcpmodbus » settcpmodbus, where {interface} is the serial port.
Page 155
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Make sure the CLI is in Configuration mode. Navigate to interface » serial » {interface} » protocols » rawsocket, where {interface} is the serial port. Configure the following parameter(s) as required:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.20.7 Deleting a Serial Port Protocol To delete a serial port protocol, do the following: Make sure the CLI is in Configuration mode. Delete the serial port protocol by typing:...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.20.8.2 Adding a Device Address Table To add a Device Address table for a serial port using the DNP protocol, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.20.9 Managing Remote Hosts Remote hosts are required when the UDP transport connection protocol is selected for the raw socket protocol. The following sections describe how to configure and manage remote hosts: •...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.20.9.3 Deleting a Remote Host To delete a remote host, do the following: Make sure the CLI is in Configuration mode. Delete the remote host by typing: no interface serial slot port protocols rawsocket setrawsocket remote-host address remote-port Where: •...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide If no Ethernet trunk interfaces have been configured, add trunks as needed. For more information, refer to Section 3.21.2, “Adding an Ethernet Trunk Interface”. Section 3.21.2 Adding an Ethernet Trunk Interface To add an Ethernet trunk interface, do the following: Make sure the CLI is in Configuration mode.
Page 161
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description ONLY : the port will declare all MCAST addresses existing in the switch (configured or learned) but will not learn any MCAST addresses.</listitem> <listitem>ADVERTISE and LEARN : the...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Parameter Description VLANs existing in the switch (configured or learned) and can dynamically learn VLANs.</listitem></itemizedlist> Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management If no Ethernet trunk ports have been configured, add ports as needed. For more information, refer to Section 3.21.4.2, “Adding an Ethernet Trunk Port”. Section 3.21.4.2 Adding an Ethernet Trunk Port To add an Ethernet trunk port, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description The wireless data communication technology that modem is compatible with{ GSM/HSPA, CDMA/EVDO, LTE }. admin-state Synopsis: { not set, up, down, testing, unknown, dormant, notPresent, lowerLayerDown } The port's administrative status.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide 211# show interfaces cellmodem cel-1-1 hspaplus hspaplus hspaplus network supported GSM,GPRS,EDGE,UMTS,HSDPA/HSUPA,HSPA+ imei 353567040070824 radio rssi indicator network operator "\"KORE\",2" network in use UMTS network status "Registered to Home network" 89302370200990049282...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management network status Registered phone number 9546496654 This list provides the following information: Parameter Description network-supported Synopsis: A string 1 to 128 characters long Wireless technologies supported by the modem Synopsis: A string 1 to 128 characters long The Electronic Serial Number of the modem.
CDMA cellular service providers for provisioning cellular end stations for use on their networks. Using this method, the service provider (or carrier) supplies an OTASP dial string which RUGGEDCOM ROX II can use to activate the cellular account. During this OTASP call, the carrier authorizes and configures the modem for use on its network.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management • port is the port number (or a list of ports, if aggregated in a port trunk) for the module • profile is the profile configured for the module • string is the activation data string Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide • profile is the profile configured for the module Section 3.22.9 Running AT Commands To issue AT (Hayes) commands to the cellular modem, type: interfaces cellmodem at command command Where: •...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.23 Managing WAN Interfaces The following sections describe how to configure and manage WAN interfaces: • Section 3.23.1, “Viewing a List of WAN Interfaces” • Section 3.23.2, “Configuring a WAN Interface”...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Make sure the CLI is in Configuration mode. Navigate to interface » wan » {interface}, where {interface} is the WAN interface. Configure the following parameter(s) as required: Parameter Description { slot } Synopsis: { sm, lm1, lm2, lm3, lm4, lm5, lm6, swport, eth, serport, celport } The name of the module location for the WAN card.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management abort corruption pcierror dmaerror This table or list provides the following information: Parameter Description slot Synopsis: { sm, lm1, lm2, lm3, lm4, lm5, lm6, swport, eth, serport, celport } or a string Line module name of the slot.
This test is used to isolate problems within the T1/E1 circuit. • Remote Loopback – RUGGEDCOM ROX II transmits frames to the Tx port and compares them with frames received on the Rx port. A loopback plug or cable must be installed on the T1/E1 port. This test is used to isolate problems within the WAN module.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.23.8 Configuring DDS To configure DDS for a WAN interface, do the following: Make sure the CLI is in Configuration mode. Navigate to interface » wan » {interface} » dds » ddsparams, where {interface} is the WAN interface.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management wan lm2 1 t1 channel 2 connection ppp nomagic If no channels have been configured, add channels as needed. For more information, refer to Section 3.23.9.2, “Adding a Channel”. Section 3.23.9.2...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.23.9.3 Deleting Channels To delete a channel configured for a T1/E1 physical interface, do the following: Make sure the CLI is in Configuration mode. Delete the channel by typing:...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description mtu { mtu } Synopsis: An integer between 256 and 1500 Default: 1500 Maximum transmission unit (largest packet size allowed for this interface). Add one or more VLANs for the HDLC-ETH connection. For more information, refer to Section 5.37.6.2,...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Configure the following parameter(s) as required: Parameter Description nomagic Synopsis: true or false Default: false Disables the Magic Number. (Valid on RX1000 only) on-demand Synopsis: typeless This interface is up or down on demand of link fail over.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description n391 { n391 } Synopsis: An integer between 1 and 255 Default: 6 Defines the frequency of transmission of full status enquiry messages. Valid for CPE. n392 { n392 }...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide If no data links have been configured, add data links as needed. For more information, refer to Section 3.23.14.2, “Adding a Data Link”. Section 3.23.14.2 Adding a Data Link To add a data link for a frame relay connection, do the following: Make sure the CLI is in Configuration mode.
DHCP server running on FE-CM-1 is subsequently made a member of the VirtualSwitch vsw-1, the DHCP configuration must be changed to refer to vsw-1. • The virtual switch is implemented in the RUGGEDCOM ROX II software. Therefore, a CPU resource is needed to forward broadcast, multicast and unicast traffic.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description Retain IP on bridge device. Default: 15 forward-delay { forward-delay } Delay (in seconds) of the listening and learning state before goes to forwarding state. alias { alias }...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.24.4.1 Viewing a List of Virtual Switch Interfaces To view a list of virtual switch interfaces, type: show running-config interface virtualswitch name interface Where: • name is the name assigned to the virtual switch...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 3.24.4.3 Deleting a Virtual Switch Interface To delete a virtual switch interface, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.24.5.2 Viewing a List of Virtual Switch Filters To view a list of virtual switch filters, type: show running-config security virtualswitch-filter virtualswitch If filters have been configured, a table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Section 3.24.5.4 Deleting a Virtual Switch Filter To delete a virtual switch filter, do the following: Make sure the CLI is in Configuration mode. Delete the virtual switch filter by typing:...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.24.6.2 Viewing a List of Rules Assigned to a Virtual Switch Filter To view a list of rules assigned to a virtual switch filter, type: show running-config security virtualswitch-filter virtualswitch name rule Where: •...
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management Parameter Description The required source MAC address for incoming frames. Synopsis: A string dstmac { dstmac } The required destination MAC address for incoming frames. proto { proto } Synopsis: { iso, arp, ipv4, ipv6 } or a string The pre-defined protocol or hex-string (i.e.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.24.6.6 Deleting a Rule from a Virtual Switch Filter To delete a rule from a virtual switch filter, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 3 CLI User Guide Device Management If no in/out interfaces have been configured, add interfaces as needed. For more information, refer to Section 3.24.7.2, “Adding In/Out Interfaces”. Section 3.24.7.2 Adding In/Out Interfaces To add an in/out interface that can be used by a virtual switch filter, do the following: Make sure the CLI is in Configuration mode.
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide Section 3.25.1 Managing Domain Names The DNS service can be configured to use one or more domain names when quering a domain name server. The list of domain names can include the domain in which the router is a member of, and other domains that may be used to search for an unqualified host name (i.e.
Section 3.25.2 Managing Domain Name Servers A hierarchical list of domain name servers can be configured for the DNS service. RUGGEDCOM ROX II will contact each server in the order they are listed when domain names require resolution. The following sections describe how to configure and manage a list of domain name servers: •...
Chapter 3 RUGGEDCOM ROX II Device Management CLI User Guide • address is the IP address of the domain name server. Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 3.25.2.3...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration System Administration This chapter describes how to perform various administrative tasks related to device identification, user permissions, alarm configuration, certificates and keys, and more. It describes the following tasks: •...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.2 Configuring the Hostname To configure the host name for the device, do the following: Make sure the CLI is in Configuration mode.
Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.6 Managing Alarms The alarm system in RUGGEDCOM ROX II notifies users when events of interest occur. The system is highly configurable, allowing users to: • Enable/disable most alarms, with the exception of mandatory alarms •...
Section 4.6.3, “Clearing and Acknowledging Alarms” • Section 4.6.4, “Configuring an Alarm” Section 4.6.1 Pre-Configured Alarms RUGGEDCOM ROX II is equipped with a series of pre-configured alarms designed to monitor and protect the device. Alarm Type Alarm Description Suggested Resolution...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration show admin alarms A table or list similar to the following example appears: ruggedcom# show admin alarms | tab ALARM EVENT SUBSYSTEM SEVERITY DESCRIPTION DATE TIME USER ACTIONS ACTUATORS ---------------------------------------------------------------------------------------------...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Section 4.6.3.2 Acknowledging Alarms To acknowledge all active alarms, type: admin acknowledge-all-alarms Alternatively, to acknowledge an individual alarm, type: admin alarms active-alarms type id event acknowledge Where: • type is the type of alarm. Options include admincellmodemchassisethsecurityswitchwan.
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Parameter Description If disabled, the alarm is not reported in the active list and does not actuate LED/failrelay. failrelay-enable Synopsis: typeless If enabled, this alarm will assert the failrelay. led-enable...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Section 4.7.1.1 Viewing a List of CA Certificates and CRLs To view a list of certificates issued by a Certified Authority (CA) and the Certificate Revocation Lists (CRLs) associated with them, type:...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Parameter Description not-before Synopsis: A string This certificate is not valid before this date. not-after Synopsis: A string This certificate is not valid after this date. To view the status of a Certificate Revocation List (CRL) that was not signed by a separate certificate, type:...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide NOTE Large CRLs (bigger than 100KB) are not currently supported and may be difficult to add/view in the configuration. NOTE Before inserting the contents of the CRL, enter multi-line mode by pressing Esc+m. Press Ctrl+d to exit multi-line mode after the CRL has been added.
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration • Section 4.7.2.1, “Viewing a List of Private Keys” • Section 4.7.2.2, “Adding a Private Key” • Section 4.7.2.3, “Deleting a Private Key” Section 4.7.2.1 Viewing a List of Private Keys...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Parameter Description contents { contents } Synopsis: A string The contents of the unsigned private key. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX devices, can be imported into RUGGEDCOM ROX II and automatically converted. Once added to the RUGGEDCOM ROX II database, the IPSec-formatted public key is visible via the System Public Key form under tunnel » ipsec » connection » {name} » {end}, where {name} is the name of the...
{end} is the either the left (local router) or right (remote router) connection end. Type must be set to rsasig to display the public key. The public key can be copied from the System Public Key form and added to another RUGGEDCOM ROX II device, as described in the following procedure, or to a RUGGEDCOM ROX device.
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Section 4.7.4.1 Viewing a List of Certificates To view a list of certificates, type: show running-config security crypto certificate If certificates have been configured, a table or list similar to the following example appears:...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Make sure the required CA certificates, public keys and/or private keys have been added to the device. • For more information about adding CA Certificates, refer to Section 4.7.1.3, “Adding a CA Certificate and CRL”...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Section 4.8 Managing RADIUS Authentication RADIUS is a UDP-based protocol used for carrying authentication, authorization and configuration information between a Network Access Server (NAS) that desires to authenticate its links and a shared authentication server.
Section 3.9.1, “Viewing Logs”. RUGGEDCOM ROX II supports RADIUS authentication for the LOGIN and PPP services. Different RADIUS servers can be configured to authenticate both services separately or in combination. The LOGIN services consist of the following access types: •...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Parameter Description port-udp { port-udp } Synopsis: An integer between 1 and 65535 Default: 1812 The network port of the server. password { password } Synopsis: A string The password of the RADIUS server.
Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 4.9 Managing Users RUGGEDCOM ROX II allows for up to three user profiles to be configured locally on the device. Each profile corresponds to one of the following access levels: • Guest •...
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration • Section 4.9.2, “Adding a User” • Section 4.9.3, “Deleting a User” • Section 4.9.4, “Monitoring Users” Section 4.9.1 Viewing a List of Users To view a list of user accounts, type:...
