Avaya P333R-LB 3.12 UG

Avaya
User’s Guide
AVAYA P333R-LB
STACKABLE LOAD BALANCING SWITCH
SOFTWARE VERSION 3.12
September 2002
Table of Contents
Table of Contents ................................................................................................ i
List of Tables .................................................................................................... xxi
List of Figures ............................................................................................... xxiii
Chapter 1 Overview............................................................................................................. 1
P330 Family Features......................................................................................... 2
Layer 2 Features ................................................................................................. 3
Auto-Negotiation .................................................................................... 3
Congestion Control ................................................................................ 3
VLANs ...................................................................................................... 3
Multiple VLANs per Port ...................................................................... 3
Leaky VLAN ............................................................................................ 3
Port Classification ................................................................................... 4
Network TIME Acquiring Protocols .................................................... 4
MAC Security .......................................................................................... 4
Link Aggregation Group (LAG) ........................................................... 4
IP Multicast Filtering .............................................................................. 4
Radius Security ....................................................................................... 5
Port Redundancy .................................................................................... 5
Intermodule Redundancy ..................................................................... 5
Stack Redundancy .................................................................................. 5
Hot-Swappable ....................................................................................... 5
Backup Power Supply ............................................................................ 6
Fans ........................................................................................................... 6
Network Management Agent (NMA) Redundancy .......................... 6
Software Download ................................................................................ 6
Layer 3 Features ................................................................................................. 7
Forwarding .............................................................................................. 7
OSPF Equal Cost Multipath .................................................................. 7
DHCP/BOOTP Relay ............................................................................ 7
RIP ............................................................................................................. 7
OSPF ......................................................................................................... 8
Static Routes ............................................................................................ 8
Route Redistribution .............................................................................. 9
Route Preferences ................................................................................... 9
Netbios Rebroadcast ............................................................................. 10
Multinetting (Multiple Subnets per VLAN) ..................................... 10
Avaya P333R-LB User’s Guide i

Table of Contents
Load Balancing Features ................................................................................. 12

Load Balancing Elements .....................................................................12
Real Server ..................................................................................12
Real Server Group (RSG) ..........................................................12
Virtual Service ............................................................................12
Virtual Server .............................................................................12
Load Balancing Services .......................................................................13
Firewall Load Balancing (FWLB) ............................................13
Server Load Balancing (SLB) ....................................................13
Application Redirection (AR) ..................................................14
Combination of Applications ..............................................................14
General Features............................................................................................... 15
Redundancy ...........................................................................................15
Additional Redundancy Schemes ......................................................15
Policy – Quality of Service (QoS) ........................................................15
Policy – Access Control ........................................................................16
Router and Load Balancer Configuration File ..................................16
P330 Standards Supported.............................................................................. 17
IEEE .........................................................................................................17
IETF - Layer 2 ........................................................................................17
IETF - Layer 3 ........................................................................................17
P330 Network Management ........................................................................... 18
P330 Device Manager (Embedded Web) ...........................................18
P330 Routing Manager (Embedded Web) .........................................18
Load Balancing Manager (Embedded Web) .....................................18
P330 Command Line Interface (CLI) ..................................................18
CajunView™ ..........................................................................................18
P330 Network Monitoring .............................................................................. 19
RMON I MIBs - RFC 1757 ....................................................................19
RMON II MIBs - RFC 2021 ..................................................................19
SMON MIBs - RFC 2613 .......................................................................19
Bridge MIB Groups - RFC 2674 ...........................................................19
DiffServ Monitoring .............................................................................19
Port Mirroring .......................................................................................19
SMON .....................................................................................................20
Chapter 2 P333R-LB Front and Rear Panels ................................................................... 21

P333R-LB Front Panel ...................................................................................... 21
P333R-LB Back Panel ....................................................................................... 24
BUPS Input Connector .........................................................................24
Chapter 3 Installation and Setup...................................................................................... 25

Installing the X330STK Stacking Sub-Module in the P333R-LB ................ 25
Positioning......................................................................................................... 25
Rack Mounting ................................................................................................. 26
ii Avaya P333R-LB User’s Guide

Table of Contents
Connecting Stacked Switches......................................................................... 27

To connect stacked switches: .............................................................. 27
Installing Expansion Sub-Modules ............................................................... 30
Installing the Expansion Sub-Module into the P333R-LB .............. 30
Removing an Existing Expansion Sub-Module ................................ 30
Powering On – P333R-LB Module AC.......................................................... 31
Powering On – P333R-LB Module DC.......................................................... 31
Configuring the Switch ................................................................................... 32
P333R-LB Default Settings ................................................................... 32
Cabling ................................................................................................... 34
Connecting the Console Cable ............................................................ 35
Configuring the Terminal Serial Port Parameters ........................... 35
Connecting a Modem to the Console Port ........................................ 35
Assigning P330’s IP Stack Address .................................................... 37
Assigning P333R-LB Initial Parameters ............................................ 38
Chapter 4 Avaya CLI – Architecture, Access & Conventions ..................................... 39

CLI Architecture............................................................................................... 39
Establishing a Serial Connection ................................................................... 39
Establishing a Telnet Connection .................................................................. 41
Command Line Prompt .................................................................................. 42
Avaya P330 Sessions........................................................................................ 42
Security Levels.................................................................................................. 43
Entering the Supervisor Level ............................................................ 43
Defining new users ................................................................... 43
Exiting the Supervisor Level .................................................... 43
Entering the CLI .................................................................................... 44
Entering the Technician Level ............................................................ 44
Conventions Used............................................................................................ 44
Navigation, Cursor Movement and Shortcuts............................................. 45
Getting Help ..................................................................................................... 45
Command Syntax............................................................................................. 45
Command Abbreviations .................................................................... 45
Universal Commands...................................................................................... 46
Top and Up commands ....................................................................... 46
Retstatus command .............................................................................. 46
Tree command ...................................................................................... 46
Chapter 5 CLI – Layer 2.................................................................................................... 47

User Level Commands.................................................................................... 47
session .................................................................................................... 48
terminal .................................................................................................. 48
clear screen ............................................................................................ 49
ping ......................................................................................................... 49
Show Commands Summary Table .................................................... 50
Avaya P333R-LB User’s Guide iii

Table of Contents
show time ...............................................................................................53

show timezone .......................................................................................53
show time parameters ..........................................................................53
show ip route .........................................................................................54
show image version ..............................................................................54
show download status .........................................................................55
show snmp .............................................................................................55
show snmp retries .................................................................................56
show snmp timeout ..............................................................................56
show timeout .........................................................................................56
show logout ...........................................................................................56
show interface ........................................................................................57
show device-mode ................................................................................57
show port ...............................................................................................58
show port trap .......................................................................................59
show port channel .................................................................................59
show port classification ........................................................................60
show port redundancy .........................................................................60
show intermodule port redundancy ..................................................61
show port mirror ...................................................................................61
show port vlan-binding-mode ............................................................61
show port security ................................................................................62
show port blocking ...............................................................................63
show port self-loop-discovery ............................................................65
show internal buffering ........................................................................65
show boot bank .....................................................................................66
show module .........................................................................................66
show port flowcontrol ..........................................................................67
show cam ................................................................................................69
show cascading fault-monitoring .......................................................69
show port auto-negotiation-flowcontrol-advertisement .................70
show trunk .............................................................................................70
show vlan ...............................................................................................71
show leaky-vlan ....................................................................................72
show spantree ........................................................................................72
show autopartition ................................................................................74
show dev log file ...................................................................................74
show log .................................................................................................74
show module-identity ..........................................................................75
show license ...........................................................................................75
show system ...........................................................................................76
RMON Tools ..................................................................................................... 77
show rmon statistics .............................................................................77
show rmon history ................................................................................78
iv Avaya P333R-LB User’s Guide

Table of Contents
show rmon alarm .................................................................................. 78

show rmon event .................................................................................. 79
show ppp session .................................................................................. 79
show ppp authentication ..................................................................... 79
show ppp incoming timeout ............................................................... 80
show ppp baud-rate ............................................................................. 80
show ppp configuration ...................................................................... 80
show tftp download/upload status ................................................... 81
show tftp download software status ................................................. 81
show web aux-files-url ......................................................................... 82
show intelligent-multicast ................................................................... 82
show intelligent-multicast hardware-support ................................. 83
show security mode ............................................................................. 83
show secure mac port .......................................................................... 84
show arp-tx-interval ............................................................................. 84
show arp-aging-interval ...................................................................... 84
show self-loop-discovery ..................................................................... 85
show allowed managers status ........................................................... 85
show allowed managers table ............................................................ 86
dir .......................................................................................................... 86
Privileged Level Commands .......................................................................... 88
no hostname .......................................................................................... 89
no rmon history .................................................................................... 89
no rmon alarm ....................................................................................... 89
no rmon event ....................................................................................... 90
hostname ................................................................................................ 90
Clear Commands Summary Table ..................................................... 90
clear timezone ....................................................................................... 91
clear ip route .......................................................................................... 91
clear snmp trap ..................................................................................... 91
clear vlan ................................................................................................ 92
clear dynamic vlans .............................................................................. 92
clear port static-vlan ............................................................................. 93
clear cam ................................................................................................ 93
clear log .................................................................................................. 93
clear port mirror .................................................................................... 93
clear secure mac .................................................................................... 94
Set Commands Summary Table ......................................................... 95
set logout ................................................................................................ 98
set timezone ........................................................................................... 99
set time protocol ................................................................................... 99
set time server ..................................................................................... 100
set time client ....................................................................................... 100
set ip route ........................................................................................... 100
Avaya P333R-LB User’s Guide v

Table of Contents
set snmp community ..........................................................................101

set snmp trap .......................................................................................101
set snmp trap auth ..............................................................................102
set snmp retries ...................................................................................102
set snmp timeout .................................................................................103
set system location ..............................................................................103
set system name ..................................................................................103
set system contact ...............................................................................103
set device-mode ...................................................................................104
set interface ..........................................................................................104
set interface ppp ..................................................................................105
set port level .........................................................................................106
set port negotiation .............................................................................106
set port enable ......................................................................................107
set port disable ....................................................................................107
set port speed .......................................................................................108
set port duplex .....................................................................................108
set port name .......................................................................................109
set port trap ..........................................................................................109
set port vlan .........................................................................................109
set port vlan-binding-mode ...............................................................110
set port static-vlan ...............................................................................110
set port self-loop-discovery Admin_Status .....................................111
set port channel ...................................................................................111
set port classification ..........................................................................112
set port redundancy on/off ...............................................................113
set port redundancy ............................................................................113
set internal buffering ..........................................................................114
set boot bank ........................................................................................114
set intermodule port redundancy .....................................................115
set intermodule port redundancy off ...............................................115
set port mirror .....................................................................................116
set port spantree ..................................................................................116
set port spantree priority ...................................................................117
set port spantree cost ..........................................................................117
set port security ...................................................................................118
set cascading ........................................................................................118
set inband vlan ....................................................................................118
set vlan ..................................................................................................119
set port flowcontrol .............................................................................119
set port auto-negotiation-flowcontrol-advertisement ...................121
set trunk ................................................................................................121
set leaky-vlan .......................................................................................122
set spantree ..........................................................................................122
vi Avaya P333R-LB User’s Guide

Table of Contents
set spantree priority ........................................................................... 122

set autopartition .................................................................................. 123
set license ............................................................................................. 123
set ppp authentication incoming ...................................................... 124
set ppp incoming timeout ................................................................. 124
set ppp baud-rate ................................................................................ 124
set web aux-files-url ........................................................................... 125
set intelligent-multicast ...................................................................... 125
set intelligent-multicast client port pruning time .......................... 125
set intelligent-multicast router port pruning time ......................... 126
set intelligent-multicast group-filtering delay time ....................... 126
set secure mac ...................................................................................... 126
set security mode ................................................................................ 127
set arp-aging-interval ......................................................................... 127
set arp-tx-interval ............................................................................... 127
set self-loop-discovery Admin_Status ............................................. 128
set welcome message ......................................................................... 128
set allowed managers ......................................................................... 129
set allowed managers IP .................................................................... 129
set psu type .......................................................................................... 129
sync time .............................................................................................. 130
get time ................................................................................................. 130
reset ....................................................................................................... 131
reset stack ............................................................................................. 131
reset mgp .............................................................................................. 132
reset wan .............................................................................................. 132
nvram initialize ................................................................................... 132
rmon history ........................................................................................ 133
rmon alarm .......................................................................................... 134
rmon event ........................................................................................... 135
copy stack-config tftp ......................................................................... 135
copy module-config tftp .................................................................... 136
copy tftp stack-config ......................................................................... 137
copy tftp module-config .................................................................... 137
copy tftp EW_archive ......................................................................... 138
copy tftp SW_image ........................................................................... 138
Radius Commands ............................................................................. 139
set radius authentication secret ........................................................ 140
set radius authentication server ....................................................... 140
clear radius authentication server .................................................... 140
set radius authentication retry-time ................................................. 141
set radius authentication retry-number .......................................... 141
set radius authentication udp-port .................................................. 141
Supervisor Level Commands ....................................................................... 142
Avaya P333R-LB User’s Guide vii

Table of Contents
username ..............................................................................................142
no username .........................................................................................142
show username ....................................................................................143
set ppp chap-secret .............................................................................143
show radius authentication ...............................................................143
set radius authentication ....................................................................144
tech ........................................................................................................144
Chapter 6 P330 CLI - Layer 3 .......................................................................................... 145

Router Configuration Contexts .........................................................145
How Commands are Organized .................................................................. 146
System Commands ........................................................................................ 147
User /Privileged Command Mode ..................................................148
hostname Command ...............................................................148
show copy status Command ..................................................148
show tftp-download status Command .................................148
show tftp-upload status Command ......................................149
show erase status Command .................................................149
show running-config Command ...........................................149
show startup-config Command .............................................149
show system Command .........................................................149
set system contact Command ................................................149
set system name Command ...................................................150
set system location Command ...............................................150
copy tftp startup-config Command ......................................150
copy running-config tftp Command .....................................151
copy running-config startup-config Command ..................151
copy startup-config tftp Command ......................................151
erase startup-config Command .............................................152
event log Command ................................................................152
event show Command ............................................................152
reset Command ........................................................................152
ping Command ........................................................................153
traceroute Command ..............................................................153
session Command ....................................................................153
Configure Mode ..................................................................................154
event clear Command .............................................................154
event set Command .................................................................154
IP Commands ................................................................................................. 155
User Mode ............................................................................................156
show ip route Command ........................................................156
show ip route best-match Command ...................................157
show ip route static Command .............................................157
show ip route summary ..........................................................158
show ip arp Command ...........................................................158
viii Avaya P333R-LB User’s Guide

Table of Contents
show ip reverse-arp Command ............................................. 159

show ip interface Command ................................................. 160
show ip interface brief Command ........................................ 161
show ip protocols Command ................................................ 162
show ip icmp Command ........................................................ 162
show ip unicast cache Command ......................................... 163
show ip unicast cache networks Command ........................ 163
show ip unicast cache networks detailed Command ........ 164
show ip unicast cache host Command ................................. 165
show ip unicast cache nextHop Command ......................... 165
show ip unicast cache summary Command ....................... 166
show ip unicast cache aging Command .............................. 166
Configure Mode .................................................................................. 167
interface Command ................................................................. 167
ip default-gateway Command .............................................. 167
ip route Command .................................................................. 168
clear ip route Command ........................................................ 168
ip routing Command .............................................................. 169
ip max-route-entries Command ............................................ 169
arp Command .......................................................................... 169
arp timeout Command ........................................................... 169
clear arp-cache Command ..................................................... 170
ip max-arp-entries Command ............................................... 170
ip icmp-errors Command ....................................................... 171
ip unicast route-cache aging Command .............................. 171
ip unicast route-cache update-timeout Command ............ 171
ip netmask-format Command ............................................... 172
Interface Mode .................................................................................... 173
ip address Command .............................................................. 173
ip vlan/ip vlan name Commands ........................................ 173
ip admin-state Command ...................................................... 174
ip netbios-rebroadcast Command ........................................ 174
ip directed-broadcast Command .......................................... 174
ip proxy-arp Command .......................................................... 175
ip routing-mode Command ................................................... 175
ip redirect Command .............................................................. 175
ip broadcast-address Command ........................................... 176
enable vlan commands Command ....................................... 176
RIP Commands .............................................................................................. 177
Configure Mode .................................................................................. 177
router rip Command ............................................................... 177
Router-RIP Mode ................................................................................ 178
redistribute Command ........................................................... 178
network Command ................................................................. 178
Avaya P333R-LB User’s Guide ix

Table of Contents
timers basic Command ...........................................................178

Interface Mode .....................................................................................179
ip rip rip-version Command ..................................................179
default-metric Command .......................................................179
ip rip send-receive-mode Command ....................................180
ip rip default-route-mode Command ...................................180
ip rip poison-reverse Command ...........................................181
ip rip split-horizon Command ...............................................181
ip rip authentication mode Command .................................182
ip rip authentication key Command .....................................182
OSPF Commands ........................................................................................... 183
User Mode ............................................................................................184
show ip ospf Command ..........................................................184
show ip ospf interface Command .........................................184
show ip ospf neighbor Command .........................................184
show ip ospf database Command .........................................185
Configure Mode ..................................................................................185
router ospf Command .............................................................185
Router-OSPF Mode .............................................................................186
area Command .........................................................................186
network (area) Command ......................................................186
ip ospf router-id Command ...................................................187
redistribute Command ............................................................187
timers spf Command ...............................................................187
Interface Mode .....................................................................................188
ip ospf cost Command ............................................................188
ip ospf hello-interval Command ...........................................188
ip ospf dead-interval Command ...........................................188
ip ospf priority Command .....................................................189
ip ospf authentication-key Command ..................................189
BOOTP-DHCP Commands........................................................................... 190
Overview ..............................................................................................190
Configure Mode ..................................................................................191
ip bootp-dhcp relay Command .............................................191
Interface Mode .....................................................................................191
ip bootp-dhcp server Command ...........................................191
ip bootp-dhcp network Command .......................................192
VLAN Commands ......................................................................................... 193
User Mode ............................................................................................193
show vlan Command ..............................................................193
Configure Mode ..................................................................................193
set vlan Command ...................................................................193
clear vlan Command ...............................................................194
Tech Command ...................................................................................194
x Avaya P333R-LB User’s Guide

Table of Contents
Fragmentation Commands........................................................................... 195

clear fragment Command .................................................................. 195
fragment chain Command ................................................................ 195
fragment size Command ................................................................... 196
fragment timeout Command ............................................................ 196
show fragment Command ................................................................ 197
Chapter 7 Firewall Load Balancing ............................................................................... 199

Benefits ............................................................................................................ 199
How It Works ................................................................................................. 199
Transparent Routing Firewall Load Balancing.......................................... 200
Implementation ................................................................................... 200
Simple Configuration Example ........................................................ 201
Demilitarized Zone (DMZ) Configuration Example ..................... 207
Load Balancing Metrics for Transparent Routing FWLB ............. 211
Hash .......................................................................................... 211
MinMiss Hash .......................................................................... 212
Selecting a Load Balancing Metric ................................................... 213
Weighted Firewalls ............................................................................. 213
Health Check ....................................................................................... 213
Persistency ........................................................................................... 214
Non-Transparent Routing Firewall Load Balancing ................................ 215
Implementation ................................................................................... 215
NAT Configuration Example ............................................................ 216
Static NAT Configuration Example ................................................. 218
Load Balancing Metrics for Non-Transparent Routing FWLB .... 219
Health Check ....................................................................................... 219
Persistency ........................................................................................... 219
Bridging Firewall Load Balancing............................................................... 220
Implementation ................................................................................... 220
Configuration Example ...................................................................... 220
Load Balancing Metrics for Bridging FWLB ................................... 224
Health Check ....................................................................................... 224
Persistency ........................................................................................... 224
Firewall Load Balancing Management Security........................................ 224
Chapter 8 Server Load Balancing................................................................................... 225

Benefits ............................................................................................................ 225
How it Works ................................................................................................. 225
Half NAT Load Balancing ................................................................. 226
Half NAT Based Configuration ............................................ 226
Full NAT Load Balancing .................................................................. 228
Full NAT Based Configuration ............................................. 230
Direct Server Return (DSR) (Triangulation) Redirection .............. 234
DSR (Triangulation) Configuration Example ..................... 234
Avaya P333R-LB User’s Guide xi

Table of Contents
DNS Configuration .............................................................................236

Combining Two Cache Applications on the Same Real Caches ..236
Load Balancing Metrics ................................................................................. 237
Round Robin ........................................................................................237
Hash ......................................................................................................237
MinMiss Hash .....................................................................................238
Weighted Real Servers................................................................................... 239
Health Check................................................................................................... 239
Client Persistency ........................................................................................... 242
Selecting a Load Balancing Metric and Persistency Option..................... 243
Port Re-mapping ............................................................................................ 243
Chapter 9 Application Redirection ................................................................................ 245

Benefits............................................................................................................. 245
How It Works.................................................................................................. 246
Configuration Examples................................................................................ 247
Application Redirection .....................................................................247
Combining Two Cache Applications on the Same Real Caches ..250
Load Balancing Metrics ................................................................................. 254
Round Robin ........................................................................................254
Hash ......................................................................................................254
MinMiss Hash .....................................................................................255
Weighted Real Servers................................................................................... 256
Health Check................................................................................................... 256
Client Persistency ........................................................................................... 259
Policy-Based Routing (Source-Based Routing) ...............................259
Selecting a Load Balancing Metric and Persistency Option..................... 260
Chapter 10 Redundancy .................................................................................................... 261

VRRP ................................................................................................................ 261
VRRP Commands........................................................................................... 262
User Mode ............................................................................................263
show ip vrrp Command .........................................................263
show ip vrrp detail Command ..............................................263
Configure Mode ..................................................................................265
router vrrp Command ............................................................265
Interface Mode .....................................................................................265
ip vrrp Command ....................................................................265
ip vrrp address Command .....................................................265
ip vrrp timer Command .........................................................266
ip vrrp priority Command .....................................................266
ip vrrp auth-key Command ...................................................267
ip vrrp preempt Command ....................................................267
ip vrrp primary Command ....................................................267
ip vrrp override addr owner Command ..............................268
xii Avaya P333R-LB User’s Guide

Table of Contents
Configuration Example ...................................................................... 269

SRRP................................................................................................................. 272
SRRP Commands ........................................................................................... 272
User Mode ........................................................................................... 273
show ip srrp Command .......................................................... 273
Configure Mode .................................................................................. 273
router srrp Command ............................................................. 273
Router-SRRP Mode ............................................................................ 274
poll-interval Command .......................................................... 274
timeout Command .................................................................. 274
Interface Mode .................................................................................... 275
ip srrp backup Command ...................................................... 275
Additional Redundancy Schemes ............................................................... 276
Real Server Group Backup ................................................................ 276
RSG Backup Configuration Example ................................... 276
Real Server Backup ............................................................................. 279
Real Server Backup Configuration Example ....................... 279
Chapter 11 Policy................................................................................................................ 283

Policy – Quality of Service (QoS)................................................................. 283
Policy – Access Control ................................................................................. 283
Scope ................................................................................................................ 284
Default List Behavior..................................................................................... 284
Policy and Load Balancing ........................................................................... 284
P333R-LB Policy Properties .......................................................................... 284
Policy Commands .......................................................................................... 284
Overview .............................................................................................. 284
User Mode ........................................................................................... 286
show access-group command ............................................... 286
show ip access lists Command .............................................. 286
show ip access-lists-dscp Command .................................... 287
show dscp Command ............................................................. 287
Configure Mode .................................................................................. 288
ip access-group Command .................................................... 288
ip access-list Command .......................................................... 289
ip access-default-action Command ...................................... 290
ip access-list-name Command ............................................... 290
ip access-list-owner Command ............................................. 290
ip access-list-cookie Command ............................................. 291
ip access-list-copy Command ................................................ 291
ip access-list-dscp operation Command .............................. 292
ip access-list-dscp trust Command ....................................... 292
ip access-list-dscp precedence Command ........................... 292
ip access-list-dscp name Command ..................................... 293
ip access-list-scope Command .............................................. 293
Avaya P333R-LB User’s Guide xiii

Table of Contents
ip simulate Command ............................................................294

validate-group Command ......................................................294
set qos policy-source Command ...........................................295
Chapter 12 Load Balancing Command Reference ......................................................... 297

How the Commands are Organized............................................................ 298
AR-Filter Commands..................................................................................... 299
ar-filter Command ..............................................................................299
ar-filter-admin-status Command ......................................................300
LB Control Commands.................................................................................. 301
lb control ar Command ......................................................................301
no lb control ar Command .................................................................301
lb control fwlb Command ..................................................................301
no lb control fwlb Command ............................................................301
lb control precedence Command ......................................................302
lb control slb Command .....................................................................302
no lb control slb Command ...............................................................303
Health Check Commands ............................................................................. 304
hc ping Command ..............................................................................304
hc tcp-connect Command ..................................................................304
hc http Command ...............................................................................305
hc http port Command .......................................................................305
hc http version Command .................................................................305
hc http method Command ................................................................306
hc http url Command .........................................................................306
hc http success-response Command ................................................306
hc http domain Command ................................................................307
hc http expected-string Command ...................................................307
hc http expected-string-offset Command ........................................308
hc script Command .............................................................................308
hc script port Command ....................................................................308
hc script query Command .................................................................309
hc script expected-string Command ................................................309
hc script expected-string-offset Command .....................................311
Proxy IP (PIP) Commands ............................................................................ 312
pip-bank Command ............................................................................312
pip-addresses Command ...................................................................312
Real-AR-Server Commands.......................................................................... 313
real-ar-server Command ....................................................................313
no real-ar-server Command ..............................................................313
real-ar-server admin-status Command ............................................313
real-ar-server backup Command ......................................................314
real-ar-server no backup Command ................................................314
real-ar-server hc failure-retries Command ......................................314
real-ar-server no hc failure-retries Command ................................315
xiv Avaya P333R-LB User’s Guide

Table of Contents
real-ar-server hc interval Command ................................................ 315

real-ar-server no hc interval Command .......................................... 315
real-ar-server hc success-retries Command .................................... 316
real-ar-server no hc success-retries Command .............................. 316
real-ar-server hc timeout Command ............................................... 316
real-ar-server no hc timeout Command .......................................... 317
real-ar-server weight Command ...................................................... 317
real-ar-server no weight Command ................................................. 317
Real-SLB-Server Commands ........................................................................ 318
real-slb-server Command .................................................................. 318
no real-slb-server Command ............................................................ 318
real-slb-server admin-status Command .......................................... 319
real-slb-server backup Command .................................................... 319
real-slb-server no backup Command .............................................. 319
real-slb-server direct-server-return Command .............................. 320
real-slb-server no direct-server-return Command ........................ 320
real-slb-server hc failure-retries Command .................................... 320
real-slb-server no hc failure-retries Command .............................. 320
real-slb-server hc interval Command .............................................. 321
real-slb-server no hc interval Command ......................................... 321
real-slb-server hc success-retries Command .................................. 321
real-slb-server no hc success-retries Command ............................. 322
real-slb-server hc timeout Command .............................................. 322
real-slb-server no hc timeout Command ........................................ 322
real-slb-server weight Command ..................................................... 323
real-slb-server no weight Command ............................................... 323
Real-Bridging-FW Commands..................................................................... 324
real-bridging-fw Command .............................................................. 324
no real-bridging-firewall Command ............................................... 324
real-bridging-fw admin-status Command ...................................... 325
real-bridging-fw backup Command ................................................ 325
real-bridging-fw no backup Command .......................................... 325
real-bridging-fw hc failure-retries Command ................................ 326
real-bridging-fw no hc failure-retries Command .......................... 326
real-bridging-fw hc interval Command .......................................... 326
real-bridging-fw no hc interval Command ..................................... 327
real-bridging-fw hc success-retries Command .............................. 327
real-bridging-fw no hc success-retries Command ......................... 327
real-bridging-fw hc timeout Command .......................................... 328
real-bridging-fw no hc timeout Command .................................... 328
real-bridging-fw weight Command ................................................. 328
real-bridging-fw no weight Command ........................................... 329
Real-Routing-FW Commands ...................................................................... 330
real-routing-fw Command ................................................................ 330
Avaya P333R-LB User’s Guide xv

Table of Contents
no real-routing-firewall Command ..................................................330

real-routing-fw id Command ............................................................331
real-routing-fw admin-status Command ........................................331
real-routing-fw backup Command ..................................................331
real-routing-fw no backup Command .............................................332
real-routing-fw hc failure-retries Command ..................................332
real-routing-fw no hc failure-retries Command .............................332
real-routing-fw hc interval Command .............................................333
real-routing-fw no hc interval Command .......................................333
real-routing-fw hc success-retries Command .................................333
real-routing-fw no hc success-retries Command ...........................334
real-routing-fw hc timeout Command ............................................334
real-routing-fw no hc timeout Command .......................................334
real-routing-fw weight Command ...................................................335
real-routing-fw no weight Command ..............................................335
RSG Commands ............................................................................................. 336
rsg Command ......................................................................................336
no rsg Command .................................................................................336
rsg admin-status Command ..............................................................337
rsg backup Command ........................................................................337
rsg no backup Command ...................................................................337
rsg real-ar-server Command .............................................................338
rsg no real-ar-server Command ........................................................338
rsg real-slb-server Command ............................................................338
rsg no real-slb-server Command ......................................................339
rsg real-bridging-fw Command ........................................................339
rsg no real-bridging-fw Command ..................................................339
rsg real-routing-fw Command ..........................................................340
rsg no real-routing-fw Command ....................................................340
Set Commands................................................................................................ 341
set vlan-area Command .....................................................................341
Show Commands ........................................................................................... 342
show ar filter Command ....................................................................342
show ar filter details Command .......................................................342
show hc Command .............................................................................342
show hc details Command ................................................................343
show hc last response Command .....................................................343
show lb control Command ................................................................343
show lb real-ar-server cache Command ..........................................344
show lb real-ar-server cache details Command .............................344
show lb real-slb-server cache Command .........................................344
show lb real-slb-server cache details Command ............................345
show lb real-bridging-firewall cache Command ............................345
show lb real-bridging-firewall cache details Command ...............345
xvi Avaya P333R-LB User’s Guide

Table of Contents
show lb real-routing-fw cache Command ...................................... 346

show lb real-routing-fw cache details Command .......................... 346
show lb virtual-server cache Command ......................................... 346
show lb virtual-server cache details Command ............................. 347
show persistency-table Command ................................................... 348
show pip-bank Command ................................................................. 349
show pip-bank details Command .................................................... 349
show real-ar-server Commands ....................................................... 349
show real-ar-server details Command ............................................ 349
show real-slb-server Commands ...................................................... 350
show real-slb-server details Command ........................................... 351
show real-bridging-fw Commands .................................................. 351
show real-bridging-fw details Command ....................................... 351
show real-routing-fw Commands .................................................... 352
show real-routing-fw details Command ......................................... 352
show rsg Command ........................................................................... 352
show rsg details Command .............................................................. 353
show virtual-ar-service Command .................................................. 353
show virtual-ar-service details Command ...................................... 353
show virtual-fw-service Command ................................................. 354
show virtual-fw-service details Command .................................... 354
show virtual-server Command ......................................................... 354
show virtual-server details Command ............................................ 355
show virtual-slb-service Command ................................................. 355
show virtual-slb-service details Command .................................... 356
show vlan-area-mapping Command ............................................... 356
Virtual AR-Service Commands.................................................................... 357
virtual ar-service Command ............................................................. 357
virtual-ar-service admin-status Command ..................................... 357
virtual-ar-service application Command ........................................ 358
virtual-ar-service no application Command .................................. 358
virtual-ar-service failure-action Command .................................... 358
virtual-ar-service hash-key Command ............................................ 359
virtual-ar-service no hash-key Command ...................................... 359
virtual-ar-service hc Command ........................................................ 359
virtual-ar-service no hc Command .................................................. 360
virtual-ar-service id Command ........................................................ 360
virtual-ar-service metric Command ................................................. 361
virtual-ar-service persistency Command ........................................ 361
virtual-ar-service no persistency Command .................................. 361
virtual-ar-service persistency time Command ............................... 362
virtual-ar-service no persistency time Command ......................... 362
virtual-ar-service persistency wildcard Command ....................... 362
virtual-ar-service no persistency wildcard Command ................. 363
Avaya P333R-LB User’s Guide xvii

Table of Contents
virtual-ar-service rsg Command .......................................................363

virtual-ar-service no rsg Command .................................................363
virtual-ar-service simulate-hash Command ...................................364
Virtual FW-Service Commands ................................................................... 365
virtual fw-service Command ............................................................365
no virtual-fw-service Command .......................................................365
virtual-fw-service admin-status Command ....................................366
virtual-fw-service hash-key Command ...........................................366
virtual-fw-service no hash-key Command .....................................366
virtual-fw-service hc Command .......................................................367
virtual-fw-service no hc Command .................................................367
virtual-fw-service hc-ip Command ..................................................367
virtual-fw-service id Command .......................................................368
virtual-fw-service ip route Command .............................................368
virtual-fw-service no ip route Command ........................................369
virtual-fw-service metric Command ................................................369
virtual-fw-service partner-mgmnt-ip Command ...........................370
virtual-fw-service no partner-mgmnt-ip Command .....................370
virtual-fw-service persistency Command .......................................370
virtual-fw-service no persistency Command ..................................370
virtual-fw-service persistency time Command ..............................371
virtual-fw-service no persistency time Command .........................371
virtual-fw-service persistency wildcard Command ......................371
virtual-fw-service no persistency wildcard Command .................372
virtual-fw-service rsg Command ......................................................372
virtual-fw-service no rsg Command ................................................372
virtual-fw-service simulate-hash Command ..................................373
Virtual-Server Commands ............................................................................ 374
virtual-server Command ...................................................................374
no virtual-server Command ..............................................................374
virtual-server admin-status Command ...........................................375
virtual-server id Command ...............................................................375
virtual-server vip Command .............................................................375
virtual-server no vip Command .......................................................376
Virtual-Server Virtual-SLB-Service Commands ........................................ 377
virtual-server virtual-slb-service Command ..................................377
virtual-server no virtual-slb-service Command .............................377
virtual-server virtual-slb-service admin-status Command ..........378
virtual-server virtual-slb-service application Command ..............378
virtual-server virtual-slb-service no application Command ........378
virtual-server virtual-slb-service hash-key Command .................379
virtual-server virtual-slb-service no hash-key Command ............379
virtual-server virtual-slb-service hc Command .............................380
virtual-server virtual-slb-service no hc Command ........................380
xviii Avaya P333R-LB User’s Guide

Table of Contents
virtual-server virtual-slb-service id Command .............................. 380

virtual-server virtual-slb-service metric Command ...................... 381
virtual-server virtual-slb-service persistency Command ............. 381
virtual-server virtual-slb-service no persistency Command ........ 382
virtual-server virtual-slb-service persistency time Command .... 382
virtual-server virtual-slb-service no persistency time Command 382
virtual-server virtual-slb-service persistency wildcard Command ..
383
virtual-server virtual-slb-service no persistency wildcard Command
383
virtual-server virtual-slb-service pip-bank Command ................. 383
virtual-server virtual-slb-service no pip-bank Command ............ 384
virtual-server virtual-slb-service real-port Command .................. 384
virtual-server virtual-slb-service no real-port Command ............ 384
virtual-server virtual-slb-service rsg Command ............................ 385
virtual-server virtual-slb-service no rsg Command ...................... 385
virtual-slb-service simulate-hash Command ................................. 386
Appendix A Embedded Web Manager ............................................................................. 387

System Requirements .................................................................................... 387
Running the Embedded Manager ............................................................... 388
Installing the Java Plug-in............................................................................. 391
Installing the On-Line Help and Java Plug-In on your Web Site............ 392
Documentation and Online Help ................................................................ 392
Software Download ....................................................................................... 392
Appendix B Specifications .................................................................................................. 393

P333R-LB Switch ............................................................................................ 393
Physical ................................................................................................ 393
Power Requirements – AC ................................................................ 393
Power Requirements – DC ................................................................ 393
Environmental ..................................................................................... 394
Safety – AC .......................................................................................... 394
Safety – DC .......................................................................................... 394
EMC Emissions ................................................................................... 394
Emissions .................................................................................. 394
Immunity .................................................................................. 394
Interfaces .............................................................................................. 395
Standards Compliance ....................................................................... 395
IEEE ........................................................................................... 395
IETF ........................................................................................... 395
Basic MTBF .......................................................................................... 395
Stacking Sub-module..................................................................................... 395
Expansion Sub-modules ............................................................................... 396
Gigabit Ethernet Expansion Sub-modules ...................................... 396
Avaya P333R-LB User’s Guide xix

Table of Contents
Laser Safety ...............................................................................396

Laser Classification ..................................................................396
Usage Restriction .....................................................................397
Laser Data .................................................................................397
Fast Ethernet Fiber Expansion Sub-module ....................................397
Ethernet/Fast Ethernet Expansion Sub-module ............................397
GBIC Expansion Sub-module ...........................................................398
Safety Information ...................................................................398
Usage Restriction .....................................................................398
Avaya Approved GBIC Transceivers ...................................399
Specifications ............................................................................399
Agency Approval ....................................................................400
MTBF .........................................................................................400
X330GT2 Gigabit Ethernet Expansion Sub-module .......................400
Installing the Expansion Sub-module in the Avaya P330 .400
Removing an Existing Expansion Sub-module ...................401
Cabling ......................................................................................401
Backup Power Supply (BUPS)...................................................................... 402
Physical .................................................................................................402
Power Requirements ..........................................................................402
Environmental .....................................................................................403
Safety .....................................................................................................403
EMC Emissions ...................................................................................403
Emissions ..................................................................................403
Immunity ..................................................................................403
BUPS MTBF .........................................................................................403
Connector Pin Assignments ......................................................................... 404
Console Pin Assignments ..................................................................404
Appendix C How to Contact Us ......................................................................................... 405

In the United States .............................................................................405
In the EMEA (Europe, Middle East and Africa) Region ...............405
In the AP (Asia Pacific) Region .........................................................407
In the CALA (Caribbean and Latin America) Region ...................407
xx Avaya P333R-LB User’s Guide

List of Tables
Table 2.1 P333R-LB LED Descriptions ..................................................... 22
Table 2.2 P333R-LB <- -> Select buttons .................................................. 23
Table 3.1 Default Switch Settings ............................................................. 32
Table 3.2 Default Port Settings .................................................................. 33
Table 3.3 Gigabit Ethernet Cabling........................................................... 34
Table 4.1 Navigation, Cursor Movement and Shortcuts....................... 45
Table 6.1 System Commands .................................................................. 147
Table 6.2 IP Commands ........................................................................... 155
Table 6.3 RIP Commands......................................................................... 177
Table 6.4 OSPF Commands ..................................................................... 183
Table 6.5 BOOTP-DHCP Commands..................................................... 190
Table 6.6 VLAN Commands ................................................................... 193
Table 6.7 Fragmentation Commands ..................................................... 195
Table 10.1 VRRP Commands..................................................................... 262
Table 10.2 SRRP Commands ..................................................................... 272
Table 11.1 Policy Commands .................................................................... 284
Table 12.1 Load Balancing Command Groups ....................................... 298
Table B.1 Stacking Sub-module ............................................................... 395
Table B.2 Gigabit Ethernet Expansion Sub-modules ........................... 396
Table B.3 Fiber Fast Ethernet Expansion Sub-module ......................... 397
Table B.4 Ethernet/Fast Ethernet Expansion Sub-module.................. 397
Table B.5 Pinout for Console Communications ................................... 404
Avaya P333R-LB User’s Guide xxi

List of Tables
xxii Avaya P333R-LB User’s Guide

List of Figures
Figure 1.1 The Conceptual Load Balancing Model.................................. 13
Figure 1.2 Combinations of Applications.................................................. 14
Figure 2.1 P333R-LB Front Panel ............................................................... 21
Figure 2.2 P333R-LB LED ............................................................................ 21
Figure 2.3 P333R-LB AC and DC Back Panels.......................................... 24
Figure 2.4 BUPS Input Connector Sticker. ................................................ 24
Figure 3.1 P333R-LB Rack Mounting ........................................................ 26
Figure 3.2 Incorrect Stack Connection ....................................................... 28
Figure 3.3 P333R-LB Stack Connections .................................................... 29
Figure 7.1 Transparent Routing FWLB Sample Configuration............ 201
Figure 7.2 Transparent Routing FWLB Sample DMZ Configuration . 207
Figure 7.3 Hash Metric - Loss of Persistency .......................................... 212
Figure 7.4 MinMiss Hash Metric - Persistency Sustained..................... 212
Figure 7.5 Non-Transparent Routing FWLB Sample NAT
Configuration ........................................................................ 216
Figure 7.6 Non-Transparent Routing FWLB Sample Static NAT
Configuration ....................................................................... 218
Figure 7.7 Bridging FWLB Configuration Example .............................. 220
Figure 8.1 Half NAT Based SLB Configuration Example ..................... 226
Figure 8.2 Full NAT Based SLB Configuration Example...................... 230
Figure 8.3 SLB Triangulation Configuration Example.......................... 234
Figure 8.4 DNS Configuration .................................................................. 236
Figure 9.1 Cache Redirection Configuration Example.......................... 247
Figure 9.2 Two Cache Applications on the Same Real Caches ............ 250
Figure 10.1 SLB - VRRP Configuration Example ..................................... 269
Figure 10.2 RSG Backup Configuration Example .................................... 276
Figure 10.3 Real Server Backup Configuration Example........................ 279
Figure A.1 The Welcome Page ................................................................... 389
Figure A.2 Web-based Manager ................................................................ 390
Avaya P333R-LB User’s Guide xxiii

List of Figures
xxiv Avaya P333R-LB User’s Guide

Chapter 1
Overview
The P330 family of stackable Ethernet workgroup switches includes a range of
modules with 10/100/1000 Mbps ports, Layer 3 capability and ATM Expansion
sub-module. The base product is the P333T switch which has 24x10/100 Mbps ports
and an Expansion sub-module slot. The optional expansion sub-modules provide
additional Ethernet, Fast Ethernet, and Gigabit Ethernet connectivity.
The P330R family allows you to add multilayer switching to your existing P330
stacks. The base product for the P330R family is the P333R switch, which combines
P333T capabilities with Layer 3 capabilities. In addition, the P333R-LB switch adds
load balancing capabilities to your network.
A P330 stack can contain up to 10 switches and up to 3 backup power supply units.
The stacked switches are connected using the X330STK stacking sub-modules which
plug into a slot in the back of the P330. They are connected using the X330SC or
X330LC cable (if the stack is split between 2 racks). The X330RC cable connects the
top and bottom switches in the stack and provides redundancy and hot-swapability
in the same way that modules can be swapped in a modular switching chassis.
The P330 is fully compliant with IEEE standards for VLAN Tagging, Gigabit
Ethernet, Spanning Tree and Flow Control. This full standards-compliance,
combined with auto-negotiation for 10/100/1000 Mbps and half/full duplex
facilitates the expansion of your network to match your company's growing needs.
The P330R-LB is fully compliant with IETF standards ARP, ICMP, DHCP/BOOTP,
RIP v.1, RIP v.2, OSPF, IP Forwarding, and VRRP.
Avaya P333R-LB User’s Guide 1

Chapter 1 Overview
P330 Family Features

• You can connect up to 10 P330 switches in a stack. Moreover, this stack can be
either in one rack or split over several racks using the X330LC Long Cable,
according to your requirements.
• X330STK - this stacking sub-module is used to connect P330 switches in a stack,
via the Octaplane.
• P330 BUPS - this back-up power supply module supports up to four P330
switches.
• One RJ-45/RS-232 front panel console connector for both terminal and modem
(future release) sessions.
• Two fan units in every switch, with operation sensors.
• One virtual IP address for managing the whole stack, the P330 stack is managed
as a single entity.
• Hot swapping of one switch at a time - by activation of the redundant cable:
— Does not disrupt the operation of other P330 switches.
— Does not change stack configuration.
— Does not require network downtime.
• Connection via Telnet to the IP of the stack Master or directly to the Router IP,
or from the front panel ports of any switch with:
— multiple levels of password protection.
— login and inactivity timeouts.
2 Avaya P333R-LB User’s Guide

Chapter 1 Overview
Layer 2 Features
Auto-Negotiation
Every 10/100 port on the P330 supports Auto-Negotiation which automatically
detects and supports the operating mode and speed of a connected device. Auto-
negotiation is also supported on the Gigabit Ethernet ports for flow control mode
only.
This means that you can simply connect the P330 to Ethernet or Fast Ethernet
equipment at full or half duplex without configuration.
Congestion Control
Congestion control is a key element of maintaining network efficiency as it prevents
resource overload.
The Avaya P330 supports congestion control on all Ethernet ports, using the
following:
• Back Pressure in half duplex mode.
• IEEE 802.3x Flow Control in full duplex mode.
VLANs
The P330 VLANs are fully IEEE 802.1Q compliant and can handle up to 1k tagged
VLANs.
Multiple VLANs per Port

The P330 provides the ability to set multiple (1K) VLANs per port. The three
available Port Multi-VLAN binding modes are:
• Bound to All - the port is programmed to support the entire 3K VLANs range.
Traffic from any VLAN is forwarded through a port defined as Bound to All.
• Bound to Configured - the port supports all the VLANs configured in the
switch/stack. These may be either Port VLAN IDs (PVID) or VLANs that were
manually added to the switch.
• Statically Bound - the port supports VLANs manually configured on it.
Leaky VLAN
Leaky VLAN provides the ability to send unicast traffic between two ports on
different VLANs. Leaky VLAN will function only on modules (and sub-modules)
with C/S 2.0 and higher.