Section 4.9.4 Monitoring Users Users currently logged in to the device are monitored by RUGGEDCOM ROX II and can be viewed through the CLI. RUGGEDCOM ROX II allows administrators to monitor users, log users out, and broadcast message to all users.
Section 4.10 Managing Passwords and Passphrases RUGGEDCOM ROX II requires separate passwords or passphrases for logging into the various device modes, such as normal, boot, service and maintenance modes. Default passwords are configured for each user type initially. It is strongly recommended that these be changed before the device is commissioned.
If special characters are used, make sure to encapsulate the password in double-quotation marks (") as follows: NOTE RUGGEDCOM ROX II supports the following special characters in passwords/passphrases: !@#$ %^&*()_+-={}[];:',<.>/?\|`~. Setting a User Password/Passphrase...
If special characters are used, make sure to encapsulate the password in double-quotation marks (") as follows: NOTE RUGGEDCOM ROX II supports the following special characters in passwords/passphrases: !@#$ %^&*()_+-={}[];:',<.>/?\|`~. Setting the Boot Password/Passphrase...
Configuration hazard – risk of data corruption. Maintenance mode is provided for troubleshooting purposes and should only be used by Siemens technicians. As such, this mode is not fully documented. Misuse of maintenance mode commands can corrupt the operational state of the device and render it inaccessible.
If special characters are used, make sure to encapsulate the password in double-quotation marks (") as follows: NOTE RUGGEDCOM ROX II supports the following special characters in passwords/passphrases: !@#$ %^&*()_+-={}[];:',<.>/?\|`~. admin users userid admin set-password new-password "new-password-passphrase" new-password-repeat "new-password-passphrase"...
Page 225
Enter the inactive partition by typing the associated target number. For example, if the active partition is Boot Partition 4, type 6-0 and press Enter to enter Boot Partition 6. Log in to RUGGEDCOM ROX II. For more information about logging in to RUGGEDCOM ROX II, refer to Section 2.3, “Logging In”.
Section 4.11 Scheduling Jobs The RUGGEDCOM ROX II scheduler allows users to create jobs that execute command line interface (CLI) commands at a specific date and time, or in response to specific configuration changes. Typical applications include scheduling the regular clearing of system logs, or performing periodic file transfers to remote servers.
Page 227
RUGGEDCOM ROX II Chapter 4 CLI User Guide System Administration Parameter Description job-type { job-type } Synopsis: { configchange, periodic } Default: periodic Determines when to launch the scheduled job: <itemizedlist><listitem>periodic: The job launches at a set date and time.</listitem> <listitem>configchange: The job launches when the configuration changes.</listitem></itemizedlist>...
Chapter 4 RUGGEDCOM ROX II System Administration CLI User Guide Parameter Description job-command { job-command } Synopsis: A string 1 to 1024 characters long One or more commands to execute at the scheduled time. For example, this command saves the running configuration to a file name 'myconfig': show running-config | save myconfig.
Setup and Configuration Setup and Configuration This chapter describes how to setup and configure the device for use on a network using the various features available in RUGGEDCOM ROX II. It describes the following tasks: • Section 5.1, “Configuring a Basic Network”...
Section 5.1 Configuring a Basic Network RUGGEDCOM ROX II has the following Internet interfaces configured by default: dummy0, fe-cm-1 and switch.0001. The default IP addresses for fe-cm-1 and switch.0001 are configured under the ip » {interface} » ipv4, where {interface} is the name of the interface. The default switch.0001 interface is the VLAN interface and is only seen if there is one or more Ethernet line modules installed.
Make sure all computers connected to the device can ping one another. Section 5.2 Configuring ICMP Control To configure how RUGGEDCOM ROX II manages ICMP redirect messages, do the following: Make sure the CLI is in Configuration mode. Navigate to admin and configure the following parameter(s) as required:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Sends out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common 'SYN flood attack'. Synopsis: true or false send-icmp-redirect Default: true Sends the ICMP redirect.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Sets the greeting presented when the user logs in to the CLI. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section 5.6 Enabling/Disabling Brute Force Attack Protection RUGGEDCOM ROX II features a Brute Force Attack (BFA) protection mechanism to prevent attacks via the CLI, Web interface and NETCONF. This mechanism analyzes the behavior of external hosts trying to access the SSH port, specifically the number of failed logins.
Page 235
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration methods of accessing the device, notably when the same or different ports are used across a series of failed logins. IMPORTANT! The BFA protection system is not applicable to SNMP. Follow proper security practices for configuring SNMP.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.7 Viewing the Status of IPv4 Routes To view the status of the IPv4 routes configured on the device, type: NOTE It is possible to create a route on a locally connected broadcast network (i.e. without a gateway) without also bringing up a corresponding IP address on that interface.
Engineering Task Force (IETF). NETCONF provides functions to download, upload, change, and delete the configuration data on network devices. RUGGEDCOM ROX II devices also support the ability to collect data and perform direct actions on the device, such as rebooting the device, clearing statistics, and restarting services.
Page 239
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description enabled Synopsis: true or false Default: true Provides the ability to configure NETCONF features on the device. listen-ip { listen-ip } Synopsis: A string Default: 0.0.0.0 The IP Address the CLI will listen on for NETCONF requests.
The Simple Network Management Protocol (SNMP) is used by network management systems and the devices they manage. It is used to report alarm conditions and other events that occur on the devices it manages. In addition to SNMPv1 and SNMPv2, RUGGEDCOM ROX II also supports SNMPv3, which offers the following features:...
• Section 5.11.9, “Managing SNMP Group Access” Section 5.11.1 MIB Files and SNMP Traps The current MIB files supported by RUGGEDCOM ROX II can be downloaded from the www.siemens.com/ruggedcom. NOTE SNMP traps are not configurable in RUGGEDCOM ROX II. The MIB files support the following SNMP traps:...
Page 242
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Table: SNMP Traps Standard Trap and Description authenticationFailure RFC 3418 SNMPv2-MIB An authenticationFailure trap signifies that the SNMP entity has received a protocol message that is not properly authenticated. While all implementations of SNMP entities MAY be capable of generating this trap, the snmpEnableAuthenTraps object indicates whether this trap will be generated.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Standard Trap and Description RFC 3895 DS1-MIB ds1LineStatusChange A ds1LineStatusChange trap is sent when the status of a dsx1Line instance changes. The value of the trap is the value of one or more of the following instances: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description auth-failure-trap-notify { auth-failure-trap-notify } Synopsis: { none, snmpv1_trap, snmpv2_trap, snmpv2_inform, snmpv3_trap, snmpv3_inform } Default: none When the SNMP agent sends the standard authenticationFailure notification, it is delivered to the management targets defined for the snmpNotifyName in the snmpNotifyTable in SNMP-NOTIFICATION-MIB (RFC3413).
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description wrong-digests The total number of packets received by the SNMP engine which were dropped because they did not contain the expected digest value. decryption-errors The total number of packets received by the SNMP engine which were dropped because they could not be decrypted.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.11.5.2 Adding an SNMP Community To add an SNMP community, do the following: Make sure the CLI is in Configuration mode. Add the SNMP community by typing: admin snmp snmp-community name Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.11.6.1 Viewing a List of SNMP Target Addresses To view a list of SNMP target addresses configured on the device, type: show running-config admin snmp snmp-target-address If target addresses have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The SNMP security model to use: SNMPv1, SNMPv2c, or USM/SNMPv3. user-name { user-name } The user name to be used in communications with this target. security-level { security-level }...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.11.7.3, “Deleting an SNMP User” Section 5.11.7.1 Viewing a List of SNMP Users To view a list of SNMP users configured on the device, type: show running-config admin snmp snmp-user...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description A free-text password in the format <code>$0$<your password></code>. passphrase must be minimum 8 characters long privacy-protocol { privacy-protocol } Synopsis: { none, des3cbc, aescfb128 } Default: none The symmetric privacy protocol providing data encryption and decryption for SNMP exchanges between the user and the SNMP engine.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration MODEL NAME GROUP ----------------------------- oper all-rights guest all-rights oper all-rights admin testgroup guest all-rights admin initial If no SNMP security models have been configured, add security models as needed. For more information, refer to Section 5.11.8.2, “Adding an SNMP Security...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • model is the security model • name is the name of the user Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • level is the security level for the group Configure the following parameter(s) as required: Parameter Description { group } Synopsis: A string 1 to 32 characters long The name of the SNMP group.
CLI User Guide Section 5.12 Managing Time Synchronization Functions RUGGEDCOM ROX II uses version 4 of the Network Time Protocol (NTP) to synchronize the internal clock with a time source. NOTE For more information about version 4 of NTP, refer to RFC 5905 [http://tools.ietf.org/html/rfc5905].
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.12.11, “Managing NTP Servers” • Section 5.12.12, “Managing NTP Broadcast/Multicast Addresses” • Section 5.12.13, “Managing Server Keys” • Section 5.12.14, “Managing Server Restrictions” Section 5.12.1 Configuring the Time Synchronization Settings To configure the time synchronization settings, do the following: Configure the system time and date.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.12.3 Configuring the System Time Zone To configure the system time zone, do the following: Make sure the CLI is in Configuration mode. Set the system time zone by typing:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description address { address } Synopsis: A string Default: 224.0.1.1 The multicast address on which the NTP client listens for NTP messages. Add a multicast address for a known NTP server. For more information, refer to Section 5.12.12.2, “Adding a...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.12.8 Viewing the NTP Service Status To view the status of the NTP service, do the following: Make sure the NTP service is enabled. For more information, refer to Section 5.12.7, “Enabling/Disabling the...
The observed jitter (in milliseconds). Section 5.12.10 Monitoring Subscribers RUGGEDCOM ROX II monitors the subscriptions of up to 600 hosts (e.g. clients, servers and peers) that are connected to the NTP server. To view the list of subscriber hosts, type:...
Section 5.12.11 Managing NTP Servers RUGGEDCOM ROX II can periodically refer to a remote NTP server to correct any accumulated drift in the onboard clock. RUGGEDCOM ROX II can also serve time via SNTP (Simple Network Time Protocol) to hosts that request it.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.12.11.2, “Adding an NTP Server” • Section 5.12.11.3, “Deleting an NTP Server” Section 5.12.11.1 Viewing a List of NTP Servers To view a list of NTP servers configured on the device, type:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description When the server is unreachable and at each poll interval, a burst of eight packets is sent instead of one. ntp-version { ntp-version } Synopsis: An integer between 1 and 4 The version of the NTP protocol used to communicate with this host.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If addresses have been configured, a table or list similar to the following example appears: ruggedcom# show running-config services ntp broadcast services broadcast 224.0.0.1 no enabled key 1 no ntp-version If no broadcast/multicast addresses have been configured, add addresses as needed.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.12.12.3 Deleting a Broadcast/Multicast Address To delete a broadcast/multicast address for an NTP server, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.12.13.2 Adding a Server Key To add a server key, do the following: Make sure the CLI is in Configuration mode. Add the key by typing: services ntp key id Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.12.14.1 Viewing a List of Server Restrictions To view a list of NTP server restrictions, type: show running-config services ntp restrict If restrictions have been configured, a table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description trap service to matching hosts.</listitem> <listitem>noserve: Denies all packets except ntpq(8) and ntpdc(8) queries.</listitem> <listitem>noquery: Denies ntpq(8) and ntpdc(8) queries.</ listitem> <listitem>nopeer: Denies packets which result in mobilizing a new association.</listitem>...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide The following sections describe how to configure and manage CDMA profiles: • Section 5.13.1.1, “Viewing a List of CDMA Profiles” • Section 5.13.1.2, “Adding a CDMA Profile” • Section 5.13.1.3, “Deleting a CDMA Profile”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Enables the DNS server entries that the PPP server recommends. Enables this option unless you provide your own name servers. Synopsis: A string username { username } Default: N/A The user ID to connect to the remote server.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.13.2 Managing GSM Profiles GSM (Global System for Mobile Communications) profiles must be configured before HSPA data is available. For more information about viewing the status of the HSPA networks, refer to Section 3.22.4, “Viewing the HSPA...
Page 271
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description The name of the wireless network access point. Synopsis: { ipv4, ipv4v6 } apn-type { apn-type } Default: ipv4 Specify APN type used to attach to PDN...
ID sub-option). This information uniquely defines the access port’s position in the network. For example, in RUGGEDCOM ROX II, the Circuit ID for VLAN 2 on Line Module (LM) 4 Port 15 is 00:00:00:02:04:0F. The DHCP Server supporting DHCP Option 82 sends a unicast reply and echoes Option 82. The DHCP Relay Agent removes the Option 82 field and broadcasts the packet to the port from which the original request was received.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NOTE While DHCP Relay and DHCP Server may both be configured to run concurrently, they may not be configured to run on the same network interface. To configure the DHCP relay agent, do the following: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.14.3 Adding DHCP Client Ports To add a client port for the DHCP relay agent, do the following: Make sure the CLI is in Configuration mode. Add the client port by typing:...