Chapter 1 Overview
Port Classification
With the P330, you can classify any port as regular or valuable. Setting a port to
valuable means that a link fault trap can be sent even when the port is disabled. This
feature is particularly useful for the software redundancy application, where you
need to be informed about a link failure on the dormant port.
Network TIME Acquiring Protocols

The P330 supports the SNTP Protocol over UDP port 123. You can choose between
SNTP or TIME protocol over UDP port 37.
MAC Security
You can define a port as secure to prevent it from learning new mac addresses. If an
unknown MAC or station tries to access a secure port, the intruder request is sent to
the management station.
Link Aggregation Group (LAG)

LAG provides increased bandwidth and redundancy for critical high-bandwidth
applications such as inter-stack links and connections to servers. You can aggregate
the bandwidth of up to eight 10/100Base-Tx ports, two 100Base-FX or 1000Base-X
ports.
Load sharing ensures that if one of the port connections fails, the other connections
will assume the load seamlessly. Load balancing guarantees that the traffic load at
any level will be evenly divided among all the LAG links.
IP Multicast Filtering
IP Multicast allows you to send a single copy of an IP packet to multiple
destinations, and can be used for various applications including video streaming
and video conferencing.
On LANs, IP Multicast packets are transmitted in MAC Multicast frames.
Traditional LAN switches flood these Multicast packets to all stations in the VLAN.
Multicast filtering functions may be added to the Layer 2 switches to avoid sending
Multicast packets where they are not required. Layer 2 switches capable of
Multicast filtering send the Multicast packets only to ports that connect members of
that Multicast group. In order for this feature to operate correctly, you need in your
network a router issuing IGMP queries.
Note: IP Multicast filtering will function only based on the port's VLAN ID and not
based on any VLAN bound to the port.

Chapter 1 Overview
Radius Security
The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard
(RFC 2138) client/server security protocol. Security and login information is stored
in a central location known as the RADIUS server. RADIUS clients such as the P330,
communicate with the RADIUS server to authenticate users.
All transactions between the RADIUS client and server are authenticated thorough
the use of a “shared secret” which is not sent over the network. The shared secret is
an authentication password configured on both the RADIUS client and its RADIUS
servers. The shared secret is stored as clear text in the client’s file on the RADIUS
server, and in the non-volatile memory of the P330. In addition, user passwords are
sent between the client and server are encrypted for increased security.
Port Redundancy
Redundancy can be implemented between any two ports in the same stack at the
link level. You can also assign redundancy between any two LAGs in the stack or
between a LAG and a port. One port or LAG is defined as the primary port, and the
other as the secondary port. In case the primary port link fails, the secondary port
takes over.
Intermodule Redundancy
Intermodule redundancy includes all Port Redundancy functionality, and
additionally maintains port integrity even when the primary port link fails as the
result of a failure of the module. If the module on which the active port in an
Intermodule Port Redundancy pair is located is powered down or removed from
the stack, the secondary port in the Intermodule Port Redundancy pair takes over.
Only one pair per stack can be set for Intermodule Port Redundancy.
Stack Redundancy
In the unlikely event that a P330 switch or Octaplane link should fail, stack integrity
is maintained if the redundant cable is connected to the stack. The broken link is
bypassed and data transmission continues uninterrupted. The single management
IP address for the stack is also preserved for uninterrupted management and
monitoring.
Hot-Swappable
You can remove or replace any unit within the stack without disrupting operation
or performing stack-level reconfiguration. You can therefore adapt the P330 to your
requirements on the fly and with a down-time which is second to none.
When you remove an expansion module from the stack, all configuration
definitions on expansion modules are lost.

Chapter 1 Overview
If you wish to save configuration definitions, perform the following procedure:

1 Power down the switch.
2 Remove the expansion module.
3 Insert the new module.
4 Power up the switch.
Backup Power Supply

Each P330 module comes with a Backup Power Supply (BUPS) connector. If the
internal power supply fails, the P330 BUPS (available separately) automatically
supplies power to the switch for uninterrupted operation.
Fans
The P330 module fans have integrated sensors which provide advance warnings of
fan failure via management.
Network Management Agent (NMA) Redundancy

Since each P330 module has an integral SNMP agent, any module in a stack can
serve as the stack NMA while other NMAs act as redundant agents in “hot”
standby. If the “live” NMA fails then a backup is activated instantaneously.
Software Download
P330 includes a safe software download procedure in which backup code is always
present.
You should perform a reset after downloading software to the Module.

Chapter 1 Overview
Layer 3 Features
Forwarding
The P333R-LB forwards IP packets between IP networks. When it receives an IP
packet through one of its interfaces, it forwards the packet through one of its
interfaces. P333R-LB supports multinetting, enabling it to forward packets between
IP subnets on the same VLAN as well as between different VLANs. Forwarding is
performed through standard means in Router mode.
OSPF Equal Cost Multipath

The P333R-LB supports load balancing in Layer 3 by using OSPF Equal Cost
Multipath (ECM) and static routes multipath. OSPF and static multipath balances
Layer 3 load forwarding by splitting traffic into several possible equal-cost paths,
thus freeing additional bandwidth for traffic.
DHCP/BOOTP Relay
The P333R-LB supports the DHCP/BOOTP Relay Agent function. This is an
application that accepts DHCP/BOOTP requests that are broadcast on one VLAN
and sends them to a DHCP/BOOTP server that connects to another VLAN or a
server that may be located across one or more routers that would otherwise not get
the broadcast request. The relay agent handles the DHCP/BOOTP replies as well,
transmitting them to the client directly or as broadcast, according to a flag in the
reply message. Note that the same DHCP/BOOTP relay agent serves both the
BOOTP and DHCP protocols.
DHCP/BOOTP Relay in P333R-LB can be enabled or disabled.
RIP
P333R-LB supports the widely used RIP routing protocol (both RIPv1 and RIPv2).
The RIPv1 protocol imposes some limitations on the network design with regard to
subnetting. When operating RIPv1, you must not configure variable length subnet
masks (VLMS). Each IP network must have a single mask, implying that all subnets
in a given IP network are of the same size. Also, when operating RIPv1, you must
not configure supernets, which are networks with a mask smaller than the natural
net mask of the address class, such as 192.1.0.0 with mask 255.255.0.0 (smaller than
the natural class C mask which is 255.255.255.0). For detailed descriptions of RIP
refer to the standards and published literature.
RIPv2 is a new version of the RIP routing protocol, not yet widely used but with
some advantages over RIPv1. RIPv2 solves some of the problems associated with
RIPv1. The most important change in RIPv2 is the addition of a subnet mask field
which allows RIPv2 to support variable length subnets. RIPv2 also includes an
authentication mechanism similar to the one used in OSPF.

Chapter 1 Overview
Configuration of the RIP version, 1 or 2, is per IP interface (default is version 1).

Configuration should be homogenous on all routers on each subnet, i.e. there
should not be both RIPv1 and RIPv2 routers on the same subnet. However, different
IP interfaces of the P333R-LB can be configured with different RIP versions (as long
as all routers on the subnet are configured to the same version).
RIPv2 and RIPv1 are considered the same protocol with regard to redistribution to/
from OSPF and static route preferences.
OSPF
P333R-LB supports the OSPF routing protocol. P333R-LB can be configured as an
OSPF Autonomous System Boundary Router (ASBR) by configuration of route
redistribution. P333R-LB can be installed in the OSPF backbone area (area 0.0.0.0) or
in any OSPF area that is part of a multiple areas network. However, P333R-LB
cannot be configured to be an OSPF area border router itself.
The P333R-LB supports the equal-cost multipath (ECMP) feature which allows load
balancing by splitting traffic between several equivalent paths.
While OSPF can be activated with default values for each interface using a single
command, many of the OSPF parameters are configurable.
For a detailed description of OSPF, refer to the OSPF standards and published
literature.
Static Routes
Static routes can be configured to the P333R-LB. They are never timed-out, or lost
over reboot, and can only be removed by manual configuration. Deletion (by
configuration) of the IP interface deletes the static routes using this interface as well.
A static route becomes inactive if the interface over which it is defined is disabled.
When the interface is enabled, the static route becomes active again.
Static routes can only be configured for remote destinations, i.e. destinations that
are reachable via another router as a next hop. The next hop router must belong to
one of the directly attached networks for which P333R-LB has an IP interface.
“Local” static routes, such as those that have no next hop, are not allowed.
Two kinds of static routes can be configured, High Preference static routes which are
preferred to routes learned from any routing protocol and Low Preference static
routes which are used temporarily until the route is learned from a routing protocol.
By default, a static route has Low Preference.
Static routes can be advertised by routing protocols (i.e. RIP, OSPF) as described
under Route redistribution.
Static routes also support load-balancing similar to OSPF. A static route can be
configured with multiple next hops so that traffic is split between these next hops.

Chapter 1 Overview
This can be used for example to load-balance traffic between several firewalls which
serve as the default gateway.
Route Redistribution
Route redistribution is the interaction of multiple routing protocols. OSPF and RIP
can be operated concurrently in P333R-LB. In this case, P333R-LB can be configured
to redistribute routes learned from one protocol into the domain of the other routing
protocol. Similarly, static routes may be redistributed to RIP and to OSPF. Route
redistribution should not be configured carelessly, as it involves metric changes and
might cause routing loops in the presence of other routers with incompatible
schemes for route redistribution and route preferences.
The P333R-LB scheme for metric translation in route redistribution is as follows:
• Static to RIP metric configurable (default 1)
• OSPF internal metric N to RIP metric 1
• OSPF external type 1 metric N to RIP metric 1
• OSPF external type 2 metric N to RIP metric N+1
• Static to OSPF external type 2, metric configurable (default 1)
• RIP metric N to OSPF external type 2, metric N
• Direct to OSPF external type 2, metric 1.
By default, the P333R-LB does not redistribute routes between OSPF and RIP.
Redistribution from one protocol to the other can be configured. Static routes are, by
default, redistributed to RIP and OSPF. P333R-LB allows the user to globally disable
redistribution of static routes to RIP, and separately to globally disable
redistribution of static routes to OSPF. In addition, P333R-LB lets the user configure,
on a per static route basis, whether the route is to be redistributed to RIP and OSPF,
and what metric (in the range of 1-15). The default state is to enable the route to be
redistributed at metric 1. When static routes are redistributed to OSPF, they are
always redistributed as external type 2.
Route Preferences
The routing table may contain routes from different sources. Routes to a certain
destination may be learned independently from RIP and from OSPF, and at the
same time, a static route can also be configured to the same destination. While
metrics are used to choose between routes of the same protocol, protocol
preferences are used to choose between routes of different protocols.
The preferences only apply to routes for the same destination IP address and mask.
They do not override the longest-match choice. For example, a high-preference
static default route will not be preferred over a RIP route to the subnet of the
destination.

Chapter 1 Overview
P333R-LB protocol preferences are listed below from the most to the least preferred:
1 Local (directly attached net)
2 High-preference static (manually configured routes)
3 OSPF internal routes
4 RIP
5 OSPF external routes
6 Low-preference static (manually configured routes).
Netbios Rebroadcast
The P333R-LB can be configured to relay netbios UDP broadcast packets. This
feature is used for applications such as WINS that use broadcast but may need to
communicate with stations on other subnets or VLANs.
Configuration is performed on a per-interface basis. When a netbios broadcast
packet arrives from an interface on which netbios rebroadcast is enabled, the packet
is distributed to all other interfaces configured to rebroadcast netbios.
If the netbios packet is a net-directed broadcast (e.g., 149.49.255.255), the packet is
relayed to all other interfaces on the list, and the IP destination of the packet is
replaced by the appropriate interface broadcast address.
If the netbios broadcast packet is a limited broadcast (e.g., 255.255.255.255), it is
relayed to all VLANs on which there are netbios-enabled interfaces. In that case, the
destination IP address remains the limited broadcast address.
Multinetting (Multiple Subnets per VLAN)

In Router Mode, most applications such as RIP and OSPF, operate per IP interface.
Other applications such as VRRP and DHCP/BOOTP Relay operate per VLAN.
Configuration of these applications is done in the Interface mode. When there is
only a single interface (subnet) per VLAN then system behavior is intuitive since a
subnet and a VLAN are the same.
If the configuration includes multiple interfaces (subnets) per VLAN things start to
get complicated.
For example, if there are two interfaces over the same VLAN and you configure
DHCP server on one interface it will be used also for the second interface over the
same VLAN. This behavior might be less expected and in some cases wrong.
In order to prevent misconfiguration and unexpected results, the P333R-LB
prevents configuration of VLAN-oriented commands on an interface unless the user
explicitly requested to using the new "enable vlan commands" CLI command.
Configuration of "enable vlan commands" on an interface overrides this
configuration on other interfaces that belong on the same VLAN.
This ensures that VLAN-oriented commands can be configured from one interface
only.

Chapter 1 Overview
In case there is only one interface over a VLAN, then VLAN oriented commands for
this VLAN can be configured through the single interface without the need to issue
the "enable vlan command" command.
Note:
1. VLAN-oriented commands that were configured affect the VLAN of the interface
that was used at the time the command was issued.
2. If the interface is moved to another VLAN (using the "ip vlan command") VLAN
oriented configuration still relates to the original VLAN.

Chapter 1 Overview
Load Balancing Features

Load Balancing technology allows network managers to control the amount of
network traffic to various firewalls and servers, as well as to redirect traffic to
internal addresses. By distributing traffic to different firewalls or servers, Load
Balancing improves response time. Load Balancing also performs health checks on
the firewalls or servers to make sure that they are functioning at a minimum level. If
a firewall or server is not functional, the Load Balancing application directs traffic to
other available firewalls or servers. Load Balancing provides increased fault
tolerance, and, as an alternative to deploying larger servers, scalability.
Load Balancing implements a sophisticated mechanism for Real Server Metrics
Selection, Real Server Health Checking, and Persistency.
Load Balancing Elements

There are four conceptual Load Balancing elements:
• Real Server.
• Real Server Group.
• Virtual Service.
• Virtual Server.
Real Server
A Real Server is a physical server that is associated with a Real IP address. One or
more Real Servers may belong to a Real Server Group.
Real Server Group (RSG)

A Real Server Group is a logical grouping of Real Servers used for load balancing.
For example, for Server Load Balancing, the load balancer distributes packets to
Real Servers belonging to a specific RSG.
Virtual Service
Virtual Services are abstract links to RSGs provided by a Virtual Server. For
example, load-balanced forwarding of HTTP or FTP packets is a Virtual Service.
Virtual Server
A Virtual Server represents the server to the outside world. It is associated with a
Virtual IP and provides Virtual Services. For example, a load balancer that
intercepts traffic from the WAN acts as a Virtual Server.

Chapter 1 Overview
Traffic from the WAN is directed to the Virtual Server. The Virtual Server provides
Virtual Services when transferring packets to the Real Server Group, which is
comprised of Real Servers. The following figure illustrates the conceptual load
balancing model.
Figure 1.1 The Conceptual Load Balancing Model
Load Balancing Services

The P333R-LB supports the following Load Balancing services:
• Firewall Load Balancing.
• Server Load Balancing.
• Application Redirection.
Firewall Load Balancing (FWLB)

The P333R-LB’s FWLB intercepts all traffic between clients and servers and
dynamically distributes the load among the available firewalls, based on the FWLB
configuration. Using FWLB, all of your firewalls are utilized concurrently,
providing overall improved firewall performance, scalability, and availability. For
more information see Chapter 7, Firewall Load Balancing.
Server Load Balancing (SLB)

The P333R-LB’s SLB intercepts all traffic between clients and servers, dynamically
distributing the load among the available servers, based on SLB configuration. For
more information, see Chapter 8, Server Load Balancing.

Chapter 1 Overview
Application Redirection (AR)

With the growing importance of the Internet as the organization's source of
information, normal operation of the LAN can be negatively impacted by
congestion on the network router to the Internet. The P333R-LB’s AR redirects
packets from their original destination to an alternative server, based on AR
configuration. For more information, see Chapter 9, Application Redirection.
Combination of Applications
You can enable the P333R-LB to use various applications concurrently. For example,
it is possible to configure the same P333R-LB to perform Server Load balancing for
an Intranet web-server, Application Redirection for web traffic that is Internet-
bound, and Firewall Load Balancing for traffic that is Internet-bound. In some cases,
the same "type" of traffic can be given two different actions by the load balancer, as
illustrated in Figure 1.2. In these situations, it is necessary to tell the load balancer
which action to choose.
Figure 1.2 Combinations of Applications
In Figure 1.2, web traffic to the Intranet server (Server Farm) can be configured to
either be directed to the web cache (Cache Server Farm), or bypass the web cache
and directly access the Intranet server. The latter configuration will free the web
cache resources to deal with Internet-bound traffic.
You can specify the preferred action by performing one of the following:
• Configure SLB to take precedence over AR.
• Configure AR can take precedence over SLB.
• Configure AR filters to redirect traffic from client/server addresses, using
wildcards.
• Configure AR filters to specify which traffic not to redirect ("no-ar" as service)
from specific client/server addresses, using wildcards.

Chapter 1 Overview
General Features
Redundancy
Routing protocols naturally provide some level of redundancy. However, IP
stations that are manually configured with a single ‘default gateway’ IP address do
not naturally recover when their default gateway fails. These stations do not
automatically try to use other routers or Layer-3-switches connected to the same
subnet.
The P333R-LB supports two types of router redundancy protocols, VRRP and SRRP,
to solve this problem. In addition, the VRRP solves the problem of VIP interfaces in
Server Load Balancing.
For full information, see VRRP on page 261 and SRRP on page 272.
Additional Redundancy Schemes

Using the P333R-LB, you can configure a Real Server to backup one or more
primary Real Servers. A backup Real server is not used until the primary Real
Server is down.
You can also configure a Real Server Group (RSG) to backup one or more primary
RSGs. A backup RSG can run a different service than the primary RSG while
providing backup to all of the primary RSG’s services. Similar to the Real Server, the
backup RSG is not used until all Real Servers in the RSG are down.
For full information, see Additional Redundancy Schemes on page 276.
Policy – Quality of Service (QoS)

The P333R-LB supports QoS by using multiple priority levels and IEEE 802.1p
priority tagging to ensure that data and voice receive the necessary levels of service.
The P333R-LB can enforce policy on routed packets (per packet), according to four
criteria:
• The IEEE 802.1p priority tag in the incoming packet.
• The Diff-Serv byte (TOS field) in the IP header of the incoming packet.
• Matching the packet’s source or destination IP address to the configured
priority policy.
• Whether the packet source or destination TCP/UDP port number falls within a
pre-defined range.
Since the P333R-LB is a multilayer switch, it can enforce centralized network
policies using Avaya’s RealNet Rules central policy management application.
For full information, see Policy – Quality of Service (QoS) on page 283.

Chapter 1 Overview
Policy – Access Control

The P333R-LB supports Access Control policy. The P333R-LB uses policy lists
containing both Access Control rules and QoS rules. The policy lists are ordered by
rule indexing. Access Control rules define how the P333R-LB should handle routed
packets. There are three possible ways to handle such packets:
• Forward the packet (Permit operation)
• Discard the packet (Deny operation)
• Discard the packet and notify the management station (Deny and Notify)
The P333R-LB can enforce Access Control policy on each routed packet, according
to the following criteria:
• Matching the packet's source or destination IP address to the configured Access
Control policy.
• Determine if the packet source or destination TCP/UDP port number falls
within a pre-defined range.
• Using the ACK bit of the TCP header.
The P333R-LB access control rules are set-up using the Command Line Interface and
Avaya’s CajunRules central policy management application.
For full information, see Policy – Access Control on page 283.
Router and Load Balancer Configuration File

The Configuration File feature allows the user to upload the P333R-LB routing and
load balancing configuration parameters and upload them to a file on the station.
The routing and load balancing configuration commands in the file are in CLI
format. The user can edit the file (if required) and re-configure the P333R-LB by
downloading the configuration file. Although the files can be edited, it is
recommended to keep changes to the files to a minimum. The recommended
configuration method is using CajunView P330 Routing Manager and/or the CLI.
Changes to the configuration file should be limited to those required to customize a
configuration file from one router to suit another.

Chapter 1 Overview
P330 Standards Supported

The P330 complies with the following standards.
IEEE
• 802.3x Flow Control on all ports
• 802.1Q VLAN Tagging support on all ports and 802.1p compatible
• 802.1D Bridges and STA
• 803.2z Gigabit Ethernet ports
• 803.2u Ethernet/Fast Ethernet ports
IETF - Layer 2
• MIB-II - RFC 1213
• Bridge MIB for Spanning Tree - RFC 1492
• Bridge MIB for STP and CAM contents - RFC 1314
• ATM Management - RFC 1695
• RMON - RFC 1757
• SMON - RFC 2613
• Bridge MIB Groups - RFC 2674 dot1dbase and dot1dStp fully implemented.
Support for relevant MIB objects: dot1q (dot1qBase, dot1qVlanCurrent)
IETF - Layer 3
• Internet Protocol - RFC-791
• Internet Control Message Protocol - RFC-792
• Standard for the transmission of IP datagrams over Ethernet - RFC-894
• Bootstrap Protocol - RCF-951
• Routing Information Protocol - RCF-1058
• DHCP Options and BOOTP Vendor Extensions - RFC-1533
• Interoperation Between DHCP and BOOTP - RFC-1534
• Dynamic Host Configuration Protocol - RFC-1541
• Clarifications and Extensions for the Bootstrap Protocol Information - RFC-1542
• RIP Version 2 Carrying Additional Information - RFC 1723
• Requirements for IP Version 4 Routers - RFC-1812
• OSPF Version 2 Management Information Base - RFC-1850
• Virtual Router Redundancy Protocol - RFC-2338

Chapter 1 Overview
P330 Network Management

Avaya realizes the importance of comprehensive network management as a key
component of today’s networks. Therefore we have provided multiple ways of
managing the P330 to suit your needs.
P330 Device Manager (Embedded Web)

The built-in P330 Device Manager (Embedded Web Manager) allows you to manage
a P330 stack using a Web browser without purchasing additional software. This
application works with the Microsoft® Internet Explorer and Netscape® Navigator
web browsers and Sun Microsystems Java™ Plug-in.
P330 Routing Manager (Embedded Web)

The built-in P330 Routing Manager (Embedded Web Manager) allows you to
manage the routing capabilities of the P333R-LB, using a Web Browser.
Load Balancing Manager (Embedded Web)

The built-in P330 Load Balancing Manager (Embedded Web Manager) allows you
to manage the load balancing capabilities of the P333R-LB, using a Web Browser.
P330 Command Line Interface (CLI)

The P330 CLI provides a terminal type configuration tool for configuration of P330
and P333R-LB features and functions. You can access the CLI locally, through the
serial interface, or remotely via Telnet.
CajunView™
When you need extra control and monitoring or wish to manage other Cajun
Campus equipment, then the CajunView network management suite is the answer.
This suite provides ease-of-use and the features necessary for optimal network
utilization.
• CajunView is available for Windows® NT®/2000 and Solaris 8.
• CajunView can operate in Stand-Alone mode with Windows® NT®/2000.
• CajunView operates under HP OpenView for Windows® NT®/2000 and
Solaris 8.

Chapter 1 Overview
P330 Network Monitoring
RMON I MIBs - RFC 1757

• RMON I support for the following standard monitoring MIBs:
— Statistics
— History
— Alarms
— Events
RMON II MIBs - RFC 2021

• RMON II support for the following standard monitoring MIBs:
— Protocol Directory
— Protocol Distribution
— Network Layer Host
— Network Layer Matrix
SMON MIBs - RFC 2613

• SMON support for the following standard monitoring MIBs:
— Data Source Capabilities
— Port Copy
— VLAN and Priority Statistics.
Bridge MIB Groups - RFC 2674

• dot1dbase and dot1dStp fully implemented.
• Support for relevant MIB objects: dot1q (dot1qBase, dot1qVlanCurrent)
DiffServ Monitoring
Monitors zero and non-zero DiffServ usage per protocol for routed packets (per
DSMON IETF draft.)
Port Mirroring
The P330 provides port mirroring for additional network monitoring functionality.
You can filter the traffic and mirror either incoming traffic to the source port or both
incoming and outgoing traffic. This allows you to monitor the network traffic you
need.

Chapter 1 Overview
SMON
The P330 supports Avaya’s ground-breaking SMON Switched Network
Monitoring, which the IETF has now adopted as a standard (RFC2613). SMON
provides unprecedented top-down monitoring of switched network traffic at the
following levels:
• Enterprise Monitoring
• Device Monitoring
• VLAN Monitoring
• Port-level Monitoring
This top-down approach gives you rapid troubleshooting and performance
trending to keep the network running optimally.
Note: CajunView Licence is required to run SMON monitoring.
Note: You need to purchase one SMON License per P330 Stack

Chapter 2
P333R-LB Front and Rear Panels
P333R-LB Front Panel

The P333R-LB front panel contains LEDs, controls, connectors and an expansion
sub-module slot, as well as a console connector. The status LEDs and control
buttons provide at-a-glance information.
The front panel LEDs consist of Port LEDs and Function LEDs. The Port LEDs
display information for each port according to the illuminated function LED. The
function is selected by pressing the left or right button until the desired parameter
LED is illuminated. For example, if the COL LED is illuminated, then all Port LEDs
show the collision status of their respective port. If you want to select the LAG
function, press the right button until the LAG Function LED is lit. If you then want
to select Rx, press the left button several times until the Rx function LED lights.
P333R-LB front panel shown below includes the P333R-LB LEDs, buttons, the
Expansion sub-module slot, and the RJ-45 console connector at the bottom right
(refer to Figure 2.1 and Figure 2.2). The LEDs are described in Table 2.1.
Figure 2.1 P333R-LB Front Panel
Figure 2.2 P333R-LB LED

Port LEDs
51 52 53 54 55 56 57 58 1 2 3 4 5 6 7 8 9 10 11 12
EXPANSION
SLOT
59 60 61 62 63 64 65 66 13 14 15 16 17 18 19 20 21 22 23 24
LNK COL Tx Rx FDX FC Hspd LAG LB ROUT SYS OPR PWR
FIV
Left/Right
and Reset (both) FIV Switch Function LEDs
Switches

Chapter 2 P333R-LB Front and Rear Panels
Note: All LEDs are lit during a reset.
Table 2.1 P333R-LB LED Descriptions
LED Name Description LED Status
OFF – Power is off
PWR Power Status ON – Power is on
Blink – Using BUPS only
OFF – Module is booting

OPR CPU Operation
ON – Normal operation
OFF – Module is a slave in a stack
ON – Module is the master of the stack and

the Octaplane and Redundant cable are
SYS System Status connected correctly.
This LED will also light in Standalone mode.
Blink – Box is the master of the stack and the

stack is in redundant mode
ROUT Routing Mode ON – Router and Layer 2
LB Load Balancing ON – Load Balancer
OFF – Port disabled
LNK Port Status ON – Port enabled and link OK
Blink – Port enabled and the link is down
OFF – No collision or FDX port

COL Collision
ON – Collision occurred on line
OFF – No transmit activity

Tx Transmit to line ON – Data transmitted on line from the
module

Table 2.1 P333R-LB LED Descriptions (Continued)
LED Name Description LED Status
OFF – No receive activity

Rx Receive from line ON – Data received from the line into the
module
OFF – Half duplex mode

FDX Half/Full Duplex
ON – Full duplex mode
OFF – No flow control

FC Flow Control ON – Symmetric Flow Control mode is
enabled and port is in full duplex mode
Hspd High Speed 10/100 1000

OFF: 10 N/A
ON: 100 1000
Link Aggregation OFF – No LAG defined for this port

LAG
Group (Trunking) ON – Port belongs to a LAG
Table 2.2 P333R-LB <- -> Select buttons
Description Function
Left/Right Individual – select LED function (see table above)
Reset module Press both right and left buttons together for approximately 2
seconds. All LEDs on module light up until buttons are
released.
Reset stack Press both Right and Left buttons together for 4 seconds. All
LEDs on stack light up until buttons are released.
FIV Force Initial Version – Boot from backup initial version of the
P330 software from Bank A (see Note below).
Note: To perform “Force Initial Version,” reset the module and at the same time
press the FIV reset button (use an opened paper clip or other pointed object). Let go
of the reset buttons first and then let go of the FIV button 1 or 2 seconds later.

Note: The Port LEDs of the P333R-LB are numbered from 1-24. Expansion sub-
module ports are numbered from 51. Port LED numbers 49-50 are reserved.
P333R-LB Back Panel

The P333R-LB back panel contains a stacking sub-module slot, power supply and
BUPS connector. Figure 2.3 shows the back panel of the AC switch (top) and the DC
switch (bottom) with a stacking sub-module installed.
Figure 2.3 P333R-LB AC and DC Back Panels
Note: Any further illustrations of the P333R-LB back panel will be that of the AC
model shown in Figure 2.3.
BUPS Input Connector

The BUPS input connector (see Figure 2.3) is a 5 V DC connector for use with the
P333R-LB BUPS unit only. A BUPS Input sticker appears to the right of the BUPS
input connector.
Figure 2.4 BUPS Input Connector Sticker.
BUPS Input

Chapter 3
Installation and Setup

The P333R-LB is ready to work after you complete the installation instructions
below. The P333R-LB ports provide complete connectivity and no configuration is
required to make the system work.
Installing the X330STK Stacking Sub-Module in the P333R-LB
Caution: The stacking sub-modules contain components sensitive to electrostatic

discharge. Do not touch the circuit board unless instructed to do so.
To install the stacking sub-module in the P333R-LB:

1 Remove the blanking plate from the back of the P333R-LB switch.
2 Insert the stacking sub-module gently into the slot, ensuring that the metal base
plate is aligned with the guide rails. The metal plate of the X330STK (and not the
PCB) fits onto the guide rails.
3 Press the sub-module in firmly until it is completely inserted into the P333R-LB.
4 Gently turn the two screws on the side panel of the stacking sub-module until
they are secure.
Note: The P333R-LB switch must not be operated with the back-slot open. The
stacking sub-module should be covered with the supplied blanking plate if necessary.
Positioning
P333R-LB can be mounted alone or in a stack in a standard 19-inch equipment rack
in a wiring closet or equipment room. Up to 10 units can be stacked in this way.
When deciding where to position the unit, ensure that:
• It is accessible and cables can be connected easily and according to the
configuration rule.
• Cabling is away from sources of electrical noise such as radio transmitters,
broadcast amplifiers, power lines and fluorescent lighting fixtures.
• Water or moisture cannot enter the unit case.
• There is a free flow of air around the unit, and that the vents in the back and
sides of the case are not blocked.
Note: Use Octaplane cables to interconnect with other switches.

Chapter 3 Installation and Setup
Rack Mounting
The P333R-LB case fits in most standard 19-inch racks. P333R-LB is 2U
(88 mm, 3.5”) high.
Place the P333R-LB in the rack as follows:
1 Snap open the ends of the front panel to reveal the fixing holes.
2 Insert the unit into the rack. Ensure that the four P333R-LB screw holes are
aligned with the rack hole positions as shown in Figure 3.1.
Figure 3.1 P333R-LB Rack Mounting
KEY
Hole in rack
Screw hole in Avaya P330
Screw position
3 Secure the unit in the rack using the screws. Use two screws on each side. Do
not overtighten the screws.
4 Snap close the hinged ends of the front panel.
5 Ensure that ventilation holes are not obstructed.

Connecting Stacked Switches
Note: The two ends of the Octaplane cable terminate with different connectors. Each
connector can only be connected to its matching port.
The following cables are used to connect stacked switches:

• Short Octaplane cable (X330SC) – ivory-colored, used to connect adjacent
switches (Catalog No. CB0223) or switches separated by a BUPS unit.
• Long/Extra Long Octaplane cable (X330LC/X330L-LC) – ivory-colored, used to
connect switches from two different physical stacks, or switches separated by a
BUPS unit (Catalog No. CB0225/CB0270).
• Redundant/Long Redundant Octaplane cable (X330RC/X330L-RC) – black,
used to connect the top and bottom switches of a stack (Catalog No. CB0222/
CB0269).
These are the same cables that are used with all P330 family modules.
To connect stacked switches:
Note: When adding a module to an existing stack, first connect the stacking cables
and then power up the module.
1 Plug the light grey connector of the Short Octaplane cable into the port marked
“to upper unit” of the bottom P333R-LB switch.
2 Plug dark grey connector of same Short Octaplane cable to the port marked “to
lower unit” in the unit above. The connections are illustrated in Figure 3.3.
3 Repeat Steps 1 and 2 until you reach the top switch in the stack.
4 If you wish to implement stack redundancy, use the Redundant Cable to
connect the port marked “to lower unit” on the bottom switch to the port
marked “to upper unit” on top switch of the stack.
5 Power up the added modules.
Caution: Do not cross connect two P333R-LB switches with two Octaplane (light-
colored) cables. If you wish to cross-connect for redundancy, use one light-colored
Octaplane cable and one black redundancy cable. Figure 3.2 shows an incorrect
connection.

Note: You can build a stack of up to 10 P333R-LB switches. If you do not wish to
stack all the switches in a single rack, use long Octaplane cables to connect two
physical stacks as shown in Figure 3.3.
Figure 3.2 Incorrect Stack Connection
BUPS
Connector
Cable to Cable to
Lower Unit Upper Unit
Power Supply
Connector
BUPS
Connector
Cable to Cable to
Lower Unit Upper Unit
Power Supply
Connector

Figure 3.3 P333R-LB Stack Connections
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
5 Cable to
Lower Unit
Cable to
Upper Unit
10
Power Supply Power Supply
Connector Connector
BUPS
Connector
X330SC BUPS
Connector
Cable to
Lower Unit
Cable to
Upper Unit
4 Cable to
Lower Unit
Cable to
Upper Unit
9
Connector Connector
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
3 Cable to
Lower Unit
Cable to
Upper Unit
8
Connector Connector
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
2 Cable to
Lower Unit
Cable to
Upper Unit
7
Connector Connector
BUPS BUPS
Connector Connector
X330RC Cable to
Lower Unit
Cable to
Upper Unit
1 Cable to
Lower Unit
Cable to
Upper Unit
6
Connector Connector
X330LC

Installing Expansion Sub-Modules
Caution: The expansion sub-modules contain components sensitive to electrostatic

Installing the Expansion Sub-Module into the P333R-LB

To install the expansion sub-module into the P333R-LB:
1 Remove the blanking plate or other sub-module (if installed).
2 Insert the sub-module gently into the slot, ensuring that the Printed Circuit
Board (PCB) is aligned with the guide rails. The PCB, not the metal base plate,
fits into the guide rail.
3 Press the sub-module in firmly until it is completely inserted into the P333R-LB.
4 Gently turn the two screws on the front panel of the expansion sub-module
until they are secure.
Removing an Existing Expansion Sub-Module

To remove an existing expansion sub-module:
1 Loosen the two screws on the front panel of the expansion sub-module.
2 Grasp the two knobs one near each side of the front panel, and pull gently but
firmly towards yourself.
3 Insert another expansion sub-module or the blanking plate.
Note: If an expansion sub-module is removed from the stack with the power supply
on, all configuration definitions on expansion sub-modules are lost. To remove an
expansion sub-module and save configuration definitions:
1 Turn off the power supply.
2 Remove an expansion sub-module.
3 Insert another expansion sub-module.
4 Turn on the power supply.
Note: The P333R-LB switch must not be operated with the expansion slot open. The
expansion sub-module slot should be covered with the supplied blanking plate if
necessary.