Section 5.15.4 Viewing a List of Active Leases RUGGEDCOM ROX II can generate a list of active leases. The list includes the start and end times, hardware Ethernet address, and client host name for each lease. To view a list of active leases, do the following:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide services dhcpserver interface name Where: • name is the name of the interface Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration dhcpserver shared-network Shared options client no hostname no subnetmask no default-route no broadcast no domain no dns-server no static-route no nis server no nis domain If no shared networks have been configured, add shared networks as needed. For more information, refer to Section 5.15.6.2, “Adding a Shared...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The action to take for previously unregistered clients. Synopsis: typeless authorize-server Enables/disables the server's authorization on this client. If enabled, the server will send deny messages to the client that is trying to renew the lease, which the server knows the client shouldn't have.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description domain { domain } Synopsis: A string 1 to 256 characters long The NIS domain name that the DHCP server offers to the client when it issues the lease to the client.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.15.7 Managing Subnets Subnets control settings for each subnet that DHCP serves. A subnet can include a range of IP addresses to give clients. Subnets contain groups, pools and hosts. Only one subnet can contain dynamic IP address ranges without any access restrictions on any given physical port, since DHCP doesn't know which subnet a client should belong to when the request is received.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • name is the name of the subnet Configure the following parameter(s) as required: Parameter Description network-ip { network-ip } Synopsis: A string 9 to 18 characters long The network IP address for this subnet.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.15.7.4 Configuring a Subnet Client To configure a client for a subnet, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If custom options are required for the subnet client, refer to Section 5.15.8.2, “Adding a Custom Client Option”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no custom client options have been configured, add options as needed. For more information, refer to Section 5.15.8.2, “Adding a Custom Client Option”. Section 5.15.8.2 Adding a Custom Client Option...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.15.9 Managing Hosts Host entries assign settings to a specific client based on its Ethernet MAC address. The following sections describe how to configure and manage hosts on a DHCP server: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Add the host by typing: services dhcpserver host name Where: • name is the name of the host Configure options for the host. For more information, refer to Section 5.15.9.3, “Configuring Host Options”.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description subnetmask { subnetmask } Synopsis: A string 7 to 15 characters long Subnet mask default-route { default-route } Synopsis: A string 7 to 15 characters long The default route that the server offers to the client when it issues the lease to the client.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.15.10 Managing Custom Host Client Configurations Custom configuration settings can be set for each host client. The following sections describe how to configure and manage custom host client configurations on a DHCP server: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.15.10.3 Deleting Custom Host Client Configurations To delete a custom configuration for a host client on the DHCP server, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide no nis server no nis domain If no host groups have been configured, add host groups as needed. For more information, refer to Section 5.15.11.2, “Adding a Host Group”.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description The maximum leased time in seconds that the server offers to the clients. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The NetBIOS name server that the DHCP server offers to the client when it issues the lease to the client. If custom configuration settings are required for the host group client, refer to Section 5.15.12, “Managing...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration hostname SUB3 subnetmask 255.255.255.224 default-route 192.168.0.33 no broadcast no domain no dns-server no static-route no nis server no nis domain If no custom configurations have been configured for the host group client, add custom configurations as needed.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.15.13 Managing IP Pools The following sections describe how to configure and manage IP pools for DHCP subnets: • Section 5.15.13.1, “Viewing a List of IP Pools” •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • name is the name of the subnet • description is the name of the IP pool Configure the leased time settings by configuring the following parameter(s): Parameter Description...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.15.14 Managing IP Ranges for Subnets The following sections describe how to configure and manage IP ranges for DHCP subnets: • Section 5.15.14.1, “Viewing a List of IP Ranges for Subnets”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.15.14.3 Deleting an IP Range From a Subnet To delete an IP range from a DHCP subnet, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no IP ranges have been configured, add ranges as needed. For more information, refer to Section 5.15.15.2, “Adding an IP Range to an IP Pool”. Section 5.15.15.2 Adding an IP Range to an IP Pool To add an IP range to an IP pool, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.15.16.1 Viewing a List of Option 82 Classes for IP Pools To view a list of Option 82 classes configured for an IP pool, type: show running-config services dhcpserver subnet name options ippool description option82 Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Specifies the information relating to the remote host end of the circuit. circuit-id { circuit-id } Synopsis: A string 1 to 17 characters long Specifies the local information to which circuit the request came in on (ie.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Switch management frames generated by the switch (such as Telnet, HTTP, SNMP, etc.) may not be mirrored. The following sections describe how to configure and manage port mirroring: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If egress source ports have been configured, a table or list similar to the following example appears: ruggedcom# show running-config switch port-mirroring egress-src switch port-mirroring egress-src lm1 1 If no egress source ports have been configured, add egress source ports as needed. For more information, refer Section 5.16.2.2, “Adding an Egress Source...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.16.3.1 Viewing a List of Ingress Source Ports To view a list of ingress source port for port mirroring, type: show running-config switch port-mirroring ingress-src If ingress source ports have been configured, a table or list similar to the following example appears:...
Internet users from accessing private networks (Intranets) connected to the Internet. When the RUGGEDCOM ROX II firewall is enabled, the router serves as a gateway machine through which all messages entering or leaving the Intranet pass. The router examines each message and blocks those that do not meet the specified security criteria.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.1 Firewall Concepts The following sections describe some of the concepts important to the implementation of firewalls in RUGGEDCOM ROX II: • Section 5.17.1.1, “Stateless vs. Stateful Firewalls”...
Protecting Against a SYN Flood Attack RUGGEDCOM ROX II responds to SYN packets according to the TCP standard by replying with a SYN-ACK packet for open ports and an RST packet for closed ports. If the device is flooded by a high frequency of SYN packets, the port being flooded may become unresponsive.
SYN packets from reaching the kernel. Siemens also recommends setting the listen ports to include IP addresses on separate interfaces. For example, set the device to listen to an IP address on switch.0001 and fe-cm-1. This will make sure that one port is accessible if the other is flooded.
Section 5.17.5 Working with Multiple Firewall Configurations RUGGEDCOM ROX II allows users to create multiple firewall configurations and work with one configuration while another is active. To set one configuration as the working configuration and another as the active configuration, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration security firewall work-config name Where: • name is the name of a firewall configuration Specify the active configuration by typing: security firewall active-config name Where: • name is the name of a firewall configuration Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide NOTE The IPsec protocol operates on UDP port 500, using protocols Authentication Header (AH) and Encapsulation Security Payload (ESP) protocols. The firewall must be configured to accept this traffic in order to allow the IPsec protocol.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Table: Example Action Source-Zone Destination-Zone Protocol Dest-Port Accept — Accept — Accept Accept — Accept — Accept For more information about configuring rules, refer to Section 5.17.14, “Managing Rules”.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • firewall is the name of the firewall If zones have been configured, a table or list similar to the following example appears: ruggedcom# show running-config security firewall fwconfig fwzone...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Zone types are plain IPv4, firewall, or IPSec Synopsis: A string description { description } (Optional) The description string for this zone Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.17.9.1 Viewing a List of Interfaces To view a list of interfaces, type: show running-config security firewall fwconfig firewall fwinterface Where: • firewall is the name of the firewall...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description description { description } Synopsis: A string (Optional) The description string for this interface Parameter Description arp_filter Synopsis: typeless IPv4 ONLY. Responds only to ARP requests for configured IP addresses (This is permanently enabled system wide since ROX 2.3.0, and this option no longer has any effect).
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Make sure the CLI is in Configuration mode. Navigate to security » firewall » fwconfig » fwconfig » {firewall} » fwinterface{interface} » zone, where {firewall} is the name of the firewall and {interface} is the name of the interface.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.10 Managing Hosts Hosts are used to assign zones to individual hosts or subnets (if the interface supports multiple subnets). This allows the firewall to receive a packet and then redirect it to the same device that received it. This functionality is useful for VPN setups to handle the VPN traffic separately from the other traffic on the interface which carries the VPN traffic.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Make sure the CLI is in Configuration mode. Add the host by typing: security firewall fwconfig firewall fwhost name Where: • firewall is the name of the firewall • name is the name of the host...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.11 Managing Policies Policies define the default actions for establishing a connection between different firewall zones. Each policy consists of a source zone, a destination zone and an action to be performed when a connection request is received.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide ruggedcom# show running-config security firewall fwconfig firewall1 fwpolicy security firewall fwconfig firewall1 fwpolicy p1 description Policy If no policies have been configured, add policies as needed. For more information, refer to Section 5.17.11.2,...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.11.3 Configuring the Source Zone To configure the source zone for a firewall policy, do the following: Make sure the CLI is in Configuration mode. Navigate to security » firewall » fwconfig » {firewall} » fwpolicy » {policy} » source-zone, where {firewall} is the name of the firewall and {policy} is the name of the policy.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.17.12 Managing Network Address Translation Settings Network address translation entries can be used to set up a one-to-one correspondence between an external address on the firewall and the RFC1918 address of a host behind the firewall. This is often set up to allow connections to an internal server from outside the network.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.12.2 Adding a NAT Setting To configure a Network Address Translation (NAT) entry, do the following: Make sure the CLI is in Configuration mode. Add the entry by typing:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.17.13 Managing Masquerade and SNAT Settings Masquerading and Source Network Address Translation (SNAT) are forms of dynamic Network Address Translation (NAT). Both hide a subnetwork behind a single public IP address.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NOTE Masquerading requires that the IP address being used to masquerade must belong to the router. When configuring the SNAT address under masquerading, the SNAT address must be one of the IP addresses on the outbound interface.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • firewall is the name of the firewall • name is the name of the masquerade or SNAT setting Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.17.14.2 Adding a Rule To configure a rule for a firewall, do the following: Make sure the CLI is in Configuration mode. Add the rule by typing: security firewall fwconfig firewall fwrule rule Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description (Optional) The TCP/UDP port(s) the connection originated from. Default: all ports. Add a single port or a list of comma-separated ports Synopsis: A string destination-ports { destination-ports } Default: none (Optional) The TCP/UDP port(s) the connection is destined for.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description predefined-zone { predefined-zone } A pre-defined zone other { other } Synopsis: A string An undefined zone (string). All zones Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide IMPORTANT! Enabling or disabling the firewall will reset – but not disable – the BFA protection mechanism, if previously enabled. Any hosts that were previously blocked will be allowed to log in again. If multiple hosts are actively attacking at the time, this could result in reduced system performance.
IS-IS routers can be defined as Level-1, Level-2, or both. Level 1 routers form the area, while Level 2 routers form the backbone of the network. By default, RUGGEDCOM ROX II configures areas to be both (or Level-1-2). This allows the device to inter-operate between different areas with minimal configuration.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.18.1.3 Advantages and Disadvantages of Using IS-IS The advantages and disadvantages of using IS-IS include the following: Advantages Disadvantages • runs natively on the OSI network layer • used mostly by service providers •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description SNPA The MAC address of the Sub-Network Point of Attachment (SNPA). Section 5.18.4 Viewing the Status of the Link-State Database To view the basic status of the link-state database for the IS-IS network, do the following: Make sure IS-IS is configured.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Spirent-right.00-00 1460 0x0000000f 0x1137 0/0/0 Spirent-right.00-01 0x0000000f 0x0db7 0/0/0 14 LSPs This list displays the following information: Parameter Description LSP-ID Link-state PDU identifier. Pdulength Size of the PDU packet.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description area-authorization { area-authorization } Synopsis: { clear, md5 } Default: clear The authorization type for the area password. Default is clear. area-password { area-password } Synopsis: A string 1 to 254 characters long The area password to be used for transmission of level-1 LSPs.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • name is the unique name for a routing process that belongs to a specific router. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 341
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration routing isis interface name Where: • name is the name of the interface. If the desired interface is not available, it must be created as a VLAN. For more information about creating a VLAN, refer to Section 5.37, “Managing...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.18.7 Managing LSP Generation IS-IS generates new Link-State Packets (LSPs) every 30 seconds by default. However, the interval can be configured anywhere between 1 and 120 seconds. Since the introduction of a new LSP causes other routers in the area to recalculate routes, it is recommended to increase the interval to decrease flooding during periods of network instability, so as to reduce the load on other routers in the area.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • seconds is the minimum interval in seconds, ranging from 1 to 120. The default value is 30. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide ISTYPE INTERVAL ------------------------ level-1-only If no intervals have been configured, add intervals as needed. For more information, refer to Section 5.18.8.2, “Adding an SPF Calculation Interval”. Section 5.18.8.2 Adding an SPF Calculation Interval To add an SPF calculation interval to an IS-IS area, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.18.9 Managing the Lifetime of LSPs IS-IS retains Link-State Packets (LSP) in the Link-State Database (LSDB) for only a short period of time unless they are refreshed. By default, the maximum time limit is 1200 seconds. However, this interval can be customized for different routing types within the range of 350 to 65535 seconds if needed.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide routing isis area name max-lsp-lifetime is-type [ level-1-2 | level-1-only | level-2-only ] interval seconds Where: • name is the unique name for a routing process that belongs to a specific router.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.18.10.1 Viewing a List of LSP Refresh Intervals To view a list of LSP refresh intervals configured for an IS-IS area, type: show running-config routing isis area name lsp-refresh-interval Where: •...