Powering On – P333R-LB Module AC

For the AC input version of the P333R-LB, insert the AC power cord into the power
inlet in the back of the unit. The unit powers up.
If you are using a BUPS, insert a power cord from the BUPS into the BUPS connector
in the back of the unit. The unit powers up even if no direct AC power is applied to
it.
After power up or reset, the P333R-LB performs a self test procedure.
Powering On – P333R-LB Module DC

For the DC input version of the P333R-LB:
1 Connect the power cable to the switch at the input terminal block. Note that:
— The terminals are marked “+”, “-“ and the IEC 5019a Ground symbol.
— The size of the three screws in the terminal block is M3.5.
— The pitch between each screw is 9.5mm.
Warning: Before performing any of the following procedures, ensure that DC power
is OFF.
Caution: This product is intended for installation in restricted access areas and is
approved for use with 18 AWG copper conductors only. The installation must
comply with all applicable codes.
2 Connect the power cable to the DC power supply.
Warning: The proper wiring sequence is ground to ground, positive to positive and
negative to negative. Always connect the ground wire first and disconnect it last.

Configuring the Switch

The P333R-LB may be configured using the text-based CLI, the P330 Embedded
Web Manager or CajunView.
For instructions on the text-based utility, refer to Chapter 4, Avaya CLI –
Architecture, Access & Conventions.
For instructions on installation of the Graphical User Interfaces (GUI), refer to
Appendix A, Embedded Web Manager. For instructions on the use of the graphical
user interfaces, refer to the Device Manager User’s Guide and the Load Balancing
Manager User’s Guide on the Management CD.
P333R-LB Default Settings

The default settings for the P333R-LB switch and its ports are determined by the
P333R-LB software. These default settings are subject to change in newer versions of
the P333R-LB software.
Table 3.1 Default Switch Settings
Function Default Setting
IP Address 149.49.35.214
Default gateway 0.0.0.0
VLANs VLAN 1
Spanning tree Enabled
Bridge priority for Spanning 32768

Tree
Time server IP address 0.0.0.0
Timezone offset 0 hours
Read-only SNMP community Public

string
Read-write SNMP community Public

string
Trap SNMP community string Public
SNMP retries number 3
SNMP timeout 2000 Seconds
SNMP authentication trap Disabled

Table 3.1 Default Switch Settings
CLI timeout 15 Minutes
User Name/Password root/root
Table 3.2 Default Port Settings
10/100Base-TX ports 100Base-F ports 1000 Base-X ports
Duplex mode Full duplex Full duplex Full duplex only
Speed mode 100M 100M 1000M
Flow control Off Off Off
Flow control Off N/A Off (No pause)

advertisement
Backpressure On (only in Half duplex) Not Applicable Not Applicable
Auto-partitioning Disabled (only in Half N/A N/A

duplex)
Auto-negotiation Enable Not Applicable Enable1
Administration status Enable Enable Enable
Port VLAN 1 1 1
Tagging mode Clear Clear Clear
Port priority 0 0 0
Spanning Tree cost 20 20 4
Spanning Tree port 128 128 128

priority
1 Ensure that the other side is also set to Autonegotiation Enabled
Note: Functions operate in their default settings unless configured otherwise.

Cabling
P333R-LB modules include the following types of ports (according to the speed and
standard they support): 10Base-T, 100Base-TX, 100Base-FX, 1000Base-SX and
1000Base-LX.
Note: To interconnect P333R-LB switches with twisted pairs, crossed cables are
required.
• The maximum UTP cable length connected to a 10/100 Mbps port operating as
10Base-T, is 100 m (328 ft.).
• A UTP Category 5 cable must be connected to any 100Base-TX port, via an
RJ-45 connector. The maximum UTP cable length connected to a 10/100 Mbps
port operating as 100Base-TX, is 100 m (328 ft.).
• A fiberoptic cable must be connected to any 100Base-FX port, via a pair of SC
connectors. The maximum fiber cable length connected to a 100Base-FX port is
412 m (1,352 ft.) when operating in half duplex, and 2 km (6,562 ft.) when
operating in full duplex.
Appropriate cables are available from your local supplier.
Table 3.3 Gigabit Ethernet Cabling
Modal Maximum Minimum

Gigabit Fiber Diameter Wavelength
Bandwidth Distance Distance
Interface Type (µm) (nm)
(MhzKm) (m) (m)
1000BASE-SX MM 62.5 160 220 2 850

1000BASE-SX MM 62.5 200 275 2 850
1000BASE-SX MM 50 400 500 2 850
1000BASE-SX MM 50 500 550 2 850
1000BASE-LX MM 62.5 500 550 2 1310
1000BASE-LX MM 50 400 550 2 1310
1000BASE-LX SM 9 NA 10,000 2 1310

Connecting the Console Cable

P333R-LB has one serial port on the front panel of the switch for connecting a
terminal, a terminal emulator, or a modem.
The serial port on the front panel is labelled “Console” and has a RJ-45 connector.
Connect the P333R-LB to a terminal or a terminal emulator using the supplied
console cable and the RJ-45 to DB-9 adaptor. To connect a modem, use the supplied
cable and an RJ-45 to DB-25 adaptor.
Note: The cable and two adaptors can be found in the accessory set, and they are
clearly marked.
Configuring the Terminal Serial Port Parameters

The serial port settings for using a terminal or terminal emulator are as follows:
• Baud Rate - 9600 bps
• Data Bits - 8 bits
• Parity - None
• Stop Bit - 1
• Flow Control - None
• Terminal Emulation - VT-100
Connecting a Modem to the Console Port

A PPP connection with a modem can be established only after the
Avaya P333R-LB is configured with an IP address and net-mask, and the PPP
parameters used in the Avaya P333R-LB are compatible with the modem’s PPP
parameters.
1 Connect a terminal to the console port of the Avaya P333R-LB switch as
described in Connecting the Console Cable on page 35.
2 When you are prompted for a Login Name, enter the default name root.
3 When you are prompted for a password, enter the password root. You are
now in Supervisor Level.
4 At the prompt, type:
set interface ppp <ip_addr><net-mask>
with an IP address and netmask to be used by the Avaya P333R-LB to connect
via its PPP interface.
Note: The PPP interface configured with the set interface ppp command
must be on a different subnet from the stack inband interface.

5 Set the baud rate, ppp authentication, and ppp time out required to match your
modem. These commands are described in the “Command Line Interface”
chapter.
set interface ppp enable
The CLI responds with the following:
Entering the Modem mode within 60 seconds...
Please check that the proprietary modem cable is plugged
into the console port
7 Use the DB-25 to RJ-45 connector to plug the console cable to the modem’s DB-
25 connector. Plug the other end of the cable RJ-45 connector to the
Avaya P333R-LB console’s RJ-45 port.
8 The Avaya P333R-LB enters modem mode.
9 You can now dial into the switch from a remote station, and open a Telnet
session to the PPP interface IP address.

Assigning P330’s IP Stack Address
Note: All P333R-LB switches are shipped with the same default IP address. You
must change the IP address of the master P330 switch in a stack in order to
guarantee that the stack has its own unique IP address in the network.
Use the CLI to assign the P330 stack an IP address and net mask. The network
management station can establish communications with the stack once this address
had been assigned and the stack has been inserted into the network.
To asign a P330 IP stack address:
1 Establish a serial connection by connecting a terminal to the Master P330 switch
of the stack.
2 When prompted for a Login Name, enter the default name root
3 When you are prompted for a password, enter the password root. You are
now in Supervisor Level.
set interface inband <vlan> <ip_address> <netmask>
Replace <vlan>, <ip_address> and <netmask> with the VLAN,
IP address and net mask of the stack.
5 Press Enter to save the IP address and net mask.
6 At the prompt, type reset and press Enter to reset the stack. After the Reset,
log in again as described above.
7 At the prompt, type set ip route <dest> <gateway> and replace <dest>
and <gateway> with the destination and gateway IP addresses.
8 Press Enter to save the destination and gateway IP addresses.
The procedure in the following section describes initial configuration of the Router.

Assigning P333R-LB Initial Parameters

To start using the P333R-LB Routing options you must first assign IP addresses and
routing capabilities to the P333R-LB via the CLI.
1 To access Router commands from the Master module, type the command
session router; the command prompt changes from Console> to
Router> (see Avaya P330 Sessions on page 42).
2 Enter the command configure. The prompt Router(configure)#
appears.
3 Create the management/routing VLAN if the IP interface is not on VLAN #1.
Use the command set vlan <Vlan-id> name <Vlan-name>
4 Assign an IP interface name. Use the command:
Router(configure)# interface <interface-name>
5 Assign an IP interface address. Use the command:
Router(configure-if:<interface-name>)# ip address <ip-
address> <mask>
6 Assign the VLAN created in step 3 to the IP interface. Use the following
command:
Router(configure-if:<interface-name>)# ip vlan <Vlan-id> or
ip vlan name <Vlan-name>
7 Type exit. This returns you to the prompt: Router(configure)#
8 If the management station is not on the same subnet as the switch, configure a
default gateway (static route). Use the command:
ip default-gateway <ip-address>
9 To save the above configuration changes use the copy running-config
startup-config command.
Note: Once you have assigned an IP address/interface to the P333R-LB, you can either
configure the P333R-LB using the CajunView P330 Manager application or continue
using the CLI.
Note: You may want to remove the default gateway defined in Step 8, once you
have completed router configuration using CajunView or CLI.

Chapter 4
Avaya CLI – Architecture, Access & Conventions
This chapter describes the Avaya P330 CLI architecture and conventions, and
provides instructions for accessing the Avaya P330 for configuration purposes.
The configuration procedure involves establishing a Telnet session or a serial
connection and then using the Avaya P330’s internal CLI. The CLI is command-line
driven and does not have any menus. To activate a configuration option, you must
type the desired command at the prompt and press Enter. You can also configure
your Avaya P330 using the P330 Manager with its graphical user interface. For
details, see the Avaya P330 Device Manager Appendix and the Avaya Multi-Service
Network Manager P330 Device Manager User’s Guide on the Documentation and
Utilities CD.
CLI Architecture
The P330 stack supports both Layer 2 switching and Layer 3 switching.
The P333R-LB CLI includes two CLI entities to support this functionality.
• The Switch CLI entity is used to manage Layer 2 switching of the entire stack.
The Switch CLI entity is identical to the CLI of a P330 Layer 2 modules.
CLI commands for managing Layer 2 switching are described in Chapter 6.
• The Router CLI entity is used to manage Layer 3 switching of a single module.
The Router CLI entity exists only in P330R Layer 3 modules and supports
different sets of commands depending on the device mode of the P333R-LB
module.
If the P333R-LB module is the Master of the stack, then the Switch CLI entity and the
Router CLI entity co-exist on the same module.
To switch between the entities, use the session command.
Configuration of the password commands and community commands in one
entity is automatically attributed to the other entity in the stack.
Initial access to the stack can be established via a serial connection or a Telnet
connection to any one of the entities.
Establishing a Serial Connection

Perform the following steps to connect a terminal to the Avaya P330 Master Switch
Console port for configuration of Stack or Router parameters:
1 Use the serial cable supplied to attach the RJ-45 console connector to the
Console port of the Avaya P330 Master Switch. Connect the DB-9 connector to

Chapter 4 Avaya CLI – Architecture, Access & Conventions
the serial (COM) port on your PC/terminal.

2 Ensure that the serial port settings on the terminal are 9600 baud, 8 bits, 1 stop
bit and no parity.
3 When you are prompted for a Login Name, enter the default login. The default
login is root.
4 When you are promoted for a password, enter the user level password root.
5 Now you can establish a connection to the Router or the Master switch
(indicated when the SYS front panel LED is ON) using the Session commands
and begin the configuration of Module, Stack, or Router parameters.

Establishing a Telnet Connection

Perform the following steps to establish a Telnet connection to the Avaya P330 for
configuration of Stack or Router parameters. You can Telnet either the Stack Master
IP address or directly to one of the Router IP address:
1 Connect your station to the network.
2 Verify that you can communicate with the Avaya P330 using Ping to the IP of
the Avaya P330. If there is no response using Ping, check the IP address and
default gateway of both the Avaya P330 and the station.
Note: The Avaya P330 default IP address is 149.49.32.134 and the default subnet
mask is 255.255.255.0.
3 From the Microsoft Windows® taskbar of your PC click Start and then Run (or
from the DOS prompt of your PC), then start the Telnet session by typing:
telnet <P330_IP_address>
For example: telnet 192.168.35.214.
4 If the IP Address in Telnet command is the IP address of the stack, then
connection is established with the Switch CLI entity of the Master module.
If you want to connect to the Router CLI entity, use the session command.
If the IP address in the Telnet command is of the router, connection is
established to the Router CLI entity in the router module.
5 When you see the “Welcome to P330” menu and are prompted for a Login
Name, enter the default name root
6 When you are prompted for a password, enter the User Level password root
or norm in lower case letters (do NOT use uppercase letters). The User level
prompt will appear when you have established communications with the
Avaya P330.
Avaya P333R -LB User’s Guide 41

Command Line Prompt

Four factors affect the command line prompt:
• Host name of the CLI entity - the host name is used as the prefix of the
command prompt (refer to hostname command on page 83 for the Switch CLI
entity; refer to hostname command on page 148 for the Router CLI entity).
• Module Number - counting from the bottom up used as part of the prefix. In
this document the Module number in the prompt is generic and is represented
by “N”.
• Security level - used as the suffix of the prompt (Refer to Security Level on
page 43.)
• Application context - used as body of the prompt, this part is not mandatory.
Example:
Host name of the router is TelAviv
Router is module number three
Application context is OSPF
The command line prompt looks as follows:
TelAviv-3(configure router:ospf)#
Avaya P330 Sessions

You can use sessions to switch between P330 modules or to switch between Layer 2
and Layer 3 commands in the P333R-LB CLI.
To switch between P330 modules use the command:
session [<mod_num>] <mode>.
The <mod_num> is the number of the module in the stack, counting from the bottom
up. The <mode> can be either switch or router. When Module Number is not
specified, the command switches between the modes in the local module. Use
switch mode to configure layer 2 commands. Use router mode to configure routing
commands.
Examples:
To configure router parameters in the module that you are currently logged into,
type the following command:
session router.
To configure the switch parameters, on module 6, type the command:

session 6 switch.
Note: When you use the session command the security level stays the same.

Security Levels
There are four security access levels – User, Privileged, Configure and Supervisor.
• The User level is a general access level used to show system parameter values.
• The Privileged level is used by site personnel to access stack configuration
options.
• The Configure level is used by site personnel for Layer 3 configuration.
• The Supervisor level is used to define user names, passwords, and access levels
of up to 10 local users.
A login name and password are always required to access the CLI and the
commands. The login names and passwords, and security levels are established
using the username command.
Switching between the entities, does not effect the security level since security levels
are established specifically for each user. For example, if the operator with a
privileged security level in the Switch entity switches to the Router entity the
privileged security level is retained.
Entering the Supervisor Level

The Supervisor level is the level in which you first enter Cajun Campus CLI and
establish user names for up to 10 local users. When you enter the Supervisor level,
you are asked for a Login name. Type root as the Login name and the default
password root (in lowercase letters):
Welcome to P330
Login: root
Password:****
Password accepted.
P330-N(super)#
Defining new users

Define new users and access levels using the username command in Supervisor
Level. (see page 135).
Exiting the Supervisor Level

To exit the Supervisor level, type the command exit.

Entering the CLI

To enter the CLI, enter your username and password. Your access level is indicated
in the prompt as follows:
The User level prompt is shown below:
P330-N>
The Privileged level prompt is shown below:
P330-N#
The Configure level prompt for Layer 3 configuration is shown below:
P330-N(configure)#
The Supervisor level prompt is shown below:
P330-N(super)#
Entering the Technician Level

This level is can only be accessed from the Privileged and Supervisor levels not from
the User level.
This feature is not documented and is for use by Avaya Technical Support only.
Conventions Used
The following conventions are used in this chapter to convey instructions and
information:
• Mandatory keywords are in boldface.
• Variables that you supply are in pointed brackets <>.
• Optional keywords are in square brackets [].
• Alternative but mandatory keywords are grouped in braces {} and separated by
a vertical bar |.
• If you enter an alphanumeric string of two words or more, for example in the
set system location on Page 96, enclose the string in inverted commas.
• Information displayed on screen is displayed in text font.

Navigation, Cursor Movement and Shortcuts

The CLI contains a simple text editor with these functions:
Table 4.1 Navigation, Cursor Movement and Shortcuts
Keyboard Functions
Backspace Deletes the previous character
Up arrow/Down arrow Scrolls back and forward through the command

history buffer
Left arrow/Right arrow Moves the cursor left or right
Tab Completes the abbreviated command. Type the

minimum number of characters unique to the
command. An exception is the Reset System
command which you must type in full.
Enter Executes a single-line command
““ If you type a name with quotation marks, the

marks are ignored.
Getting Help
On-line help may be obtained at any time by typing a question mark (?), or the
word help on the command line or by pressing the F1 key. To obtain help for a
specific command, type the command followed by a space and a question mark.
Example: Router> show?
Command Syntax
Commands are not case-sensitive. That is, uppercase and lowercase characters may
be interchanged freely.
Command Abbreviations
All commands and parameters in the CLI can be truncated to an abbreviation of any
length, as long as the abbreviation is not ambiguous. For example, version can
be abbreviated ver.
For ambiguous commands, type the beginning letters on the command line and
then use the Tab key to toggle through all the possible commands beginning with
these letters.

Universal Commands
Universal commands are commands that can be issued anywhere in the hierarchical
tree.
Top and Up commands

The Up command moves you up to the next highest level in the CLI command
hierarchy. The Top command moves you to the highest level.
Retstatus command
Use the retstatus command to show whether the last CLI command you
performed was successful. It displays the return status of the previous command.
The syntax for this command is: retstatus
Output Example:
P330 # set port negotiation 2/4 disable
Link negotiation protocol disabled on port 2/4.
Router(enable)# retstatus
Succeeded
Tree command
The tree command displays the commands that are available at your current
location in the CLI hierarchy.
The syntax for this command is: tree
Output Example:
Router(super)# tree
terminal
width
length
Router(super)#

Chapter 5
CLI – Layer 2
This chapter provides all the Layer 2 CLI commands, parameters and their default
values.
The CLI is command-line driven and does not have any menus. To activate a
configuration option, you must type the desired command at the prompt and press
Enter.
Note: The terms “module” and “switch” are used interchangeably.
User Level Commands

This section describes all commands that are available from the User level.
Following is a table of the User Level commands and command groups (all
commands are also available at the higher levels).
• session Opens a session to another P330 switch, X330 Page 48

ATM Access sub-module, X330 WAN Access
sub-module or G700 MGP.
• terminal width Displays or sets the width of the terminal Page 48
display.
• terminal length Display or set the length of the terminal Page 48
display.
• clear screen Clears the current terminal display. Page 49
1
• show Shows the current switch parameters. Page 50
• ping Sends ICMP echo request packets to another Page 49
node on the network.
• dir Show files in the system. Page 86
1 This command corresponds to a group of commands and is shown in a
separate Table on Page 50.

Chapter 5 CLI – Layer 2
session
Use the session command to open a session with a specific entity in a switch of
the stack. For example, you can open a session with the Routing entity of a
P332G-ML switch in the stack, or with an the X330 ATM sub-module entity plugged
into a specific switch.
The syntax for this command is:

session [<mod_num> [switch|router|atm|mgp|wan]]
mod_num (optional) The switch number.

If you do not specify this parameter, you will
get the default entity of the stack (Layer 2
session to the Master)
switch|router|atm|mgp|wan (optional) The entity to which you want to

open a session.
If you do not specify this parameter, you will
get the default entity of the specific module:
switch - Layer 2 entity of the switch (see
Note below).
router - Routing entity.
atm - ATM entity.
mgp - Media Gateway Processor.
wan - WAN access router entity.
Note: Layer 2 commands are only available if you open a switch session with the
Master switch.
Note: When you use the session command the security level stays the same.
terminal
Use the terminal width and terminal length commands to set the width
and length of the terminal display in characters.

terminal {width|length} [<characters>]
48 Avaya P333R -LB User’s Guide

clear screen
The clear screen command clears the current terminal display.

clear screen
ping
Use the ping command to send ICMP echo request packets to another node on the
network.

ping [host[number]]
host Host IP address/Internet address of route destination. If missing

then the last host IP is used.
number Number of packets to send. If missing, then the last number is used.
If the last number is not available, the default is 4.
Note: You can use this command via the Master switch only.
Output Example:
To ping the IP number 149.49.48.1 four times:
P330-N> ping 149.49.48.1 4
PING 149.49.48.1: 56 data bytes

64 bytes from 149.49.48.1: icmp_seq=0. time=0. ms
P330-1(super)# 64 bytes from 149.49.48.1: icmp_seq=3. time=0. ms
----149.49.48.1 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

Show Commands Summary Table

Following is a table of the show commands:
• show time Shows the current time. Page 53

• show timezone Shows the current timezone offset. Page 53
• show time Shows the status and parameters. Page 53
parameters
• show ip route Shows the IP routing table entries. Page 54
• show image version Shows the image version. Page 54
• show download Shows the last download operation. Page 55
status
• show snmp Shows the SNMP community strings. Page 55
• show snmp retries Shows the SNMP retries number. Page 56
• show snmp timeout Shows the SNMP timeout. Page 56
• show timeout Shows the CLI logout time setting. Page 56
• show logout Shows the CLI logout time setting. Page 56
• show interface Shows the interfaces of the device. Page 57
• show device-mode Shows the operating mode you are Page 57
currently in.
• show port Shows settings and status for all ports. Page 58
• show port trap Shows the port trap. Page 59
• show port channel Shows the port channel. Page 59
• show port Displays the port classification. Page 60
classification
• show port Displays information on redundancy Page 60
redundancy schemes.
• show intermodule Shows the stack’s intermodule Page 61
port redundancy redundancy.
• show port mirror Shows mirroring information. Page 61
• show port vlan- Shows port vlan binding mode settings. Page 61
binding-mode
• show port security Lists the security mode of the ports of a Page 62
switch or stack.
• show port blocking Displays the port blocking mode on a Page 62
particular switch.

• show port self-loop- Displays which port or switch has an Page 65

discovery enabled IBM™ token ring cable loop
discovery status.
• show internal Shows the current internal buffering Page 65
buffering capacity.
• show boot bank Displays the software bank from which Page 66
the switch will load.
• show module Shows switch status and information. Page 66
• show port Shows the per-port status information Page 67
flowcontrol related to flow control.
• show cam Shows the CAM table entries for a Page 69
specific port.
• show cascading fault- Shows cascading fault monitoring mode. Page 69
monitoring
• show port auto- Displays the flowcontrol advertisement Page 70
negotiation- for a Gigabit port when performing
flowcontrol- autonegotiation.
advertisement
• show trunk Displays VLAN tagging information of Page 70
the ports, port binding mode, and the
port VLAN ID.
• show vlan Displays the VLANs configured in the Page 71
stack/switch.
• show leaky-vlan Displays the leaky VLAN status. Page 72
• show spantree Shows Spanning Tree Protocol (STP) Page 72
settings.
• show autopartition Shows the autopartition settings. Page 74
• show dev log file Displays the encrypted device log file. Page 74
• show log Displays an encrypted device reset log. Page 74
• show module- Displays the switch’s identity. Page 75
identity
• show license Shows the license. Page 75
• show system Shows system parameters. Page 76
• show rmon statistics Shows the traffic statistics of an interface. Page 77
• show rmon history Shows the existing history entries. Page 78
• show rmon alarm Shows the existing alarm entries. Page 78

• show rmon event Shows the existing event entries. Page 79

• show ppp session Shows the PPP parameters of the active Page 79
PPP session.
• show ppp Shows the authentication method used Page 79
authentication for PPP sessions.
• show ppp incoming Shows the amount of time PPP sessions Page 80
timeout can remain idle before being
disconnected.
• show ppp baud-rate Shows the baud rate. Page 80
• show ppp Displays the ppp configuration. Page 80
configuration
• show tftp upload/ Shows the status of the TFTP upload/ Page 81
download status download configuration per switch.
• show tftp download Shows the status of the TFTP software Page 81
software status download of the Device Manager
software to the switch.
• show web Shows the location (URL/directory) of Page 82
aux-files-url the P330 Device Manager Help files.
• show intelligent- Shows the status IP multicast filtering Page 82
multicast application.
• show intelligent- Shows whether the connected unit’s Page 83
multicast hardware hardware supports IP multicast filtering.
support
• show security mode Displays the status of the MAC security Page 83
feature (enabled/disabled).
• show secure mac port Shows the secure MAC addresses of a Page 84
port.
• show arp-tx-interval Displays the keep-alive status. Page 84
• show arp-aging- Displays the ARP table aging interval for Page 84
interval gateways’ entries.
• show self-loop Displays the self-loop discovery mode. Page 85
discovery
• show allowed Displays the status of the allowed Page 85
managers status managers feature (enabled/disabled).
• show allowed Displays the IP addresses of the allowed Page 86
managers table managers.

• dir Displays the file types that have been Page 86

downloaded to the module.
show time
Use the show time command to display the current stack time.

show time
Output Example:
P330-N> show time
10:32:34 27 JAN 2000 GMT
show timezone
Use the show timezone command to display the current stack timezone.

show timezone
Output Example:
P330-N> show timezone
Timezone set to 'GMT', offset from UTC is 0 hours
show time parameters

Use the show time parameters command to display the status and
parameters.

show time parameters
Output Example:
P330-N> show time parameters
Current time: L:02:49:11 02 JAN 1999 isl
Timezone set to ’isl’, offset from UTC is 2 hours
Time-Server: 0.0.0.0
Time acquired from Time-Server: 0.0.0.0
Time protocol set to: TIME protocol

show ip route
Use the show ip route command to display IP routing table entries.

show ip route
Output Example:
P330-N> show ip route
Destination Gateway
----------- -----------
149.49.1.1 172.20.22.201
190.20.0.0 172.20.22.202
172.20.0.0 172.20.22.96
show image version

Use the show image version command to display the software version of the
image on both memory banks of a specified switch.

show image version [<mod_num>]
If no switch number is specified, the image version of the all switches will be
displayed.
Output Example:
P330-N> show image version 1
Mod Module-Type Bank Version
------ ----------- ---- --------
1 24x10/100Base-T with optional expansion slot A 3.3.14
1 24x10/100Base-T with optional expansion slot B 3.5.19

show download status

Use the show download status command to display a summary of the last
software download operation.

show download status [slot]
Output Example:
P330-1(super)# sh download status 1
Mod Bank Download State Activity Status Download Size
----- ------ --------------- ---------------- ---------------
1. Bank B idle Download idle 0
Mod Version Host File

----- --------- ------------- ------------------
1. 3.5.18 149.49.70.61 d:\p340sw\gt-ml\3.5.18\p332gt_ml
Note: This command is only supported by the P332G-ML and P332GT-ML switches.
show snmp
Use the show snmp command to display SNMP information.

show snmp
Output Example:
P330-N> show snmp
Authentication trap disabled
Community-Access Community-String
---------------- ----------------
read-only public
read-write public
trap public
Trap-Rec-Address Traps Enabled
---------------- ----------------
1.1.1.1 config
fault
etc...

show snmp retries

Use the show snmp retries command to display the number of retries initiated
by the Device Manager application when it tries to send SNMP messages to the
device.

show snmp retries
Output Example:
P330-N> show snmp retries
the SNMP Retries Number is 3
show snmp timeout

Use the show snmp timeout command to display the default SNMP timeout in
seconds. This command is useful for access using the Device Manager.

show snmp timeout
Output Example:
P330-N> show snmp timeout
the SNMP Timeout is 2000
show timeout
Use the show timeout command to display the amount of time the CLI can
remain idle before timing out in minutes. If the result is 0, there is no timeout limit.
The default is 15 minutes.

show timeout
Output Example:
P330-N> show timeout
CLI timeout is 10 minutes
show logout
Use the show logout command to display the amount of time the CLI can
remain idle before timing out in minutes. If the result is 0, there is no timeout limit.
The default is 15 minutes.


show logout
Output Example:
P330-N> show logout
CLI timeout is 10 minutes
show interface
Use the show interface command to display information on network
interfaces.

show interface
Output Example:
To display the interface:
P330-N> show interface
Interface Name VLAN IP address Netmask
-------------- ---- --------------- ---------------
inband 1 10.0.0.1 255.255.255.0
ppp disable 1 0.0.0.0 0.0.0.0
show device-mode
Use the show device-mode command to show the P332G-ML/P332GT-ML/
P333R/P333R-LB operating mode you are currently in. Possible modes are Router,
or Switch.
Note: This command is not supported by the P333T/P334T/P332MF/P333T-PWR

switches which do not have Router mode.

show device-mode

show port
Use the show port command to display port status.

show port [<mod_num>[/<port_num>]]
mod_num (Optional) Number of the switch. If you do not specify a

number, the ports on all switches are shown.
port_num (Optional) Number of the port on the switch. If you do not

specify a number, all the ports on the switch are shown.
You can also specify a range of ports separated by a dash, e.g.,
5-13 for ports 5 to 13.
Output Example:
To display the status for port 4 on switch 3:
P330-N> show port 3/4
Port Name Status Vlan Level Neg Dup. Spd. Type
------ ------- --------- ---- ------ ------- ---- ---- -------------
3/4 John connected 1 4 enable half 10M 100/1000Base-Tx
Show Port Output Fields
Field Description
Port Switch and port number
Name The name you assigned to the port
Status Status of the port (connected, no link, disabled, no Rmt Lnk)
VLAN VLAN ID of the port
Level Priority level of the port (0-7)
Neg The autonegotiation status of the port (enable, disable)
Duplex Duplex setting for the port (fdx, hdx)
Speed Speed setting for the port (10, 100)

Type Port type, for example:

For the P332-ML and P332GT-ML switches - 100BaseT,
1000BaseT, 1000BaseS.
For the P333T/P334T/P332MF/P333R/P333R-LB switches -
10BaseT, 10BaseFL, 100BaseTX, 100BaseFX MM, 100BaseFX
SM, 10/100BaseTX.
show port trap

Use the show port trap command to display information on SNMP generic
link up/down traps sent for a specific port.

show port trap [<mod_num>[/<port_num>]]
Output Example:
P330-N> show port trap 1/1
Port 1/1 up/down trap is disabled
show port channel

Use the show port channel command to display Link Aggregation Group
(LAG) information for a specific switch or port.

show port channel [<mod_num>[/<port_num>]]
Output Example:
show port channel 1
Port Channel Status Channel Name
------ --------------- --------------------------------
1/1 off
1/2 off
1/3 on server1
1/4 on server1
------ --------------- --------------------------------
1/5 off
etc...

show port classification

Use the show port classification command to display a port’s classification.

show port classification [module/[port]
module/port The switch number/the port number
Output Example:
P330-1(super)# show port classification
Port Port Classification
------ ---------------------
1/1 regular
1/2 regular
1/3 regular
1/4 regular
1/5 regular
1/6 regular
1/7 regular
etc...
show port redundancy

Use the show port redundancy command to display information about all
redundancy schemes defined for this stack.

show port redundancy
Output Example:
P330-N> show port redundancy
Redundancy Name Primary Port Secondary Port Status
----------------- -------------- ---------------- --------
uplink 1/7 2/12 enable

show intermodule port redundancy

Use the show intermodule redundancy command to display the intermodule
redundancy entry defined for the stack.

show intermodule port redundancy
Output Example:
P330-N> show intermodule port redundancy
Primary-Port : 1/1
Primary-Port status : Disable
Secondary-Port : 1/2
Secondary-Port status : Disable
show port mirror

Use the show port mirror command to display mirroring information for the
stack.

show port mirror [<mod_num>[/<port_num>]]
Output Example:
P330-N> show port mirror
port mirroring
Mirroring both Rx and Tx packets from port 1/2 to port 1/4 is
enabled
show port vlan-binding-mode

Use the show port vlan-binding-mode command to display port vlan binding
mode information.

show port vlan-binding-mode [module[/port]]
module/port The switch number/the port

number

Output Example:
P330-N> show port vlan-binding-mode
port 1/1 is statically bound
show port security

Use the show port security command to list the security mode of the ports of a
switch or stack. When no port number is specified, this command displays all the
secured ports in the stack.

show port security [<module>[/<port>]]
Example:
P330-N> show port security 1
Port 1/1 port security disabled.
etc.
Note: Port security for the P330-ML switches will always have the value unknown.
This command is used to display the security status for the other P330 switches in
the stack.

show port blocking

Use the show port blocking command to display the port blocking mode on a
particular switch. Use the session command to change switches before using this
command.
The show port blocking command is used with the
show self-loop discovery command to confirm a port’s blocking mode.

show port blocking
Note: This command is not supported by the P330-ML switches.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.

Output Example:
P330-N> show port blocking
+-------------------+
| Port | Blk /Fwd |
+-------------------+
| 1 | Blocking |
| 2 | Blocking |
| 3 | Blocking |
| 4 | Blocking |
| 5 | Blocking |
| 6 | Blocking |
| 7 | Blocking |
| 8 | Blocking |
| 9 | Blocking |
| 10 | Blocking |
| 11 | Blocking |
| 12 | Forwarding |
| 13 | Blocking |
| 14 | Blocking |
| 15 | Blocking |
| 16 | Blocking |
| 17 | Blocking |
| 18 | Blocking |
| 19 | Blocking |
| 20 | Blocking |
| 21 | Blocking |
| 22 | Blocking |
| 23 | Blocking |
| 24 | Forwarding |
+-------------------+

show port self-loop-discovery

Use the show port self-loop-discovery command to display which port or
switch has an enabled IBM™ token ring cable loop discovery status.

show port self-loop-discovery [module num/port number]
Output Example:
P330-N> show port self-loop-discovery 1/5
Self-Loop-Discovery is enabled on port 1/5.
show internal buffering

The show internal buffering command displays the size options (Maximum,
Minimum, or Medium) of the Receive (Rx) buffer allocated to each port of the
specified switch.

show internal buffering [<mod_num>]
Output Example:
P330-N> show internal buffering 1
Module Internal Buffer
------ ---------------
1 med
Note: Internal buffering for the P330-ML switches will always have the value Not
supported. This command is used to display the internal buffering status for the
other P330 switches in the stack.

show boot bank

Use the show boot bank command to display the software bank from which the
switch will boot at the next boot process. This command should be issued separately
for each switch in the stack using the session command.
Note: This command is not supported by the P333R and P333R-LB switches.

show boot bank
Output Example:
show boot bank
Boot bank set to bank-a
show module
Use the show module command to display switch status and information. For
each switch with an expansion sub-module installed, both switch and expansion
sub-module type and information are shown.

show module [<mod_num>]
mod_num (Optional) Number of the switch/expansion sub-module. If

you do not specify a number, all switches/expansion sub-
modules are shown.
Output Example:
P330-N> show port flowcontrol 3/2
Mod Type C/S S/N Statuses
--- ------------------ ---- -------- ----------------------------
1 P333T 1.0 4144162 PS:OK Fans:OK Mode:Layer2
X330GT2 2.0
P330STK 2.0 Conn-Up:Fail Conn-Down:Ok
BUPS BUPS:Not Prsnt Fans:None Type:None
2 P333T-PWR 3.0 4455428 PS:OK Fans:OK Mode:Layer2

No Expansion Not Present

P330STK 2.2 Conn-Up:Ok Conn-Down:Ok
BUPS BUPS:Not Prsnt Fans:None Type:None
Output Fields
Field Description
Mod Switch number
Type Module Type/Expansion sub-module type
S/N Serial number of the switch
C/S (Hardware) Configuration Symbol of the module/

expansion sub-module
Statuses Status of the module/expansion sub-module
show port flowcontrol

Use the show port flowcontrol command to display per-port status
information related to flow control.

show port flowcontrol [<mod_num>[/<port_num>]]
Output Example:
P330-N> show port flowcontrol 3/2
Port Send-Flowcontrol Receive-Flowcontrol
Admin Oper Admin Oper
------ ----- ---- ----- ----
3/2 off off off off

Output Fields
Field Description
Port Switch and port number
Send- Send flow-control administration. Possible settings:

Flowcontrol- • ON indicates that the local port is allowed to send flow
Admin control frames to the far end.
• OFF indicates that the local port is not allowed to send flow
control frames to the far end.
Send- Send flow-control operation mode. Possible modes:

Flowcontrol- • ON indicates that the local port will send flow control frames
Oper to the far end.
• OFF indicates that the local port will not send flow control
frames to the far end.
Receive- Receive flow-control administration. Possible settings:

Flowcontrol- • ON indicates that the local port will act upon flow control
Admin indications if received from the far end.
• OFF indicates that the local port will discard flow control
frames if received from the far end.
Receive- Receive flow-control operation mode. Possible modes:

Flowcontrol- • ON indicates that the local port will act upon flow control
Oper indications received from the far end.
frames received from the far end.

show cam
Use the show cam commands to display the CAM table entries for a specific port.
Note: MACs associated with LAGs appear under the LAG ID, not under the LAG
port.

show cam [mac mac-addr]/[module[/port]]
Output Example:
P330-N> show cam 1/1
Dest MAC/Route Dest Destination Ports
------------------- -----------------
00-40-0d-59-03-78 1/1
00-d0-79-0a-0a-da 1/1
00-40-0d-43-1e-e9 1/1
etc...
Output Example:
P330-N> show cam mac 00-40-0d-88-06-c8
Dest MAC/Route Dest Destination Ports
------------------- -----------------
00-40-0d-88-06-c8 1/1
Total Matching CAM Entries Displayed = 1
show cascading fault-monitoring

Use the show cascading fault-monitoring command to display the status of
the fault trap sending mode for cascading links.

show cascading fault-monitoring [<mod_num>]
Output Example:
P330-N> show cascading fault-monitoring 1
Module 1 cascading-down fault monitoring enabled.
Module 1 cascading-up fault monitoring enabled.

show port auto-negotiation-flowcontrol-advertisement

Use the show port auto-negotiation-flowcontrol-advertisement
command to display the flowcontrol advertisement for a Gigabit port used to
perform auto-negotiation.

show port auto-negotiation-flowcontrol-advertisement
[<mod_num>[/<port_num>]]
mod_num Number of the switch
port num Number of the port
Output Example:
P330-N> show port auto-negotiation-flowcontrol-advertisement
Port 1/1 advertises no flow control capabilities.
etc.
show trunk
Use the show trunk command to display VLAN tagging information of the
ports, port binding mode, and the port VLAN ID.

show trunk [<mod_num>[/<port_num>]]
Output Example:
P330-N> show trunk
Port Mode Binding mode Native vlan
------ ----- ----------------------------- -----------
1/1 dot1q bound to configured vlans 1
1/2 dot1q bound to all vlans 1
1/3 off statically bound 1

Output Example:
P330-N> show trunk 1/5
Port Mode Binding mode Native vlan Vlans allowed on trunk
------ ----- -------------- ----------- ----------------------
1/5 off statically bound 1 1
Output Fields:
Field Description
Port Switch and port number(s)
Mode Tag status of the port (dot1q - dot1Q tagging mode,

off - clear mode).
Binding mode Binding mode of the port
Native VLAN Number of the Port VLAN ID (the VLAN to which received
untagged traffic will be assigned).
VLANs allowed Range of VLAN values allowed on the port.

on trunk
show vlan
Use the show vlan command to display the VLANs configured in the stack/
switch.

show vlan
Output Example:
P330-N> show vlan
VLAN ID Vlan-name
------- --------------------------------
1 v1
5 V5
10 V10
15 V15
20 V20
25 V25

show leaky-vlan
Use the show leaky-vlan command to display the leaky VLAN status.

show leaky-vlan
Output Example:
P330-N> show leaky-vlan
Leaky VLAN mode Disable
show spantree
Use the show spantree command to display spanning-tree information.

show spantree [<mod_num>[/<port_num>]]
Output Example:
P330-N> show spantree
Spanning tree enabled
Designated Root: 00-40-0d-88-06-c8
Designated Root Priority: 32768
Designated Root Cost: 20
Designated Root Port: 1/1
Root Max Age: 20 Hello Time: 2
Bridge ID MAC ADDR: 00-40-0d-92-04-b4

Bridge ID priority: 32768
Port State Cost Priority

------ ------------- ---------- ------------
1 /1 Forwarding 20 128
1 /2 not-connected 20 128
1 /3 LAG-member 20 128
1 /4 LAG-member 20 128
etc...