ID will be forwarded to this router. RUGGEDCOM ROX II supports IS-IS multi-homing, which allows for multiple NETs to be defined for a single router and increases the list of possible traffic sources.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • name is the unique name for a routing process that belongs to a specific router. If NETs have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.18.12 Managing Redistribution Metrics Redistribution in general is the advertisement of routes by one protocol that have been learned via another dynamic routing protocol, a static route, or a directly connected router. It is deployed to promote interoperability between networks running different routing protocols.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration routing isis area name redistribute source Where: • name is the unique name for a routing process that belongs to a specific router. • source is the protocol transmitting packets over the IS-IS route. Options include bgp, connected, kernel, ospf, rip, and static.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide NOTE In complex legacy networks, RIP, OSPF, BGP and IS-IS may all be active on the same router at the same time. Typically, however, only one dynamic routing protocol is employed at one time.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Distance value for internal routes. Prerequisite: external, internal and local must all be empty or all be configured. local { local } Synopsis: An integer between 1 and 255 Distance value for local routes.
Page 354
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Selected next-hop for this route. Synopsis: true or false internal Internal route. metric Metric value. local-preference Synopsis: A string Local preference. weight Weight. as-path Synopsis: A string Path.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description network Synopsis: A string Network. next-hop Synopsis: A string Next-hop address. Synopsis: true or false selected Selected next-hop for this route. internal Synopsis: true or false Internal route.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.19.3.1 Viewing a List of Route Map Filters To view a list of route map filters for either dynamic BGP routes, type: show running-config routing bgp filter route-map...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Add the new filter by typing: routing bgp filter route-map tag Where: • tag is the tag for the route map filter Add one or more entries.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • tag is the tag for the route map filter Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.19.3.6...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.19.3.8 Configuring a Set To configure matched rules for a route map filter entry, do the following: Make sure the CLI is in Configuration mode. Navigate to routing » bgp » filter » route-map » {tag} » entry » {number} » set, where {tag} is the tag for the route map filter and {number} is the sequence number for the entry.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.19.4.2, “Viewing a List of Excluded Autonomous System Paths” • Section 5.19.4.3, “Adding a Prepended Autonomous System Path Filter” • Section 5.19.4.4, “Adding an Excluded Autonomous System Path filter”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If no excluded autonomous system path filters have been configured, add filters as needed. For more information, refer to Section 5.19.4.4, “Adding an Excluded Autonomous System Path filter”. Section 5.19.4.3...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • number is the entry number • path is the number for the autonomous system path Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration list-permit-lan-22 permit 192.168.33.0/24 list-withdraw-lan-11 permit 192.168.33.0/24 permit 192.168.33.0/24 If no prefix lists have been configured, add lists as needed. For more information, refer to Section 5.19.5.3, “Adding a Prefix List”.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.19.5.4 Adding a Prefix Entry To add an entry for a dynamic BGP prefix list, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.19.5.6 Deleting a Prefix Entry To delete an entry for a dynamic BGP prefix list, do the following: Make sure the CLI is in Configuration mode. Delete the entry by typing:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.19.6.2 Viewing a List of Autonomous System Path Entries To view a list of entries for an autonomous system path filter, type: show running-config routing bgp filter as-path name entry Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • action is the action. • match is the regular expression to match with the autonomous system path. For more information about regular expressions, refer to Section 2.6.6, “Using Regular Expressions”.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide The following sections describe how to configure and manage neighbors for dynamic BGP routes: • Section 5.19.7.1, “Viewing a List of Neighbors” • Section 5.19.7.2, “Adding a Neighbor” •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Configure the neighbor settings by configuring the following parameter(s): Parameter Description remote-as { remote-as } Synopsis: An integer between 1 and 65535 A BGP neighbor. ebgp-multihop { ebgp-multihop } Synopsis: An integer between 1 and 255 The maximum hop count.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.19.7.4 Tracking Commands for BGP Neighbors Network commands can be tracked using event trackers configured under global » tracking. For more information about event trackers, refer to Section 3.16, “Managing Event Trackers”.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NOTE For point-to-point links, such as T1/E1 links, specify neighbors instead of a network. For more information, refer to Section 5.19.7.2, “Adding a Neighbor”. NOTE Networks for the BGP protocol do not require a valid entry in the routing table. Since BGP is a broader gateway protocol, a more general network specification would typically be entered.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Where: • address is the IP subnet address and prefix for the network If necessary, configure an event tracker to track network commands. For more information, refer to Section 5.19.8.3, “Tracking Commands for a BGP Network”.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.19.9 Managing Aggregate Addresses The following sections describe how to configure and manage aggregate addresses: • Section 5.19.9.1, “Viewing a List of Aggregate Addresses” • Section 5.19.9.2, “Adding an Aggregate Address”...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Delete the address by typing: no routing bgp aggregate-address address Where: • address is the subnet address and prefix for the aggregate address Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.19.10.3 Deleting an Aggregate Address Option To delete an option for an aggregate address, do the following: Make sure the CLI is in Configuration mode. Delete the option by typing:...
It uses the shortest route available to a given network as the route to use for sending packets to that network. The RUGGEDCOM ROX II RIP daemon is an RFC 1058 [http://tools.ietf.org/rfc/rfc1058.txt] compliant...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The garbage collection timer (in seconds). Configure prefix lists. For more information, refer to Section 5.20.3.3, “Adding a Prefix List”. Configure a network. For more information, refer to Section 5.20.4.1, “Configuring a...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description time Synopsis: A string The route update time. To view the status of the RIP interfaces configured on the device, type: show routing status rip interface If RIP interfaces have been configured, a table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.20.3.3 Adding a Prefix List To add a prefix list for dynamic RIP routes, do the following: Make sure the CLI is in Configuration mode. Add the list by typing:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.20.3.5 Deleting a Prefix List To delete a prefix list for dynamic RIP routes, do the following: Make sure the CLI is in Configuration mode. NOTE Deleting a prefix list removes all associate prefix entries as well.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NOTE If neighbors are specified but no networks are specified, the router will receive routing information from its neighbors but will not advertise any routes to them. For more information about neighbors, refer to Section 5.20.7, “Managing...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.20.5 Managing Network IP Address The following sections describe how to configure and manage network IP addresses for dynamic RIP routes: • Section 5.20.5.1, “Viewing a List of Network IP Addresses”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Where: • address is the IP subnet address and prefix for the network Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.20.6.3 Deleting a Network Interface To delete an interface from a RIP network, do the following: Make sure the CLI is in Configuration mode. Delete the network by typing:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration routing rip network neighbor address Where: • address is the IP address of the neighbor Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.20.8.2 Adding a Prefix List Distribution Path To add a prefix list distribution path for dynamic RIP routes, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.20.9.3, “Adding a Key Chain” • Section 5.20.9.4, “Adding a Key” • Section 5.20.9.5, “Deleting a Key Chain” • Section 5.20.9.6, “Deleting a Key” Section 5.20.9.1 Viewing a List of Key Chains...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.20.9.3 Adding a Key Chain To add a key chain for dynamic RIP routes, do the following: Make sure the CLI is in Configuration mode. Add the path by typing:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Prerequisite: The start time cannot be configured unless the expire time is configured. expire { expire } Synopsis: { infinite } or a string Expire time. Prerequisite: The expire time cannot be configured unless the start time is configured.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • id is the ID of the key Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.20.10 Managing Redistribution Metrics Redistribution metrics redistribute routing information from other routing protocols, static routes or routes handled by the kernel.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.20.10.3 Deleting a Redistribution Metric To delete a redistribution metric for dynamic RIP routes, do the following: Make sure the CLI is in Configuration mode. Delete the metric by typing: no routing rip redistribute [ bgp | ospf | connected | static | kernel ] Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Unlike static routing, OSPF takes link failures and other network topology changes into account. OSPF also differs from RIP in that it provides less router to router update traffic. The RUGGEDCOM ROX II OSPF daemon (ospfd) is an RFC 2178 [http://tools.ietf.org/html/rfc2178] compliant...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration used to pick the winner. Keeping the ID fixed will avoid any unexpected changes in the election of the master router. NOTE In complex legacy networks, RIP, OSPF, BGP and IS-IS may all be active on the same router at the same time.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.21.2 Configuring OSPF To configure dynamic routing using the Open Shortest Path First (OSPF) daemon, do the following: Make sure the CLI is in Configuration mode. Navigate to routing » ospf and configure the following parameter(s) as required:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description external { external } Synopsis: An integer between 1 and 255 The administrative distance for external routes. inter-area { inter-area } Synopsis: An integer between 1 and 255 The administrative distance for inter-area routes.
Page 398
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide To view the status of the dynamic OSPF neighbor configured on the device, type: show routing status ospf neighbor If an OSPF neighbor have been configured, a table or list similar to the following example appears:...
Page 399
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Synopsis: A string Link ID. area Synopsis: A string Area ID. Synopsis: A string adv-router Advertising Router. Age. seqnum Synopsis: A string Sequence number. link-count Link count.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.21.4 Managing Prefix Lists and Entries Neighbors can be associated with prefix lists, which allow the OSPF daemon to filter incoming or outgoing routes based on the allow and deny entries in the prefix list.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • For VRF Routes via OSPF routing ospf vrf vrf filter prefix-list name entry Where: • vrf is the name of the chosen VRF • name is the name of the prefix list...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.21.4.4 Adding a Prefix Entry To add an entry for a dynamic OSPF prefix list, do the following: Make sure the CLI is in Configuration mode. Add the entry by typing: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • For VRF Routes via OSPF no routing ospf vrf vrf filter prefix-list name Where: • vrf is the name of the chosen VRF • name is the name of the prefix list Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.21.5.1 Viewing a List of Areas To view a list of areas configured for dynamic OSPF routes, type: • For Standard OSPF Routes show running-config routing ospf area •...
In RUGGEDCOM ROX II, route maps are configured to filter routes based on their metric value, which defines the cost of the route. Once a match is found, the assigned action is taken.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If entries have been configured, a table or list similar to the following example appears: ruggedcom# show running-config routing ospf filter route-map map entry | tab MATCH PREFIX PREFIX...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • vrf is the name of the chosen VRF • tag is the tag for the route map filter • number is the sequence number for the entry Configure the following parameter(s) as required:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Delete the filter key by typing: • For Standard OSPF Routes no routing ospf filter route-map tag entry number • For VRF Routes via OSPF...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide NOTE For more information about route map filters, refer to Section 5.21.6, “Managing Route Maps”. The following sections describe how to configure and manage incoming route filters: • Section 5.21.7.1, “Viewing List of Incoming Route Filters”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • vrf is the name of the chosen VRF • route-map is the name of the route map Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Where: • vrf is the name of the chosen VRF If metrics have been configured, a table or list similar to the following example appears: ruggedcom# show running-config routing ospf redistribute...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • For Standard OSPF Routes no routing ospf redistribute [ bgp | rip | connected | static | kernel ] • For VRF Routes via OSPF no routing ospf vrf vrf redistribute [ bgp | rip | connected | static | kernel ] Where: •...
Page 414
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Make sure the CLI is in Configuration mode. Navigate to either: • For Standard OSPF Routes routing » dynamic » ospf » interface » {name} • For VRF Routes via OSPF routing »...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration cost-bandwidth parameter set for the interface. For more information about the auto-cost- bandwidth, refer to Section 5.40.1, “Configuring Costing for Routable Interfaces”. The default OSPF reference bandwidth for link cost calculations is 100 Mbit. The reference bandwidth divided by the link bandwidth gives the default cost for a link, which by default is 10.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide IMPORTANT! The router can only share routing information with neighbors that use the same authentication method and password. NOTE Authentication adds a small overhead due to the encryption of messages. It is not recommended for completely private networks with controlled access.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • For Standard OSPF Routes routing ospf interface name message-digest-key id • For VRF Routes via OSPF routing ospf vrf vrf interface name message-digest-key id Where: • vrf is the name of the chosen VRF •...