Output Fields:
Field Description
Spanning tree Status of whether Spanning-Tree Protocol is enabled or

disabled
Designated MAC address of the designated spanning-tree root bridge

Root
Designated Priority of the designated root bridge

Root Priority
Designated Total path cost to reach the root

Root Cost
Designated Port through which the root bridge can be reached (shown only
Root Port on nonroot bridges)
Root Max Age Amount of time a BPDU packet should be considered valid
Hello Time Number of times the root bridge sends BPDUs
Bridge ID Bridge MAC address used in the sent BPDUs

MAC ADDR
Bridge ID Bridge priority

Priority
Port Port number
State Spanning-tree port state (disabled, inactive, not-connected,

blocking, listening, learning, forwarding, bridging, or type-
pvid-inconsistent)
Cost Cost associated with the port
Priority Priority associated with the port

show autopartition
Use the show autopartition command to display the automatic partition.
Note: Autopartition for the P330-ML switches will always have the value
disabled. This command is used to display the autopartition status for the other
P330 switches in the stack.

show autopartition [module]
Example:
P330-N> show autopartition 1
Mod Mode
--- -----------
1 Enable
show dev log file

Use the show dev log file command to display the encrypted device’s log file.
Note: This command is only supported by the P330-ML switches.

show dev log file
show log
Use the show log command to display an encrypted device’s reset log. This
command is for Avaya technical support use.

show log [module]
Output Example:
P330-1(super)# show log 1
MODULE 1, MESSAGE 01:
00000000 0 05002966 0205 0 0 0 0 0 0 0 0 0 0

00000000 0 00004242 0205 0 0 0 0 0 0 0 0 0 0

00000000 0 00002395 0205 0 0 0 0 0 0 0 0 0 0
show module-identity
Use the show module identity command to display the switch identity
required for acquiring a license.

show module-identity [module]
Output Example:
show module-identity [module]
P330-1(super)# show module-identity

Mod Module Identity
--- ---------------
1 1234567
2 4144162
show license
Use the show license command to display a switch license.

show license [mod_num]
mod_num The switch number
Output Example:
P330-N> show license 1
P330-N> Module 1 License:
Mod Application License Key State Feature Flag
--- ------------------- ----------------------------- ---------- ------------
1 smon 0000 0000 0000 0000 0000 0000 licensed 1

show system
Use the show system command to display the up time, system name, location,
and contact person.

show system
Output Example:
P330-N> show system
Uptime d,h:m:s
------------------------
0,2:40:55
System Name System Location System Contact

--------------------- ------------------------- -------------------------
P332_version-3.0.5 Alpha LAB Ygdal Naouri
Switch MAC address

------------------
00 40 0d 8a 04 b4

RMON Tools
The following are a series of RMON commands, however we recommend using the
P330 Device Manager.
show rmon statistics

Use the show rmon statistics command to show the RMON statistics counters
for a certain interface number according to the MIB-2 interface table numbering
scheme.

show rmon statistics <module/port>
module/port range of ports (the default is full switch)
Output Example:
P330-1(super)# show rmon statistics
Statistics for switch is active, owned by Monitor
Received 171665151 octets, 1474442 packets,
1030346 broadcast and 369540 multicast packets,
0 undersize and 0 oversize packets,
1 fragments and 0 jabbers,
11 CRC alignment errors and 0 collisions,
# of dropped packet events (due to a lack of resources): 0
# of packets received of length (in octets):
64:862274, 65-127:973110, 128-255:173921,
256-511:72880, 512-1023:4374, 1024-1518:29744,

show rmon history

Use the show rmon history command to show the most recent RMON history
log for a given History Index. The history index is defined using the rmon
history command on Page 133 or using an RMON management tool.

show rmon history [<History Index>]
P330-N> show rmon history 1026
history
Entry 1026 is active, owned by amir
Monitors ifEntry.1.1026 every 30 seconds
Requested # of time intervals, ie buckets, is 20
Granted # of time intervals, ie buckets, is 20
Sample # 1 began measuring at 2:53:9
Received 62545 octets, 642 packets,
391 broadcast and 145 multicast packets,
0 undersize and 0 oversize packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions,
# of dropped packet events (due to a lack of resources): 0
Network utilization is estimated at 0
show rmon alarm

Use the show rmon alarm command to show the parameters set for a specific
alarm entry that was set using the rmon alarm command on Page 134 or using the
P330 Device Manager.

show rmon alarm [<Alarm Index>]
Output Example:
P330-N> show rmon alarm 1026
alarm
alarm 1026 is active, owned by amir
Monitors ifEntry.1.1026 every 60 seconds
Taking delta samples, last value was 1712
Rising threshold is 10000, assigned to event # 1054
Falling threshold is 10, assigned to event # 1054
On startup enable rising or_falling alarms

show rmon event

Use the show rmon event command to show the parameters of an Event entry
defined by the rmon event command on Page 135 or using the P330 Device
Manager.

show rmon event [<Event Index>]
Output Example:
P330-N> show rmon event 1054
event
Event 1054 is active, owned by amir

Description is event for monitoring amir's co
Event firing causes log and trap to community public,last
fired 0:0:0
show ppp session

Use the show ppp session command to display PPP parameters and statistics of
a currently active PPP session.

show ppp session
Example:
P330-N> show ppp session
show ppp authentication

Use the ppp authentication command to see the authentication method used
for PPP sessions.

show ppp authentication
Output Example:
P330-N> show ppp authentication
PPP Authentication Parameters:
------------------------------
Incoming: CHAP

show ppp incoming timeout

Use the ppp incoming timeout command to see the amount of time in minutes
that a PPP session can remain idle before being automatically disconnected.

show ppp incoming timeout
Output Example:
P330-N> show ppp incoming timeout
PPP incoming timeout is 10 minutes
show ppp baud-rate

Use the show ppp baud-rate command to display the set baud-rate.

show ppp baud-rate
Output Example:
P330-N> show ppp baud-rate
PPP baud rate is 38400
show ppp configuration

Use the show ppp configuration command to display the ppp configuration

show ppp configuration
Output Example:
P330-N> show ppp configuration
PPP baud rate is 38400
PPP incoming timeout is 0 minutes
PPP Authentication Parameters:
------------------------------
Incoming: None

show tftp download/upload status

Use the show tftp download status and show tftp upload status
commands to display the status of the current TFTP configuration file copy process
into/from the device.

show tftp {download|upload} status [<mod_num>]
Output Example:
P330-N> show tftp upload status 1
Module : 1
Source file : stack-config
Destination file : c:\conf.cfg
Host : 149.49.36.200
Running state : Executing
Failure display : (null)
Last warning : No-warning
show tftp download software status

Use the show tftp download software status commands to display the
status of the current TFTP Device Manager S/W (Embedded Web) download
process into the device.

show tftp download software status [<mod_num>]
Output Example:
P330-1(super)# show tftp download software status
Module #1
===========
Module : 1
Source file : d:\p340sw\gt-ml\3.5.18\p340.web
Destination file : EW_Archive
Host : 149.49.70.61
Running state : Writing ...
Failure display : (null)
Last warning : No-warning

show web aux-files-url

Use the show web aux-files-url command to display the URL/Directory
from where the P330 can access the Device Management auxiliary files (for example
help files).

show web aux-files-url
show intelligent-multicast
Use the show intelligent-multicast command to display the intelligent
multicast configuration.

show intelligent-multicast
Output Example:
P330-N> show intelligent-multicast
Intelligent-multicast configuration:
------------------------------------
intelligent-multicast state --------------------- Disabled
Intelligent-multicast client-port-pruning time --- 600[Sec]
Intelligent-multicast router-port-pruning time ---1800[Sec]
intelligent-multicast group-filtering-delay time - 10[Sec]
Intelligent-multicast HW configuration:
# Module Sub-Module Cascade
------- ---------- --------
1 No IPMc Support Not Installed No IPMc Support

show intelligent-multicast hardware-support

Use the show intelligent-multicast hardware-support command to
display the intelligent multicast hardware support configuration.

show intelligent-multicast hardware-support
Output Example:
P330-N> show intelligent-multicast hardware support
Intelligent-multicast HW configuration:
# Module Sub-Module Cascade
------- ---------- --------
1 Support IPMc Not Installed Support IPMc
show security mode

Use the show security mode command to display the status of the MAC
security feature.
Note: Layer 2 commands are only available if you open a switch session with the
Master switch.

show security mode
Output Example:
P330-N> show security mode
Security mode enabled.

show secure mac port

Use the show secure mac port command to display the secure MAC addresses
of a port from the sub-agent CLI. This command is accessed only through
connection to a particular switch.

show secure mac port [<module>[/port]]
Output Example:
P330-N> show secure mac port 1
Port Secure-Src-Addrs
------ -----------------
1/17 00-50-04-07-6a-fa
01-02-03-04-05-06
show arp-tx-interval
Use the show arp-tx-interval command to display the keep-alive frames
transmission interval.

show arp-tx-interval
Output Example:
P330-N> show arp-tx-interval
ARP tx interval is set to 5 seconds.
show arp-aging-interval
Use the show arp-aging-interval command to display the ARP table aging
interval for gateways’ entries.


show arp-aging-interval
Output Example:
P330-N> show arp-aging-interval
ARP table aging interval for gateways was set to 10 minutes.
show self-loop-discovery
Use the show self-loop-discovery command to display a switch’s IBM token ring
cable discovery status.

show self-loop-discovery [mod_num]
Output Example:
P330-N> show self-loop-discovery 1
Self-Loop-Discovery is disabled on module 1.
show allowed managers status

Use the show allowed managers status command to display the activation
status of the Allowed Managers feature. When this feature is enabled, only those
stations whose IP addresses are listed in the Allowed Managers table can access the
device over Telnet, SNMP, or HTTP.

show allowed managers status
Output Example:
P330-N> show allowed managers status
Managers are disabled.

show allowed managers table

Use the show allowed managers table command show the list of the twenty
possible allowed managers IP addresses.
show allowed managers table
Output Example:
P330-N> show allowed managers status
1 ) 149.49.32.134
2 ) Not Used
3 ) Not Used
4 ) Not Used
5 ) Not Used
6 ) Not Used
7 ) Not Used
8 ) Not Used
9 ) Not Used
10) Not Used
11) Not Used
12) Not Used
13) Not Used
14) Not Used
15) Not Used
16) Not Used
17) Not Used
18) Not Used
19) Not Used
20) Not Used
dir
Use the dir command to show the file types that have been downloaded to the
switch.

dir [<mod_num>]

Output Example:
P330-N> dir
M# file ver num file type file location file description
-- ---- -------- ---------- ------------- ----------------
1 Booter_Image 3.5.17 SW BootImage Nv-Ram Booter Image
1 module-config N/A Running Conf Ram Module Configuration
1 stack-config N/A Running Conf Ram Stack Configuration
1 EW_Archive N/A SW Web Image Nv-Ram Web Download
2 Booter_Image 3.2.5 SW BootImage Nv-Ram Booter Image
2 module-config N/A Running Conf Ram Module Configuration
2 EW_Archive N/A SW Web Image Nv-Ram Web Download
Output Fields:
Field Description
M# The switch number
file There are several files loaded into the switch’s memory:
• module-config – file which contains the configuration
settings made to this switch
• stack-config – file which contains the configuration settings
made at the stack level (for example IP address of the stack)
• EW_Archive – file which contains the Device Manager
(Embedded Web) software
ver num S/W Version number – relevant only for the Device
Management S/W
file type There are several file types:

• Running Conf – the configuration currently in use and the
startup configuration in the P330-ML, P333R and P333R-LB.
• SW Web Image – Device Manager S/W archive file
file location Type of internal memory into which the file is loaded
file description Description of the file
Note: If the N/A is displayed for the EW_Archive file, this means that the Device
Manager S/W is not loaded correctly. Download the Device Manager S/W again.

Privileged Level Commands

Following is a table of the Privileged Level commands. This level includes all the
commands from the User Level described above (see the User Level Commands
Section for a description of these common commands).
• no hostname Returns the prompt to its default. Page 89

• no rmon history Deletes an existing history entry. Page 89
• no rmon alarm Deletes an existing alarm entry. Page 89
• no rmon event Deletes an existing event entry. Page 90
• hostname Displays or sets a new prompt. Page 90
• clear1 Clears current settings Page 90
(a group of commands).
• set2 Sets the switch parameters Page 95
(a group of commands).
• sync time Synchronizes the time between switches. Page 125
• get time Gets the time from the time server. Page 130
• reset Restarts the system or a switch. Page 131
• reset stack Causes a hardware reset to the stack. Page 131
• reset mgp Causes a software reset to the Media Page 131
Gateway Processor.
• nvram initialize Initializes the NVRAM to its factory Page 132
defaults.
• rmon history Creates a history entry. Page 133
• rmon alarm Creates an alarm entry. Page 134
• rmon event Creates an event entry. Page 135
• copy stack-config Uploads stack configuration to a file Page 135
tftp (using TFTP). The file must exist before
you Upload.
• copy module- Uploads switch configuration to a file Page 136
config tftp (using TFTP). The file must exist before you
Upload.
• copy tftp stack- Downloads a stack configuration file Page 137
config (using TFTP) into the device.

• copy tftp module- Downloads a switch configuration file Page 137

config (using TFTP).
• copy tftp Downloads the Device Manager S/W Page 138
EW_Archive (Embedded Web Archive file), using
TFTP, into the device.
• copy tftp Updates the software image and device Page 138
SW_image manager application of a designated
switch.
• radius Sets radius authentication parameters. Page 139
authentication3
1 The clear command corresponds to a group of commands and is
shown in a separate Table on Page 90.
2 The set command corresponds to a group of commands and is shown
in a separate Table on Page 95.
3 The radius authentication commands corresponds to a group
of commands listed on Page 139.
no hostname
Use the no hostname command to return the CLI prompt to its default.

no hostname
no rmon history
Use the no rmon history command to delete an existing RMON history entry.

no rmon history <History Index>
no rmon alarm
Use the no rmon alarm command to delete an existing RMON alarm entry.

no rmon alarm <Alarm Index>

no rmon event
Use the no rmon event command to delete an existing RMON event entry.

no rmon event <Event Index>
hostname
Use the hostname command to change the Command Line Interface (CLI)
prompt. The current switch number always appears at the end of the prompt.

hostname [<hostname_string>]
hostname_string none – displays current hostname

string – the string to be used as the hostname
(up to 20 characters).
Clear Commands Summary Table

Following is a Table of the Privileged Level clear commands.
• clear timezone Returns the timezone to its default, UTC. Page 91

• clear ip route Clears IP routing table entries. Page 91
• clear snmp trap Clears SNMP trap on the system. Page 91
• clear vlan Clears VLAN entries. Page 92
• clear dynamic vlans Clears dynamic VLAN entries. Page 92
• clear port static-vlan Clears a VLAN statically configured on a Page 93
port.
• clear cam Clears all the CAM entries. Page 93
• clear log Clears the Log entries of a switch. Page 93
• clear port mirror Cancels port mirroring. Page 93
• clear secure mac Clears a MAC address. Page 94

clear timezone
Returns the timezone to its default, Coordinated Universal Time (UTC)

clear timezone
clear ip route
Use the clear ip route command to delete IP routing table entries.

clear ip route <destination> <gateway>
destination IP address of the network, or specific host to be added
gateway IP address of the router
Output Example:
To delete the route table entries using the clear ip route command:
P330-N# clear ip route 134.12.3.0 192.1.1.1
Route deleted.
clear snmp trap

Use the clear snmp trap command to clear an entry from the SNMP trap
receiver table.

clear snmp trap {<rcvr_addr>|all}
rcvr_addr IP address or IP alias of the trap receiver (the SNMP management

station) to clear
all Keyword that specifies every entry in the SNMP trap receiver table
Output Example:
P330-N# clear snmp trap 192.122.173.82
SNMP trap receiver deleted.

clear vlan
Use the clear vlan command to delete an existing VLAN and return ports from
this VLAN to the default VLAN #1. When you clear a VLAN, all ports assigned to
that VLAN are assigned to the default VLAN #1.

clear vlan <vlan-id>[name <vlan_name>]
vlan_id Number of the VLAN (range is 1to 3071)
vlan_name VLAN name
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
To delete an existing VLAN (VLAN 5) from a management domain:
P330-N# clear vlan 5 name V5
This command will assign all ports on vlan 5 to their default
in the entire management domain
- do you want to continue (Y/N)? y
All ports on vlan-id 5 assigned to default vlan.
VLAN 5 was deleted successfully.
clear dynamic vlans

Use the clear dynamic vlans command to clear dynamic vlans. Only the
VLANs learned by the switch from incoming traffic are cleared using this
command.

clear dynamic vlans
Output Example:
P330-N# clear dynamic vlans
This command will delete all the vlans that were dynamically
learned by the device - do you want to continue (Y/N)?

clear port static-vlan

Use the clear port static-vlan command to delete VLANs statically
configured on a port.

clear port static-vlan [module/port range][vlan num]
module/port Port range

range
vlan num The VLAN to unbind from the port
Output Example:
P330-1(super)# clear port static-vlan 1/10 5
VLAN 5 is unbound from port 1/10
clear cam
Use the clear cam command to delete all entries from the CAM table.

clear cam
Output Example:
P330-N# clear cam
CAM table entry cleared.
clear log
Use the clear log command to delete the Log file of a switch.

clear log [<mod_num>]
clear port mirror

Use the clear port mirror command to cancel port mirroring.

clear port mirror <source-module>/<source-port>/<dest-
module>/<dest-port>

Output Example:
P330-N# clear port mirror 1/2/1/4
this command will delete the port mirror entry
- do you want to continue (Y/N)? y
Mirroring packets from port 1/2 to port 1/4 is cleared
clear secure mac

Use the clear secure mac command to remove a MAC address from the CAM
table of a secured port.

clear secure mac <mac-address> port <mod-num>/<port-num>
Output Example:
P330-N> clear secure mac 1-2-3-4-5 port 1/17
01-02-03-04-05 cleared from secure address list for port 1/17

Set Commands Summary Table

Following is a Table of the Privileged Level set commands.
• set logout Sets the number of minutes before an Page 98

inactive CLI session automatically logs
out.
• set timezone Sets the timezone for the system. Page 99
• set time protocol Sets the time protocol for use in the Page 99
system.
• set time server Sets the NTP server address. Page 100
• set time client Enables or disables the time client. Page 100
• set ip route Adds IP addresses to the IP routing Page 100
table.
• set snmp community Sets the SNMP community string for a Page 101
specific switch.
• set snmp trap Sets the SNMP trap of the system or Page 101
add/delete an entry into/from the
SNMP trap receiver table.
• set snmp trap auth Enables/disables the SNMP Page 102
authentication trap.
• set snmp retries Sets the number of SNMP retries. Page 102
• set snmp timeout Sets the SNMP timeout. Page 103
• set system location Sets the system location. Page 103
• set system name Sets the system name. Page 103
• set system contact Sets the system contact person. Page 103
• set device-mode Sets the basic mode of operation. Page 104
• set interface Configures the management interface of Page 104
the device.
• set interface ppp Configures the device ppp interface. Page
105
• set port level Sets the priority level of a port. Page 106
• set port negotiation Sets the auto negotiation mode of a port. Page 106
• set port enable Administratively enables a port. Page 107

• set port disable Administratively disables a port. Page 107

• set port speed Sets the speed for a 10/100 port. Page 108
• set port duplex Sets the duplex mode of a port. Page 108
• set port name Assigns a name to a port. Page 109
• set port trap Enables/disables the SNMP up/down Page 109
link traps sent for port.
• set port vlan Assigns the Port VLAN ID (PVID). Page 109
• set port vlan-binding- Defines the port binding method. Page 110
mode
• set port static-vlan Defines a multiple VLANs per port. Page 110
• set port self-loop Defines a port’s IBM token ring Page 111
discovery discovery mode.
Admin_Status
• set port channel Defines a LAG interface. Page 111
• set port classification Defines port classification. Page 112
• set port redundancy Defines/deletes a link redundancy Page 113
on/off entry.
• set port redundancy Enables/disables all the defined link Page 113
redundancy schemes.
• set internal buffering Sets internal buffering capacity to Page 114
maximum/minimum.
• set boot bank Configures the boot bank from which Page 114
the switch will boot.
• set intermodule port Defines the stack’s unique fast Page 115
redundancy redundancy scheme.
• set intermodule port Clears the intermodule redundancy. Page 115
redundancy off
• set port mirror Sets a port mirroring source-destination Page 116
pair in the stack.
• set port spantree Enables or disables the spanning tree for Page 116
switch ports.
• set port spantree Sets the port spantree priority level. Page 117
priority

• set port spantree cost Sets the port spantree cost. Page 117
• set port security Enables MAC security on a range of Page 118
ports.
• set cascading Sets switch cascading fault-monitoring Page 118
mode.
• set inband vlan Sets the management VLAN ID. Page 118
• set vlan Creates VLANs. Page 119
• set port flowcontrol Sets the flow control mode of a port. Page 119
• set port auto- Sets the flowcontrol advertising Page 121
negotiation- capabilities of a Gigabit port.
flowcontrol-
advertisement
• set trunk Sets the tagging mode of a port. Page 121
• set leaky-vlan Enables/disables leaky-VLAN mode. Page 122
• set spantree Enables/disables Spanning Tree Page 122
Protocol (STP).
• set spantree priority Sets the STP Bridge priority level. Page 122
• set autopartition Enables or disables autopartitioning for Page 123
switches in a stack.
• set license Enters a license number for the stack. Page 123
• set ppp authentication Defines the PPP authentication method. Page 124
incoming
• set ppp incoming Sets the time after which the system Page 124
timeout automatically disconnects an idle PPP
incoming session.
• set ppp baud-rate Sets the baud rate used in PPP sessions. Page 124
• set web Sets the location (URL/directory) of the Page 125
aux-files-url P330 Device Manager Help files.
• set intelligent-multicast Enables or disables the IP multicast Page 125
filtering application.
• set intelligent-multicast Sets the aging time for client ports. Page 125
client-port-pruning
time

• set intelligent-multicast Sets the aging time for router ports. Page 126
router-port-pruning
time
• set intelligent-multicast Sets the time delay before a filter is Page 126
group-filtering-delay applied to a specific group.
time
• set secure mac Adds a unicast MAC address into the Page 126
CAM table of a secured port.
• set security mode Enables or disables the stack’s MAC Page 127
security.
• set arp-aging-interval Sets the ARP aging interval. Page 127
• set arp-tx-interval Sets the keep-alive interval. Page 127
• set self-loop-discovery Sets the IBM token ring discovery mode. Page 128
Admin_Status
• set welcome message Sets a welcome message to appear after Page 128
a reboot.
• set allowed managers Enables/disables the Allowed Managers Page 129
enabled/disabled feature.
• set allowed managers Used to add or remove an IP address Page 129
IP from the allowed managers table.
• set psu type Sets the main power supply type (AC/ Page 129
DC) of the module.
set logout
The set logout command is used to set the number of minutes until the system
automatically disconnects an idle session.

set logout <timeout>
timeout Number of minutes (0 to 999) until the system automatically

disconnects an idle session. Setting the value to 0 disables the
automatic disconnection of idle sessions (default is 15 minutes).
Output Example:
To set the number of minutes until the system disconnects an idle session

automatically:
P330-N# set logout 20
Sessions will be automatically logged out after 20 minutes of
idle time.
Output Example:
To disable the automatic disconnection of idle sessions:
P330-N# set logout 0
Sessions will not be automatically logged out.
set timezone
Use the set timezone command to assign a timezone name and set the time
difference of your P330 relative to the Coordinated Universal Time (UTC/GMT).
The minutes parameter can only be set to 30.

set timezone <zone_name> <hours | hours:min>
Output Example:
set timezone GMT -3:30
Timezone set to 'GMT', offset from UTC is -3:30 hours
set time protocol

Use the set time protocol command to set the protocol for use in the system as either
SNTP protocol or TIME protocol.

set time protocol [sntp-protocol|time-protocol]
Output Example:
P330-N# set time protocol sntp-protocol
The protocol has been set to SNTP protocol
Output Example:
P330-N# set time protocol time-protocol

The protocol has been set to TIME protocol
set time server

The set time server command is used to set the TIME server address.

set time server <ip>
ip IP address of the TIME server.
set time client

The set time client command is used to enable or disable the periodic
network time acquisition by the switch from the network time server (SNTP or
TIME protocol).

set time client <enable|disable>
set ip route
Use the set ip route command to add IP addresses to the IP routing table. You
can configure from one to ten (10) default gateways for a P330 stack.

set ip route <destination> <gateway>
destination IP address of the network, or specific host to be added
gateway IP address of the router
Output Example:
This example shows how to add a default route to the IP routing table:
P330-N# set ip route 0.0.0.0 192.168.1.1
destination = 0.0.0.0 gateway = 192.168.1.1
ROUTE NET TABLE

destination gateway flags Refcnt Use Interface
------------------------------------------------------------------------
0.0.0.0 192.168.1.1 1 1 3199 se0
127.1.1.0 127.1.1.1 1 8 7606 se1
------------------------------------------------------------------------

ROUTE HOST TABLE

destination gateway flags Refcnt Use Interface
------------------------------------------------------------------------
127.0.0.1 127.0.0.1 5 2 131 lo0
10.10.10.10 192.168.1.1 7 0 0 se0
------------------------------------------------------------------------
set snmp community

Use the set snmp community command to set or modify the switch’s SNMP
community strings.

set snmp community <access_type> [community string]
access type read-only, read-write, or trap
Output Example:
P330-1(super)# set snmp community read-only read
SNMP read-only community string set
set snmp trap

Use the set snmp trap commands to add an entry into the SNMP trap receiver
table and to enable or disable the different SNMP traps for a specific receiver. First
add the rcvr_addr and then enable/disable the different traps for it.

set snmp trap <rcvr_addr>
set snmp trap <rcvr_addr> {enable|disable} {all|config|fault|...}
enable Activate SNMP traps
disable Deactivate SNMP traps
all (Optional) Specify all trap types
config (Optional) Specify the ConfigChange trap from the TRAP-MIB.
fault (Optional) Specify the Fault trap from the TRAP-MIB.
rcvr_addr IP address or IP alias of the system to receive SNMP traps

Output Example:
To enable SNMP ConfigChange traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 enable config
SNMP config change traps enabled.
Output Example:
To enable all traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 enable all
All SNMP traps enabled.
Output Example:
To disable SNMP config traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 disable config
SNMP config traps disabled.
Output Example:
To add an entry in the SNMP trap receiver table with default:
P330-N# set snmp trap 192.168.173.42
SNMP trap receiver added.
set snmp trap auth

Use the set snmp trap auth commands to enable/disable the sending of
SNMP traps upon SNMP authentication failure.

set snmp trap {enable|disable} auth
Output Example:
P330-N# set snmp trap enable auth
Authentication trap enabled
set snmp retries

Use the set snmp retries command to set the number of retries initiated by
the Device Manager application when it tries to send SNMP messages to the device.

set snmp retries <number>

set snmp timeout

Use the set snmp timeout command to set the SNMP timeout in seconds. This
command is useful for access using the Device Manager.

set snmp timeout <number>
set system location

Use the set system location command to set the mib2 system location MIB
variable.

set system location [<string>]
string Location name. The location name is cleared if this field is left
blank. A string of 2 words or more must be type in quotation
marks – e.g. “Operations Floor”.
set system name

Use the set system name command to set mib2 system name MIB variable.

set system name [<string>]
string System name. The system name is cleared if this field is left
marks – e.g. “Backbone Stack”.
set system contact

Use the set system contact command to set mib2 system contact MIB
variable.

set system contact [<string>]
string Contact person. The contact person field is cleared if this field is
marks – e.g. “Yigdal Naouri”.

set device-mode
Use the set device-mode command to change the Basic Mode of Operation of
the P332-ML/P332GT-ML/P333R/P333R-LB switches between Router and Layer 2
modes.
Note: This command is not supported by the P333T/P334T/P332MF switches

which do not have Router mode.

set device-mode <mode>
mode Router | Layer2
set interface
Use the set interface command to configure the management interface on the
Master agent of the stack.

set interface inband <vlan> <ip_addr> <netmask>
inband Interface name used for the management
vlan The number of the VLAN to be used for management
ip_addr IP address used for managing the stack
netmask Subnet mask of the management interface
Output Example:
P330-N# set interface inband 1 192.168.42.252 255.255.255.0
Interface inband IP address set.
You must reset the device in order for the change to take effect.

set interface ppp

Use the set interface ppp command to configure the P330 PPP interface IP
parameters, exit modem mode, disconnect the PPP session, or reset the connected
modem.
A PPP connection can be established only after the P330 is configured with an IP
address and net-mask. The IP address is a dummy address that is shared between
two peers, and must be taken from a subnet that is different from the agent’s IP sub-
net.

set interface ppp <ip_addr><net-mask>
ip_addr IP address used by the P330 to connect via its PPP interface
net-mask Subnet mask used by the P330 to connect via its PPP interface
Output Example:
P330-N> set interface ppp 149.49.34.125 255.255.255.0
Interface ppp has its ip address set
You can also use the set interface ppp command to enter modem mode, enter
terminal mode, disconnect the PPP session or to reset the connected modem.
set interface ppp {enable|enable-always|disable|off|reset}
enable Enable PPP and enter modem mode.
enable-always Enable automatic reentry into modem mode after modem cable
disconnection or reconnection.
disable Disable PPP and enter terminal mode
off Disconnect the active PPP session.
reset Reset the connected modem.
Output Example:
P330-N> set interface ppp reset
PPP has reset the connected modem.

Output Example:
P330-N# set interface ppp enable
Entering the Modem mode within 60 seconds...
Please check that the proprietary modem cable is plugged into
the console port
Output Example:
P330-N# set interface ppp disable
Entering the Terminal mode immediately
set port level

Use the set port level command to set the priority level of a port. Untagged
(without an 802.1p priority header) packets travelling through ports set with
priority 0-3 will be served only after packets traveling through ports set with
priority 4-7 in case of congestion. Packets arriving with an 802.1p priority header
will not be modified by this command.

set port level <mod_num>/<port_num> {value}
value Priority level (0-7)
Output Example:
To set the priority level for port 2 on module 1 to 7:
P330-N# set port level 1/2 7
Port 1/2 port level set to 7
set port negotiation

Use the set port negotiation command to enable or disable autonegotiation
on a port. If autonegotiation is disabled, you can set port parameters using the
relevant CLI commands. If autonegotiation is enabled, these commands have no
effect. For Fiber Gigbit Ethernet ports it can determine the flow control (pause)
mode only.
Note: Copper ports in the P332GT-ML can work at 1000Mbps (Full Duplex) only if
autonegotiation is enabled on both cable ends and you are using a 4 pair (8 wires)
Ethernet cable. If autonegotiation is disabled, these ports can only work at 100Mbps
(Full Duplex), and autonegotiation should be disabled on both cable ends.


set port negotiation <mod_num>/<port_num> {enable|disable}
Output Example:
To disable autonegotiation on port 1, module 4:
P330-N# set port negotiation 4/1 disable
Link negotiation protocol disabled on port 4/1.
set port enable

Use the set port enable command to enable a port or a range of ports.

set port enable [mod_num/port_num]
mod _num The switch number
port_num The port number
Output Example:
To enable port 3 on module 2:
P330-N# set port enable 2/3
Port 2/3 enabled.
set port disable

Use the set port disable command to disable a port.

set port disable <mod_num>/<port_num>
Output Example:
P330-N# set port disable 5/10
Port 5/10 disabled.

set port speed

Use the set port speed command to configure the speed of a 10/100Base-T
port. If autonegotiation mode is enabled for such ports, the port's speed is
determined by autonegotiation, and an error message is thus generated if you
attempt to perform the set port speed command in this case.
Note: This command does not apply to P332G-ML and P332GT-ML ports. An error
message is generated if you attempt to perform the set port speed command
for P332G-ML and P332GT-ML ports.

set port speed <mod_num>/<port_num> {value}
Output Example:
To configure port 2 on module 2 port speed to 10 Mbps:
P330-N# set port speed 2/2 10MB
Port 2/2 speed set to 10 Mbps.
set port duplex

Use the set port duplex command to configure the duplex mode of a
10/100Base-T port. You can configure the duplex mode to either Half or Full
duplex. If autonegotiation mode is enabled for such ports, the port’s duplex mode is
determined by autonegotiation, and an error message is thus generated if you
attempt to perform the set port duplex command in this case.
Note: P332G-ML and P332GT-ML switch ports work in Full duplex mode only. An
error message is generated if you attempt to change P332G-ML and P332GT-ML
ports to half-duplex.

set port duplex <mod_num>/<port_num> {full|half}
Example:
To set port 1 on module 2 to full duplex:
P330-N# set port duplex 2/1 full
Port 2/1 set to full-duplex.

set port name

Use the set port name to configure a name for a port. If you do not specify a
name, the port name remains empty.

set port name <mod_num>/<port_num> [<name>]
name Name assigned to the port.
Output Example:
P330-N# set port name 1/2 arthur
Port 1/2 name set.
set port trap

Use the set port trap command to enable/disable generic SNMP uplink/
downlink traps from a port.

set port trap <mod_num>/<port_num> {enable|disable}
Output Example:
P330-N# set port trap 1/2 enable
Port 1/2 up/down trap enabled.
set port vlan

Use the set port vlan command to set the Port’s VLAN ID (PVID). The VLAN
number must be within the range 1 to 3071.

set port vlan <value> <mod_num>/<port_num>
value Number between 1 and 3071, identifying the VLAN.
mod_num/ The switch number/the port number.

port_num

Output Example:
To set VLAN 850 to include ports 4 through 7 on module 3.
P330-N# set port vlan 850 3/4-7
VLAN 850 modified.
VLAN Mod/Ports
---- -----------------------
850 3/4-7
set port vlan-binding-mode

Use the set port vlan-binding-mode command to define the binding method
used by ports.

set port vlan-binding-mode [port_list] [value]
port list Switches and ports to bundle (format: switch/port)
value static - the port supports only the VLAN as configured per port
bind-to-configured - the port supports the VLANs configured
on the device
bind-to-all - the port support the whole range of VLANs on the
device
Output Example:
P330-N# set port vlan-binding-mode 1/5-9 static
Set Port vlan binding method:1/5
Set Port vlan binding method:1/6
.
.
set port static-vlan

Use the set port static-vlan command to statically assign VLANs to ports.

set port static-vlan [module/port range] [vlan num]
[module/port] - port range
{vlan range] - vlan to bind to port

Example:
P330-N# set port static-vlan 1/4-6 9
set port self-loop-discovery Admin_Status

Use the set port self-loop-discovery Admin_Status command to
enable or disable a port’s IBM token ring discovery mode. The port’s self-loop-
discovery feature is activated only after you enable the self-loop-discovery mode at
the module level using the set self-loop-discovery Admin_status
command.

set port self-loop-discovery Admin_Status <enable|disable>
<module/port>
Output Example:
P330-N# set port self-loop-discovery Admin_Status enable 1/2
Self-Loop-Discovery enabled on port 1/2.
set port channel

Use the set port channel command to enable or disable a Link Aggregation
Group (LAG) interface on the switch. LAG creation requires a LAG name to be
specified. There is no default name.
You can also add or remove a port from an existing LAG. When adding or removing
a port to an existing LAG, type the same LAG-name. All ports in the LAG are
configured with the parameters of the first port that is added to the LAG. These
parameters include port administrative status, speed, duplex, autonegociation
mode, VLAN ID, tagging mode, binding mode, and priority level.
The ports added to a LAG must belong to the same LAG group - refer to the “LAG”
marking on device’s front panel.

set port channel [port_list] [value] [name]
port_list Switch and ports to bundle (format: module/port)
value on/off to enable/disable a channel for the specified module

ports

name Channel name
Output Example:
P330-1(super)# set port channel 1/1-3 on test
Port 1/1 channel mode set to on
Port 1/2 was added to channel
Port 1/3 was added to channel
set port classification

Use the set port classification command to set the port classification to
either regular or valuable. Any change in the Spanning Tree state from Forwarding
for a valuable port will erase all learnt MAC addresses in the stack.

set port classification [module/port] {regular | valuable}
module port switch/port range
regular | valuable port classification
Output Example:
P330-1(super)# set port classification 2/19 valuable
Port 2/19 classification has been changed.

set port redundancy on/off

Use the set port redundancy command to define/delete port redundancy
schemes between a Primary and a Secondary link. There should not be any
redundancy scheme already defined on any of the links.

set port redundancy <mod_num>/<prim_port_num> <mod_num>/
<second_port_num> {on/off} [<redundancy_name>]
prim_port_num Primary link of the redundancy scheme
second_port_num Secondary link of the redundancy scheme
redundancy_name Name for the redundancy scheme (optional)
Output Example:
P330-N# set port redundancy 1/7 2/12 on red1
uplink: Port 2/12 is redundant to port 1/7.
Port redundancy is active - entry is effective immediately
set port redundancy

Use the set port redundancy commands to activate or disable all defined port
redundancy schemes within the stack. This command will not delete existing port
redundancy entries. A port redundancy scheme is removed once the switch
containing either its primary or secondary ports is removed from the stack.
Note: You must disable Spanning Tree before you can enable redundancy.

set port redundancy {enable|disable}
Output Example:
P330-N# set port redundancy enable
All redundancy schemes are now enabled

set internal buffering

The set internal buffering command allows you to set the size (either
Maximum or Minimum) of the Receive (Rx) buffer allocated to each port of the
specified switch. This command is meaningless when any port of the switch is
operating with flow control ON.
Note: This command is not supported by P332G-ML and P332GT-ML switches.

set internal buffering <mod_num> {max|med|min}
max Sets the internal receive buffer to its maximum size.
med Sets the internal receive buffer capacity dynamically
min Sets the internal receive buffer to its minimum size (this is the
Default).
Example:
P330-N> set internal buffering 1 max
Done.
set boot bank

Use the set boot bank command to configure the software bank from which the
switch will boot at the next boot process. This command should be issued separately
for each switch in the stack using the session command.
Note: This command is not supported by the P333R and P333R-LB switches.

set boot bank <value>
value {bank-a | bank-b}

Output Example:
P330-1(super)# set boot bank bank-a
Boot bank set to bank-a
set intermodule port redundancy

Use the set intermodule port redundancy command to define or delete the
stack’s unique intermodule redundancy scheme. The defined scheme can be cleared
using the set intermodule port redundancy off command.

set intermodule port redundancy <module/prim-port> <module/
second-port> {on [<name>]}
module/prim-port The primary port number
module/second-port The secondary port number
on Set the intermodule redundancy
name The name of the fast redundancy (default is 'fast')
Output Example:
P330-N> set intermodule port redundancy 1/7 2/12 on backbone
backbone: port 2/12 is intermodule redundant to port 1/7
Note: You must disable Spanning Tree before you can enable redundancy.
set intermodule port redundancy off

Use the set intermodule port redundancy off command to clear the
intermodule redundancy scheme.

set intermodule port redundancy off

set port mirror

Use the set port mirror command to define a port mirroring source-
destination pair in the stack.

set port mirror source-port <mod_num>/<port_num> mirror-port
<mod_num>/<port_num> sampling {always|disable} direction
{rx|tx|both}
always Keyword to activate the port mirroring entry
disable Keyword to change the status of the port mirroring entry to “not active”
rx Keyword to copy only incoming traffic
tx Keyword to copy only outgoing traffic
both Keyword to copy both incoming and outgoing traffic
Output Example:
P330-N# set port mirror source-port 1/9 mirror-port 1/10
sampling always direction both
Mirroring both Rx and Tx packets from port 1/9 to port 1/10 is
enabled
set port spantree

Use the set port spantree command to enable or disable the spanning tree
mode for specific switch ports.

set port spantree {enable|disable} [module/port]
enable|disable Enables or disables the spanning tree mode for the

specified ports.
module/port The switch/port number.
Output Example:
Enable the spanning tree mode for port 2 on module 3.
P330-N# set port spantree enable 3/2

set port spantree priority

Use the set port spantree priority command to set the priority level of a
port. This value defines the priority of a port to be blocked in case two ports with
the same costs cause a loop.

set port spantree priority [module/port] [value]
module/port The switch number/the port number.
value Number representing the priority of the port. The priority

level is from 0 to 255, with 0 indicating high priority and
255 indicating low priority. A port with a lower priority
will be blocked.
set port spantree cost

Use the set port spantree cost command to set the cost of a port. This value
defines which port will be allowed to forward traffic if two ports with different costs
cause a loop.

set port spantree cost [module/port] [value]
value Number representing the cost. The cost level is set from 1
to 65535. A lower cost (lower value) specifies precedence
of a port to forward traffic.

set port security

Use the set port security command to enable MAC security on a port or a
range of ports at the module level. The port security is activated only after you
enable the security mode at the stack level using the set security mode
command.
Note: This command is not supported in P332G-ML and P332GT-ML switches. This
command is used to set port security for ports in other P330 switches in the stack.

set port security { enable | disable } [<module>[/<port>]]
enable | disable Set the port security enable or disable
module/port The switch number/the port number
Output Example:
P330-N> set port security enable 1/2
Port 1/2 secured.
set cascading
Use the set cascading command to enable or disable fault-trap sending for
unconnected cascading links. The default setting is disable.

set cascading{up|down}fault-monitoring {enable|disable}
<mod-num>
Output Example:
P330-N# set cascading down fault-monitoring enable 1
Module 1 cascading-down fault monitoring enabled.
set inband vlan

Use the set inband vlan command to set a value for the management vlan
(from 1 to 3071).


set inband vlan <value>
value A VLAN number between 1 and 3071.
Output Example:
P330-N# set inband vlan 1
Management VLAN number set to 1
set vlan
Use the set vlan command to create VLANs.

set vlan <vlan-id> [name <vlan-name>]
vlan-id vlan number
vlan-name vlan name
Output Example:
P330-N# set vlan 3 name v3
VLAN ID 3 is named v3.
set port flowcontrol

Use the set port flowcontrol command to set the send/receive mode for
flow-control frames (IEEE 802.3x or proprietary) for a full duplex port. Each
direction (send or receive) can be configured separately only for Gigabit Ethernet
ports. Proprietary flow control cannot be configured on Gigabit ports. The set
flowcontrol command cannot be used on Gigabit ports for which
autonegotiation is enabled.

set flowcontrol [direction] [module/port] [value]
where the parameters of direction are receive|send|all, and the parameters
of value are on|off|proprietary.

Field Description
receive Controls the receipt of IEEE802.3x flow-control frames on Gigabit

ports only:
• ON indicates that the local port will act upon flow control
send Controls the sending of IEEE802.3x flow-control frames from

Gigabit ports only:
• ON indicates that the local port is allowed to send flow control
frames to the far end.
• OFF indicates that the local port is not allowed to send flow
control frames to the far end.
all Controls the sending and receipt of flow-control frames for any
type of ports:
• ON indicates that the local port will both act upon and send
IEEE802.3x flow control frames.
• OFF indicates that the local port will both discard and not send
flow control frames (of any type).
• PROPRIETARY indicates that the local port will both act upon
and send Avaya proprietary flow control frames.
proprietary A proprietary flow control which may be used when a P330 is

connected to M770 10/100 ports or P110 ports.
module/ Switch number/port number

port
Output Example:
P330-1(super)# set port flowcontrol all 2/20 on
Port 2/20 flow control administration status set to on

set port auto-negotiation-flowcontrol-advertisement

The set port auto-negotiation-flowcontrol-advertisement command
sets the flowcontrol advertisement for a Gigabit port when performing
autonegotiation.

set port auto-negotiation-flowcontrol-advertisement <mod_num>/
<port_num> {no-flowcontrol|asym-tx-only|sym-only|sym-and-asym-rx}
no-flowcontrol The port will advertise no pause capabilities.
asym-tx-only The port will advertise asymmetric Tx pause capabilities only.
sym-only The port will advertise symmetric pause capabilities only.
sym-and-asym-rx The port will advertise both symmetric and asymmetric Rx

pause capabilities.
Output Example:
P330-N# set port auto-negotiation-flowcontrol-advertisement
1/5 asym-tx-only
P330-N# Port 1/5 pause capabilities was set
set trunk
Use the set trunk command to configure the tagging mode of a post.
set trunk [module/port] [value]
module/port module/port number
value off/dot1q
Output Example:
P330-1(super)# set trunk 2/20 dot1q
Dot1Q VLAN tagging set on port 2/20.

set leaky-vlan
Use the set leaky-vlan command to define the P330 stack’s leaky VLAN mode. In
this mode, VLAN test is done only on broadcast/multicast/unknown frames, and
not on unicast frames.

set leaky-vlan <enable|disable>
Output Example:
P330-N# set leaky-vlan enable
Leaky VLAN mode enabled
set spantree
Use the set spantree command to enable/disable the spanning-tree protocol
for the stack.
Note: When you disable STP, blocking ports are disabled in order to prevent loops
in the network. As a result, you should wait 30 seconds before disabling STP if you
reset the switch, enabled STP, or inserted a new station.

set spantree {enable|disable}
Output Example:
P330-N# set spantree enable
bridge spanning tree enabled.
set spantree priority

Use the set spantree priority command to set the bridge priority for STP.

set spantree priority <value>
value Number representing the priority of the bridge with a priority

level from 0 to 65535, with 0 indicating high priority and 65535
indicating low priority.

Example:
To set the priority to 45000:
P330-N# set spantree priority 45000
Priority enabled
set autopartition
Use the set autopartition command to enable or disable auto-partitioning on
specific switches of the stack.
Note: This command can not be executed on the P332G-ML and P332GT-ML
switches. This command is used to set the autopartition status for the other P330
switches in the stack.

set autopartition <enable|disable>[module]
Output Example:
P330-N# set autopartition enable 3
Auto-partition is enabled in module 3.
set license
The set license command enables you to activate the SMON/routing
capability of the Avaya P330 stack. An Avaya P330 stack can include several Avaya
P330 switches. One SMON/routing license is required per Avaya P330 stack.
For a full description of the SMON/routing License and the installation procedure
please refer to the Installation Guide provided with the SMON/routing License.

set license [module] [license] [featureName]
module The switch number
license The license number
featureName The name of the feature, either smon or routing
Example:
P330-N> set license 1 021 1ad bad ca5 8d2 ccd smon

set ppp authentication incoming

Use the set ppp authentication incoming command to define the
authentication method used for a PPP server or client session.

set ppp authentication incoming {pap|chap|none}
pap PAP authentication method
chap CHAP authentication method
none No authentication
Example:
P330-N(super)# set ppp authentication incoming chap
set ppp incoming timeout

Use the set ppp incoming timeout command to configure the number of
minutes until the system automatically disconnects an idle PPP incoming session.

set ppp incoming timeout <time>
time The timeout in minutes
Output Example:
P330-N> set ppp incoming timeout 15
PPP incoming session will automatically disconnect after 15
minutes of idle time
set ppp baud-rate

Use the set ppp baud-rate command to define the baud rate used in PPP sessions.
Note that the peer baud rate must be set at the same value as the host.

set ppp baud-rate <9600 | 19200 | 38400>
Example:
P330-N# set ppp baud-rate 38400

set web aux-files-url

Use the set web aux-files-url command to allow the Device Manager to
automatically locate the URL (the http://www address and path) of the Web server
containing the Device Manager help files and Java plug-in.
Note: Ensure that the Web server is always accessible otherwise Web access to the
device may take a few minutes.

set web aux-files-url <//IP address/directory name>
Example:
P330-N# set web aux-files-url //192.168.47.25/emweb-aux-files
set intelligent-multicast
Use the set intelligent-multicast command to enable or disable the IP-
multicast filtering application.

set intelligent-multicast {enable|disable}
Example:
P330-N> set intelligent-multicast enable
Done!
set intelligent-multicast client port pruning time

Use the set intelligent-multicast client-port-pruning time
command to define aging time for client ports.

set intelligent-multicast client-port-pruning time <time>
time The time in seconds.

Example:
P330-N> set intelligent-multicast client-port-pruning-time 20
Done!
set intelligent-multicast router port pruning time

Use the set intelligent-multicast router-port-pruning time
command to define aging time for router ports.

set intelligent-multicast router-port-pruning time <time>
Example:
P330-N> set intelligent-multicast router-port-pruning time 20
Done!
set intelligent-multicast group-filtering delay time

Use the set intelligent-multicast group-filtering-delay time
command to define group filtering time delays.

set intelligent-multicast group-filtering-delay time <time>
Example:
P330-N> set intelligent-multicast group-filtering-delay time
20
Done!
set secure mac

Use the set secure mac command to add a unicast MAC address into the CAM
table of a secured port. This command is accessed only through connection to a
particular switch, not directly from the master switch.
Note: This command is not supported by the P332G-ML and P332GT-ML switches.


set secure mac <mac-address> port <mod-num>/<port-num>
set security mode

Use the set security mode command to enable or disable MAC security at the
stack level. When enabled, the ports are secured based on their individual
configuration. When disabled, all the ports in a stack are non-secured.

set security mode { enable | disable }
Output Example:
P330-N> set security mode enable
Security mode enabled.
set arp-aging-interval
Use this command to set the ARP table aging interval for gateways’ entries in the
agent ARP table. The MAC value for the default gateway of ML agent in the ARP
table, is deleted at the end of every aging interval. The default value is 10 minutes.

set arp-aging-interval <value>
value The number representing the interval, from 0-10 minutes.
Example:
P330-N# set arp-aging-interval 20
ARP aging interval was set to 20 minutes.
set arp-tx-interval
Use the set arp-tx-interval command to set the keep-alive frames sending interval.
Setting the interval to 0 disables the transmission of the keep-alive frames.

set arp-tx-interval <value>
value The interval, in seconds.

Output Example:
P330-N# set arp-tx-interval 15
ARP tx interval was set to 15 seconds.
set self-loop-discovery Admin_Status

Use the set self-loop-discovery Admin_Status command to enable or
disable IBM token ring discovery feature at the module level.
Note: You must disable Spanning Tree before you can enable self-loop-discovery.
Note: This command is not supported by the P332G-ML and P332GT-ML switches.

set self-loop-discovery Admin_Status <enable|disable>
<modul num>
Example:
P330-N# set self-loop-discovery Admin_Status enable 1
Self-Loop-Discovery is disabled on module 1.
set welcome message

Use the set welcome message command to set a welcome message to appear
after a reboot or after opening a new session (see session command) in the stack.

set welcome message [string]
string string - The string to be used as the welcome message.

blank - Restores the default string.
Output Example:
P330-N# set welcome message avaya
The new welcome string is “avaya”

Note: If you wish to define a string which includes spaces, you must enclose the
entire string in quotation marks, e.g. "new york".
set allowed managers

Use the set allowed managers command toenable/disable the Allowed
Managers feature. When this feature is enabled, only those stations whose IP
addresses are listed in the Allowed Managers table can access the device over
Telnet, SNMP, or HTTP.

set allowed managers [enabled|disabled]
Output Example:
P330-N> set allowed managers enabled
Managers are enabled
set allowed managers IP

Use the set allowed managers IP command to add or remove an IP address
from the Allowed Managers table. The Allowed Managers table can contain up to
twenty IP addresses.

set allowed managers ip [add|delete][IP address]
Output Example:
P330-N> P330-1(super)# set allowed managers ip add
149.49.32.134
Ip was added to the table
set psu type

Use the set psu type command to set the main power supply type (AC/DC) of
the module.
Note: This command is not applicable to P332G-ML and P332GT-ML switches. This
command is used to set the power supply types for other P330 switches in the stack.


set psu type [AC|DC][module number]
Output Example:
P330-N> set psu type DC 3
Power supply type was changed to DC on module 3
sync time
Use the sync time command to synchronize the time used by all switches in a
stack.

sync time
Output Example:
P330-N# sync time
Time has been distributed.
get time
Use the get time command to retrieve the time from the network.

get time
Output Example:
P330-N# get time
Time is already being acquired from network!

reset
Use the reset command to restart the system or an individual switch. If no switch
number is defined or the switch number of the Master is defined, the command
resets the entire system. If the switch number is defined, the command resets the
specified switch only.
Note: You should perform a reset after downloading software to the switch.

reset {module number}
Output Example:
To reset the Master agent and force the entire system to reset:
P330-N# reset
This command will force a switch-over to the master module and
disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Connection closed by foreign host.
Output Example:
To reset switch 4:
P330-N# reset 4
This command will reset module 4 and may disconnect your
telnet session.
Resetting module 4...
reset stack
Use the reset stack command to perform a hardware reset in the entire stack.

reset stack

reset mgp
Use the reset mgp command to perform a software reset in the G700 Media
Gateway Processor.

reset mgp
reset wan
Use the reset wan command to perform a software reset in the X330 WAN Access
Router Module.

reset wan [module number][bank-a]
module Optional - the module number where the WAN module to be

number reset resides.
bank-a Optional - boot the WAN module from bank-a after reset.
Example:
To reset a WAN module residing on switch 2:
P330-N# reset wan 2
This command will force a switch-over to the wan device
and disconnect your telnet session
*** Reset *** - do you want to continue (Y/N)? y
nvram initialize
Use the nvram initialize command to reset the P330 parameters to the factory
defaults. If no options are specified for this command, only the Layer 2 parameters
will be reset.


nvram initialize [switch|all]
switch Resets all the switching level parameters (Layer 2 only) throughout
the stack
all Resets all parameters including licenses and routing parameters of

the Layer 3 switches present in the stack
Output Example:
P330-N# nvram initialize
This command will force a factory default and switch-over to
the master module and disconnect your telnet session.
Connection closed by foreign host.
host%
rmon history
Use the rmon history command to create an RMON history entry.

rmon history <history index> [<module>[</port>]] interval
<interval> buckets <number of buckets> owner <owner name>
history_index This is the history index number of this entry (it is advisable to
use the same interface number as your history index number).
interval The interval between 2 samples.
number of The number of buckets defined.

buckets
owner name The owner name string.
Output Example:
P330-N# rmon history 1026 1026 3/2 30 buckets 20 owner amir
history 1026 was created successfully

rmon alarm
Use the rmon alarm command to create a new RMON alarm entry.

rmon alarm <Alarm Number> <variable> <interval> <sampletype>
rising-threshold <rising threshold> <rising event> falling-
threshold <falling threshold> <falling event> <startup alarm>
<owner>
alarm number This is the alarm index number of this entry (it is advisable to
use the same interface number as your alarm index number.)
variable This is the MIB variable which will be sampled by the alarm
entry.
interval The interval between 2 samples.
sample type This can be set to either delta (the difference between 2
samples) or an absolute value.
rising threshold This sets the upper threshold for the alarm entry.
rising event The RMON event entry that will be notified if the upper
threshold is passed.
falling This sets the lower threshold for the alarm entry.
threshold
falling event The RMON event entry that will be notified if the lower
threshold is passed.
startup alarm The instances in which the alarm will be activated. The
possible parameters are: Rising, Falling, risingOrfalling.
owner Owner name string.
Output Example:
P330-N# rmon alarm 1026 1.3.6.1.2.1.16.1.1.1.5.1026 60 delta
rising-threshold 10000 1054 falling-threshold 10 1054
risingOrFalling amir

alarm 1026 was created successfully
rmon event
Use the rmon event command to create an RMON event entry.

rmon event <Event Number> <type> description <description>
owner <owner>
event number This is the event index number of this entry.
type The type of the event. The possible parameters are:

trap, log, logAndTrap, none.
description A user description of this event
owner Owner name string
Output Example:
P330-N# rmon event 1054 logAndTrap description "event for
monitoring amir's computer" owner amir
event 1054 was created successfully
copy stack-config tftp

Use the copy stack-config tftp command to upload the stack-level
parameters from the current NVRAM running configuration into a file via TFTP.
Note: Create the file into which you wish to upload the stack-level parameters prior
to executing this command.

copy stack-config tftp <filename> <ip>
filename The file name (full path)
ip The IP address of the TFTP server
Output Example:
P330-N# copy stack-config tftp c:\conf.cfg 192.168.49.10
Beginning upload operation ...

This operation may take a few minutes...

Please refrain from any other operation during this time.
For more information, use 'upload status' command
********************************************************************
* If you are currently running the P330 Device Manager application,*
* it is recommended to exit from it before performing configuration*
* download operations. *
********************************************************************
copy module-config tftp

Use the copy module-config tftp command to upload the switch-level
parameters from the current NVRAM running configuration into a file via TFTP.
If an error occurred during upload (you can check this using the command show
tftp upload status) you must fix the problem. The following is a list of
possible problems:
a You did not create an empty text file at the destination server (0 Bytes).
b You do not have the correct path to the file.
c The destination server is not active/on.
d The destination server is unreachable.
Then, perform the upload procedure again twice as follows:
a Delete the destination file and recreate a correctly named empty file at the
destination server (0 Bytes)
b Type the command copy module-config tftp for the first time.
c Delete the destination file and recreate a correctly named empty file at the
destination server (0 Bytes)
d Type the command copy module-config tftp again, a second time.

copy module-config tftp <filename> <ip> <mod_num>
mod-num The switch number
Output Example:
P330-N# copy module-config tftp c:\config\switch1.cfg
192.168.49.10 5
Beginning upload operation ...
This operation may take a few minutes...
Please refrain from any other operation during this time.

For more information, use 'show tftp upload status' command
********************************************************************
* If you are currently running the P330 Device Manager application,*
* it is recommended to exit from it before performing configuration*
* download operations. *
********************************************************************
copy tftp stack-config

Use the copy tftp stack-config command to download the stack-level
configuration from a saved file into the current NVRAM running configuration, via
TFTP. To use this command, you need to have an active tftp server, and to create a
file into which to download the data. If Avaya Multi-Service Network Manager is
running, an additional TFTP server is not required.
Note: You should perform the nvram initialize command prior to the
copy tftp operation.

copy tftp stack-config <filename> <ip>
Example:
P330-N# copy tftp stack-config c:\config\switch1.cfg
192.168.49.10
copy tftp module-config

Use the copy tftp module-config command to download the switch-level
configuration from a saved file into the current NVRAM running configuration of a
switch, via TFTP. To use this command, you need to have an active tftp server, and
to create a file into which to download the data. If Avaya Multi-Service Network
Manager is running, an additional tftp server is not required.
Note: You should perform the nvram initialize command prior to the
copy tftp operation.


copy tftp module-config <filename> <ip>
ip The ip address of the TFTP server
Example:
P330-N# copy tftp module-config c:\config\switch1.cfg
192.168.49.10 5
copy tftp EW_archive

Use the copy tftp EW_archive command to download the P330 Device
Manager application into the switch via TFTP. To use this command, you need to
have an active TFTP server, and to create a file into which to download the data. If
Avaya Multi-Service Network Manager is running, an additional TFTP server is not
required.

copy tftp EW_archive <filename> <ip> <mod_num>
filename Embedded Web Manager image file name (full path)
mod_num Target switch number
Example:
P330-N# copy tftp EW_archive c:\p330\p330web201
192.168.49.10 5
copy tftp SW_image

Use the copy tftp SW_image command to update the software image and the
device manager applications of a designated switch. To use this command, you
need to have an active TFTP server, and to create a file into which to download the
data. If Avaya Multi-Service Network Manager is running, an additional tftp server
is not required.

copy tftp SW_image <image-file> EW_archive <filename><ip>

<mod_num>
image-file Common name for the files that contain the Software
Image and Embedded Web archive (full path)
filename Embedded Web Manager image file name (full path)
mod_num Target switch number
Example:
P330-N# copy tftp SW_image c:\p330\p330web101 EW_archive
c:\p330\p330web201 192.168.49.10 5
Radius Commands
The following radius commands are accessible from Privileged mode.
• set radius Enables secret authentication for the Page 140

authentication secret Avaya P330 unit.
• set radius Sets a primary or secondary RADIUS Page 140
authentication server IP address.
server
• clear radius Removes a primary or secondary Page 140
authentication RADIUS authentication server.
server
• set radius Sets the time to wait before re-sending Page 141
authentication retry- an access request.
time
• set radius Sets the number of times an access Page 141
authentication retry- request is sent when there is no
number response.
• set radius Sets the RFC 2138 approved UDP port Page 141
authentication udp- number.
port

set radius authentication secret

Use the set radius authentication secret command to enable secret
authentication for the P330 unit.

set radius authentication secret <string>
string text password
Example:
P330-N(super)# set radius authentication secret sodot
set radius authentication server

Use the set radius authentication server command to set a primary or
secondary RADIUS server IP address.

set radius authentication server <ip-address>
<primary|secondary>
ip-addr IP address of the RADIUS authentication server
primary default - Primary authentication server
secondary Secondary authentication server
Example:
P330-N(super)# set radius authentication server 192.168.38.12
primary
clear radius authentication server

Use the clear radius authentication server command to remove a
primary or secondary RADIUS authentication server.

clear radius authentication server[{primary|secondary}]

set radius authentication retry-time

Use the set radius authentication retry-time command to set the time
to wait before re-sending an access request.

set radius authentication retry time <time>
time Retry time in seconds
set radius authentication retry-number

Use the set radius authentication retry-number command to set the
number of times an access request is sent when there is no response.

set radius authentication retry number <number>
number Retry number
set radius authentication udp-port

Use the set radius authentication udp-port command to set the RFC
2138 approved UDP port number. Normally, the UDP port number should be set to
its default value of 1812. Some early implementations of the RADIUS server used
port number 1645.

set radius authentication server udp-port <number>

Supervisor Level Commands

This level includes all the commands of the User and Privileged Levels (including
all show and set commands).
username
Use the username command to add a local user account. You can only do this
from within the Supervisor Level.

username <name> password <passwd> access-type{read-only|read-
write|admin}
name New user name
passwd User’s password
access-type Access type definition - read only, read-write or

administrator
no username
Use the no username command to remove a local user account.

no username <name>

show username
Use the show username command to display the username.

show username
Output Example:
P330-N> show username
User account password access-type
-------------- ------------------------------ -----------
root **** admin
set ppp chap-secret

Use the set ppp chap-secret command to configure the shared secret used in
PPP sessions with CHAP authentication.

set ppp chap-secret <chap-secret>
chap-secret The shared secret, 4 to 32 characters.
Output Example:
P330-N(super)# set ppp chap secret sodot
PPP shared secret for CHAP authentication is set
show radius authentication

Use the show radius authentication command to display all RADIUS
authentication configurations. The shared secrets are not displayed.

show radius authentication

Example:
P330-N(super)# show radius authentication
RADIUS authentication parameters:
---------------------------------
Mode: Enabled
Primary-server: 192.168.42.252
Secondary-server: 192.168.48.134
Retry-number: 4
Retry-time: 5
UDP-port: 1645
Shared-secret: sodot
set radius authentication

Use the set radius authentication command to enable or disable
authentication for the P330 unit. RADIUS authentication is disabled by default.

set radius authentication [enable|disable]
tech
Use the tech command to enter tech mode. This command is reserved for service
personnel use only.

Chapter 6
P330 CLI - Layer 3

This chapter provides all the Layer 3 CLI commands, parameters and their default
values. Not all groups, parameters and commands are available when the P333R-LB
boots up from its INIT software.
Router Configuration Contexts

At this point you can either use the general P333R-LB commands available from the
Router(configure)# prompt or you can enter one of two router configuration
context modes:
• Router interface context:
This allows you to define parameters individually for each interface. To enter
this context, type interface <interface_name>
The prompt changes to Router>(config-if:<interface_name>)#
• Router protocol context:
This allows you to define parameters for a specific routing protocol (RIP, OSPF,
VRRP, and SRRP). To enter this context, type router <protocol_name>
The prompt changes to Router>(configure router:protocol_name)#
To exit these context modes, type the command exit.

Chapter 6 P330 CLI - Layer 3
How Commands are Organized

Command descriptions are organized into the following groups:
• System System Commands See Page 147

• IP Switch IP Commands See Page 155
• RIP Router RIP Commands See Page 177
• OSPF Router OSPF Commands See Page 183
• BOOTP-DHCP BOOTP-DHCP Commands See Page 190
• VLAN VLAN Commands See Page 193
• Fragmentation Fragmentation Commands See Page
The commands in each group are sub-divided into the following command mode
sub-groups.
• User/Privileged User/Privileged Mode Commands

• Configure Configure Mode Commands
• Interface Interface Context Mode Commands
• Router Router Context Mode Commands
The commands in every group are summarized in a Table at the beginning of each
Section.

System Commands
Table 6.1 System Commands
Command Page
hostname 148
show copy status 148
show tftp-download status 148
show tftp-upload status 149
show erase status 149
show running-config 149
show startup-config 149
show system 149
set system contact 149
set system name 149
set system location 149
copy tftp startup-config 150
copy running-config tftp 151
copy running-config startup-config 151
copy startup-config tftp 151
erase startup-config 152
event log 152
event show 152
reset 152
ping 153
traceroute 153
session 153
event clear 154

Table 6.1 System Commands
event set 154
User /Privileged Command Mode
hostname Command
Use the hostname command to change the system prompt used for the router.
This command does not change the system prompt of the stack. To change the
system prompt of the stack, use the host name command in the switch CLI tree.

[no] hostname [<hostname_string>]
hostname_string none – displays current hostname

string – the string to be used as the hostname
(up to 20 characters).
show copy status Command

Use the show copy status command to show the status of the local
configuration copy operation.

show copy status
show tftp-download status Command

Use the show tftp-download status command to view the status of the tftp
download operation.

show tftp-download status

show tftp-upload status Command

Use the show tftp-upload status command to view the status of the tftp
upload operation.

show tftp-upload status
show erase status Command

Use the show erase status command to view the status of the erase
configuration operation.

show erase status
show running-config Command

Use the show running-config command to show configuration currently
running on the switch.

show running-config
show startup-config Command

Use the show startup-config command to show configuration loaded at
startup.

show startup-config
show system Command

Use the show system command to show the P333R-LB system parameters.

show system
set system contact Command

set system contact [contact string]

Example:
set system contact "Gabby ext.545"
set system name Command

set system name [name string]
Example:
Router-N> set system name "Banking System"
set system location Command

set system location [location string]
Example:
Router-N> set system location "Floor 5,Room 12"
copy tftp startup-config Command

Use the copy tftp startup-config command to copy the P333R-LB
configuration from the saved TFTP file to the Startup Configuration NVRAM.

copy tftp startup-config <filename> <ip>
filename file name (full path)
ip The ip address of the host
Example:
copy tftp startup-config c:\P333R-LB\router1.cfg
192.168.49.10

copy running-config tftp Command

Use the copy running-config tftp command to copy the P333R-LB
configuration from the current VRAM Running Configuration to the TFTP file.

copy running-config tftp <filename> <ip>
Example:
Router-N> copy running-config tftp c:\P333R-LB\router1.cfg
192.168.49.10
copy running-config startup-config Command

Use the copy running-config startup-config command to copy the
P333R-LB configuration from the current VRAM Running Configuration to the
Startup Configuration NVRAM.

copy running-config startup-config
Example:
Router-N> copy running-config startup-config
copy startup-config tftp Command

Use the copy startup-config tftp command to copy the P333R-LB
configuration from the NVRAM Startup Configuration to the TFTP file.

copy startup-config tftp <filename> <ip>
Example:
Router-N> copy startup-config tftp c:\P333R-LB\router1.cfg
192.168.49.10

erase startup-config Command

The erase startup-config command erases the P333R-LB module NVRAM
configuration.

erase startup-config
event log Command

The event log command display a list of the P333R-LB event messages. The
event messages shown are encrypted and are reserved for Lucent technician use
only.

event log [<num>]
num Number of event messages to display (max=30)
Example:
Router-N> log 20
event show Command

The event show command display the event status.

event show
reset Command
The reset command resets the P333R-LB module. This command resets only the
specific module. If the module is the master of the stack the entire stack is reset.
If you want to keep changes you made to the current running configuration use the
copy running-config startup-config command first.

reset

ping Command
Use the ping command to check host reachability and network connectivity.

ping <host> [<interval> [<size>[timeout[source address]]]]
host IP address of the target system.
interval An integer, the number of seconds between successive ping

messages. Range: 1-256, default = 1
size An integer, the size of the packet sent during a ping

operation. Range: 22-65500, default = 50 bytes
timeout Timeout in seconds (1-10).
source address IP address.
Example:
Router-N(super)# ping 149.49.50.13 5 8
Output Example:
Router-1(super)# ping 192.168.49.1
ping 192.168.49.1 3
ping 192.168.49.1 3 50
ping 192.168.49.1 3 50 2
ping 192.168.49.1 3 50 2 192.168.49.4
traceroute Command
Use the traceroute command as a trace route utility.

traceroute <host>
host IP address.
Example:
Router-N> traceroute 192.168.50.13
session Command
See session on page 48.

Configure Mode
event clear Command

The event clear command deletes the event log.

clear [SILENT]
SILENT Do not write messages to the log file
Example:
Router-N(configure)# event clear
event set Command

Use the event set command.

set <status>
status Default
Possible states:
WARNING-ON | WARNING-OFF |
WARNING-UP | WARNING-UP-OFF |
SVR-WARNING-ON | SVR-WARNING-OFF |
SVR-WARNING-UP | SVR-WARNING-UP-OFF |
Note: default status is: SVR-WARNING-UP
Example:
Router-N(configure)# - event set SVR-WARNING-ON WARNING-OFF
Router-N(configure)# - event set WARNING-UP
Router-N(configure)# - event set default

IP Commands
Table 6.2 IP Commands
Command Page
show ip route 156
show ip route best-match 157
show ip route static 157
show ip route summary 158
show ip arp 158
show ip reverse-arp 159
show ip interface 160
show ip protocols 162
show ip damp 162
show ip unicast cache 163
show ip unicast cache networks 163
show ip unicast cache networks detailed 164
show ip unicast cache nextHop 165
show ip unicast cache aging 166
interface 167
ip default-gateway 167
ip route 168
clear ip route 168
ip routing 169
ip max-route-entries 169
arp 169
arp timeout 169
clear arp-cache 170

Table 6.2 IP Commands
ip max-arp-entries 170
ip icmp-errors 171
ip unicast route-cache aging 171
ip unicast route-cache update-timeout 171
ip netmask-format 172
ip address 173
ip vlan/vlan name 173
ip admin-state 174
ip netbios-rebroadcast 174
ip directed-broadcast 174
ip proxy-arp 175
ip broadcast-address 176
enable vlan 176
User Mode
show ip route Command

Use the show ip route command to display information about the IP unicast
routing table.

show ip route [<ip-address>[ip-mask]]|static]
ip-address The IP address of the routes
ip-mask The ip mask of the routes.
static IP Static route information.

Output Example:
Showing 2 rows
Network Mask Interface Next-Hop Cost TTL Source
-------------- -------------- ---------- -------------- ---- --- -------
0.0.0.0 0.0.0.0 mgmt 192.168.54.1 1 n/a Stat-Lo
192.168.54.0 255.255.255.0 mgmt 192.168.54.14 1 n/a Local
show ip route best-match Command

Use this command to display a routing table for a destination address.

show ip route best-match <dst addr>
dst addr IP address
Example:
Router-1(super)# sh ip route best-match 199.93.0.0
Searching for: 199.93.0.0
Showing 1 rows
Network Mask Interface Next-Hop Cost TTL Source
--------------- --------------- ------------ --------------- ----- --- -----
199.93.0.0 255.255.0.0 e-135new 135.64.76.1 1 n/a STAT-HI
show ip route static Command

Use this command to display the static routes.

show ip route static [<ip addr> [<mask>] ]
ip-address The IP address of the routes
mask The ip mask of the routes.

Example:
Router-1 (super)# sh ip route static
Showing 34 rows
Network Mask Interface Next-Hop Cost Pref Active
------------- ------------ --------------- --------------- ---- ---- ------
10.0.8.0 255.255.255.0 e-36 149.49.36.11 1 high Yes
135.0.0.0 255.0.0.0 e-135new 135.64.76.1 1 high Yes
135.64.0.0 255.255.0.0 e-135 135.87.164.1 1 high No
149.49.0.0 255.255.0.0 zevel 10.10.254.253 1 low Yes
149.49.2.0 255.255.255.0 n/a v-Route-FW 1 1 high Yes
show ip route summary

Use this command to display the number of routes known to the switch.

show ip route summary
Example:
Router-1 (super)# sh ip route summary
IP Route Summary:
Current number of routes: 69
show ip arp Command

Use the show ip arp command to display the Address Resolution Protocol
(ARP) cache.

show ip arp [<Vlan-name> | <vlan> | <ip addr> [<ip mask>] |
static]
Vlan-name Interface name (string up to 32 chars)
vlan VLAN NAME (string up to 16 chars) or VLAN ID (number)
ip-addr The IP address of the station(s)
ip-mask The IP mask of the station(s)
static Display static ip ARP information.

Output Example:
Showing 3 rows
Address MAC Address Interface Type TTL
--------------- ----------------- ------------ ------- --------
192.168.54.1 00:40:0d:8c:12:01 mgmt Dynamic 14360
192.168.2.33 00:40:0d:5c:14:01 loco Static Not Aged
192.168.1.111 00:40:0d:5d:72:01 ppp Static Not Aged
show ip reverse-arp Command

Use this command to display the IP address of a host, based on a known MAC
address.

show ip reverse-arp <mac addr> [<match len>]
mac addr MAC address
match len The number of bytes in the address to match
Example:
Router-1 (super)# sh ip reverse-arp 00:10:a4:98:97:e0
Showing 1 rows
Address MAC Address I/F Type TTL

--------------- ----------------- ----------- ------- --------
149.49.70.68 00:10:a4:98:97:e0 e-70 Dynamic 14355

show ip interface Command

Use the show ip interface command to display information for an IP interface.

show ip interface [<interface-name>]|<ip-address>|<vlan>]
interface-name The name of the interface whose information you

want to display.
ip-address The IP address of the interface whose information

you want to display.
vlan The name or ID of the VLAN over which there are

interfaces you want to display.
Output Example:
Showing 2 Interfaces
mgmt is administratively up
On vlan Default
Internet address is 10.49.54.14 , subnet mask is 255.255.255.0
Broadcast address is 10.49.54.255
Directed broadcast forwarding is disabled
Proxy ARP is disabled
baba is administratively down

On vlan v2
Internet address is 192.168.0.14 , subnet mask is 255.255.0.0
Broadcast address is 192.168.255.255
Directed broadcast forwarding is disabled
Proxy ARP is disabled

show ip interface brief Command

Use the show ip interface brief command to display brief information for
an IP interface.

show ip interface [<interface-name>|<vlan>|<ip-address>]
interface-name The name of the interface whose information you

want to display - a string of up to 32 characters.
ip-address The IP address of the interface whose information

you want to display.
vlan The name or ID of the VLAN over which there are

interfaces you want to display - a string of up to 32
characters.
Output Example:
show ip interface brief Displays all interfaces.
show ip interface brief a Displays specific information for this

interface.
show ip interface brief Displays all interfaces in a specific VLAN.

vlan10
show ip interface brief Displays the interface with the specified IP

10.10.10.10 address.

show ip protocols Command

Use the ip protocols command to display the IP routing protocol process parameters
and statistics.

show ip protocols [<protocol>]
protocol R IP | OSPF.
Example:
show ip protocols - Display all running protocols details
show ip protocols RIP - Display RIP details
Output Example:
Routing Protocol is "rip"

Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, flushd after 300
Redistributing: rip
Default version control: rip version 1
Interface Version Key
Routing for Networks:
Routing Information Sources:
Gateway Last Update
show ip icmp Command

Use the show ip icmp command to display the status of ICMP error messages.

show ip icmp

show ip unicast cache Command

Use the show ip unicast cache command to list the entries in the hardware
unicast cache database.

show ip unicast cache [[<src addr> <src mask>] <dst addr> <dst
mask>}
src addr The source IP address.
src mask The source mask IP address.
dst addr The destination IP address.
dst mask The destination mask IP address.
Output Example:
Router-N> show ip unicast cache
Showing 6 Sessions.
Source IP Destination IP Next Hop IP NH MAC Vlan
=============== ============= ================ ============= =====
192.168.1.1 29.2.1.1 28.2.0.2 00.00.28.02.00.02 5
192.168.2.1 29.2.2.1 28.2.0.2 00.00.28.02.00.02 5
192.168.2.2 29.2.2.2 28.2.0.2 00.00.28.02.00.02 5
192.168.2.3 29.2.2.3 28.2.0.2 00.00.28.02.00.02 5
192.168.2.4 29.2.2.4 28.2.0.2 00.00.28.02.00.02 5
192.168.2.5 29.2.2.5 28.2.0.2 00.00.28.02.00.02 5
show ip unicast cache networks Command

Use the show ip unicast cache networks command to list a summary of
networks handled by the hardware unicast cache database.

show ip unicast cache networks [<net addr> <net mask>]
net addr The IP address of the network.
net mask The mask IP address.

Example:
Router-N> show ip unicast cache networks
Showing 7 rows (5 networks)
Network Mask Next Hop(s) Total Hosts

=============== ==== =============== ===========
10.0.0.0 16 10.2.0.2 996
71.0.0.0 16 0.0.0.0 1
130.0.0.0 8 192.168.0.130 1124
190.0.0.0 24 10.2.0.2 250
192.168.0.130
191.0.0.0 24 10.2.0.2 250
192.168.0.130
-----
Total: 2621
show ip unicast cache networks detailed Command

Use the show unicast cache networks detailed command to list the
networks and hosts that are handled by the hardware unicast cache database.

show ip unicast cache networks detailed
Output Example:
Router-N> show ip unicast cache networks detailed 192.168.6.0
24
Showing 3 rows
Network Mask IP Address

============ ==== ===============
192.168.6.0 24 192.168.6.40
192.168.6.53
192.168.6.64

show ip unicast cache host Command

Use the show ip unicast cache host command to list hosts that are used as
the destination devices.

show ip unicast cache host [<net addr>][<net mask>]
Output Example:
show ip unicast cache host
Showing 6 hosts
IP Address Next Hops MAC Address Port Sessions Number

========== =========== ================= ===== ===============
192.168.1.1 10.2.0.2 00.00.28.02.00.02 1/14 1
192.168.2.1 10.2.0.2 00.00.28.02.00.02 1/14 1
192.168.2.2 10.2.0.2 00.00.28.02.00.02 1/14 1
192.168.2.3 10.2.0.2 00.00.28.02.00.02 1/14 1
192.168.2.4 10.2.0.2 00.00.28.02.00.02 1/14 1
192.168.2.5 10.2.0.2 00.00.28.02.00.02 1/14 1
show ip unicast cache nextHop Command

Use the show ip unicast cache nextHop command to list the routers that
are used as next-hop routers.

show ip unicast cache nextHop
Output Example:
Router-N> show ip unicast cache nextHop
Showing 2 rows
Next Hop
========
192.168.4.1
192.168.5.1

show ip unicast cache summary Command

Use the show ip unicast cache summary command to display a cache
database summary.

show ip unicast cache summary
Output Example:
Router-N>show ip unicast cache summary
Cache Summary
===============
Sessions : 11056
Hosts : 2621
Networks : 5
Next-Hops : 4
show ip unicast cache aging Command

Use the show ip unicast route-cache aging command to display aging
and update timeout configuration. The no form of this command prevents aging
in the unicast cache.

show ip unicast route-cache aging

Configure Mode
interface Command
Use the interface command to create and/or enter the Interface Configuration
Mode. Use the no form of this command to delete a specific IP interface.