Both also provide a level of security for those interfaces forward to the VRFs. Under full VRF, MPLS is used in conjunction with IP/VPNs to provide a greater level of security than VRF-Lite. RUGGEDCOM ROX II supports both VRF and VRF-Lite simultaneously. Use of full VRF interfaces and VRF-Lite interfaces can be mixed.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Advantages Disadvantages • Create multiple isolated network pipes for various • Greater memory consumption. Each VRF configured data streams results in BGP route replication and requires new FIBs and IP routing tables •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The port's administrative status. Synopsis: { not set, up, down, testing, unknown, dormant, notPresent, lowerLayerDown } state Shows whether the link is up or down. pointopoint Synopsis: true or false The point-to-point link.
Section 5.22.5 Managing VRF Definitions VRF definitions represent individual Customer Edge (CE) routers in the VRF topology. RUGGEDCOM ROX II supports up to eight definitions in total, each composed of a unique VRF name, an optional description and a Route Distinguisher (RD). The Route Distinguisher is an 8 octet field typically made up of an AS number or IP address followed by a colon (:) and the site ID (e.g.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide address of the associated interface, it uniquely identifies each IP packet, allowing the Provider Edge (PE) to determine which VPN tunnel the packet belongs to. Each VRF definition can also be associated with one or more route targets.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description vrf-description { vrf-description } Synopsis: A string 0 to 256 characters long A string that can be used to describe the vrf. Maximum length 256 characters, including blanks.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.22.6.1 Viewing a List of Route Targets To view a list of VRF definitions, type: show running-config global vrf definition name routing-target If definitions have been configured, a table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • community is the route distinguisher for the target VRF to either export the routing table to, import the routing table from, or both Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 426
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description { vrf-name } The VRF name. enabled Synopsis: typeless Enables the OSPF dynamic routing protocol. abr-type { abr-type } Synopsis: { cisco, ibm, shortcut, standard } Default: cisco The OSPF ABR type.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description intra-area { intra-area } Synopsis: An integer between 1 and 255 The administrative distance for intra-area routes. Configure prefix list filters for the VRF instance. For more information, refer to Section 5.21.4.3, “Adding a...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.22.8.1 Viewing a List of IP/VPN Tunnels To view a list of IP/VPN tunnels configured for VRF, type: show running-config routing bgp address-family vpnv4 A table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.22.9 Managing VPNv4 Neighbors VPNv4 neighbors are other routers with which to exchange routes. One or more neighbors must be specified in order for VRF-Lite to operate. The following sections describe how to configure and manage VPNv4 neighbors for VRF-Lite: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Make sure the CLI is in Configuration mode. Delete the network by typing: no routing bgp address-family vpnv4 neighbor address Where: • address is the IP address of the neighbor Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.22.10.2 Adding an IPv4 Address Family To add an IPv4 address family, do the following: Make sure the CLI is in Configuration mode. Add the IPv4 address family by typing:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.22.11.1 Viewing a List of Redistributions To view a list of redistributions for an IPv4 address family, type: show running-config routing bgp address-family ipv4 vrf vrf redistribute Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Delete the redistribution by typing: no routing bgp address-family ipv4 vrf vrf redistribute [ connected | ospf | static ] Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no neighbors have been configured, add neighbors as needed. For more information, refer to Section 5.22.12.2, “Adding a Neighbor”. Section 5.22.12.2 Adding a Neighbor To add a new neighbor to an IPv4 address family, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description in { in } Apply route map to incoming routes. out { out } Apply route map to outbound routes. Configure the prefix list distribution. For more information, refer to Section 5.22.12.3, “Configuring the...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description event { event } Select to track an event, apply the distribute-prefix-list only when the tracked event goes to UP state. apply-when { apply-when } Synopsis: { up, down }...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Where: • vrf is the chosen VRF instance If routes have been configured, a table or list similar to the following example appears: ruggedcom# show running-config routing vrf VRF1 ipv4 | tab...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.22.13.3 Configuring a Black Hole Connection for a Static VRF Route To configure a black hole connection for a static VRF route, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • vrf is the chosen VRF instance. • subnet is the subnet (network/prefix) of the static route If gateway addresses have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • gateway is the gateway address for the static route Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.22.15...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Configure the following parameter(s) as required: Parameter Description distance { distance } Synopsis: An integer between 1 and 255 The distance for the static route. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide show running-config routing protocol Where: • protocol is either IPv4 or IPv6 If routes have been configured, a table or list similar to the following example appears: ruggedcom# show running-config routing ipv4 | tab...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.23.3 Adding an IPv6 Static Route To add an IPv6 static route, do the following: Make sure the CLI is in Configuration mode. Add the IPv6 static route by typing:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The distance for this static route's blackhole. Default is 1. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration via 172.30.128.1 no distance If no gateway addresses have been configured, add addresses as needed. For more information, refer to Section 5.23.6.3, “Adding a Gateway for an IPv4 Static Route”.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.23.7.1, “Configuring Interfaces for IPv6 Static Routes” • Section 5.23.7.2, “Viewing a List of Interfaces for IPv4 Static Routes” • Section 5.23.7.3, “Adding an Interface for an IPv4 Static Route”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Add the gateway address by typing: routing ipv4 route subnet dev interface Where: • subnet is the subnet (network/prefix) of the static route •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Enable static multicast routing by typing: routing multicast static enable Configure the following parameter(s) as required: Parameter Description Synopsis: typeless enabled Enables static multicast routing service Prerequisite: Dynamic and static multicast routing can not be enabled together.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration routing multicast static mcast-groups description Where: • description is the name of the multicast group. Up to 32 characters are allowed, excluding spaces. Configure the following parameter(s) as required:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.24.3.2, “Adding an Out-Interface” • Section 5.24.3.3, “Deleting an Out-Interface” Section 5.24.3.1 Viewing a List of Out-Interfaces To view a list of out-interfaces, type: show runing-config routing multicast static mcast-group out-interface...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.25 Managing Dynamic Multicast Routing The PIM-SM feature is used for Dynamic Multicast Routing. PIM-SM stands for Protocol Independent Multicast - Sparse Mode. It is a dynamic multicast routing protocol that can dynamically prune and maintain multicast routes.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.25.1 PIM-SM Concepts When a PIM router receives a subscription from a host, e.g. Host A, for particular multicast traffic, the directly attached designated router (DR) sends a PIM join message for this multicast group towards the rendezvous point (RP).
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.25.4 Enabling/Disabling a PIM-SM Interface To enable or disable a PIM-SM interface, do the following: NOTE Enabling PIM-SM on an interface also enables IGMPv2 on the interface, wherein the interface with the lowest IP address becomes the IGMP querier and sends periodic query messages every 125 seconds.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.25.6.1, “Configuring a BSR Candidate” • Section 5.25.6.2, “Configuring a Group Prefix” • Section 5.25.6.3, “Configuring an RP Candidate” Section 5.25.6.1 Configuring a BSR Candidate To configure a BSR candidate, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Add the RP candidate by typing: routing multicast dynamic pim-sm RP-candidate local-address timer priority number Where: • local-address is the local address to be used in the Cand-RP messages. If not specified, the largest local IP address will be used (excluding passive interfaces).
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description router.</listitem> <listitem>NO-NBR: No neighbor on this virtual interface.</listitem> <listitem>PIM: PIM neighbor.</listitem> <listitem>DVMRP: DVMRP neighbor.</listitem></itemizedlist> Section 5.25.8 Viewing the Status of Dynamic Multicast Routing To view the status of dynamic multicast routing, type:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.26.1.1 IGMP IGMP is used by IP hosts to report their host group memberships with multicast routers. As hosts join and leave specific multicast groups, streams of traffic are directed to or withheld from that host.
Page 459
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration A more common method of pruning occurs when consumers wishing to unsubscribe issue an IGMP leave group message. The router will immediately issue a group-specific membership query to determine whether there are any remaining subscribers of that group on the segment.
Page 460
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • When sending IGMP packets, the switch uses its own IP address, if it has one, for the VLAN on which packets are sent, or an address of 0.0.0.0, if it does not have an assigned IP address.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration In this example: • P1, Router 1, Router 2 and C3 are on VLAN 2 • P2 and C2 are on VLAN 3 • C1 is on both VLAN 2 and 3 Assuming that router 1 is the querier for VLAN 2 and router 2 is simply a non-querier, the switch will periodically receive queries from router 1 and maintain the information concerning which port links to the multicast router.
Page 462
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide When a switch transmits GMRP updates (from GMRP-enabled ports), all of the multicast groups known to the switch, whether configured manually or learned dynamically through GMRP, are advertised to the rest of network.
Page 463
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Figure 7: Example – Establishing Membership with GMRP 1. Multicast Source 2. Switch 3. Multicast Host The hosts and switches establish membership with the Multicast Group 1 and 2 as follows: 1.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Source S1 transmits multicast traffic to Port D2 which is forwarded via Port D1, which has previously become a member of Multicast Group 1. • Switch B forwards the Group 1 multicast via Port B4 towards Switch E.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.26.3.2, “Viewing a List of Router Ports” • Section 5.26.3.3, “Adding a Router Port” • Section 5.26.3.4, “Deleting a Router Port” Section 5.26.3.1 Configuring IGMP Snooping To configure IGMP snooping, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide ruggedcom# show running-config switch mcast-filtering igmp-snooping router-ports | tab SLOT PORT ------------ If no router ports have been configured, add ports as needed. For more information, refer to Section 5.26.3.3, “Adding a Router...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.26.4.3, “Deleting a Static Multicast Group Entry” Section 5.26.4.1 Viewing a List of Static Multicast Group Entries To view a list of entries for known static multicast groups on other devices, type:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • id is the ID for the VLAN upon which the static multicast group operates • address is the MAC address for the device in the form of 01:xx:xx:xx:xx:xx Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Where: • id is the ID for the VLAN upon which the static multicast group operates • address is the MAC address for the device in the form of 01:xx:xx:xx:xx:xx •...
The Virtual Router Redundancy Protocol (VRRP) eliminates a single point of failure associated with statically routed networks by providing automatic failover using alternate routers. The RUGGEDCOM ROX II VRRP daemon Viewing a List of IP Multicast Groups...
VRRP. NOTE RFC 5798 defines the standard for VRRP version 3 on IPv4 and IPv6. Only IPv4 is supported in this release of RUGGEDCOM ROX II. The following sections describe how to configure VRRP: • Section 5.27.1, “VRRP Concepts”...
(or highest number) is elected the Master, while all other routers are considered Backups. On RUGGEDCOM RX1500/RX1501/RX1510/RX1511/RX1512 devices with RUGGEDCOM ROX II v2.3 or higher installed, if the router with the highest priority is in a fault state, the backup VRRP Router can delay its transition to becoming the Master router.
Page 473
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration w1ppp w2ppp 1.1.1.200 1.1.1.201 Figure 8: VRRP Example 1. Network 2. Remote Router 1 3. Remote Router 2 4. Switch 5. Host 1 6. Host 2 In this example, the remote routers are configured as follows:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide 192.168.2.2 192.168.2.3 192.168.3.2 192.168.3.3 Figure 9: VRRP Group Example 1. Network 2. Remote Router 1 3. Remote Router 2 4. Switch 5. Host 1 6. Host 2 In this example, the remote routers are configured as follows:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NAME STATE PRIORITY TIME CHANGE STATE STATE -------------------------------------------------------------------------------- master Sat Feb 2 06:30:41 EST 2013 fe-cm-1 is Up This table or list provides the following information: Parameter Description Synopsis: A string name The VRRP instance name.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.27.4.2, “Adding a VRRP Tracker” • Section 5.27.4.3, “Deleting a VRRP Tracker” Section 5.27.4.1 Viewing a List of VRRP Trackers To view a list of VRRP trackers, type:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description weight { weight } Synopsis: An integer between 254 and 254 The amount by which to increase or decrease the router's priority. When negative, the priority decreases by this amount when the tracker falls.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If groups have been configured, a table or list similar to the following example appears: ruggedcom# show running-config services vrrp group services vrrp group group1 If no VRRP groups have been configured, add groups as needed. For more information, refer to Section 5.27.5.2,...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.27.6.1 Viewing a List of VRRP Instances To view a list of VRRP instances, type: show running-config services vrrp instance If instances have been configured, a table or list similar to the following example appears:...