[no] interface <interface name>
interface name String (up to 32 characters)
Example:
Router-N(configure)# interface marketing
ip default-gateway Command
Use the ip default-gateway command to define a default gateway (router).
The no form of this command removes the default gateway.

[no] ip default-gateway <ip-address> [<cost>] [<preference>]
ip-address The IP address of the router.
cost The path cost. The default is 1
preference Preference, either High or Low. Default is Low.
Example:
To define the router at address 192.168.37.1 as the default gateway.
Router-N(configure)# ip default-gateway 192.168.37.1

ip route Command
Use the ip route command to establish a static route. The no form of this
command removes a static route.

[no] ip route <ip-address> <mask> <next-hop> [<next-hop>]
[<next-hop>] [<cost>] [<preference>]
ip-address The IP address of the network
mask Mask of the static route
next-hop The next hop address in the network
cost The path cost. The default is 1
preference Preference, either High or Low. Default is Low.
Example:
To define the router 10.10.10.10 as the next hop for the network 192.168.33.0 with
mask 255.255.255.0:
Router-N(configure)# ip route 192.168.33.0 255.255.255.0
10.10.10.10
clear ip route Command

Use the clear ip route command to delete all the dynamic routing entries from
the Routing Table.

clear ip route * | <ip-addr> [<ip-mask>]
ip-addr IP address
ip-mask IP mask address
Example:
clear ip route * clears all the routing table
clear ip route 192.168.49.1 255.255.255.0 clears a range of entries

ip routing Command
Use the ip routing command to enable IP routing. The no form of this
command disables the IP routing process in the device. By default, IP routing is
enabled.

[no] ip routing
ip max-route-entries Command
This command exists for compatibility with P550. There is no limitation on the size
of the routing table in the P333R-LB, except for the amount of available memory.
arp Command
Use the arp command to add a permanent entry to the Address Resolution
Protocol (ARP) cache. The no form of this command removes an entry, either a
static entry or a dynamically learned entry.

[no] arp <ip-address> <hardware-address>
ip-address IP address, in dotted decimal format, of the station
hardware-address 48-bit address of the local data link
Example:
To add a permanent entry for station 192.168.7.8 to the ARP cache:
Router(configure)# arp 192.168.7.8 00:40:0d:8c:2a:01
To remove an entry to the ARP cache for the station 192.168.13.76:
Router(configure)# no arp 192.168.13.76
arp timeout Command

Use the arp timeout command to configure the amount of time that an entry
remains in the ARP cache. To restore the default value, 14400, use the no form of
this command.

arp timeout <seconds>

The syntax for the no form of this command is:

no arp timeout
seconds The amount of time, in seconds, that an entry remains

in the arp cache.
Example:
To set the arp timeout to one hour:
Router-N(configure)# arp timeout 3600
To restore the default arp timeout:
Router-N(configure)# no arp timeout
clear arp-cache Command

Use the clear arp-cache command to delete all dynamic entries from the ARP
cache and the IP route cache.

clear arp cache
Example:
Router-N(configure)# clear arp cache
ip max-arp-entries Command
Use the ip max-arp-entries command to specify the maximum number of
ARP cache entries allowed in the ARP cache. The no form of this command restores
to the default value of 4096. This command takes effect only after start-up.
[no] ip max-arp-entries <value>
value The space available for the IP address table. When you decrease the
number of entries, it may cause the table to be relearned more
frequently. If you do not enter a value, then the current ARP Cache size
is shown.
Example:
To set the maximum number of ARP cache entries to 8000:
Router-N(configure)# ip max-arp-entries 8000
To restore the maximum number of ARP cache entries to its default:
Router-N(configure)# no ip max-arp-entries

ip icmp-errors Command
Use the ip icmp-errors command to set ICMP error messages ON. The no
form of this command to set ICMP error messages OFF.

[no] ip icmp-errors
ip unicast route-cache aging Command

Use the ip unicast route-cache aging command to enable aging of unicast
cache entries.
Use the no form of this command to disable aging. The default is enable.

[no] ip unicast route-cache aging
ip unicast route-cache update-timeout Command

Use the ip unicast route-cache update-timeout command to configure
the timeout used to remove inactive cache entries.
Use the no form of this command to return to the default value.

[no] ip unicast route-cache update-timeout interval - seconds
Output Example:
Router-N(configure)# ip unicast route-cache update-timeout 600
Done!

ip netmask-format Command
Use the ip netmask-format command to specify the format of netmasks in the
show command output. The no form of this command restores to the default,
which is a dotted decimal format.

[no] ip netmask-format <mask-format>
The possible mask formats are:
bitcount Addresses are followed by a slash and the total number of bits
in the netmask. For example 17
decimal The network masks are in dotted decimal notation. For

example, 255.255.255.0.
hexadecimal The network masks are in hexadecimal format as indicated by

the leading 0X. For example, 0XFFFFFF00.
Example:
To display netmasks in bitcount format:
Router-N(configure)# ip netmask-format bitcount

Interface Mode
ip address Command
Use the ip address command to assign an IP address and mask to an interface.

ip address <ip-address> <mask> [<admin-state>]
ip address The IP address assigned to the interface.
mask Mask for the associated IP subnet
admin-state The administration status – either Up or Down
Example:
To assign the IP address 192.168.22.33 with mask 255.255.255.0 to the interface
“marketing”:
Router-N(config-if:marketing)# ip address 192.168.22.33
255.255.255.0
ip vlan/ip vlan name Commands

Use these commands to specify the VLAN on which an IP interface resides. You
can specify either the VLAN ID using the ip vlan command or the vlan name using
the ip vlan name command. The no form of the command restores the IP interface to
the default VLAN.

[no] ip vlan <vlan-id>
or
[no] ip vlan name <vlan-Name>
Example:
To specify vlan developmental as the vlan used by interface “products”:
Router-N(config-if:marketing)# ip vlan name development

ip admin-state Command
Use the ip admin-state command to set the administrative state of an IP
interface. The default state is up.

ip admin-state <up/down>
up/down Administrative state of the interface. The choices are

up (active) or down (inactive).
ip netbios-rebroadcast Command
Use the ip netbios-rebroadcast command to set NETBIOS rebroadcasts
mode on an interface. The no form of this command disables NETBIOS
rebroadcasts on an interface.

[no] ip netbios-rebroadcast <mode>
The possible values of mode are:
both Netbios packets received on the interface

rebrodcasted to other interfaces and netbios packets
received on other interfaces are rebroadcasted into
this interface.
none Netbios packets are not rebroadcasted into or out of

this interface.
Example:
To enable rebroadcasting of netbios packets received by and sent from the interface
“marketing”:
Router-N(config-if:marketing)# ip netbios-rebroadcast both
ip directed-broadcast Command
Use the ip directed-broadcast command to enable net-directed broadcast
forwarding. The no form of this command disables net-directed broadcasts on an
interface.

[no] ip directed-broadcast

ip proxy-arp Command
Use the ip proxy-arp command to enable proxy ARP on an interface. The no
form of this command disables proxy ARP on an interface.

[no] ip proxy-arp
Example:
To disable proxy ARP on interface marketing:
Router-N(config-if:marketing)# no ip proxy-arp
ip routing-mode Command
Use the ip routing-mode command to set the IP routing mode of the interface.
In RT-MGMT mode, the interface functions as a routing interface. In
RT_PRIMARY_MGMT mode, the interface function as both a routing interface and
the primary management interface. The IP address used in CajunView is the
primary management interface IP address. Only one interface can be in
RT_PRIMARY_MGMT mode. If no interface is configured to
RT_PRIMARY_MGMT, the IP address used in CajunView is selected randomly.

[no] ip routing-mode <mode>
mode RT_MGMT or RT_PRIMARY_MGMT mode
Example:
Router-N>ip routing-mode RT_PRIMARY_MGMT
ip redirect Command
Use the ip redirect command to enable the sending of redirect messages on
the interface. The no form of this command disables the redirect messages. By
default, sending of redirect messages on the interface is enabled.

[no] ip redirect
Example:
Router-N>ip redirect

ip broadcast-address Command
Use the ip broadcast-address command to update the interface broadcast
address. The Broadcast address must be filled in with 0s or 1s.

ip broadcast-address <bc addr>
bc addr The broadcast IP address
Example:
ip broadcast-address 192.168.255.255
enable vlan commands Command

Use the enable vlan command before configuring VLAN-oriented parameters,
when there is more than one interface on the same VLAN.

enable vlan commands
For more information on this command, refer to Multinetting (Multiple Subnets per
VLAN) on page 10.

RIP Commands
Table 6.3 RIP Commands
Command Page
router rip 177
network 178
redistribute 178
ip rip rip-version 179
default-metric 179
ip rip send-receive-mode 180
ip rip default-route-mode 180
ip rip poison-reverse 181
ip rip split-horizon 181
ip rip authentication mode 182
ip rip authentication key 182
Configure Mode
router rip Command

Use the router rip command to configure the Routing Information Protocol
(RIP). The no form of this command disables RIP. The default state is disabled.

[no] router rip
Example:
To enable the RIP protocol:
Router-N(configure)# router rip

Router-RIP Mode
redistribute Command
Use the redistribute command to redistribute routing information from other
protocols into RIP. The no form of this command disables redistribution by RIP.
The default is disabled.

[no] redistribute <protocol>
protocol Either Static or OSPF
Example:
Router-N(configure router:rip)# redistribute ospf
network Command
Use the network command to specify a list of networks on which the RIP is
running. The no form of this command removes an entry.

[no] network <ip-address> [<wildcard-mask>]
ip addr The IP address of the network of directly connected networks
wildcard-mask Wildcard mask address. Exists for compatibility with P550.
Example:
To specify that RIP will be used on all interfaces connected to the network
192.168.37.0:
Router-N(configure router:rip)# network 192.168.37.0
timers basic Command

Use the timers basic command to update the route timer. The default is
disabled.

timers basic <update><invalid>
update RIP update timer in seconds.

invalid RIP invalid route timer in seconds.
Note: The Invalid Route Timer value must be larger than the Update Timer value. It
is recommended that it be at least three times greater.
In any configuration all adjacent routers must have the same values for each of the
timer parameters. It is possible to have different values for the timers on two
adjacent routers, provided the Invalid Timer value is at least three times greater on
one of the routers than the Update Timer value on the other router.
Example:
Router-N(configure router:rip)# timers basic 30 180
Interface Mode
ip rip rip-version Command

Use the ip rip rip-version command to specify the RIP version running on
the interface basis. Use the no form of this command to restore to the default RIP
version 1.

[no] ip rip rip-version [1] [2]
The possible versions of the RIP packets received and sent on an interface are:
[1] RIP Version 1 packets
[2] RIP Version 2 packets.
Example:
To specify that RIP version 2 should be running on the basis of the interface
“marketing”:
Router-N(config-if:marketing)# ip rip rip version 2
default-metric Command
Use the default-metric command to set the interface RIP route metric. The no
form of this command restores the default. The default metric is 1.


[no] default-metric <number>
number The interface RIP route metric value. The range is 0 to 15.
Example:
To set the default RIP metric value. The range is 0 to 15:
Router(config-if:marketing)# default-metric 10
ip rip send-receive-mode Command

Use the ip rip send-receive-mode command to set the RIP Send and
Receive mode on an interface. The default state is talk-listen.

ip rip send-receive <mode>
The possible RIP Send and Receive mode on an interface are:
talk-listen Set RIP to receive and transmit updates on the

interface.
talkdefault-listen Set RIP to receive updates on the interface and send

only a default route.
listen-only Set RIP to only receive updates on the interface and

not transmit them.
Example:
To set the RIP Send and Receive mode on the interface “marketing” to be listen-only:
Router-N(config-if:marketing)# ip rip send-receive listen-only
ip rip default-route-mode Command

Use the ip rip default-route-mode command to enable learning of the
default route received by the RIP protocol. The default state is talk-listen.

ip rip default-route-mode <mode>

The possible default route modes on an interface are:
talk-listen Set RIP to send and receive default route updates on

the interface.
talk-only Set RIP to send but not receive default route updates
on the interface.
ip rip poison-reverse Command

Use the ip rip poison-reverse command to enable split-horizon with
poison-reverse on an interface. The no form of this command disables the poison-
reverse mechanism.
The split-horizon technique prevents information about routes from exiting the
router interface through which the information was received. This prevents routing
loops.
Poison reverse updates explicitly indicate that a network or subnet is unreachable
rather than implying they are not reachable. Poison reverse updates are sent to
defeat large routing loops.

[no] ip rip poison-reverse
ip rip split-horizon Command

Use the ip rip split-horizon command to enable split-horizon mechanism.
The no form of this command disables the split-horizon. By default split-horizon is
enabled.
The split-horizon technique prevents information about routes from exiting the
router interface through which the information was received. This prevents routing
loops.

[no] ip rip split-horizon
Example:
Router-N(config-if:marketing)# no ip rip split-horizon

ip rip authentication mode Command

Use the ip rip authentication mode command to specify the type of
authentication used in RIP Version 2 packets. The no form of this command restores
the default value of none.
The syntax for this command is: [no] ip rip authentication mode
[simple|none]
simple|none The authentication type used in RIP Version 2 packets:

• simple - clear text authentication.
• none - no authentication.
Example:
To specify simple authentication to be used in RIP Version 2 packets on the interface
“marketing”.
Router(config-if:marketing)# ip rip authentication mode simple
ip rip authentication key Command

Use the ip rip authentication key command to set the authentication
string used on the interface. The no form of this command clears the password.

[no] ip rip authentication key <password>
password The authentication string for the interface. Up to 16 characters are

allowed.
Example:
To set the authentication string used on the interface “marketing” to be “hush-
hush”.
Router-N(config-if:marketing)# ip rip authentication key hush-
hush

OSPF Commands
Table 6.4 OSPF Commands
Command Page
show ip ospf 184
show ip ospf interface 184
show ip ospf neighbor 184
show ip ospf database 185
router ospf 185
area 186
network (area) 186
ip ospf router-id 187
redistribute 187
timers ospf 187
ip ospf cost 188
ip ospf hello-interval 188
ip ospf dead-interval 188
ip ospf priority 189
ip ospf authentication-key 189

User Mode
show ip ospf Command

Use the show ip ospf command to display general information about OSPF
routing.

show ip ospf
show ip ospf interface Command

Use the show ip ospf interface command to display the OSPF-related
interface information.

show ip ospf interface [<interface-name>]
interface-name The OSPF interface name.
show ip ospf neighbor Command

Use the show ip ospf neighbor command to display OSPF-neighbor
information on a per-interface basis.
The syntax for this command is: show ip ospf neighbor
[<interface-name>] [<neighbor-id>]
interface-name The OSPF interface name.
neighbor-id Neighbor ID.

show ip ospf database Command

Use the show ip ospf database command to display lists of information
related to the OSPF database for a specific router.

show ip ospf database
[{asbr-summary|router|network|external}]
asbr-summary Displays information only about the autonomous

system boundary router summary LSAs. Optional.
external Displays information only about the external LSAa.

Optional.
network Displays information only about the network LSAa.

Optional.
router Displays information only about the router LSAs.

Optional.
Configure Mode
router ospf Command

Use the router ospf command to enable OSPF protocol on the system. The no
form of this command disables it globally. The default is disabled.

[no] router ospf

Router-OSPF Mode
area Command
Use the area command to configure the area ID of the router. The no form of
this command deletes the area ID of the router (sets it to 0) and removes the stub
definition. The default area is 0.0.0.0.
Note: You cannot define a stub area when OSPF is redistributing other protocols or
when the Area ID is 0.0.0.0.

[no] area <area id> [<stub>]
area id IP address
stub Stub
Example:
Router-N(configure router:ospf)# area 192.168.49.1
Router-N(configure router:ospf)# area 192.168.49.1 stub
network (area) Command

Use the network command to enable OSPF in this network. The no form of this
command disables the OSPF in this network. The default is disabled.

network <net addr> [<wildcard-mask> [area <area id>]]
net addr IP address
wildcard-mask Wildcard mask address
area id Area ID. This parameter exists for compatibility with

P550.
Example:
Router-N(configure router:ospf)# network 192.168.0.0
Router-N(configure router:ospf)# network 192.168.0.0
0.0.255.255 area 0.0.0.0

ip ospf router-id Command

Use the ip ospf router-id command to configure router identity. The no
form of this command returns the router identity to its default (lowest IP interface
that exists).

[no] ip ospf router-id <router id>
router id IP address
Example:
Router-N(configure router:ospf)# ip ospf router-id
192.168.49.1
redistribute Command
Use the redistribute command to redistribute routing information from other
protocols into OSPF. The no form of this command disables redistribution by
OSPF.

[no] redistribute <protocol>
protocol [static | connected | rip ]
Example:
Router-N(configure router:ospf)# redistribute rip
timers spf Command

Use the timers spf command to configure the delay between runs of OSPF’s
SPF calculation. Use the no form of this command to restore the default (3 seconds).

[no] timers spf <spf-holdtime>
spf-holdtime The time in seconds of the delay between runs of

OSPF’s SPF calculation.
Example:
Router-N(configure router:ospf)# timers spf 5

Interface Mode
ip ospf cost Command

Use the ip ospf cost command to configure interface metric. The no form of
this command sets the cost to its default. The default is 1.

[no] ip ospf cost <cost>
cost integer
Example:
ip ospf cost 10
ip ospf hello-interval Command

Use the ip ospf hello-interval command to specify the time interval
between hello's the router sends. The no form of this command sets the hello-
interval to its default. The default is 10.

[no] ip ospf hello-interval <seconds>
seconds integer
Example:
ip ospf hello-interval 5
ip ospf dead-interval Command

Use the ip ospf dead-interval command to configure the interval before
declaring the neighbor as dead. The no form of this command sets the dead-
interval to its default. The default is 40.

[no] ip ospf dead-interval <seconds>
seconds integer
Example:
ip ospf dead-interval 15

ip ospf priority Command

Use the ip ospf priority command to configure interface priority used in DR
election. The no form of this command sets the OSPF priority to its default. The
default is 1.

[no] ip ospf priority <priority>
priority integer
Example:
priority 17
ip ospf authentication-key Command

Use the ip ospf authentication-key command to configure the interface
authentication password. The no form of this command removes the OSPF
password.

[no] ip ospf authentication-key <key>
key string (up to 8 characters)
Example:
ip ospf authentication-key my_pass

BOOTP-DHCP Commands
Overview
The P333R-LB supports the DHCP/BOOTP Relay Agent function. This is an
application that accepts DHCP/BOOTP requests that are broadcast on one VLAN
and sends them to a DHCP/BOOTP server that connects to another VLAN or a
server that may be located across one or more routers that would otherwise not get
the broadcast request. The relay agent handles the DHCP/BOOTP replies as well,
transmitting them to the client directly or as broadcast, according to a flag in the
reply message. Note that the same DHCP/BOOTP relay agent serves both the
BOOTP and DHCP protocols.
When there is more than one IP interface on a VLAN, the P333R-LB chooses one of
the IP addresses on this VLAN when relaying the DHCP/BOOTP request. The
DHCP/BOOTP server then uses this address to decide from which subnet the
address should be allocated.
When the DHCP/BOOTP server is configured to allocate addresses only from a
single subnet among the different subnets defined on the VLAN, you may need to
configure the P333R-LB with the relay address on that subnet so that the DHCP/
BOOTP server can accept the request.
DHCP/BOOTP Relay in P333R-LB is configurable per VLAN and allows for two
DHCP/BOOTP servers to be specified. In this case, it duplicates each request, and
sends it to both servers. This provides redundancy and prevents the failure of a
single server from blocking hosts from loading.
DHCP/BOOTP Relay in P333R-LB can be enabled or disabled.
The following table displays the BOOTP-DHCP Commands:
Table 6.5 BOOTP-DHCP Commands
Command Page
ip bootp-dhcp relay 191
ip bootp-dhcp Server 191
ip bootp-dhcp network 192

Configure Mode
ip bootp-dhcp relay Command

Use the ip bootp-dhcp relay command to enable relaying of bootp and dhcp
requests to the bootp/dhcp server. The no form of this command disables bootp/
dhcp relay. The default state is: disabled.

[no] ip bootp-dhcp relay
Example:
To enable relaying of BOOTP and DHCP requests:
Router-N(configure)# ip bootp-dhcp relay
To disable relaying of bootp and dhcp requests:
Router-N(configure)# no ip bootp-dhcp relay
Interface Mode
ip bootp-dhcp server Command

Use the ip bootp-dhcp server command to add a bootp/dhcp server to
handle bootp/dhcp requests received by this interface. The no form of this
command removes the server. A maximum of two servers can be added to a single
interface.

ip bootp-dhcp server <ip-address>
ip-address The IP address of the server.
Example:
To add station 192.168.37.46 as a bootp/dhcp server to handle bootp/dhcp requests
arriving at the interface “marketing”:
Router-N(config-if:marketing)# ip bootp-dhcp server
192.168.37.46

ip bootp-dhcp network Command

Use the ip bootp-dhcp network command to select the network from which
the bootp/dhcp server shall allocate an address. This command is required only
when there are multiple interfaces over the VLAN. The no form of this command
restores to the default.

[no] ip bootp-dhcp network <ip-address>
ip-address The IP address of the network.
Example:
To select the network 192.168.169.0 as the network from which an address shall be
allocated for bootp/dhcp requests:
Router-N(config-if:marketing)# ip bootp-dhcp network
192.168.169.0

VLAN Commands
Table 6.6 VLAN Commands
Command Page
show vlan 193
set vlan 193
clear vlan 194
User Mode
show vlan Command

Use the show vlan command to display router Layer 2 interfaces.

show vlan [details]
Configure Mode
set vlan Command

Use the set vlan command to create router Layer 2 interface.

set vlan <vlan-id> name <vlan-name>
vlan-id Interface Index

vlan-name Interface name (used in layer 3 protocols)
Example:
Router-N(configure)# set vlan 2 name vlan2

clear vlan Command

Use the clear vlan command to Delete Router layer 2 interface.

clear vlan [<vlan-id>] | [name <vlan-name>]
vlan-id Interface Index

vlan-name Interface name (used in layer 3 protocols)
Tech Command
Use the tech command to enter tech mode. This command is reserved for service
personnel use only.

Fragmentation Commands
Table 6.7 Fragmentation Commands
Command Page
clear fragment 195
fragment chain 195
fragment size 196
fragment timeout 196
show fragment 197
clear fragment Command

Use the clear fragment command to clear the fragment database and restore its
defaults.
Note: No fragmentation of packets in transit is performed through the router.

clear fragment
fragment chain Command

Use the fragment chain command to set the maximum number of fragments that
can comprise a single IP packet destined to the router. Use the no form of this
command to set the fragment chain to the default value (64).
Note: No fragmentation will be done of packets in transit through the router.

[no] fragment chain <chain-limit>
chain-limit The maximum number of fragments that can comprise a single

IP packet, from 2 to 2048. The default is 64.

Example:
Router-1(super)# fragment chain 30
fragment size Command

Use the fragment size command to set the maximum number of fragmented IP
packets, destined to the router, to reassemble at any given time. Use the no form of
this command to set the fragment size to the default value (100).

[no] fragment size <database-limit>
database-limit The maximum number of packets undergoing re-assembly

at any given time, from 0 to 200. The default is 100.
Example:
Router-1(super)# fragment size 150
fragment timeout Command

Use the fragment timeout command to set the maximum number of seconds to
reassemble a fragmented IP packet destined to the router. Use the no form of this
command to set the fragment timeout to the default value (10).

[no] fragment timeout <timeout>
timeout The maximum number of seconds to re-assemble an IP packet,

from 5 to 120. The default is 10.
Example:
Router-1(super)# fragment timeout 30

show fragment Command

Use the show fragment command to display information regarding fragmented IP
packets that are destined to the router.
This command displays the following information:

• Size - Maximum number of packets set by the size option.
• Chain - Maximum number of fragments for a single packet set by the chain
option.
• Timeout - Maximum number of seconds set by the timeout option.
• Queue - Number of packets currently awaiting reassembly.
• Assemble - Number of packets successfully reassembled.
• Fail - Number of packets which failed to be reassembled.
• Overflow - Number of packets which overflowed the fragment database.

show fragment
Example:
Router-1(super)# show fragment
Max number of concurrently reassembled packets is 100
Max number of fragments per packet is 64
Fragment timeout is 10 sec
Number of packets waiting to be reassembled is 0
Number of successfully reassembled packets is 11954
Number of packets which failed to be reassembled is 0
Number of packets which overflowed the database is 0


Chapter 7
Firewall Load Balancing

This chapter provides information on Firewall Load Balancing (FWLB) in general,
as well as on specific types of firewalls supported by the P333R-LB, and
configuration examples.
FWLB intercepts all traffic between protected and unprotected zones, and
dynamically distributes the load among the available firewalls, based on the FWLB
configuration.
In terms of P333R-LB configuration, firewalls are referred to as Real Servers, the
group of firewalls is a Real Server Group, and the firewall group is associated with a
Virtual Firewall Service, which is a routing or bridging firewall.
Benefits
FWLB allows multiple firewalls to operate in parallel, giving you the ability to:
• Scale firewall performance.
• Eliminate the firewall as the single point of failure.
How It Works
The P333R-LB:
• Balances traffic across two or more firewalls (up to1024) in your network,
allowing your firewalls to work in parallel.
• Maintains state information about the traffic flowing through it and ensures
that all traffic between specific IP source and destination pairs flows through
the same firewall.
• Performs health checks on all paths through the firewalls. If a path is
malfunctioning, P333R-LB diverts traffic away from that path, maintaining
connectivity across the firewalls.
Often, a pair of P333R-LBs are needed to support FWLB. One device is deployed on
the LAN side (internal) of the firewalls and another on the WAN side (external).
Another P333R-LB is required to balance a Demilitarized Zone (DMZ) on the DMZ
side of the network, if it exists, to allow remote access. Additional P333R-LBs can be
added to provide redundancy, eliminating any P333R-LB or path as the single point
of failure.
P333R-LB supports both bridging and two types of routing firewalls: transparent
and non-transparent.

Chapter 7 Firewall Load Balancing
Transparent Routing Firewall Load Balancing

This section explains how the P333R-LB supports Transparent Routing FWLB, and
includes configuration examples.
Implementation
For Transparent Routing FWLB, the load balancer receives a packet, makes a load
balancing decision, and forwards the packet to a firewall. The firewall does not
perform Network Address Translation (NAT) on the packets; the source and
destination IP addresses are not changed.
Two P333R-LBs are required for Transparent Routing FWLB, one on each side of the
firewalls. One device intercepts traffic between the protected zone and the firewall,
and the second device intercepts traffic between the unprotected zone and the
firewall.
Transparent Routing firewalls act as "next hop" devices from the perspective of the
P333R-LB. After one of the firewalls in a group is selected, normal routing to that
firewall takes place.
The P333R-LB performs an “intelligent routing” decision, based on the Load
Balancing criteria, and replaces the MAC address in the packets by the MAC
address of the selected firewall.
P333R-LB enables you to route packets destined to a Demilitarized Zone (DMZ). A
DMZ is a portion of the client’s network, apart from the client’s LAN, where remote
access is allowed. After creating a DMZ, a third load balancer is installed, which
routes packets to the DMZ.
The following sections present configuration examples of a simple and DMZ
configuration.

Simple Configuration Example

The following figure illustrates a simple transparent routing FWLB configuration.
Figure 7.1 Transparent Routing FWLB Sample Configuration
Firewall 1
10.1.1.1 10.2.1.1
10.4.1.3 10.1.1.3 Server 10.2.1.3 193.170.1.1 193.170.1.2
LAN Internet
P333R-LB 1 10.1.1.2 10.2.1.2 P333R-LB 2 Access Router
Server
Firewall 2
RSG fw-group
Note:
1. When configuring routing firewalls as Real Servers, you must give an ID to each
Real Server. This ID must match the ID given to the same firewall on the second
load balancer.
2. The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
To configure your network as in Figure 7.1, the following should be done:

• The LAN routers (or hosts) should be configured with 10.4.1.3 as the next hop
toward the WAN (the default gateway in many cases).
• The access router should be configured with 193.170.1.1 as the next hop toward
the LAN.
• The firewalls should be configured with 10.1.1.3 as the next hop towards the
LAN, and 10.2.1.3 as the next hop toward the WAN.
• The firewalls must be configured to allow ICMP Echo to pass between the two
load balancers (10.1.1.3 and 10.2.1.3) for health-check purposes.

In order to configure P333R-LB1 according to Figure 7.1, perform the following

commands:
P330-1(configure)# session router

Router-1(configure)# hostname "P333R-LB 1"
P333R-LB 1-1(configure)# interface 1
Done!
P333R-LB 1-1(config-if:1)# ip address 10.4.1.3 255.255.255.0
Done!
P333R-LB 1-1(config-if:1)# exit
Done!
Done!
P333R-LB 1-1(configure)# real-routing-fw 10.1.1.1
Done!
P333R-LB 1-1(config-rsrvr:10.1.1.1)# id 1
Done!
P333R-LB 1-1(config-rsrvr:10.1.1.1)# exit
Done!
Done!
P333R-LB 1-1(configure)# rsg fw-group
Done!
P333R-LB 1-1(config-rsg:fw-group)# type-id routing-fw 1
Done!
P333R-LB 1-1(config-rsg:fw-group)# real-routing-fw 10.1.1.1
Done!
Done!
P333R-LB 1-1(config-rsg:fw-group)# exit
P333R-LB 1-1(configure)# virtual-fw-service external
Done!

P333R-LB 1-1(config-v-fw-srvc:external)# id 1
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# hc-ip 10.1.1.3
10.2.1.3
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# ip route 0.0.0.0
0.0.0.0
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# rsg fw-group
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# exit
In order to configure P333R-LB2 according to Figure 7.1, perform the following

commands:

Router-1(configure)# hostname "P333R-LB 2"
Done!
P333R-LB 2-1(config-if:1)# ip address 193.170.1.1
255.255.255.0
Done!
Done!
Done!
P333R-LB 2-1(configure)# ip default-gateway 193.170.1.2
Done!
Done!
Done!

Done!
Done!
P333R-LB 2-1(configure)# rsg fw-group
Done!
P333R-LB 2-1(config-rsg:fw-group)# type-id routing-fw 1
Done!
Done!
Done!
P333R-LB 2-1(config-rsg:fw-group)# exit
P333R-LB 2-1(configure)# virtual-fw-service internal
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# id 1
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# hc-ip 10.2.1.3
10.1.1.3
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# ip route 10.4.1.0
255.255.255.0
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# rsg fw-group
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# exit

The following configuration file is a result of the above configuration:

---------------
P333R-LB 1
----------------
hostname "P333R-LB 1"

!
interface "2"
ip vlan name "Default"
ip address 10.1.1.3 255.255.255.0
!
interface "1"
ip address 10.4.1.3 255.255.255.0
!
real-routing-fw 10.1.1.1
id 1
!
id 2
!
rsg "fw-group"
type-id routing-fw 1
!
virtual-fw-service "external"
id 1
hc-ip 10.1.1.3 10.2.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"

----------------
P333R-LB 2
----------------

!
interface "2"
ip address 10.2.1.3 255.255.255.0
!
interface "1"
ip address 193.170.1.1 255.255.255.0
!
ip default-gateway 193.170.1.2 1 low
!
id 1
!
id 2
!
rsg "fw-group"
!
virtual-fw-service "internal"
id 1
hc-ip 10.2.1.3 10.1.1.3
ip route 10.4.1.0 255.255.255.0
rsg "fw-group"

Demilitarized Zone (DMZ) Configuration Example

The following figure illustrates Transparent FWLB with DMZ configuration.
Figure 7.2 Transparent Routing FWLB Sample DMZ Configuration
Firewall 1
10.1.1.1
10.4.1.3 10.1.1.3 10.3.1.1 10.2.1.1

Server
10.2.1.3 193.170.1.1 193.170.1.2
LAN
10.1.1.2 Internet
P333R-LB 1 P333R-LB 2 Access Router
10.3.1.2 10.2.1.2
Server
Firewall 2
RSG
10.3.1.3
fw- group
P333R-LB 3 193.170.2.3
DMZ
Note:
1. When configuring routing firewalls as Real Servers, you must give an ID to each
Real Server. This ID must match the ID given to the same firewall on the second
load balancer.
2. The P333R-LB performs load balancing on traffic that arrives to its routing
the P333R-LB.

the LAN.
LAN, and 10.2.1.3 as the next hop toward the WAN (internet).
• The firewalls must be configured to allow ICMP Ping to pass between the two
• Each load balancer must be configured to two virtual firewall services. In
Figure 7.2, P333R-LB1 should be assigned to the WAN and DMZ, P333R-LB2 to
the LAN and DMZ, and P333R-LB3 to the LAN and WAN.

The following configuration file is a result of configuring your network as shown in

Figure 7.2:
-------------------
P333R-LB 1
-------------------

!
interface "2"
ip address 10.1.1.3 255.255.255.0
!
interface "1"
ip address 10.4.1.3 255.255.255.0
!
id 1
!
id 2
!
rsg "fw-group"
!
id 1
hc-ip 10.1.1.3 10.2.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
!
virtual-fw-service "dmz"
id 2
hc-ip 10.1.1.3 10.3.1.3

ip route 193.170.2.0 255.255.255.0

rsg "fw-group"
-------------------
P333R-LB 2
-------------------

!
interface "1"
ip address 10.2.1.3 255.255.255.0
!
interface "2"
ip address 193.170.1.1 255.255.255.0
!
!
id 1
!
id 2
!
rsg "fw-group"
!
id 1
hc-ip 10.2.1.3 10.1.1.3
ip route 10.4.1.0 255.255.255.0
rsg "fw-group"
!

virtual-fw-service "dmz"
id 2
hc-ip 10.2.1.3 10.3.1.3
ip route 193.170.2.0 255.255.255.0
rsg "fw-group"
-------------------
P333R-LB 3
-------------------

!
interface "1"
ip address 10.3.1.3 255.255.255.0
!
interface "2"
ip address 193.170.2.3 255.255.255.0
!
id 1
!
id 2
!
rsg "fw-group"
!
id 1
hc-ip 10.3.1.3 10.1.1.3
ip route 10.4.1.0 255.255.255.0
rsg "fw-group"

!
id 2
hc-ip 10.3.1.3 10.2.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
Load Balancing Metrics for Transparent Routing FWLB

There are different methods, or metrics, that the P333R-LB can use to distribute
traffic among multiple firewalls. These metrics tell the P333R-LB which server
should receive the next session.
Transparent Routing FWLB uses the following metrics:
• Hash.
• MinMiss Hash.
Each load balancing metric can be performed on one of the following metric
parameters:
• SRC IP (source IP address).
• DST IP (destination IP address).
• SRC and DST IP (a combination of source and destination IP addresses).
Hash
Hash is the default metric for FWLB, and the default metric parameter for
Transparent FWLB Hash is: Source IP, Destination IP.
Using the Hash metric, sessions are distributed through firewalls using a
predefined mathematical hash function. This hash function is created by a hash
value, performed on a specific parameter. The source and destination IP addresses
are used as the hash function input.
P333R-LB creates a list of all the currently available firewalls. The result of the hash
function is used to select a firewall from the list. Specific source and destination IP
addresses always produce the same hash function, providing natural persistency.
If a firewall is added or removed to the group, the persistency will be broken. This
occurs, since the order of the firewalls in the list changes, but the hash still points to
the same list entries. The following figure illustrates how a loss of persistency occurs
when a firewall becomes non-operational.

Figure 7.3 Hash Metric - Loss of Persistency

1 1
2 3
3 Firewall 2 4
4 1
1 3 Loss of
2 4
Persistency
3 1
Server
The same
Hash Function 4 Hash Function 3
pointing to Firewall 4 1 pointing to Firewall 1 4
2 1
3 3
List of available Firewalls
When Firewall 2 is removed from the group, the list of available firewalls is
readjusted, causing a lack of persistency. However, if Firewall 2 becomes
operational again, the list of available firewalls is restored to its original order, and
persistency is recovered, making Hash a predictable metric.
MinMiss Hash
The metric parameter for MinMiss Hash is: Source IP, Destination IP.
MinMiss Hash distributes sessions to firewalls in the same way as the Hash metric.
However, MinMiss Hash sustains persistency even when a server is removed from
the firewall group. When a firewall fails or is removed, the positions of the other
firewalls in the list do not change. Instead, the remaining firewalls are redistributed
to the list entries freed by the failing firewall. The following figure illustrates how
persistency is maintained even though a firewall becomes non-operational.
Figure 7.4 MinMiss Hash Metric - Persistency Sustained
1 1
2 1
3 Firewall 2 3
4 4
1 1 Persistency
2 3
KeptKept
3 3
Server
Hash Function The same

4 Hash Function still 4
pointing to Firewall 4
1 pointing to Firewall 4 1
2 4
3 3
List of available Firewalls
When Firewall 2 is removed from the group, the list of available firewalls is not
readjusted. Only the list entries that are now empty are replaced with other
available firewalls. Therefore, persistency is sustained for all available firewalls. If
Firewall 2 becomes operational again, the list of available firewalls is recalculated so
that the smallest number of firewalls is affected. However, the list of firewalls is not

restored to its original configuration. As a result, persistency is only partially

recovered, making MinMiss Hash a non-predictable metric.
Selecting a Load Balancing Metric

The different metrics available allow you to select the metric that best matches your
network topology.
The Hash metric produces predictable forwarding decisions. Therefore, this is the
only metric appropriate for configurations that involve load balancers on both sides
of the firewalls (for example, Transparent Routing FWLB, and Bridging FWLB).
Furthermore, loss of persistency may not be an issue where a state-synchronizing
firewall cluster is deployed.
For Transparent Routing FWLB, to ensure mapping of the same session to the same
firewall by both load balancers, the default hash key is a combination of the source
and destination IP addresses.
The MinMiss Hash metric maintains persistency better than the Hash metric. When
there is not need to maintain consistency between load balancers (for example, Non
Transparent FWLB), this metric should be used.
Weighted Firewalls
You can assign weights to firewalls to enable faster firewalls to receive a larger
share of sessions. This minimizes overloading and maximizes functionality.
If you assign a weight to a firewall, the sessions are distributed to the firewalls in the
same metric chosen (Hash or MinMiss Hash). However, weighted firewalls are
assigned a larger share of sessions. For example, if you assign a weight of 10 to one
firewall (the default value), and assign a weight of 20 to a second firewall, the
second firewall receives 2 sessions for each session directed to the first firewall.
Health Check
The P333R-LB constantly health checks the firewall paths to ensure that each
firewall is accessible and operational. A firewall that fails the health check is
automatically removed from the load balancer’s internal list of currently available
firewalls.
The P333R-LB uses the ICMP Echo health-check method. Each load balancer
periodically pings the Real Server and checks if an answer was received.
For FWLB, the health check must is performed beyond the firewalls as well in order
to check the entire data path. In order to insure that the health check packets
traverse the same firewall in both directions, the Health Check IP addresses (the
packet’s source and destination IP addresses) are the interfaces of the load balancer
on each side of the firewall. For each load balancing interface, the local and remote
addresses should be configured. The load balancers on both sides of the firewalls
must be configured symmetrically. For information on configuration, see the
configuration example.

Persistency
Firewalls perform a Stateful Inspection on every session passing through them and
drop a session if not all of its traffic passes through the same firewall. Therefore,
when load-balancing between different firewalls, it is imperative that all traffic
belonging to a given session traverses the same firewall.
The P333R-LB achieves this goal by implementing a sophisticated persistency
mechanism, based on packet characteristics inspection. A symmetric hash function
in each module is calculated based on the source and destination IP addresses. The
P333R-LB assures that packets with the same characteristics traverse the same
firewall in both directions throughout the session.
In the case where there are two P333R-LBs (one on each side of the firewalls),
persistency is ensured only if each P333R-LB is configured so that they are
compatable with each other. If they are not, and there is a change in the network
that affects internal device decisions (for example, adding or removing a Real
Server), persistency, or even the network connection, could be lost.

Non-Transparent Routing Firewall Load Balancing

This section explains how the P333R-LB supports non-Transparent Routing
firewalls, and includes configuration examples as well.
Implementation
Non-Transparent Routing firewalls are firewalls that support dynamic NAT
(Network Address Translation).
For non-Transparent FWLB, the load balancer receives an outgoing packet, makes a
load balancing decision, and forwards the packet to a firewall. The firewall keeps a
bank of IP addresses and replaces the source IP of the incoming packet (from the
LAN) with a unique, yet arbitrary IP address from this bank. The firewall then
forwards the packet to an edge router which routes it to the correct destination on
the WAN.
For incoming packets, the unique NAT address is used as a destination IP to access
the same firewall. The firewall performs reverse NAT by replacing the NAT
destination address with the actual destination address (the client IP address), and
then forwards the packet to the load balancer which routes the packet to its
destination. No Load Balancing is performed on incoming packets.
For non-Transparent Routing FWLB, only one Load Balancing device is required.
The device is positioned on the LAN (internal) side of the firewalls. Since the
firewalls perform NAT, a Load Balancing device is not needed between the WAN
and the firewalls.
As well, non-Transparent Routing FWLB can be configured using static NAT. In
this scenario, the firewalls are configured to perform NAT for some hosts, and not
for other hosts. Alternatively, the firewalls may be configured to assign a specific
NAT address to a specific host. In this case, two load balancers are required, one on
each side of the firewalls.

NAT Configuration Example

The following figure illustrates non-Transparent Routing FWLB using NAT.
Figure 7.5 Non-Transparent Routing FWLB Sample NAT Configuration
Firewall 1
10.1.1.1 NAT 1=193.170.1.1
10.4.1.3 10.1.1.3 Server
193.170.1.3
LAN Internet
Access Router
P333R-LB 10.1.1.2
Server
NAT 2=193.170.1.2
Firewall 2
RSG fw-group
Note: The P333R-LB performs load balancing on traffic that arrives to its routing
the P333R-LB.

the LAN.
LAN and 193.170.1.3 toward the WAN.
Figure 7.5:
-----------------
P333R-LB
-----------------
hostname "P333R-LB"
!
interface "2"
ip address 10.1.1.3 255.255.255.0
!

interface "1"
ip address 10.4.1.3 255.255.255.0
!
id 1
!
id 2
!
rsg "fw-group"
!
id 1
hc-ip 10.1.1.3 193.170.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"

Static NAT Configuration Example

The following figure illustrates non-Transparent Routing FWLB using static NAT.
Figure 7.6 Non-Transparent Routing FWLB Sample Static NAT Configuration
Firewall 1
10.1.1.1 10.2.1.1
10.4.1.3 10.1.1.3 Server 10.2.1.3 193.170.1.1 193.170.1.2
LAN Internet
P333R-LB 1 10.1.1.2 10.2.1.2 P333R-LB 2 Access Router
Server
Firewall 2
RSG fw-group
Note: The P333R-LB performs load balancing on traffic that arrives to its routing
the P333R-LB.

the LAN.
LAN, and 10.2.1.3 as the next hop toward the WAN.
• Configure P333R-LB1 to use the Hash metric, and set the Hash parameter to
"destination".
• Configure P333R-LB2 to use the Hash metric, and set the Hash parameter to
"source".
As both load balancers compute the hash function based on IP addresses of hosts
across the WAN, session persistency is maintained.

Load Balancing Metrics for Non-Transparent Routing FWLB

Non-Transparent Routing FWLB uses the following metrics:
• Hash.
• MinMiss Hash.
Hash is the default metric for FWLB, and the metric parameter is: Source IP,
Destination IP. For full information about Hash and MinMiss Hash, see Load
Balancing Metrics for Transparent Routing FWLB on page 211. For full information
on selecting a load balancing metric, see Selecting a Load Balancing Metric on page
213.
Health Check
In order for the P333R-LB to perform a health check, an IP address beyond the
firewall should be configured as a health check address. The health check session
returns through the same firewall according to the NAT address it was given. For
information on configuration, see the configuration example.
Persistency
As in the case of Transparent Routing Firewalls, Non-Transparent Routing
Firewalls perform Statefull Inspection on all packets going through them, checking
that all the packets of a given session traverse the same firewall in both directions.
In transparent FWLB, persistency is ensured by the Load Balancing device. In non-
transparent FWLB, the firewalls ensure persistency through NAT, and there is no
need for the Load Balancing device to intervene.

Bridging Firewall Load Balancing

This section explains how the P333R-LB supports Bridging FWLB, and includes a
Implementation
Bridging firewalls are firewalls that do not perform forwarding at the IP layer, but
rather appear as transparent bridges. Bridging firewalls are transparent to devices
inside and outside the secured network.
For bridging FWLB, the P333R-LBs have to be positioned on both sides of the
firewalls. The Bridging Firewall does not have an IP address or a MAC address to
which traffic is directed, therefore a Bridging Firewall has to physically appear on
the traffic path. Each P333R-LB load balances between IP interfaces of the peer
P333R-LB behind the firewall. In order for this to work, the P333R-LB has to have a
different VLAN and subnet for each firewall, and the physical ports connected to
the firewalls have to be on different VLANs as well. In addition, for each VLAN,
both load balancers must be in the same subnet. The Real Servers are IP interfaces of
the load balancer on the other side of the firewalls, not of the firewalls themselves.
Configuration Example
The following figure illustrates Bridging FWLB.
Figure 7.7 Bridging FWLB Configuration Example
VLAN 3 VLAN 1 VLAN 3

Firewall 1
10.4.1.3 10.1.1.1 Server

10.1.1.2 193.170.1.3 193.170.1.2
LAN Internet
P333R-LB 1 10.2.1.1 10.2.1.2 P333R-LB 2
Access Router
Server
Firewall 2
VLAN 2
RSG
fw- group
Note:
The P333R-LB performs load balancing on traffic that arrives to its routing
the P333R-LB.


the LAN.
In addition, Bridging firewalls are transparent in terms of Layer 3. Therefore, to
configure paths through the firewalls:
• P333R-LB1 must be configured to view the IP interfaces of P333R-LB2 (10.1.1.2,
10.2.1.2) as its "Real Servers".
• P333R-LB2 must be configured to view the IP interfaces of P333R-LB1 (10.1.1.1,
10.2.1.1) as its "Real Servers".
• Firewall 1 and Firewall 2 must be connected to different ports, and those ports
must be set to different VLANs.
Figure 7.7:
----------------
P333R-LB 1
----------------
set vlan 1 name "v1"

!
!
interface "1"
ip vlan name "v1"
ip address 10.1.1.1 255.255.255.0
!
interface "2"
ip vlan name "v2"
ip address 10.2.1.1 255.255.255.0
!
interface "3"
ip vlan name "v3"
ip address 10.4.1.3 255.255.255.0

!
real-bridging-fw 10.1.1.2
!
!
rsg "fw-group"
type-id bridging-fw 1
!
virtual-fw-service "bridging-external"
id 1 bridging-fw
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
----------------
P333R-LB 2
----------------

!
!
interface "1"
ip vlan name "v1"
ip address 10.1.1.2 255.255.255.0
!
interface "2"
ip vlan name "v2"
ip address 10.2.1.2 255.255.255.0
!
interface "3"
ip vlan name "v3"
ip address 193.170.1.3 255.255.255.0

!
!
!
!
rsg "fw-group"
type-id bridging-fw 1
!
virtual-fw-service "bridging-internal"
id 1 bridging-fw
ip route 10.4.1.0 255.255.255.0
rsg "fw-group"

Load Balancing Metrics for Bridging FWLB

Bridging FWLB uses the following metrics:
• Hash.
• MinMiss Hash.
Hash is the default metric for FWLB, and the metric parameter is: Source IP,
Destination IP. For full information about Hash and MinMiss Hash, see Load
Balancing Metrics for Transparent Routing FWLB on page 211. For full information
on selecting a load balancing metric, see Selecting a Load Balancing Metric on page
213.
Health Check
As with Transparent Routing FWLB, the interfaces on both sides of the firewall are
periodically pinged and checked if an answer was received. Since each firewall is
configured on a different VLAN, the ping will always remain on the same firewall.
Persistency
Each P333R-LB interface and the firewall connected to it reside in a separate VLAN.
This ensures persistency since all the traffic through a particular firewall is
contained in the firewall’s VLAN.
Firewall Load Balancing Management Security

In some scenarios, the P333R-LB may be placed outside of the protection of the
firewalls and be exposed to intrusion attempts through its L2 and L3 management
interfaces. This is especially true for Transparent and Bridging Load Balancing,
where the P333R-LB is placed outside the internal network. The intrusion attempts
might be either via Telnet (CLI) or SNMP/HTTP (Embedded Web manager).
The user can prevent attacks by implementing the following:
• Change the L2 IP address of the stack agent to an IP address on a VLAN and
subnet not accessible to the Access Router that connects the device to the
outside world.
• Configure Access Rules on the IP interfaces (L3) of the P333R-LB that is exposed
to the outside world, that will block Telnet, SNMP and HTTP traffic sent to
those interfaces as the final destination. This model can only be managed from
the LAN. For more information, see Policy Commands on page 284.

Chapter 8
Server Load Balancing

This chapter provides information on Server Load Balancing (SLB) implementation
of the P333R-LB, and includes configuration examples.
SLB replaces a single physical server with a group of servers that appear to the
clients as a single Virtual Server.
Benefits
SLB improves your network performance by:
• Minimizing server response time.
• Maximizing server availability.
• Increasing reliability - If any server fails, the remaining servers continue to
provide services seamlessly.
• Increasing scalability - Server configuration (removal/addition) can be
performed without disrupting the network.
How it Works
The P333R-LB balances the traffic among several servers which all have access to
identical applications and data. This involves intercepting all traffic between clients
and load-balanced servers and dynamically distributing the load according to
configured schemes called metrics. For more information on metrics, refer to "Load
Balancing Metrics" on page 237.
To intercept traffic to the servers, the P333R-LB presents itself to the clients as a
Virtual Server with a Virtual IP address (VIP). Client traffic travels to the P333R-LB
acting as a Virtual Server. The P333R-LB redirects this traffic using Network
Address Translation (NAT) to the available Real (balanced) Servers. Traffic from the
Real Servers back to the clients may return via the P333R-LB, depending on the load
balancing redirection method.
To maintain awareness of any changes in the Real Servers' availability, the
P333R-LB implements a Health Check mechanism to monitor the status of the Real
Servers. For more information, see "Health Check" on page 239.
P333R-LB enables the following methods of NAT, described in the following
sections:
• Half NAT - P333R-LB translates the VIP to the IP address of the Real Servers.
• Full NAT - P333R-LB translates client’s IP addresses to Proxy IP addresses, as
well as the VIP to the IP address of the Real Servers.

Chapter 8 Server Load Balancing
Half NAT Load Balancing

In Half NAT based load balancing, the P333R-LB replaces the Virtual IP address of
the P333R-LB with the real IP address of the Real Server. Responses made by the
Real Server must pass through the P333R-LB, where the Real Server IP is replaced
with the Virtual Server IP before forwarding them to the clients.
Note: In complex routing topologies where alternative paths between the Real
Servers and clients might exist, the returning packets could reach the client via a
path external to the P333R-LB. These packets would be labelled with the real IP of
the Real Server, and not the VIP that the client recognizes, causing the session to fail.
In a situation where this is possible, use Full NAT to prevent this from occurring.
For more information, refer to "Full NAT Load Balancing" on page 228.
Half NAT Based Configuration
Note: The following example uses sample IP addresses for illustration only.
Figure 8.1 illustrates a Half NAT based SLB configuration.

Figure 8.1 Half NAT Based SLB Configuration Example
Real Server 1
10.1.1.1
Server
193.170.1.2 193.170.1.1 10.1.1.10

Real Server 2
WAN 10.1.1.2
Server
Edge Router P333R-LB

VIP=193.170.1.3 Real Server 3
10.1.1.3
Server
RSG
server-group
Note: The Real Servers must be configured with the P333R-LB as their default
gateway (for example in Figure 8.1, 10.1.1.10).
In order to configure the load balancer according to Figure 8.1, perform the
following commands:

Router-1(configure)# hostname "P333R-LB"

P333R-LB-1(configure)# interface 1
Done!
P333R-LB-1(config-if:1)# ip address 193.170.1.1 255.255.255.0
Done!
P333R-LB-1(config-if:1)# exit
Done!
Done!
P333R-LB-1(configure)# ip default-gateway 193.170.1.2
Done!
P333R-LB-1(configure)# real-slb-server 10.1.1.1
Done!
P333R-LB-1(config-rsrvr:10.1.1.1)# exit
Done!
Done!
P333R-LB-1(configure)# rsg service-group
Done!
P333R-LB-1(config-rsg:service-group)# type-id slb 1
Done!
P333R-LB-1(config-rsg:service-group)# real-slb-server
10.1.1.1
Done!
10.1.1.2
Done!
10.1.1.3
Done!
P333R-LB-1(config-rsg:service-group)# exit

P333R-LB-1(configure)# virtual-server web-farm

Done!
P333R-LB-1(config-vs:web-farm)# id 1
Done!
P333R-LB-1(config-vs:web-farm)# vip 193.170.1.3
Done!
P333R-LB-1(config-vs:web-farm)# virtual-slb-service www-
service
Done!
P333R-LB-1(config-v-srvr:web-farm-v-slb-srvc:www)# id 1
Done!
P333R-LB-1(config-v-srvr:web-farm-v-slb-srvc:www)#
application tcp 80
Done!
P333R-LB-1(config-v-srvr:web-farm-v-slb-srvc:www)# rsg
service-group
Done!
P333R-LB-1(config-v-srvr:web-farm-v-slb-srvc:www)# exit
P333R-LB-1(config-vs:web-farm)# exit
Full NAT Load Balancing

In Full NAT based load balancing, the P333R-LB replaces the Virtual IP address of
the P333R-LB with the real IP address of the Real Server, as in Half NAT load
balancing. In addition, P333R-LB replaces the incoming client’s IP address with a
user-configured Proxy IP (PIP).
For the commands to configure Full NAT based load balancing, refer to "Proxy IP
(PIP) Commands" on page 312.
Full NAT enables the P333R-LB to provide the following:
• Eliminates the possibility of traffic that entered via the P333R-LB from
bypassing the P333R-LB on return - The PIP-client IP translation has to be
performed by the P333R-LB. This ensures that even in complex networks, or
when the Clients and Real Servers are in the same network, the return traffic
from the Real Servers to the Clients always traverses the P333R-LB, and not
through an potentially existing alternative route. This is also true in situations
where the Real Servers are in the Public realm.
• Single Application for Multiple VIPs (with Single Real Server Group) - PIP
enables mapping several VIPs to a single application. The Virtual Services,
configured for each VIP, point to the same Real Server Group (RSG) as well as
to the same Real port. This enables emulating a configuration where different

servers, each with a different IP address, provide the same service. For a sample
configuration, see Figure 8.2 on page 230, with the addition for Equivalent
Application for Multiple VIPs.
• Direct Client-Real Server session access - Full NAT enables direct sessions to
load-balanced applications between the Clients and Real Servers to traverse the
P333R-LB in addition to sessions to the VIP. The sessions to the VIP undergo
Full NAT, while direct Client-Real Server sessions are routed by the P333R-LB
without NAT. Such an application is not possible when implementing Half
NAT.
• Mapping different Virtual Services to the same port on the Real Servers -
Each service has its own PIP, enabling different flows to the same port.
You prepare banks of IP address ranges and associate each Virtual Service with a
bank.
Note: You can create 64 banks of PIP addresses, with a total of 32,768 PIP addresses.
If you haven’t configured a bank for a Virtual Service, P333R-LB uses Half NAT
load balancing for that Virtual Service.
With Full NAT, responses made by the Real Server are forced to pass through the
P333R-LB, where the Real Server IP is replaced with the Virtual Server IP, and the
PIP with the client’s original IP before forwarding them to the clients.
Note: Configure the PIP addresses on a dedicated subnet. If you configure a local
interface on the PIP subnet, it is advertised throughout the network by the Routing
Protocols as belonging to that router, like all other subnets. If no Local Interface is
configured on the PIP subnet, Static Routes should be configured to reach that PIP
subnet.
Note: The P333R-LB does not answer to ARP requests, or to pings on the PIP
address.
Note: You can not configure Full NAT for Active FTP Virtual Services.

Note: The number of PIP addresses affects the number of Full NAT load balance
sessions the P333R-LB supports. One PIP address is used for all client-server
sessions on each virtual service.
Full NAT Based Configuration
Figure 8.2 illustrates a Full NAT based SLB configuration.

Figure 8.2 Full NAT Based SLB Configuration Example
Figure 8.2 illustrates a sample configuration where two clients are connected to a
P333R-LB which balances the traffic between three Real Servers. In addition to the
traffic path through the P333R-LB, a direct path exists between the Clients and the
Real Servers through another router. The P333R-LB is configured with a VIP of
193.170.4.20 and with a PIP bank on subnet 10.3.3.x.
following commands:
P333R-LB-1(super)#interface router
Done!
P333R-LB-1(super-if:router)#ip address 193.170.3.1
255.255.255.0

Done!
P333R-LB-1(super-if:router)#exit
P333R-LB-1(super)#interface client
Done!
P333R-LB-1(super-if:client)#ip address 193.170.4.1
255.255.255.0
Done!
P333R-LB-1(super-if:client)#exit
P333R-LB-1(super)#ip default-gateway 193.170.3.2
Done!
P333R-LB-1(super)#real-slb-server 10.1.1.1
Done!
P333R-LB-1(super-r-slb-srvr:10.1.1.1)#exit
Done!
Done!
P333R-LB-1(super)#rsg server-group
Done!
P333R-LB-1(super-rsg:server-group)#type-id slb 1
Done!
P333R-LB-1(super-rsg:server-group)#real-slb-server 10.1.1.1
Done!
Done!
Done!
P333R-LB-1(super-rsg:server-group)#exit
P333R-LB-1(super)#pip-bank 1
Done!
P333R-LB-1(super-pip-bank:1)#pip-addresses 10.3.3.2 10.3.4.2
Done!
P333R-LB-1(super-pip-bank:1)#exit
P333R-LB-1(super)#virtual-server slb

Done!
P333R-LB-1(super-v-srvr:slb)#id 1
Done!
P333R-LB-1(super-v-srvr:slb)#vip 193.170.4.20
Done!
P333R-LB-1(super-v-srvr:slb)#virtual-slb-service http
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#id 1
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#application tcp 80
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#pip-bank 1
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#rsg server-group
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#exit
P333R-LB-1(super-v-srvr:slb)#exit
P333R-LB-1(super)#
To insure that the packets destined to the PIP address reach the P333R-LB on the
return path from the Real Server to the client, you must configure a Static Route in
the router by entering: ip route 10.3.3.0 255.255.255.0 193.170.3.1 1
low
Note: The above configuration example stresses that even when there is a direct
path from the router to the clients, with Full NAT the traffic is forced to traverse the
P333R-LB for PIP-client IP translation. With Half NAT, in such a scenario, load-
balanced sessions would have failed. This is because traffic from the Real Servers
would have been routed directly to the clients, before reaching the P333R-LB. The
clients expect a reply from the VIP, but instead would receive the reply from the real
IP, and drop the packets.
• Following is the additional configuration for the “Single Application for

Multiple VIPs”, described on page 228. The same RSG supports HTTP Virtual
Service for additional VIPs. In the following configuration addition a VIP of
193.170.5.20 with HTTP Virtual Service is mapped to the same RSG as the
existing VIP of 193.170.4.20 with HTTP Virtual Service. Packets returning from
the real servers originally destined to VIP 193.170.4.20 are differentiated from
packets originally destined to VIP 193.170.5.20 using the PIP addresses.

Note: This configuration enables you to install the P333R-LB in the network without
changing the clients configuration, when the clients used to access different servers.
P333R-LB-1-1(super)# interface client-2

Done!
P333R-LB-1-1(super-if:client-2)# ip address 193.170.5.1
255.255.255.0
Done!
P333R-LB-1-1(super-if:client_2)# exit
P333R-LB-1-1(super)# pip-bank 2
Done!
P333R-LB-1-1(super-pip-bank:2)# pip-addresses 192.168.0.1
192.168.5.255
Done!
P333R-LB-1-1(super-pip-bank:2)# exit
P333R-LB-1-1(super)# virtual-server slb-2
Done!
P333R-LB-1-1(super-v-srvr:slb-2)# id 2
Done!
P333R-LB-1-1(super-v-srvr:slb-2)# vip 193.170.5.20
Done!
P333R-LB-1-1(super-v-srvr:slb-2)# virtual-slb-service http-2
Done!
P333R-LB-1-1(super-v-slb-srvc:slb-2:http-2)# id 2
Done!
P333R-LB-1-1(super-v-slb-srvc:slb-2:http-2)# application tcp
80
Done!
P333R-LB-1-1(super-v-slb-srvc:slb-2:http-2)# rsg server-group
Done!
P333R-LB-1-1(super-v-slb-srvc:slb-2:http-2)# pip-bank 2
Done!
P333R-LB-1-1(super-v-slb-srvc:slb-2:http-2)# exit
P333R-LB-1-1(super-vs:slb-2)# exit

Direct Server Return (DSR) (Triangulation) Redirection

In Direct Server Return (Triangulation) redirection, the redirection is based on
replacing the destination MAC address with that of the Real Server. The Real Server
is configured to send responses to the clients with the VIP as the source address. As
a result, traffic is not required to traverse the load balancer.
Note: You can not implement DSR for Services using Full NAT, since the P333R-LB
must replace the PIP with the original client IP for the returning packets.
DSR (Triangulation) Configuration Example
Figure 8.3 illustrates an SLB Triangulation configuration.

Figure 8.3 SLB Triangulation Configuration Example
Real Server 1
10.1.1.1
Server
193.170.1.2 193.170.1.1 10.1.1.10

Real Server 2
WAN 10.1.1.2
Server
Edge Router P333R-LB

VIP=193.170.1.3 Real Server 3
10.1.1.3
Server
RSG
P333R server-group
Note:
1. The VIP should be configured in the Real Servers as a “loopback” IP address.
2. Another router (like the P333R) may be configured as the default gateway of the
Real Servers. This conserves resources and bandwidth on the P333R-LB that is
tasked with balancing client requests.

Figure 8.3:
hostname "P333R-LB"
!

interface "2"
ip address 10.1.1.10 255.255.255.0
!
interface "1"
ip address 193.170.1.1 255.255.255.0
!
!
real-slb-server 10.1.1.1
direct-server-return
!
!
!
rsg "server-group"
type-id slb 1
!
virtual-server "web-farm"
id 1
vip 193.170.1.3
!
virtual-slb-service "www-service"
id 1
application tcp 80
rsg "server-group"

DNS Configuration
Figure 8.4 illustrates a DNS configuration, where DNS traffic to primary and
secondary DNS servers is balanced.
Figure 8.4 DNS Configuration
DNS
Servers Primary
Server
Server
DNS - TCP P
TC
S-
DN Server
DP
Server
P333R-LB U
S-
DN
DNS - UDP
Clients UD
P
Server
Secondary
Server
In Figure 8.4, DNS queries from clients arrive over UDP, while the DNS servers
exchange DNS information via TCP. DNS includes a mechanism by which
secondary and primary servers exchange information. The P333R-LB is required to
balance UDP queries by clients across both primary and secondary servers, while
forwarding TCP traffic only to the primary server. This is done by assigning two
services to the Virtual Server that represents the DNS server to the world. The UDP
service is mapped to a group of servers which include the primary and secondary
Real DNS Servers. The TCP service is configured to include only the Real DNS
server which has the primary role.
Combining Two Cache Applications on the Same Real Caches

Building on the fact that the P333R-LB allows for the same Real Servers to belong to
different Load Balancing applications (i.e. Application Redirection and Server Load
Balancing), it is possible to build a configuration that will implement transparent
caching and non-transparent proxy caching on the same physical machines (refer to
"Combining Two Cache Applications on the Same Real Caches" on page 250).

Load Balancing Metrics

There are different methods, or metrics, that a P333R-LB can use to distribute traffic
among multiple Real Servers. A Real Server is a physical server that is associated
with a Real IP address. These metrics tell the router which server should receive
each session.
SLB uses the following metrics:
• Round Robin.
• Hash.
• MinMiss Hash.
The default metric for SLB is Round Robin.
parameters:
In addition, each of the metrics may be weighted. For full information on weighted
Real Servers, see "Weighted Real Servers" on page 239.
Round Robin
Round Robin is the default metric for SLB.
Using the Round Robin metric, new sessions are issued to each server in turn based
on the Real Server weight. The first Real Server in the group receives the first ‘n’
sessions, where ‘n’ is the Real Server weight. The second Real Server receives the
next ‘n’ sessions, and so on. When all the servers receive at least one session, the
issuing process starts over with the first Real Server.
Hash
Using the Hash metric, sessions are distributed to Real Servers using a predefined
mathematical hash function. This hash function is created by a hash value,
performed on a specific parameter. The source and destination IP addresses are
used as the hash function input.
P333R-LB creates a list of all the currently available servers. The result of the hash
function is used to select a server from the list. Specific addresses always produce
the same hash function, providing natural persistency.
If a server is added or removed to the group, the persistency will be broken. This
occurs, since the order of the servers in the list changes, but the hash still points to
the same list entries. The following figure illustrates how a loss of persistency occurs
when a server becomes non-operational.


1 1
2 3
3 4
Server 2
4 1
1 3
Loss of
2 4
Server
1
Persistency
3
The same
Hash Function 4 3
Hash Function
pointing to Server 4 4
1 pointing to Server 1
2 1
3 3
List of available Servers
When Server 2 is removed from the group, the list of available servers is readjusted,
causing a lack of persistency. However, if Server 2 becomes operational again, the
list of available servers is restored to its original order, and persistency is recovered.
MinMiss Hash
MinMiss Hash distributes sessions to Real Servers in the same way as the Hash
metric. However, MinMiss Hash sustains persistency even when a server is
removed from the server group. When a server fails or is removed, the positions of
the other Real Servers in the list do not change. Instead, the remaining servers are
redistributed to the list entries freed by the failing server. The following figure
illustrates how persistency is maintained even though a server becomes non-
operational.
1 1
2 1
3 3
Server 2
4 4
1 1 Persistency
2 3
Kept
3
Server
3 The same
Hash Function 4 Hash Function still 4
pointing to Server 4 pointing to Server 4 1
1
2 4
3 3
When Server 2 is removed from the group, the list of available servers is not
readjusted. Only the list entries that are now empty are replaced with other
available servers. Therefore, persistency is sustained for all available servers. If
Server 2 becomes operational again, the list of available servers is recalculated so
that the smallest number of servers is affected. However, the list of servers is not
restored to its original configuration. As a result, persistency is only partially
recovered.

Weighted Real Servers

You can assign weights to Real Servers to enable faster servers to receive a larger
share of sessions. This minimizes overloading and maximizes functionality
If you assign a weight to a Real Server, the sessions are distributed to the servers in
the same metric chosen (Hash or MinMiss Hash). However, weighted servers are
and do not assign a weight to a second server, the weighted server receives 10
sessions for each session directed to the second server. This is because the default
value of the server’s weight is 10.
Health Check
The P333R-LB constantly health-checks the Real Servers to ensure that each Real
Server (in this case, each server) is accessible and operational. A server that fails the
health check is automatically removed from the load balancer’s internal list of
currently available servers.
P333R-LB supports the following health-check methods:
• ICMP Echo - Each server is periodically pinged and checked if an answer was
received.
• TCP Port Checking - A TCP connection is periodically opened to every server,
checking for successful completion of the connection.
• HTTP Server Checking - Useful for web applications, this method enables
verifying HTTP server functioning by comparing the response from the server
with a complete sample of the web page. The P333R-LB sends a request to the
HTTP server to simulate an outside request. The P333R-LB compares the
server’s response with the sample to ascertain the level that the HTTP server is
functioning. P333R-LB supports the following HTTP retrieving methods:
— Head - Retrieve only the HTTP headers without document body content.
This is the default method.
— Get - Retrieve all data from the HTTP server.
P333R-LB supports the following responses:
— Any response - P333R-LB assumes the server is functional when P333R-LB
receives any response.
— Any OK response - P333R-LB assumes the server is functional when the
server’s response is one of the HTTP OK responses (codes 201-204).
— Exact OK response - P333R-LB assumes the server is functional only when
P333R-LB receives the exact response expected (code 200). This is the
default method.
You can configure the following parameters:
— The port to access - if you do not configure a port, the default is in the
following order: the Virtual Service Real port, Virtual port, or port 80.
— HTTP Request type - GET or HEAD (default HEAD)

— HTTP version 1.0 or 1.1 (default 1.0)

— Domain Name (for HTTP 1.1 only)
Note: If you selected HTTP 1.1, you can specify a Domain Name to be used in the
Health Check query. If you don’t specify a Domain Name, the Real Server’s IP
address and the Real port is used.
— URL to access - up to 255 characters (default “/”)

— The expected response
— Expected response and type - Any Response, Any OK Response (HTTP
status code 2xx), or Exact OK Response (HTTP status code 200) - default
— Expected String - A string up to 255 characters compared with the response
— Expected String Offset - An offset from the end of the TCP header (up to
1000 bytes) where the expected string should appear.
The P333R-LB searches for the expected strings only in the first HTTP
packet sent by the server as a response to the GET/HEAD request. If the
string search fails, use the show hc last response command to view
the received string and compare it with the expected string.
A successful HTTP Health Check is defined as one with both the expected
response and expected string valid, as well as a sucessful completion of the TCP
connection.
Note: In the HTTP Expected String Health Check script “\r\n” denotes “enter”.
Following is a sample configuration for HTTP Health Check:

P333R-LB-1(super)# hc http 1
Done!
P333R-LB-1(super-http:1)# version 1.1
Done!
P333R-LB-1(super-http:1)# method get
Done!
P333R-LB-1(super-http:1)# url/samples/test.htm
Done!
P333R-LB-1(super-http:1)# domain www.mydomain.com
Done!
P333R-LB-1(super-http:1)# success-response exact-ok
Done!
P333R-LB-1(super-http:1)# expected-string “Server: Apache/
1.3.14

Done!
P333R-LB-1(super-http:1)# expected-string offset 54
Done!
• Script Server Checking - Supported over TCP, this method verifies the
functioning of the server by running a script on the server. Script Health Check
enables you to build your own script to run on the Real Server, and return a
pre-defined response.
You configure a complete and explicit request header as well as the expected
response string with offset. The string’s limiting factors are:
— Maximum length of request header: 255 characters.
— Maximum length of response string: 255 characters.
— Maximum offset from end of TCP header: 1000 bytes.
P333R-LB compares the server’s reply with the expected reply you configured.
You need to verify that the configured request results in the configured expected
response. P333R-LB searches for the expected string only in the first packet sent
by the server as a response to the script query.
A successful Script Health Check is defined as one with a valid expected string,
as well as a sucessful completion of the TCP connection.
Note: In the Script Health Check query and expected-string “\r\n” denotes “enter”.
Following is a sample configuration for Script Health Check:

P333R-LB-1(super)# hc script 1
Done!
P333R-LB-1(super-script:1)# port 777
Done!
P333R-LB-1(super-script:1)# query “Who are you?”
Done!
P333R-LB-1(super-script:1)# expected-string “I am a server”
Done!
P333R-LB-1(super-script:1)# exit
Note: By default, the SLB health check mechanism employs a TCP-connect method
for TCP-based applications that use the lowest defined TCP port. When the Virtual
Service is FTP however, you must manually configure a new TCP-connect health
check via port 21 and configure it in the relevant Virtual Service.
The need for this arises because FTP functions on TCP ports 20 (FTP-data) and 21
(FTP-ctrl), and the P333R-LB uses TCP port 20 to check the server’s availability. The

problem is that usually FTP servers do not allow a TCP connection via port 20
without having an established connection via port 21. This causes the health check
to fail and the service becomes unavailable.
For the commands to configure the different Health Checks, refer to "Health Check
Commands" on page 304.
Client Persistency
Persistency is a way to ensure that all traffic related to a given session and all
sessions of a given characteristic are served by the same server.
Client persistency is the persistency between many sessions for one client. Client
persistency ensures that all traffic from the client is directed to the same Real Server.
Client persistency is achieved either by using naturally persistent load balancing
schemes (such as Hash or MinMiss Hash), or by forcing persistent load balancing
decisions on non-persistent load balancing schemes (such as Round Robin).
Decision forcing is performed by storing the history of the latest decisions in a cache
for a limited time, and sending the packets to the appropriate server based on
previous load balancing decisions.
Regardless of the client persistency nature of the selected load balancing metric, the
P333R-LB offers a unique client persistency feature that is available in all load
balancing metrics. Client persistency is based on a "persistency cache". Load
balancing decisions are recorded in a persistency cache for a specified time
configured by the user. When a new session that matches an entry in the persistency
cache is processed by the P333R-LB, it is directed to the same server pointed by the
cache (provided, of course, that the server is considered healthy).
The key to the persistency cache is based on the client IP, in combination with a
wildcard. This allows persistency to be configured per an exact IP address, or per a
group of addresses. For instance, in cases where clients hide behind a NAT device
which selects NAT addresses from an address block of 255 addresses, enabling the
persistency cache with a wildcard of 0.0.0.255 will map all clients to a single entry
and a single Real Server.

Selecting a Load Balancing Metric and Persistency Option

The different load balancing metrics and persistency options provide you with
flexibility.
Round Robin generally gives you the best load balancing solution.
Hash, with the key set to Src IP, gives a predictable metric, required when client
persistency is needed and a redundant load balancer is used.
MinMiss Hash, with the key set to Src IP, gives the best persistency, without using
the persistency cache.
The persistency cache mechanism enables you to specify the required client
persistency time.
The wildcard feature allows the client to maintain persistency when the same client
is mapped to a different IP address by a NAT device. However, persistency cache
size is limited, and it somewhat increases the session processing overhead.
Port Re-mapping
The P333R-LB may be configured to re-map the destination port number when
performing load balancing. For example, you might want to run the HTTP process
on real servers using a different port number in order to enable more than one
concurrent HTTP service.
Note:
1. In the P333R-LB, a Real Server can belong to multiple server groups as long as the
groups are not running the same Virtual Service. If the groups are running the same
service (e.g., HTTP), port re-mapping should be used.
2. Port Re-mapping should not be used in conjunction with Triangulation.


Chapter 9
Application Redirection
This chapter provides information on Application Redirection (AR), and includes a
With the growing importance of the Internet as the organization's source of
information, normal operation of the LAN can be negatively impacted by
congestion on the network router to the Internet.
Since much of the information retrieved from the Web is either repeatedly requested
by a user or requested by multiple users, many organizations implement a local
caching mechanism to prevent unnecessary WAN traffic.
The problem with local caches is that they must be on the traffic path between the
client and the WAN router. As a result, all traffic, even non-cacheable traffic, passes
through them.
The P333R-LB’s AR redirects packets from their original destination to an
alternative server, based on AR configuration. Since redirecting Web requests to
local caches is the most common implementation of AR, it is also known as Cache
Redirection.
The AR feature can also be used for policy-based (source-based) routing. For full
details, see Policy-Based Routing (Source-Based Routing) on page 259.
Benefits
By redirecting client requests to a local cache or application server, you can increase
the speed at which clients access the information and free up valuable network
bandwidth.
AR for cache redirection provides the following benefits:
• Faster client access to information.
• Increased network bandwidth.
• Policy based routing.
• Only suitable traffic is directed to the local cache.
• Multiple caches can be connected and load-balanced.
• The redirection process is transparent to the client.
• Redundant caches can be configured.

Chapter 9 Application Redirection
How It Works
For AR to occur, the P333R-LB is positioned on the traffic route (instead of the local
cache) and redirects packets from their original destination (WAN access router) to
alternative cache servers. The redirection process involves the following steps:
1 Checks whether the packet characteristics complies with one of the defined
filter rules. The user has to configure rules in order to define which clients/
destinations are to be redirected to the cache applications.
2 Routes the packet to the cache server instead of the original destination (the
Web server).
3 The cache checks if it has the relevant information. If it does, it replies to the
client. If the cache does not have the information, it retrieves the information
from the real Web server, and then replies to the client.
The P333R-LB supports transparent caches. A transparent cache is a cache which is
capable of accepting packets not destined to its IP. The cache usually uses NAT in its
IP stack, so the higher layers can process packets not destined to the cache IP.
The following steps illustrate a classic example of what occurs during AR:
1 The user issues an HTTP request with its IP address as the source address and
the Web server's IP address as the destination address.
2 The P333R-LB routes the packet to the Web cache(s) (load balancing if needed),
but the packet still has the Web server's IP address as the destination IP address.
3 If the cache has the required page, the cache returns the page to the client with
the destination IP address of the client and the source IP address of the Web
server. If the cache does not have the required page, the Cache returns the
packet to the P333R-LB, and it is routed to the Web server.
4 On the way back from the Web server, P333R-LB routes the packet to the cache.
The cache updates itself with the new page, and returns the packet to the client.
In the Cache Redirection packet flow, there are two events that are in-
distinguishable on the IP level:
• When the packet arrives from the Client, the packet should be redirected to the
cache.
• When the packet arrives from the cache with the same addresses, the packet
should be routed to the WAN.
To address this issue, the P333R-LB uses different VLAN areas for the clients and
the cache. If a packet arrives to the P333R-LB from the client's VLAN, it is redirected
to the cache, and if it arrives from the server’s VLAN, it is routed to the WAN.

Configuration Examples
Application Redirection
The following figure illustrates an AR configuration.
Figure 9.1 Cache Redirection Configuration Example
Client Area
193.170.2.3
LAN 10.2.2.5
WAN
EdgeRouter
Server
10.4.1.3 10.2.2.3 Web Server

P333R-LB
10.1.1.3
VLAN 2
Server Area
Server Server
10.1.1.1 10.1.1.2
Local Web Cache Servers
Note:
1. The Cache Servers must not be on the local subnet of one of the P333R-LB’s local
subnets.
2. The clients must not reside on the cache’s subnet or VLAN.
following commands:

Router-1(configure)# hostname "P333R-LB"
P333R-LB-1(configure)# set vlan 2 name v2
Done!
Done!
Done!

Done!
Done!
Done!
Done!
P333R-LB-1(config-if:3)# ip vlan 2
Done!
P333R-LB-1(configure)# ip default-gateway 10.2.2.5
Done!
P333R-LB-1(configure)# set vlan-area 2 servers
Done!
P333R-LB-1(configure)# real-ar-server 10.1.1.1
Done!
P333R-LB-1(configure)# real-ar-server 10.1.1.2
Done!
P333R-LB-1(configure)# rsg cache-group
Done!
P333R-LB-1(config-rsg:cache-group)# type-id ar 1
Done!
P333R-LB-1(config-rsg:cache-group)# real-ar-server 10.1.1.1
Done!
P333R-LB-1(config-rsg:cache-group)# exit
P333R-LB-1(configure)# virtual-ar-service web-cache
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# id 1
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# application tcp 80
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# rsg cache-group

Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# exit
P333R-LB-1(configure)# ar-filter 1 any any 1
Done!