Page 480
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Configure VRRP version for this instance. interface { interface } The interface that will host the VRIP when the router becomes the VRRP Master. vrid { vrid } Synopsis: An integer between 1 and 255 The Virtual Router ID.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.27.6.3 Deleting a VRRP Instance To delete a VRRP instance, do the following: Make sure the CLI is in Configuration mode. Delete the instance by typing: no services vrrp instance name Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.27.7.2 Adding a VRRP Monitor To add a VRRP monitor, do the following: Make sure the CLI is in Configuration mode. Add the instance by typing: services vrrp instance name monitor interface Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.27.8.1 Viewing a List of Track Scripts To view a list of track scripts, type: show running-config services vrrp instance name monitor Where: • name is the name of the VRRP instance...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.27.8.3 Deleting a Track Script To delete a track script, do the following: Make sure the CLI is in Configuration mode. Delete the track script by typing: no services vrrp instance name track-script tracker Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.27.9.2 Adding a Virtual IP Address To add a virtual IP address, do the following: Make sure the CLI is in Configuration mode. Add the instance by typing:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.28.2 Viewing the Link Failover Status The Link Failover Status form displays the current link failover status. To view the link failover status, do the following: show services link-failover status...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide show running-config services link-failover If parameters have been configured, a table or list similar to the following example appears: ruggedcom# show running-config services link-failover services link-failover switch.0001 enabled backup fe-1-1...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description The number of ping retries before constructing a path failure. Synopsis: An integer between 0 and 65536 start-delay { start-delay } Default: 180 The delay time, in seconds, when first starting link failover.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide show running-config services link-failover interface backup Where: • interface is the name of the interface If backup interfaces have been configured, a table or list similar to the following example appears: ruggedcom# show running-config services link-failover switch.0001 backup...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description priority { priority } Synopsis: { third, second, first } Default: first The priority which is applied to the backup interface when switching. transfer-default-route Synopsis: typeless The transfer default gateway on the switching main and backup interface.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.28.5.1 Viewing a List of Link Failover Ping Targets To view a list of link failover ping targets, type: show running-config services link-failover interface target Where: • interface is the name of the interface If ping targets have been configured, a table or list similar to the following example appears: R1-RX1512# show running-config services link-failover switch.0001 target...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.28.5.3 Deleting a Link Failover Ping target To delete a link failover ping target, do the following: Make sure the CLI is in Configuration mode. Delete the backup interface by typing:...
The IPsec suite of protocols were developed by the Internet Engineering Task Force (IETF) and are required as part of IP version 6. Openswan is the open source implementation of IPsec used by RUGGEDCOM ROX II. The protocols used by IPsec are the Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE) protocols.
Diffie-Hellman key exchange protocol, which allows two parties without any initial shared secret to create one in a manner immune to eavesdropping. The following sections provide more information about IPsec and its implementation in RUGGEDCOM ROX II: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide When this form of encryption is used, each router configures its VPN connection to use a secret pre-shared key. For information about how to configure pre-shared keys, refer to Section 5.29.5, “Managing Pre-Shared...
Configuring IPsec Tunnels To configure IPsec tunnels, do the following: NOTE RUGGEDCOM ROX II supports the creation of policy-based VPNs, which can be characterized as follows: • No IPsec network interfaces have been created. • The routing table is not involved in directing packets to IPsec.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Configure one or more pre-shared keys. For more information, refer to Section 5.29.5.2, “Adding a Pre- Shared Key”. Configure one or more encrypted connections. For more information, refer to Section 5.29.6.2, “Adding a...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.29.5 Managing Pre-Shared Keys Pre-shared keys are used in secret key cryptography. For more information about secret key cryptography and pre-shared keys, refer to Section 5.29.1.3, “Public and Secret Key Cryptography”.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description The pre-shared key. Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.29.5.3 Deleting a Pre-Shared Key To delete a pre-shared key, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide esp algorithm aes256 sha1 left public-ip type default-route subnet 192.168.11.0/24 right public-ip type any If no connections have been configured, add connections as needed. For more information, refer to Section 5.29.6.2, “Adding a...
Page 503
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description pfs { pfs } Synopsis: { default, yes, no } Default: default Enables/disables Perfect Forwarding Secrecy (PFS). When enabled, IPsec negotiates new keys for each session. If an attacker compromises a key, only the session protected by the key is revealed.
Security Association (SA), or restart all SA's to the dead peer. In RUGGEDCOM ROX II, DPD Requests are sent when there is no traffic detected by the peer. How long to wait before sending a DPD Request and how long to wait for a DPD Response is user configurable.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.29.6.4 Deleting a Connection To delete a connection for a VPN, do the following: Make sure the CLI is in Configuration mode. Delete the connection by typing: no tunnel ipsec connection name Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.29.7.2 Adding an IKE Algorithm To add a new algorithm for the Internet Key Exchange (IKE) protocol, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.29.8.1 Configuring ESP Encryption To configure the encryption algorithm for the Encapsulate Security Payload (ESP), do the following: Make sure the CLI is in Configuration mode. Navigate to tunnel » ipsec » connection » {connection} » esp, where {connection} is the name of the connection.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Where: • connection is the name of the connection • cipher is the cipher algorithm • method is the hash method Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 509
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Default: none Key type. rsa-sig { rsa-sig } The RSA signature key name. rsa-sig-ipsec { rsa-sig-ipsec } Synopsis: A string 1 to 8192 characters long The RSA signature in IPsec format.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description main mode peer ID is ID_FQDN: '@example.com', but when a Vista, Windows 7 or other RFC 3947 compliant client connects, Openswan reports the main mode peer ID is ID_IPV4_ADDR: '192.168.1.1'.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.29.10.2 Viewing a List of Addresses for Private Subnets To view a list of addresses configured for private subnets, type: show running-config tunnel ipsec connection connection { right | left } subnet Where: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.30 Managing 6in4 and 4in6 Tunnels In networks where IPv4 and IPv6 operate simultaneously, 6in4 and 4in6 tunnels can be used to enable IPv6/IPv4 hosts to reach services using the opposite protocol. IPv6/IPv4 hosts and networks isolated from one another can also use these tunnels to access one another.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.30.3 Viewing the Status of 6in4/4in6 Tunnels To view the status of a 6in4 or 4in6 tunnel, type: show interfaces [ ip6in4 | ip4in6 ] tunnel name Where: •...
Managing Layer 2 Tunnels RUGGEDCOM ROX II is capable of extending the range of services that communicate solely via Layer 2 protocols (i.e. at the level of Ethernet) by tunnelling them over routed IP networks. The Layer 2 Tunnel Daemon supports the IEC61850 GOOSE protocol as well as a generic mechanism for tunnelling by Ethernet type.
IP network, although it is also capable of tunneling other layer 2 protocols. RUGGEDCOM ROX II utilizes L2TPD in conjunction with Openswan and PPP to provide support for establishing a secure, private connection with the router using the Microsoft Windows VPN/L2TP client.
LAN extension are some applications of this feature. RUGGEDCOM ROX II supports Static L2TPv3 tunnel over UDP starting with version 2.5. Static tunnel is an unmanaged tunnel type. All tunnel information, such as tunnel id, session id, cookies etc., must be agreed in advance between two endpoints to establish a tunnel.
Page 517
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Navigate to tunnel » l2tpv3 » static » tunnel and configure the following parameter(s) as required: Parameter Description { tunnel-name } Synopsis: A string 1 to 3 characters long Tunnel name, contains any lower case letter or numerical digit.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description mtu { mtu } Synopsis: An integer between 68 and 1500 Default: 1488 MTU of network interface size { size } Synopsis: { 4, 8 } Cookie size in byte.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Default: 1311 The UDP port to communicate with the other daemon. beacon-interval { beacon-interval } Synopsis: { off } or an integer between 10 and 3600 Default: 60 The Round Trip Time (RTT) of the sent message Add GOOSE or generic tunnels as required.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Ethernet Type: set as 0x88b8 • Remote Daemon: select the VLAN to which to forward the GOOSE packets The following sections describe how to configure and manage GOOSE tunnels: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.31.5.2 Viewing a List of GOOSE Tunnels To view a list of GOOSE tunnels, type: show running-config tunnel l2tunneld goose If tunnels have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Where: • name is the name of the GOOSE tunnel Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.31.6 Managing Remote Daemons for GOOSE Tunnels In place of a local Ethernet interface for the tunnel egress, IP addresses for a remote daemon can be specified.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.31.6.3 Deleting a Remote Daemon To delete a remote daemon, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide 192.168.5.1 This table or list provides the following information: Parameter Description tunnel-name Synopsis: A string 1 to 32 characters long The generic tunnel name. ifname Synopsis: A string 1 to 15 characters long The name of the ingress interface.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description ingress-if { ingress-if } The interface to listen on for Ethernet type frames. replace-mac Synopsis: typeless Replaces the sender's MAC with the out-interface's MAC. If necessary, configure one or more remote daemon IP addresses for the tunnel. For more information, refer Section 5.31.8.2, “Adding an IP...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.31.8.1 Viewing a List of IP Addresses To view a list of remote L2 protocol server IP addresses for a generic tunnel configuration, type: show running-config tunnel l2tunneld generic tunnel remote-daemon...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.31.9 Managing Remote Daemon Egress Interfaces for Generic Tunnels The following sections describe how to configure and manage remote daemon egress interfaces for generic tunnels: • Section 5.31.9.1, “Viewing a List of Egress Interfaces”...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.31.9.3 Deleting an Egress Interface To delete an egress interface for a generic tunnel, do the following: Make sure the CLI is in Configuration mode. Delete the egress interface by typing:...
Managing Generic Routing Encapsulation Tunnels RUGGEDCOM ROX II can employ the Generic Routing Encapsulation (GRE) protocol to encapsulate multicast traffic and IPv6 packets together and transport them through an IPv4 network tunnel. As such, GRE tunnels can transport traffic through any number of intermediate networks.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide In this example, Router 1 establishes a GRE tunnel to Router 2 using a local router address of 172.16.17.18, a remote router address of 172.19.20.21, and a remote subnet of 192.168.2.0/24.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.32.2 Viewing a List of GRE Tunnels To view a list of GRE tunnels, type: show running-config tunnel gre If GRE tunnels have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description key { key } Synopsis: { none, input, output, both } Default: none The key for tunneled packets key-id { key-id } Synopsis: An integer between 0 and 4294967295...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration NOTE Only TCP and UDP traffic flows will be accelerated by the IP/Layer 3 switch fabric. Non-IP packet types, such as ICMP and IGMP, will not be accelerated. Section 5.33.1.3...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide to MAC addresses. The same information is also needed by the Layer 3 switching ASIC when it switches IP packets between subnets. The destination or gateway MAC address is usually obtained through ARP. However, ARP entries can also be statically configured in the Layer 3 Switch so that they do not time out.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration firewall has to be implemented in software and the Layer 3 Switch must not switch traffic that is subject to firewall processing. Whenever a change is made to the firewall configuration, some of the dynamically learned Layer 3 switching rules might conflict with the new firewall configuration.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description while traffic flows following dynamic routes have to be subject to sophisticated firewall filtering.</listitem> <listitem>Auto: Both statically configured and dynamically learned Layer 3 switching rules will be used. In this mode, maximum routing hardware acceleration is utilized.</listitem></itemizedlist>...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration 192.11.0.4 00:11:94:11:00:03 4084 192.11.0.5 00:11:94:11:00:04 4084 192.11.0.6 00:11:94:11:00:05 4084 If no ARP table entries have been configured, add static ARP table entries as needed. For more information about adding static ARP table entries, refer to Section 5.33.3.2, “Adding a Static ARP Table...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide no switch layer3-switching arp-table address Where: • address is the IP address for the network device the entry describes Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 541
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration show switch layer3-switching routing-rules-summary A table or list similar to the following example appears: ruggedcom# show switch layer3-switching routing-rules-summary PACKETS RULE RULE DEST ROUTING TYPE VLAN VLAN PROTO SOURCE...
Classes of Service (CoS) provides the ability to expedite the transmission of certain frames and port traffic over others. The CoS of a frame can be set to Normal, Medium, High or Critical. By default, RUGGEDCOM ROX II enforces Normal CoS for all traffic.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration IMPORTANT! Use the highest supported CoS with caution, as it is always used by the switch for handling network management traffic, such as RSTP BPDUs. If this CoS is used for regular network traffic, upon traffic bursts, it may result in the loss of some network management frames, which in turn may result in the loss of connectivity over the network.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • weighting is the weighting algorithm for transmitting different priority CoS frames. During traffic bursts, frames queued in the switch pending transmission on a port may have different CoS priorities.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Add the entry by typing: switch class-of-service priority-to-cos priority Where: • priority is the value of the IEEE 802.1p priority Configure the following parameter(s) as required: Parameter Description cos { cos }...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.34.3.1 Viewing a List of DSCP-to-CoS Mapping Entries To view a list of priorites, type: show running-config switch class-of-service dscp-to-cos If entries have been configured, a table or list similar to the following example appears:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Delete the entry by typing: no switch class-of-service dscp-to-cos dscp Where: • dscp is the value of the 6 bit DiffServ field in the Type-Of-Service (TOS) field of the IP header Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The port on which the MAC address has been learned. Synopsis: { static, dynamic } type How the MAC address has been learned by the switch: <itemizedlist><listitem>STATIC:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description not aged-out, the switch will still be forwarding traffic to that port, thus preventing that traffic from reaching its destination via the new network topology. This parameter allows the aging-out of all MAC addresses learned on a failed port immediately upon link failure detection.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide NOTE Letters in MAC addresses must be lowercase. switch mac-tables static-mac-table static-mac address vlan Where: • address is the Unicast MAC address that is to be statically configured. It can have up to 6 '*' wildcard characters continuously applied from the right.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.36.1, “RSTP Operation” • Section 5.36.2, “RSTP Applications” • Section 5.36.3, “MSTP Operation” • Section 5.36.4, “Configuring STP Globally” • Section 5.36.5, “Configuring STP for Switched Ethernet Ports and Ethernet Trunk Interfaces”...
Page 552
IMPORTANT! Purely for purposes of management, RUGGEDCOM ROX II introduces two more states: Disabled and Link Down. The Disabled state refers to links for which RSTP has been disabled. The Link Down state refers to links for which RSTP is enabled but are currently down.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Figure 13: Bridge and Port Roles 1. Root Bridge 2. Designated Bridge 3. Designated Port 4. Root Port 5. Alternate Port 6. Backup Port A port is alternate when it receives a better message from another bridge on the LAN segment it is connected to.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.36.1.3 Point-to-Point and Multipoint Links RSTP uses a peer-peer protocol called Proposing-Agreeing to ensure transitioning in the event of a link failure. This protocol is point-to-point and breaks down in multipoint situations, i.e. when more than two bridges operate on a shared media link.
• When the age exceeds the value of the maximum age parameter the next bridge to receive the message immediately discards it. To achieve extended ring sizes, Siemens's eRSTP™ uses an age increment of ¼ of a second. The value of the maximum bridge diameter is thus four times the configured maximum age parameter.
Section 5.36.1.7 Fast Root Failover Siemens’s Fast Root Failover feature is an enhancement to RSTP that may be enabled or disabled. Fast Root Failover improves upon RSTP’s handling of root bridge failures in mesh-connected networks, resulting in slightly increased failover times for some non-root bridge scenarios.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.36.2.2, “RSTP in Ring Backbone Configurations” • Section 5.36.2.3, “RSTP Port Redundancy” Section 5.36.2.1 RSTP in Structured Wiring Configurations RSTP may be used to construct structured wiring systems where connectivity is maintained in the event of link failures.
Enable RSTP Fast Root Failover option. This is a proprietary feature of Siemens. In a mesh network with only RUGGEDCOM devices in the core of the network, it is recommended to enable the RSTP Fast Root Failover option to minimize the network downtime in the event of a Root bridge failure.
Page 559
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Figure 15: Example - Ring Backbone Configuration To design a ring backbone configuration with RSTP, do the following: Select the design parameters for the network. What are the requirements for robustness and network fail-over/recovery times? Typically, ring backbones are chosen to provide cost effective but robust network designs.
Disable RSTP Fast Root Failover option. This is a proprietary feature of Siemens. In RUGGEDCOM ROX II, the RSTP Fast Root Failover option is enabled by default. It is recommended to disable this feature when operating in a Ring network.
VLAN-to-MSTI mappings must be identical for all bridges in an MST region. RUGGEDCOM ROX II supports 16 MSTIs in addition to the IST. Each MSTI has a topology that is independent of others. Data traffic originating from the same source and bound to the same destination, but on different VLANs on different MSTIs, may therefore travel a different path across the network.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide CIST The CIST (Common and Internal Spanning Tree) is the union of the CST and the ISTs in all MST regions. The CIST therefore spans the entire bridged network, reaching into each MST region via the latter’s IST to reach every bridge on the network.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Role Description • The CIST Root Port of the CIST Regional Root (and therefore also the MSTI Master Port). • A CIST Designated Port, CIST Alternate/Backup Port, or Disabled. At the MSTP region boundary, the MSTI Port Role is the same as the CIST Port Role.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.36.3.4 Implementing MSTP on a Bridged Network The following procedure is recommended for configuring MSTP on a network. Beginning with a set of MSTP- capable Ethernet bridges, do the following for each bridge on the network: NOTE Careful network analysis and planning should inform each step of creating an MSTP network.
Page 565
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description changes at the expense of moderate increases in STP traffic. (Relationship : maxAgeTime >= 2 * (helloTime + 1.0 seconds)) max-age { max-age } Synopsis: An integer between 6 and 40...
Page 566
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Default: noshutdown The Rapid Spanning Tree Protocol (RSTP) standard does not address network security. RSTP must process every received Bridge Protocol Data Unit (BPDU) and take an appropriate action.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.36.5 Configuring STP for Switched Ethernet Ports and Ethernet Trunk Interfaces To configure the Spanning Tree Protocol (STP) for a switched Ethernet port, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description If TRUE, causes the port not to propagate received topology change notifications and topology changes to other ports. This parameter should be FALSE by default. If set, it can cause a...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.36.6.1, “Viewing Statistics for Multiple Spanning Tree Instances” • Section 5.36.6.2, “Viewing a List of Multiple Spanning Tree Instances” • Section 5.36.6.3, “Adding a Multiple Spanning Tree Instance”...
Adding a Multiple Spanning Tree Instance To add a Multiple Spanning Tree Instance (MSTI), do the following: NOTE RUGGEDCOM ROX II supports up to 16 MSTIs. Make sure the CLI is in Configuration mode. IMPORTANT! Since each MSTI acts as an independent RSTP instance, its configuration is similar to that of RSTP.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration switch spanning-tree mstp-instance id Where: • id is the ID for the Multiple Spanning Tree Instance Configure the following parameter(s) as required: Parameter Description { instance-id } The Multiple Spanning Tree Protocol (MSTP) instance ID.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description it is connected to.</listitem> <listitem>Root: The single port on the bridge, which provides connectivity towards the root bridge.</ listitem> <listitem>Backup: The port is attached to a LAN that is serviced by another port on the bridge.
To add a Multiple Spanning Tree Instance (MSTI) for a switched Ethernet port or an Ethernet trunk interface, do the following: NOTE RUGGEDCOM ROX II supports up to 16 MSTIs per port/interface. Make sure the CLI is in Configuration mode. IMPORTANT! Since each MSTI acts as an independent RSTP instance, its configuration is similar to that of RSTP.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • For Ethernet trunk interfaces: no interface trunks id spanning-tree msti mstp-id Where: ▪ id is the ID given to the interface ▪ mstp-id is the ID for the Multiple Spanning Tree Instance Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description regional-root-priority The bridge identifier of the Internal Spanning Tree (IST) regional root bridge for the Multiple Spanning Tree (MST) region this device belongs to. Synopsis: A string...
Page 578
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide A table or list similar to the following example appears: ruggedcom# show switch spanning-tree port-rstp-stats | tab DESG BRIDGE OPER SLOT PORT STP STATE ROLE COST PRIORITY DESG BRIDGE MAC...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description rx-rsts The number of Rapid Spanning Tree Protocol (RSTP) configuration messages received on this port. tx-rsts The number of Rapid Spanning Tree Protocol (RSTP) configuration messages transmitted on this port.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration An edge port attaches to a single end device, such as a PC or Intelligent Electronic Device (IED). An edge port carries traffic on the native VLAN. Trunk ports are part of the network and carry traffic for all VLANs between switches. Trunk ports are automatically members of all VLANs configured in the switch.
The native operation mode for an IEEE 802.1Q compliant switch is VLAN-aware. Even if a specific network architecture does not use VLANs, RUGGEDCOM ROX II's default VLAN settings allow the switch to still operate in a VLAN-aware mode, while providing functionality required for almost any network application. However, the IEEE 802.1Q standard defines a set of rules that must be followed by all VLAN-aware switches:...
Page 583
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration The following is an example of how to use GVRP: Figure 17: Using GVRP 1. Switch 2. End Node • Switch B is the core switch, all others are edge switches •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.37.1.8 PVLAN Edge Protected VLAN (PVLAN) Edge refers to a feature of the switch that isolates multiple VLAN Edge ports from each other on a single device. All VLAN Edge ports in a switch that are configured as protected in this way are prohibited from sending frames to one another, but are still permitted to send frames to other, non-protected ports within the same VLAN.
Page 585
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Figure 18: Multiple Overlapping VLANs 1. VLAN 2. Switch Administrative Convenience VLANs enable equipment moves to be handled by software reconfiguration instead of by physical cable management. When a host's physical location is changed, its connection point is often changed as well. With VLANs, the host's VLAN membership and priority are simply copied to the new port.
Configuring the Internal VLAN Range RUGGEDCOM ROX II creates and utilizes internal VLANs for internal functions. To provide RUGGEDCOM ROX II with a pool of VLAN IDs to pull from when creating internal VLANs, a range of VLAN IDs must be reserved.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration To configure the internal VLAN range, do the following: Make sure the CLI is in Configuration mode. Navigate to admin » switch-config and configure the following parameter(s) as required:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide none none none none The VLANs listed are based on the PVIDs assigned to the switched Ethernet ports. For more information about assigning PVIDs to switched Ethernet Ports, refer to Section 3.17.2, “Configuring a Switched Ethernet...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.37.4 Managing Static VLANs The following sections describe how to configure and manage static VLANs: • Section 5.37.4.1, “Viewing a List of Static VLANs” • Section 5.37.4.2, “Adding a Static VLAN”...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Configure the VLAN for the port. For more information, refer to Section 5.37.3.2, “Configuring VLANs for Switch Ethernet Ports”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If no ports have been forbidden, add forbidden ports as needed. For more information, refer to Section 5.37.5.2, “Adding a Forbidden Port”. Section 5.37.5.2 Adding a Forbidden Port To add a forbidden port, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.37.6.2, “Adding an HDLC-ETH VLAN” • Section 5.37.6.3, “Deleting an HDLC-ETH VLAN” Section 5.37.6.1 Viewing a List of HDLC-ETH VLANs To view a list of VLANs configured for an HDLC-ETH connection, type:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description This interface is up or down on demand of link fail over. Synopsis: An integer between 256 and 1500 mtu { mtu } Default: 1500 Maximum transmission unit (largest packet size allowed for this interface).
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.37.7.1 Viewing a List of Virtual Switch VLANs To view a list of virtual switch VLANs, type: show running-config interface virtualswitch id vlan Where: • id is the ID assigned to the virtual switch...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Make sure the CLI is in Configuration mode. Delete the chosen VLAN by typing: no interface virtualswitch id vlan vlan-id Where: • id is the ID assigned to the virtual switch •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.37.8.2 Viewing a List of VLANs for T1/E1 Lines To view a list of VLANs configured for either a T1 or E1 line, type: show running-config interface wan slot port protocol channel number connection hdlc-eth vlan Where: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Add a QoS map for the VLAN. For more information, refer to Section 5.39.7.2, “Adding a QoS Map”. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section 5.38 Managing Network Discovery and LLDP RUGGEDCOM ROX II supports the Link Layer Discovery Protocol (LLDP), a Layer 2 protocol for automated network discovery. LLDP is an IEEE standard protocol, IEEE 802.11AB, which allows a networked device to advertise its own basic networking capabilities and configuration.
Setup and Configuration CAUTION! Security hazard – risk of unauthorized access and/or exploitation. LLDP is not secure by definition. Avoid enabling LLDP on devices connected to external networks. Siemens recommends using LLDP only in secure environments operating within a security perimeter. NOTE LLDP is implemented to keep a record of only one device per Ethernet port.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The delay in seconds between successive LLDP frame transmissions initiated by the value or status changed. The recommended value is set by the following formula: 1 is less than or equal to txDelay less than or equal to (0.25 * Tx Interval)
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration ruggedcom# show switch net-discovery lldp local-system local-system local chassis subtype macAddress local chassis id 00:0a:dc:ff:9a:00 local system name R12.localdomain local system desc RX5000-R-MNT-HI-HI-SM61-CM01-L3SEC-16TX01-XX-XX-XX-4FG50-XX local system caps bridge,router local system caps enabled bridge,router...
Page 602
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description slot Synopsis: { ---, pm1, pm2, main, sm, lm1, lm2, lm3, lm4, lm5, lm6, swport, eth, serport, celport, cm, em, trnk } The slot of the module that contains this port.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description The duration of time between power-on and when this information was received. Section 5.38.4 Viewing Statistics for LLDP Ports To view statistics for LLDP ports, type: show switch net-discovery lldp port-lldp-stats...
Section 5.17, “Managing Firewalls”. RUGGEDCOM ROX II allows up to 4 different firewall configurations, enabling users to quickly change between configurations. Users can quickly assess different configurations without needing to save and reload any part of the configuration. In contrast, there is only one traffic control configuration. When enabled, a traffic control configuration is used with the current firewall configuration.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.39.1 Enabling and Configuring Traffic Control Traffic control functions are divided into two modes: • Basic Mode Basic mode offers a limited set of options and parameters. Use this mode to set the outgoing bandwidth for an interface, the interface priority (high, medium or low), and some simple traffic control characteristics.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide b. Add traffic control priorities. For more information, refer to Section 5.39.3.2, “Adding a Traffic Control Priority”. If advanced mode is enabled, do the following: a. Add traffic control classes. For more information, refer to Section 5.39.4.2, “Adding a Traffic Control...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration If no interfaces have been configured, add interfaces as needed. For more information, refer to Section 5.39.2.2, “Adding a Traffic Control Interface”. Section 5.39.2.2 Adding a Traffic Control Interface To add a new traffic control interface, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.39.2.3 Deleting a Traffic Control Interface To delete a traffic control interface, do the following: Make sure the CLI is in Configuration mode. Delete the traffic control interface by typing:...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration band protocol icmp description "Low priority traffic" If no priorities have been configured, add priorities as needed. For more information, refer to Section 5.39.3.2, “Adding a Traffic Control Priority”.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description (choice) The source address. This can be specified <emphasis role="bold">only if</emphasis> the protocol, port and interface are not defined. Prerequisite: An address can be specified only if neither a protocol or port nor an interface are specified.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration The following sections describe how to configure and manage traffic control classes: • Section 5.39.4.1, “Viewing a List of Traffic Control Classes” • Section 5.39.4.2, “Adding a Traffic Control Class”...
Page 612
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description Internet protocol type - use both when no addresses are used, otherwise define IPv4 and IPv6 rules for each type of addresses used. interface { interface } Synopsis: A string The interface to which this class applies.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide The following sections describe how to configure and manage traffic control devices: • Section 5.39.5.1, “Viewing a List of Traffic Control Devices” • Section 5.39.5.2, “Adding a Traffic Control Device”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Internet protocol type - use both when no addresses are used, otherwise define IPv4 and IPv6 rules for each type of addresses used. inbandwidth { inbandwidth } Default: 0 Incoming bandwidth.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Section 5.39.6.2, “Adding a Traffic Control Rule” • Section 5.39.6.3, “Configuring QoS Marking” • Section 5.39.6.4, “Deleting aTraffic Control Rule” Section 5.39.6.1 Viewing a List of Traffic Control Rules...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Internet protocol type - use both when no addresses are used, otherwise define IPv4 and IPv6 rules for each type of addresses used. source { source } Synopsis: A string IF name, comma-separated list of hosts or IPs, MAC addresses, or 'all'.
Page 618
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • Save/Restore: Replaces the connection's QoS mark value with an assigned value. • Continue: If the packet matches, no more traffic control rules are checked and the packet is automatically forwarded to the specified chain.
Page 619
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Configuring a Modify Mark Make sure the CLI is in Configuration mode. Select the Modify option by typing: qos traffic-control advanced-configuration tcrules name mark-choice modify Where: • name is the name of the traffic control rule...
Page 620
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Where: • name is the name of the traffic control rule Configure the following parameter(s): Parameter Description value-mask { value-mask } Synopsis: A string A mask to process the mark with.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Default: forward A chain where the DSCP marking will take place. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • For Routable Ethernet Ports show running-config interface eth slot port vlan id qosmap Where: ▪ slot is the name of the module location ▪ port is the port number (or a list of ports, if aggregated in a port trunk) for the module ▪...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration ▪ id is the ID given to the VLAN ▪ priority is the priority assigned to the QoS map • For Routable-Only Ethernet Ports interface eth slot port vlan id qosmap priority Where: ▪...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • For Switched Ethernet Ports no switch vlans all-vlans id qosmap priority Where: ▪ id is the ID given to the VLAN ▪ priority is the priority assigned to the QoS map •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.39.8.1 Viewing a List of Egress Marks To view a list of egress marks for a QoS map, type: • For Switched Ethernet Ports show running-config interface switch vlans all-vlans id qosmap priority egress Where: ▪...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no egress marks have been configured, add egress marks as needed. For more information, refer to Section 5.39.8.2, “Adding an Egress Mark”. Section 5.39.8.2 Adding an Egress Mark To add an egress mark for a QoS Map, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration ▪ mark is the value of the egress mark Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.39.8.3 Deleting an Egress Mark To delete an egress mark for a QoS map, do the following: Make sure the CLI is in Configuration mode.
Section 5.39.9 Viewing QoS Statistics RUGGEDCOM ROX II provides statistics for traffic going through each class that has been configured. Packets are assigned to classes on the outbound interface based on rules. If a packet matches the specified criteria, it is considered to be a member of the class and is forwarded to that class.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Based on a 10-second average. Section 5.40 Managing IP Addresses for Routable Interfaces The following sections describe how to configure and manage IP addresses for routable interfaces: •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide errors dropped 0 transmit bytes packets errors dropped collisions 0 interfaces ip fe-cm-1 This table or list displays the following information: Parameter Description Synopsis: { not set, up, down, testing, unknown, dormant, notPresent, lowerLayerDown } admin-state The port's administrative status.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration show running-config ip interface ipv4 Where: • interface is the name of the interface If addresses have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Delete the address by typing: no ip interface ipv4 address address Where: • address is the IPv4 address Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 633
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • interface is the name of the interface Configure the following parameter(s) as required: Parameter Description enable-ra Synopsis: typeless Enable to send router advertisement messages. adv-interval-option Synopsis: typeless Includes an Advertisement Interval option which indicates to hosts the maximum time in milliseconds, between successive unsolicited router advertisements.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.40.5 Managing IPv6 Network Prefixes An IPv6-capable interface can use Neighbor Discovery to advertise IPv6 network prefixes to its neighbor on the same link. The following sections describe how to configure and manage IPv6 network prefixes: •...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description Prerequisite: The router address can not be set unless off-link or no-autoconfig are set. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no addresses have been configured, add addresses as needed. For more information, refer to Section 5.40.6.2, “Adding an IPv6 Address”. Section 5.40.6.2 Adding an IPv6 Address To add an IPv6 address to a routable interface, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide A table or list similar to the following example appears: ruggedcom# show mpls status forwarding-table LOCAL OUTGOING OUTGOING LABEL LABEL PREFIX INTERFACE NEXT HOP UPTIME ------------------------------------------------------------------------ 1.1.1.1/32 switch.0010 192.168.10.1 01:04:31 2.2.2.2/32...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.41.4.1, “Viewing the Status of MPLS Interfaces” • Section 5.41.4.2, “Viewing a List of MPLS Interfaces” • Section 5.41.4.3, “Enabling/Disabling an MPLS Interface” Section 5.41.4.1 Viewing the Status of MPLS Interfaces...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide • ENABLED refers to the status of the MPLS operation on the interface If no MPLS interfaces have been configured, enable interfaces as needed. For more information about enabling MPLS interfaces, refer to Section 5.41.4.3, “Enabling/Disabling an MPLS...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description ip-address Synopsis: A string The destination address prefix. in-label Synopsis: A string The incoming (local) label. Synopsis: A string out-label The outgoing (remote) label. nexthop Synopsis: A string The destination next hop router.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description in-label { in-label } Synopsis: An integer between 16 and 1048575 The incoming label: integer 16 -> 1048575. next-hop { next-hop } Synopsis: A string 7 to 15 characters long The IP address for the destination next-hop router.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration • Section 5.41.6.2, “Viewing a List of Static Cross-Connects” • Section 5.41.6.3, “Adding a Static Cross-Connect” • Section 5.41.6.4, “Deleting a Static Cross-Connect” Section 5.41.6.1 Viewing the Status of Static Cross-Connects...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide If no static cross-connects have been configured, add cross-connects as needed. For more information about adding static cross-connects, refer to Section 5.41.6.3, “Adding a Static Cross-Connect”. Section 5.41.6.3 Adding a Static Cross-Connect To add a static cross-connect, do the following: Make sure the CLI is in Configuration mode.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.41.7 Managing LDP LDP (Label Distribution Protocol), defined by RFC 5036 [http://tools.ietf.org/html/rfc5036], is a protocol that enables an MPLS capable router to exchange MPLS label information. The labels are distributed in both directions so that an LSP (Label Switched Path) can be established and managed within an MPLS network dynamically, as opposed to configuring static routes.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description local-label Synopsis: A string The incoming (local) label. next-hop Synopsis: A string The destination next hop router. Synopsis: A string remote-label The LDP remote label. in-use Synopsis: A string The LDP in-use flag.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.41.7.3 Viewing the Status of the LDP Neighbor Local Node Information To view the status of the local node(s) for the LDP neighbor on the device, type: show mpls ldp status neighbor local-node-information...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The up time of the LDP neighbor connection. This table provides the following information: Parameter Description peer-id Synopsis: A string The peer ID of the LDP neighbor connection.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Parameter Description peer-session-holdtime Synopsis: A string The peer session holdtime of the LDP neighbor discovery. Section 5.41.7.6 Configuring LDP To configure the LDP, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description The time (in seconds) that a discovered LDP neighbor is remembered without receipt of an LDP Hello message from the neighbor. Section 5.41.7.8 Viewing a List of LDP Interfaces...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.42 Managing the RUGGEDCOM CROSSBOW Application RUGGEDCOM CROSSBOW is part of the RUGGEDCOM family of communications products. It was developed to address the need to interactively and securely access remote field devices to perform maintenance, configuration, and data retrieval functions.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Navigate to apps » crossbow » client-connection and configure the following parameter(s): Parameter Description ipaddr { ipaddr } The IP address to which a client will connect to the Station Access Controller (SAC).
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Configure the CA certificate and key for RUGGEDCOM CROSSBOW by typing: apps CrossBow certificate cert certificate cert-private-key key Where: • certificate is the name of the CA certificate loaded on the device •...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Type commit and press Enter to save the changes, or type revert and press Enter to abort. Section 5.42.5.3 Deleting a CA Certificate List To delete a CA certificate list for the RUGGEDCOM CROSSBOW application, do the following: Make sure the CLI is in Configuration mode.
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Parameter Description all-ipv6-interfaces Listening on all IPv6 interfaces only - this will clear any configured addresses. all-interfaces Listening on all IPv4 and IPv6 interfaces - this will clear any configured addresses.
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Section 5.43.3.1 Viewing a List of Network Addresses To view a list of network addresses, type: show running-config apps elan database addresses If addresses have been configured, a table or list similar to the following example appears:...
Chapter 5 RUGGEDCOM ROX II Setup and Configuration CLI User Guide Section 5.43.4 Managing CA Certificate Lists The following sections describe how to manage CA certificate lists for the RUGGEDCOM ELAN application: • Section 5.43.4.1, “Viewing a List of RUGGEDCOM ELAN CA Certificate Lists”...
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration no apps eLAN certificate ca-cert-list name Where: • name is the name of the CA (Certified Authority) certificate. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Page 660
RUGGEDCOM ROX II Chapter 5 CLI User Guide Setup and Configuration Enabling/Disabling RUGGEDCOM ELAN...
CLI User Guide Troubleshooting Troubleshooting This chapter describes troubleshooting steps for common issues that may be encountered when using RUGGEDCOM ROX II or designing a network. It describes the following tasks: IMPORTANT! For further assistance, contact Siemens Customer Support. NOTE For a description of pre-configured alarms, refer to Section 4.6.1, “Pre-Configured...
Chapter 6 RUGGEDCOM ROX II Troubleshooting CLI User Guide Problem Solution negotiating side will experience collisions. Ultimately, as traffic loads approach 100%, the link will become entirely unusable. The ping command with flood options is a useful tool for testing commissioned links. The command ping 192.168.0.1 500 2 can be used to issue 500 pings each separated by...
RUGGEDCOM ROX II Chapter 6 CLI User Guide Troubleshooting Problem Solution However, it guarantees that all devices interested in the traffic will keep receiving it without interruption. The same behavior will be observed when the switch resets or when IGMP Snooping is being disabled for the VLAN.
Chapter 6 RUGGEDCOM ROX II Troubleshooting CLI User Guide Problem Solution at the farthest edge of the network from the root. In this case, a configuration message will have to propagate out to the edge and then back in order to reestablish the topology.