----------------
P333R-LB
----------------

!#
!# Set the hostname of the device
!#
hostname "P333R-LB"
!
interface "3"
ip vlan name "v2"
ip address 10.1.1.3 255.255.255.0
!
interface "2"
ip address 10.2.2.3 255.255.255.0
!
interface "1"
ip address 10.4.1.3 255.255.255.0
!
!
real-ar-server 10.1.1.1
!
!
rsg "cache-group"
type-id ar 1

!
virtual-ar-service "web-cache"
id 1
application tcp 80
rsg "cache-group"
!
ar-filter 1 any any 1
!
set vlan-area 2 servers
Combining Two Cache Applications on the Same Real Caches

Building on the fact that the P333R-LB allows for the same Real Servers to belong to
different Load Balancing applications (i.e. Application Redirection and Server Load
Balancing), it is possible to build a configuration that will implement transparent
caching and non-transparent proxy caching on the same physical machines (Figure
9.2).
In this case it is required that the caches working as non-transparent proxy caches
be configured as non-spoofing, i.e. caches that use their IP address as the source
address. This is as opposed to "Spoofing" caches which are capable of retaining the
characteristics of the incoming packet even when they forward the packet further
and keep the original Client IP address as the source address.
Figure 9.2 Two Cache Applications on the Same Real Caches
Client Area
193.170.2.3
LAN 10.2.2.5
WAN
10.4.1.3 EdgeRouter
Server
10.2.2.3 Web Server

P333R-LB
VIP = 10.4.1.1
10.1.1.3
VLAN 2
Server Area
Server Server
10.1.1.1 10.1.1.2
Local Web Cache Servers


!
interface "3"
ip vlan name "v2"
ip address 10.1.1.3 255.255.255.0
!
interface "2"
ip address 10.2.2.3 255.255.255.0
!
interface "1"
ip address 10.4.1.3 255.255.255.0
!
!
!
!
!
!
rsg "none-transparent-proxy-group"
type-id slb 1
!
rsg "transparent-proxy-group"
type-id ar 1
!

virtual-server "none-transparent-proxy-server"
id 1
vip 10.4.1.1
!
virtual-slb-service "tcp-8080"
id 1
application tcp 8080
rsg "none-transparent-proxy-group"
!
virtual-ar-service "transparent-proxy-server"
id 1
application tcp 80
rsg "transparent-proxy-group"
!
ar-filter 10 any 10.1.1.0 0.0.0.255 no-ar
ar-filter 20 any any "transparent-proxy-server"
!
set vlan-area 2 servers
In the example above, the same two Cache Servers are configured as Real Servers
for Server Load Balancing and for Application Redirection. Also, two Virtual
Services are configured: one is a SLB service for the non-transparent proxy cache
implementation and the second is an AR service for the transparent cache
implementation.
Traffic destined to the proxy cache, will be sent by the client to the VIP as the Dest.
IP address, and dealt by the SLB Virtual Service (i.e. the P333R-LB will NAT the
packets and send them to the Real Server based on the configured metrics). If the
packets have to be sent further to the Internet, the P333R-LB will receive the packets
with the Source IP address of the cache (since it is a non-spoofing cache) and route
them to the Edge Router. On the way back, the packet will be routed to the Real
Server (since its IP address is now the Dest. IP address) and the cache will send the
packet back to the client.
Traffic not destined to the proxy cache, will be sent with the Web Servers IP address
(193.170.2.3) as the Dest. IP address and will be dealt by the AR Virtual Service as
usual, based on the second rule of the "ar-filter" statement.

The reason for the first "ar-filter" statement (ar-filter 10 any 10.1.1.0 0.0.0.255 no-ar)
is as follows: both in the SLB and in the AR cases it might happen that the packet
has to be forwarded to the Web Server (if the required data is not in the cache). On
their way back we do not want packets coming from the Web Server to the cache in
response to the non-transparent proxy cache SLB function to be load-balanced
according to the AR service metric. To prevent this from happening, the first "ar-
filter" statement ensures that any packets destined to any of the Real Servers
(caches) will not be subject to Application Redirection but rather will be routed to
the correct Real Server.

Load Balancing Metrics

There are different methods, or metrics, that a P333R-LB can use to distribute traffic
among multiple cache servers. These metrics tell the router which cache server
should receive the next session.
AR uses the following metrics:
• Round Robin.
• Hash.
• MinMiss Hash.
The default metric for AR is MinMiss Hash on the destination IP.
parameters:
In addition, each of the metrics may be weighted. For full information on weighted
Real Servers, see Weighted Real Servers on page 256.
Round Robin
Using the Round Robin metric, new sessions are issued to each server in turn based
on the Real Server weight. The first Real Server in the group receives the first ‘n’
sessions, where ‘n’ is the Real Server weight. The second Real Server receives the
next ‘n’ sessions, and so on. When all the servers receive at least one session, the
issuing process starts over with the first Real Server.
Hash
Using the Hash metric, sessions are distributed to cache servers using a predefined
mathematical hash function. This hash function is created by a hash value,
performed on a specific parameter. The source and destination IP addresses are
used as the hash function input.
P333R-LB creates a list of all the currently available cache servers. The result of the
hash function is used to select a cache server from the list. Specific addresses always
produce the same hash function, providing natural persistency.
If a cache server is added or removed to the group, the persistency will be broken.
This occurs, since the order of the cache servers in the list changes, but the hash still
points to the same list entries. The following figure illustrates how a loss of
persistency occurs when a cache server becomes non-operational.


1 1
2 3
3 4
Server 2
4 1
1 3
Loss of
2 4
Server
1
Persistency
3
The same
Hash Function 4 3
Hash Function
pointing to Server 4 4
1 pointing to Server 1
2 1
3 3
When Cache Server 2 is removed from the group, the list of available cache servers
is readjusted, causing a lack of persistency. However, if Cache Server 2 becomes
operational again, the list of available cache servers is restored to its original order,
and persistency is recovered.
MinMiss Hash
The default metric parameter for MinMiss Hash in AR is the destination IP address.
MinMiss distributes sessions to cache servers in the same way as the Hash metric.
However, MinMiss Hash sustains persistency even when a cache server is removed
from the cache server group. When a cache server fails or is removed, the positions
of the other cache servers in the list do not change. Instead, the remaining cache
servers are redistributed to the list entries freed by the failing cache server. The
following figure illustrates how persistency is maintained even though a cache
server becomes non-operational.
1 1
2 1
3 3
Server 2
4 4
1 1 Persistency
2 3
Kept
3
Server
3 The same
Hash Function 4 Hash Function still 4
pointing to Server 4 pointing to Server 4 1
1
2 4
3 3
When Cache Server 2 is removed from the group, the list of available cache servers
is not readjusted. Only the list entries that are now empty are replaced with other
available cache servers. Therefore, persistency is sustained for all available cache
servers. If Cache Server 2 becomes operational again, the list of available cache
servers is recalculated so that the smallest number of cache servers is affected.

However, the list of cache servers is not restored to its original configuration. As a
result, persistency is only partially recovered.
Weighted Real Servers

You can assign weights to Real Servers (caches) to enable faster servers to receive a
larger share of sessions. This minimizes overloading and maximizes functionality
If you assign a weight to a Real Server, the sessions are distributed to the servers in
the same metric chosen (Hash or MinMiss Hash). However, weighted servers are
and do not assign a weight to a second server, the weighted server receives 10
sessions for each session directed to the second server.
Health Check
The P333R-LB constantly health-checks the Real Servers to ensure that each Real
Server (in this case, each server) is accessible and operational. A server that fails the
health check is automatically removed from the load balancer’s internal list of
currently available servers.
P333R-LB supports the following health-check methods:
• ICMP Echo - Each server is periodically pinged and checked if an answer was
received.
• TCP Port Checking - A TCP connection is periodically opened to every server,
• HTTP Server Checking - Useful for web applications, this method enables
verifying HTTP server functioning by comparing the response from the server
with a complete sample of the web page. The P333R-LB sends a request to the
HTTP server to simulate an outside request. The P333R-LB compares the
server’s response with the sample to ascertain the level that the HTTP server is
functioning. P333R-LB supports the following HTTP retrieving methods:
— Head - Retrieve only the HTTP headers without document body content.
This is the default method.
— Get - Retrieve all data from the HTTP server.
P333R-LB supports the following responses:
— Any response - P333R-LB assumes the server is functional when P333R-LB
receives any response.
— Any OK response - P333R-LB assumes the server is functional when the
server’s response is one of the HTTP OK responses (codes 201-204).
— Exact OK response - P333R-LB assumes the server is functional only when
P333R-LB receives the exact response expected (code 200). This is the
default method.

You can configure the following parameters:

— The port to access - if you do not configure a port, the default is in the
following order: the Virtual Service Real port, Virtual port, or port 80.
— HTTP Request type - GET or HEAD (default HEAD)
— HTTP version 1.0 or 1.1 (default 1.0)
— Domain Name (for HTTP 1.1 only)
Note: If you selected HTTP 1.1, you can specify a Domain Name to be used in the
Health Check query. If you don’t specify a Domain Name, the Real Server’s IP
address and the Real port is used.
— URL to access - up to 255 characters (default “/”)

— The expected response
— Expected response and type: Any Response, Any OK Response (HTTP
status code 2xx), or Exact OK Response (HTTP status code 200) - default
— Expected String - a string up to 255 characters for comparison with the
response
— Expected String Offset - An offset from the end of the TCP header (up to
1000 bytes) where the expected string should appear.
The P333R-LB searches for the expected strings only in the first HTTP
packet sent by the server as a response to the GET/HEAD request. If the
string search fails, use the show hc last response command to view
the received string and compare it with the expected string.
A successful HTTP Health Check is defined as one with both the expected
response and expected string valid, as well as a sucessful completion of the TCP
connection.
Note: In the HTTP Expected String Health Check script “\r\n” denotes “enter”.
Refer to page 240 for a sample HTTP Health Check configuration.

• Script Server Checking - Supported over TCP, this method verifies the
functioning of the server by running a script on the server. Script Health Check
enables you to build your own script to run on the Real Server, and return a
pre-defined response.
You configure a complete and explicit request header as well as the expected
response string with offset. The string’s limiting factors are:
— Maximum length of request header: 255 characters.
— Maximum length of response string: 255 characters.
— Maximum offset from end of TCP header: 1000 bytes.
P333R-LB compares the server’s reply with the expected reply you configured.

You need to verify that the configured request results in the configured expected
response. P333R-LB searches for the expected string only in the first packet sent
by the server as a response to the script query.
A successful Script Health Check is defined as one with a valid expected string,
as well as a sucessful completion of the TCP connection.
Note: In the Script Health Check query and expected-string “\r\n” denotes “enter”.
Refer to page 241 for a sample Script Health Check configuration.
Note: The default health check method for Application Redirection is Ping.
For the commands to configure the different Health Checks, refer to Health Check
Commands on page 304.

Client Persistency
Persistency is a way to ensure that all traffic related to a given session and all
sessions of a given characteristic are served by the same server.
Client persistency is the persistency between many sessions for one client. Client
persistency ensures that all traffic from the client is directed to the same Real Server.
Client persistency is achieved either by using naturally persistent load balancing
schemes (such as Hash or MinMiss Hash) or by forcing persistent load balancing
decisions on non-persistent load balancing schemes (such as Round Robin).
Decision forcing is performed by storing the history of the latest decisions in a cache
for a limited time, and sending the packets to the appropriate server based on
previous load balancing decisions.
Regardless of the client persistency nature of the selected load balancing metric, the
P333R-LB offers a unique client persistency feature that is available in all load
balancing metrics. Client persistency is based on a "persistency cache". Load
balancing decisions are recorded in a persistency cache for a specified time
configured by the user. When a new session that matches an entry in the persistency
cache is processed by the P333R-LB, it is directed to the same server pointed by the
cache (provided, of course, that the server is considered healthy).
The key to the persistency cache is based on the client IP, in combination with a
wildcard. This allows persistency to be configured per an exact IP address, or per a
group of addresses. For instance, in cases where clients hide behind a NAT device
which selects NAT addresses from an address block of 255 addresses, enabling the
persistency cache with a wildcard of 0.0.0.255 will map all clients to a single entry
and a single Real Server.
Policy-Based Routing (Source-Based Routing)

Using AR rules, you can configure your device to support Policy-Based Routing
according to the client IP. In this case, you can select your next Hop according to the
source IP configured on your device.

Selecting a Load Balancing Metric and Persistency Option

The different load balancing metrics and persistency options provide you with
flexibility.
Round Robin generally gives you the best load balancing solution.
MinMiss Hash with the key set to Src IP gives the best persistency, without using
the persistency cache.
The persistency cache mechanism enables you to specify the required client
persistency time.
The wildcard feature allows the client to maintain persistency when the same client
is mapped to a different IP address by a NAT device. However, persistency cache
size is limited, and it somewhat increases the session processing overhead.

Chapter 10
Redundancy
This chapter discusses the redundancy schemes of VRRP, SRRP, and additional
redundancy schemes (Real Server Group Backup and Real Server Backup).
VRRP
VRRP is an IETF protocol designed to support redundancy of routers on the LAN,
as well as load balancing of traffic. VRRP is transparent to host stations, making it
an ideal choice when redundancy, load balancing and ease of configuration are all
required.
The concept underlying VRRP is that a router can backup other routers, in addition
to performing its primary routing functions. Redundancy is achieved by
introducing the concept of a virtual router. A virtual router is a routing entity
associated with multiple physical routers. The routing functions of the virtual router
are performed by one of the physical routers with which it is associated. This router
is known as the master router.
For each virtual router, VRRP selects a master router. If the selected master router
fails, another router is selected as master router.
In VRRP, two or more physical routers can be associated with a virtual router, thus
achieving the extreme reliability inherent in the P333R-LB SAFER architecture.
In a VRRP environment, host stations interact with the virtual router. They are not
aware that this router is a virtual router, and they are not affected when a new
router takes over the role of master router. This makes VRRP fully interoperable
with every host station.
VRRP can be activated on an interface using a single command, while allowing for
the necessary fine-tuning of the many VRRP parameters. For a detailed description
of VRRP, refer to VRRP standards and published literature.
Introducing a Load Balancer into the network creates a single point of failure. As a
result, users will most likely want a backup implementation between two
P333R-LBs.
For FWLB, the my-ip parameter of the hc-ip command can also be an associated
IP address of a virtual router. In addition, the override addr owner parameter
of the ip vrrp command should be used.
For AR, at least two virtual routers should be configured: one for the client vlan area
and the other for the server vlan area. The servers should be configured with the
VRRP IP as their default gateway. In addition, the clients should be configured with
the VRRP IP as their default gateway. The same physical router should be the

Chapter 10 Redundancy
master of all the virtual routers, using the priority command if necessary.
For SLB, a modification to VRRP is necessary. In this case, you need to backup the
VIP (in addition to a routing interface of the router). An interface on the VIP’s
subnet still has to be configured. The VIP will be configured as the Associated IP of
the VRRP.
Note: When two P333R-LBs are connected in a VRRP pair with Full NAT configured
on both, you need to configure different PIP address ranges for each P333R-LB.
VRRP Commands
The following table displays the VRRP Commands:
Table 10.1 VRRP Commands
Command Page
show ip vrrp 263
show ip vrrp detail 263
router vrrp 265
ip vrrp 265
ip vrrp address 265
ip vrrp timer 266
ip vrrp priority 266
ip vrrp auth-key 267
ip vrrp preempt 267
ip vrrp primary 267
ip vrrp override addr owner 268

User Mode
show ip vrrp Command

Use the show ip vrrp command to display VRRP information.

show ip vrrp [<if-name> [router-id <vr-id>]]
if-name Filter by interface name.
router-id Filter by virtual router ID.
vr-id The virtual router ID.
detail Provide detailed information.
Output Example:
Router-1> show ip vrrp
VRRP is globally enabled
VLAN VRID IP Address Pri Timer State Since
------ ------ --------------- ---- ------- --------- -----------
1 1 192.168.66.23 255 1 MASTER 00:00:00
1 2 192.168.66.24 100 1 BACKUP 00:00:00
show ip vrrp detail Command

Use the show ip vrrp detail command to display full VRRP-related
information

show ip vrrp detail
detail Show full detail information
Output Example:
Router-1> show ip vrrp detail
VRRP is globally enabled
Virtual Router on VLAN: 1
Router-id: 1
State: MASTER
Priority: 255
Advertisement Interval: 1

Last State Change: 00:00:00

Override Address Ownership Rule: No
Authentication Type: None
Authentication Key: ""
Master IP Address 192.168.66.23
Has 1 IP addresses
IP addresses:
192.168.66.23
Primary IP Address: 192.168.66.23
Primary IP Address was chosen by default
Preemption Mode: enabled
# of times Master: 2
# of received Advertisements: 0
# of transmitted Advertisements: 20
# of received Advertisements with Security Violations: 0
Virtual Router on VLAN: 1
Router-id: 2
State: BACKUP
Priority: 100
Advertisement Interval: 1
Last State Change: 00:00:00
Override Address Ownership Rule: No
Authentication Type: None
Authentication Key: ""
Master IP Address 0.0.0.0
Has 1 IP addresses
IP addresses:
192.168.66.24
Primary IP Address: 192.168.66.23
Primary IP Address was chosen by default
Preemption Mode: enabled
# of times Master: 1
# of received Advertisements: 0
# of transmitted Advertisements: 13
# of received Advertisements with Security Violations: 0

Configure Mode
router vrrp Command

Use the router vrrp command to enable VRRP routing globally. Use the no
form of this command to disable VRRP routing.
Note: You cannot activate both VRRP and SRRP protocols at the same time.

[no] router vrrp
Interface Mode
ip vrrp Command
Use the ip vrrp command to create a virtual router on the interface. Use the no
form of this command to delete a virtual router.

[no] ip vrrp <vr-id>
vr-id Virtual Router ID (1-255)
Example:
Router-N(config-if:marketing)# ip vrrp 1
ip vrrp address Command

Use the ip vrrp address command to assign an IP address to the virtual
router. Use the no form of this command to remove an IP address from a virtual
router.

[no] ip vrrp <vr-id> address <ip-address>
ip-address The IP address to be associated with the virtual

router.

Example:
To associate address 10.0.1.2 with virtual router 1:
Router(config-if:marketing)# ip vrrp 1 address 10.0.1.2
ip vrrp timer Command

Use the ip vrrp timer command to set the virtual router advertisement timer
value (in seconds) for the virtual router ID. Use the no form of this command to
restore the default value.
The syntax for this command is: [no] ip vrrp <vr-id> timer <value>
value The advertisement transmit time (seconds).
Example:
To set the virtual router advertisement timer value for virtual router 3 to 2:
Router-N(config-if:marketing)# ip vrrp 3 timer 2
ip vrrp priority Command

Use the ip vrrp priority command to set the virtual router priority value
used when selecting a master router. Use the no form of this command to restore
the default value.

[no] ip vrrp <vr-id> priority <pri-value>
pri-value The priority value. The range is 1-254.
Example:
To set the priority value for virtual router 1 to 10:
Router-N(config-if:marketing)# ip vrrp 1 priority 10

ip vrrp auth-key Command

Use the ip vrrp auth-key command to set the virtual router simple password
authentication for the virtual router ID. Use the no form of this command to disable
simple password authentication for the virtual router instance.

[no] ip vrrp <vr-id> auth-key <key-string>
key-string Simple password string.
ip vrrp preempt Command

Use the ip vrrp preempt command to configure the router to preempt a lower
priority master for the virtual router ID. Use the no form of this command to disable
preemption for the virtual router instance. By default, preemption is enabled.

[no] ip vrrp <vr-id> preempt
Example:
Router-N(config-if:marketing)# ip vrrp 1 preempt
ip vrrp primary Command

Use the ip vrrp primary command to set the primary address that shall be
used as the source address of VRRP packets for the virtual router ID. Use the no
form of this command to return to the default primary address for the virtual router
instance. By default, the primary address is selected automatically by the device.

[no] ip vrrp <vr-id> primary <ip-address>
ip-address Primary IP address of the virtual router. This address

should be one of the router addresses on the VLAN.

Example:
ip vrrp 1 primary 192.168.66.23
ip vrrp override addr owner Command

Use the ip vrrp override addr owner command to accept packets
addressed to the IP address(es) associated with the virtual router, such as ICMP,
SNMP, and TELNET (if it is not the IP address owner). The ip vrrp override
addr owner command also should be used in FWLB configurations when VRRP
is needed.
Use the no form of this command to discard these packets.

[no] ip vrrp <vr-id> override addr owner
Example:
Router-N(config-if:marketing)# ip vrrp 1 override addr owner

Configuration Example
The following figure illustrates a VRRP configuration according to SLB.
Figure 10.1 SLB - VRRP Configuration Example
Real Server 1
193.170.1.1 10.1.1.10 10.1.1.1
Server
193.170.1.4 P333R-LB1
Real Server 2
WAN P333R-LB2 10.1.1.2
VIP=193.170.1.3 Server
Edge Router
Real Server 3
193.170.1.2 10.1.1.11 10.1.1.3
Server
RSG
server-group

--------------
P333R-LB1
--------------
hostname "MASTER"
!
router vrrp
!
interface "1"
ip address 193.170.1.1 255.255.255.0
!
interface "2"
ip address 10.1.1.10 255.255.255.0
ip vrrp 1
ip vrrp 1 address 10.1.1.10
ip vrrp 2
ip vrrp 2 priority 254
!


!
!
!
!
rsg "server-group"
type-id slb 1
!
id 1
vip 193.170.1.3
!
id 1
application tcp 80
rsg "server-group"
--------------
P333R-LB2
--------------
hostname "BACKUP"
!
router vrrp
!
interface "1"
ip address 193.170.1.2 255.255.255.0
!
interface "2"

ip address 10.1.1.11 255.255.255.0

ip vrrp 1
ip vrrp 2
!
!
!
!
!
rsg "server-group"
type-id slb 1
!
id 1
vip 193.170.1.3
!
id 1
application tcp 80
rsg "server-group"

SRRP
P333R-LB SRRP redundancy capabilities provide automatic backup Layer 3
switching for IP stations. P333R-LB units can be configured to back each other up so
that if one fails the other will take over its forwarding functions. The backup P333R-
LB is not idle. As long as both P333R-LB units are functional, traffic is shared
between them. The P333R-LB modules can be in the same P330 stack or in different,
connected, P330 stacks. The P333R-LB can back up another P333R-LB unit or any
other router.
A P333R-LB unit configured to back up another unit monitors the other’s status by
polling it at configured intervals, and automatically detects when the other router
fails and when it becomes functional again. When detecting a failure, the backup
P333R-LB sends a gratuitous ARP message that causes all stations to send their IP
traffic to the backup P333R-LB MAC address instead of the failed unit MAC
address. As long as it is an active backup resulting from the failure of the main unit,
the backup P333R-LB answers ARP requests for the main unit, providing its own
MAC address.
SRRP Commands
The following table displays the SRRP Commands:
Table 10.2 SRRP Commands
Command Page
show ip srrp 273
router srrp 273
ip srrp backup 275
poll-interval 274
timeout 274

User Mode
show ip srrp Command

Use the show ip srrp to display the SRRP configuration and status.

show ip srrp
Output Example:
Router-1(super)# sh ip srrp
Admin status Oper State Poll interval Timeout
------------ ---------- ------------- -------
DISABLE INACTIVE 1 12
Showing 2 rows
Intf IP addr Main router addr Status

--------------- ---------------- ------
10.1.1.1 0.0.0.0
149.49.70.1 149.49.70.5
Configure Mode
router srrp Command

Use the router srrp command to configure SRRP options, activate SRRP and
enter the SRRP configuration mode. The no form of this command disables it
globally. The default is disabled.
Note: You cannot activate both VRRP and SRRP protocols at the same time.

[no] router srrp

Router-SRRP Mode
poll-interval Command
Use the poll-interval command to configure the polling interval in seconds
used by SRRP. Use the no form of this command to return to the default polling
interval of 1 second.

[no] poll-interval <poll interval>
poll interval An integer (in seconds)
Example:
Router-N(configure router:srrp)# poll-interval 4
timeout Command
Use the timeout command to configure the timeout (in seconds) after which
SRRP declares the main router dead if it does not reply to polling.
Use the no form of this command to return to default timeout interval of 12
seconds.

[no] timeout <timeout>
timeout An integer (in seconds)
Example:
Router-N(configure router:srrp)# timeout 6
Note: The timeout should be at least twice as long as the interval.

Interface Mode
ip srrp backup Command

Use the ip srrp backup to backup an additional interface of the main router
using the SRRP application. If the main router fails, the P333R-LB takes over its
activities on all configured interfaces.

ip srrp backup <main router addr>
main router addr IP address of the interface
Example:
Router-N(config-if:marketing)# ip srrp backup 192.168.50.11

Additional Redundancy Schemes

Besides VRRP and SRRP, the P333R-LB implements two additional redundancy
schemes:
• Real Server Group Backup.
• Real Server Backup.
Real Server Group Backup

You can configure a Real Server Group (RSG) to serve as a backup for a primary
RSG implementing a Virtual Service. You can configure an RSG to backup one or
more primary RSGs.
An RSG can backup a primary RSG, but not a backup RSG. In addition, you cannot
have two RSGs backing up each other.
A backup RSG can run a different Virtual Service than the primary RSG while
supplying backup to all services of the primary RSG.
The backup RSG is not used for the primary RSG’s services until all the Real Servers
in the primary RSG are down. When backup is implemented, the backup RSG runs
the primary RSG’s service in addition to its own services.
When the primary RSG has recovered, it resumes operation. Ongoing sessions
continue going to the backup RSG until they are completed. In addition, in order to
maintain persistency, new sessions might open to the backup RSG.
RSG Backup Configuration Example

The following figure illustrates an RSG Backup configuration.
Figure 10.2 RSG Backup Configuration Example
Real Server 4 Real Server 5 Real Server 6

10.5.1.3 10.5.1.4 10.5.1.5
Backup RSG
Server
Server
Server
Real Server 1
10.1.1.1
Server
10.5.1.2
Real Server 2
WAN 10.1.1.2
Server
193.170.1.2 193.170.1.1 10.1.1.10

Edge Router P333R-LB Real Server 3
VIP=193.170.1.3 10.1.1.3
Server
RSG
server-group


Figure 10.2:
-------------
P333R-LB
-------------
hostname "P333R-LB"
!
interface "2"
ip address 10.1.1.10 255.255.255.0
!
interface "3"
ip address 10.5.1.2 255.255.255.0
!
interface "1"
ip address 193.170.1.1 255.255.255.0
!
!
!
!
!
!
!
!
rsg "backup-group"
type-id slb 1

!
rsg "server-group"
type-id slb 2
!
rsg "server-group"
backup 1
!
id 1
vip 193.170.1.3
!
id 1
application tcp 80
rsg "server-group"

Real Server Backup

You can configure a Real Server to serve as a backup for one or more primary Real
Servers in a Real Server Group.
As with RSG, a Real Server can backup a primary Real Server but not a backup Real
Server. In addition, you cannot have two Real Servers backing up each other.
Unlike a backup RSG, a backup Real Server cannot provide another service while
supplying backup to the primary Real Server. Although the backup Real Server will
be completely dormant while the primary Real Server is active, its Health will be
periodically checked.
A backup Real Server will not be used until the primary Real Server is down.
Note: A backup Real Server cannot be a part of an RSG.
When the primary Real Server has recovered, it will resume operation and begin to
receive new sessions. Ongoing sessions will continue going to the backup Real
Server until they are completed. In addition, to keep persistency, new sessions
might open to the backup Real Server.
Real Server Backup Configuration Example

The following figure illustrates a Real Server Backup configuration.
Figure 10.3 Real Server Backup Configuration Example
Backup Real Server Real Server 1

10.5.1.3 10.1.1.1
Server
Server
10.5.1.2
Real Server 2
WAN 10.1.1.2
Server
193.170.1.2 193.170.1.1 10.1.1.10

Edge Router P333R-LB Real Server 3
VIP=193.170.1.3 10.1.1.3
Server
RSG
server-group


Figure 10.3:
----------------
P333R-LB
----------------
hostname "P333R-LB“
interface "2"
ip address 10.1.1.10 255.255.255.0
!
interface "3"
ip address 10.5.1.2 255.255.255.0
!
interface "1"
ip address 193.170.1.1 255.255.255.0
!
!
!
backup 10.5.1.3
!
backup 10.5.1.3
!
backup 10.5.1.3
!
rsg "server-group"
type-id slb 1

!
id 1
vip 193.170.1.3
!
id 1
application tcp 80
rsg "server-group"


Chapter 11
Policy
This chapter discusses policy. Policy commands are used when working with policy
lists and policy rules.
Policy – Quality of Service (QoS)

The P333R-LB supports QoS by using multiple priority levels and IEEE 802.1p
priority tagging to ensure that data and voice receive the necessary levels of service.
The P333R-LB can enforce policy on routed packets (per packet), according to four
criteria:
• The IEEE 802.1p priority tag in the incoming packet.
• The Diff-Serv byte (TOS field) in the IP header of the incoming packet.
• Matching the packet’s source or destination IP address to the configured
priority policy.
• Whether the packet source or destination TCP/UDP port number falls within a
pre-defined range.
Since the P333R-LB is a multilayer switch, it can enforce centralized network
policies using Lucent’s RealNet Rules central policy management application.
Policy – Access Control

The P333R-LB supports Access Control policy. The P333R-LB uses policy lists
containing both Access Control rules and QoS rules. The policy lists are ordered by
rule indexing. Access Control rules define how the P333R-LB should handle routed
packets. There are three possible ways to handle such packets:
• Forward the packet (Permit operation)
• Discard the packet (Deny operation)
• Discard the packet and notify the management station (Deny and Notify)
The P333R-LB can enforce Access Control policy on each routed packet, according
to the following criteria:
• Matching the packet's source or destination IP address to the configured Access
Control policy.
• Determine if the packet source or destination TCP/UDP port number falls
within a pre-defined range.
• Using the ACK bit of the TCP header.
The P333R-LB access control rules are set-up using the Command Line Interface and
Avaya’s CajunRules central policy management application.

Chapter 11 Policy
Scope
The P333R-LB can enforce policy rules on traffic addressed to its interfaces.
This feature allows the user to block any configuration (e.g. SNMP, TELNET, and
HTTP) of the router/load balancer.
Default List Behavior

The P333R-LB has a default list which is always active.
The default list has one implicit rule permitting all traffic to be forwarded.
The DSCP table of the default list is activated together with the default list, and
includes the default DSCP-CoS mappings.
Policy and Load Balancing

The P333R-LB can enforce policy rules relating to Virtual IP addresses and to the
original Client IP. The P333R-LB can not enforce policy rules relating to PIP
addresses.
When a packet destined to a Virtual IP address is processed by the P333R-LB, it
checks the packet against the active policy list before any NAT manipulation is done
on the packet. On the way back from the real servers, the packet is checked against
the active policy list after NAT was performed.
P333R-LB Policy Properties

The P333R-LB supports Quality of Service and Access Control rules pertaining to
source IP addresses, destination IP addresses, any IP protocol, any specific TCP/
UDP port, and the ACK bit of the TCP header. It also supports Quality of Service
rules on up to 3 port-ranges of TCP/UDP.
Policy Commands
Overview
The following table displays the Policy commands:
Table 11.1 Policy Commands
Command Page
show access-group 286
show ip access-lists 286

Chapter 11 Policy
Table 11.1 Policy Commands
show ip access-list-dscp 287
show dscp 287
ip access-group 288
ip access-default action 290
ip access-list 289
ip access-list-name 290
ip-access-list-owner 290
ip access-list-cookie 291
ip access-list-copy 291
ip access-list-dscp operation 292
ip access-list-dscp trust 292
ip access-list-dscp precedence 292
ip access-list-dscp name 293
ip access-list-scope 293
ip simulate 294
validate-group 294
set qos policy-source 295

Chapter 11 Policy
User Mode
show access-group command

Use the show access-group to see information about the configured active access
list.

show access-group
Example:
Router-N> show access-group
access-group 100
show ip access lists Command

Use the show ip access-lists command to see all the current policy lists.

show ip access-lists
Output Example:
Router-N> show ip access-lists
Router-1(super)# sh ip access-lists
The current policy source is local
default List (0) parameters

List 0 is validated - the List was not changed since the last
validation
List 0 is valid
List 0 scope is forward
default action for list 0 is permit
List 100 is not validated - the List was changed since the last
validation
List 100 status is unknown(0)
List 100 scope is forward
ip access-list 100 25 fwd5 ip
any
any range 20 21
default action for list 100 is permit

Chapter 11 Policy
show ip access-lists-dscp Command

Use the show ip access-lists-dscp command to see the DSCP table of a
given policy list.

show ip access-list-dscp [<policy-list-number>] [<dscp>]
<policy-list-number> integer (100..199, 0 - default list)

<dscp> dscp entry (0 - 63)
Example:
Router-N>show ip access-list-dscp 101 63
show dscp Command

Use the show dscp command to see the DSCP table (of the default list).

Show dscp

Chapter 11 Policy
Output Example:
Router-N> show dscp
Router-1(super)# sh dscp
set qos trust trust-dscp
DSCP table validity status: Valid
DSCP Action Precedence ApplicStatus ApplicType Name
---- ------------ ---------- ------------ ------------ ----------
0 fwd0 mandatory applicable static DSCP #0.0
Configure Mode
ip access-group Command
Use the ip access-group command to activate a specific policy list. To
deactivate the policy list, use the no version of this command.

[no] ip access-group <policy-list-number>[<default-action>]
<priority-list-number> integer (100..199)

<default-action> default-action-deny|default-action-permit
Example:
Router-N>ip access-group 101

Chapter 11 Policy
ip access-list Command
Use the ip access-list command to create a specific policy rule. This
command defines a policy rule. The access list contains several of these rules. Each
rule pertains to the source IP address, the destination IP address, the protocol, the
protocol ports (if relevant), and to the ACK bit (if relevant).

[no] ip access-list <access-list-number> <access-list-index>
<command> <protocol> {<source-ip>
<source-wildcard> | any |host
<source-ip>}[<operator> <port> [<port]]
{<destination-ip> <destination-
wildcard>|any |host
<destination-ip>}[<operator> <port>
[<port>]][established] [precedence]
<access-list-number> integer (100..199)
<access-list-index> integer (1...9999)
<command> permit | deny | deny-and-notify | fwd0-7
<protocol> ip | tcp | udp | integer (1..255)
<source-ip> ip network
<source-wildcard> ip network wildcard
<operator> eq | lt | gt | range
<port> integer (1..65535)
<destination-ip> ip network
<destination-wildcard> ip network wildcard
<precedence> mandatory | optional]
Example:
Router-N>ip access-list 101 23 deny ip any
1.2.0.0 0.0.255.255
To delete a specific rule, use the no form of this command.

Chapter 11 Policy
ip access-default-action Command
Use the ip access-default-action command to set the default action for a
specific policy list.

ip access-default-action <policy-list-number> <default-
action>
<policy-list-number> integer (100..199)

<default-action> default-action-deny|default-action-permit
Example:
Router-N>ip access-default-action 101 default-action-deny
ip access-list-name Command
Use the ip access-list-name command to set a name for a policy list.

ip access-list-name <policy-list-number> <name>

<name> list name
Example:
Router-N>ip access-list-name 101 morning
ip access-list-owner Command
Use the ip access-list-owner command to set the owner for a specific policy
list.

ip access-list-owner <policy-list-number> <owner>

<owner> list owner

Chapter 11 Policy
Example:
Router-N>ip access-list-owner 101 admin
ip access-list-cookie Command
Use the ip access-list-cookie command to set the list cookie for a specific
policy list.

ip access-list-cookie <policy-list-number> <cookie>

<cookie> integer
Example:
Router-N>ip access-list-owner 101 12345
ip access-list-copy Command
Use the ip access-list-copy command to copy a configured source policy
list to a destination policy list.

ip access-list-copy <source-list> <destination-list>
<source-list> integer (100..199)

<destination-list> integer (100..199)
Example:
Router-N>ip access-list-copy 100 101

Chapter 11 Policy
ip access-list-dscp operation Command

Use the ip access-list-dsc operation command to set a dscp to action.

ip access-list-dscp operation <policy-list-number> <dscp>
<action>
<dscp> range of dscp
<action> action name
Example:
Router-N>ip access-list-dscp operation 101 9-16 fwd3
ip access-list-dscp trust Command

Use the ip access-list-dsc trust command to set a dscp trust.

ip access-list-dscp trust <policy-list-number> {untrusted |
trust-cos | trust-dscp | trust-cos-dscp}
Example:
Router-N>ip access-list-dscp trust 101 trust-dscp
ip access-list-dscp precedence Command

Use the ip access-list-dsc precedence command to set a dscp
precedence.

ip access-list-dscp precedence <policy-list-number> <dscp>
<precedence>
<dscp> DSCP entry (0-63)
<precedence> mandatory | optional

Chapter 11 Policy
Example:
Router-N>ip access-list-dscp precedence 101 16 mandatory
ip access-list-dscp name Command

Use the ip access-list-dsc name command to set a dscp name.

ip access-list-dscp name <policy-list-number> <dscp> <name>
<dscp> DSCP entry (0-63)
<name> entry name
Example:
Router-N>ip access-list-dscp name 101 16 “special”
ip access-list-scope Command
Use the ip access-list-scope command to set the scope of a policy list.

ip access-list-scope <policy-list-number> <scope-value>
<scope-value> {forward | forward-control}

forward - The rule should apply to routed
packets only.
forward-control - The rule should also apply to
packets destined to the router interface.
Example:
Router-N>ip access-list-scope 101 forward

Chapter 11 Policy
ip simulate Command
Use the ip simulate command to check the policy for a simulated packet. The
command contains the addressed list number, and the packet parameters.

ip simulate <access-list-number> [<priority>] [<dscp-
value>]<source> <destination> [<protocol> [<source port>
<destination port> [<established>]]]
access-list-number integer (100..199)

priority fwd0 | fwd1 | .. | fwd7
dspc value dscp0 | dscp1 | .. | dscp63
source source ip address
destination destination ip address
protocol ip | tcp | udp | integer (1..255)
source port integer (1..65535)
destination port integer (1..65535)
established
Example:
Router-N>ip simulate 100 192.67.85.12 193.76.54.25
validate-group Command
Use the validate-group command to verify that all the rules in a priority list
are valid.
If there is a configuration problem with a specific rule, or with a number of rules,
detailed error messages will be given.

validate-group <policy-list-number>[quiet]
quiet - does not display error messages
Example:
Router-N(configure)# validate-group 101

Chapter 11 Policy
set qos policy-source Command

Use the set qos policy-source command to set the policy source. The default
policy source is policy-server.
Note: Before configuring the IP access list, you must change the policy source mode
to local.

set qos policy-source <source>
<source> - local | policy-server
Example:
Router-N(configure)# set qos policy-source local

Chapter 11 Policy

Chapter 12
Load Balancing Command Reference

This chapter provides all load balancing CLI commands, parameters and their
default values. Not all groups, parameters and commands are available when the
Avaya P330 boots up from its INIT software.
You can use the load balancing commands available from the Router-N # prompt.
To do this:
1 Log in.
2 Type session router.
Note:
1. All commands must be performed in either configure or super mode, unless
otherwise specified. To enter configure mode, for example, type configure.
2. You can use all show commands in user mode.
3. To exit a context mode, type exit.

Chapter 12 Load Balancing Command Reference
How the Commands are Organized

The load balancing commands are organized according to command groups.
Table 12.1 Load Balancing Command Groups
Command Group Page
ar-filter 299
lb-control 301
hc 304
pip 312
real-ar-server 313
real-slb-server 318
real-bridging-fw 324
real-routing-fw 330
rsg 336
set 341
show 342
virtual ar-service 357
virtual fw-service 365
virtual-server 374
virtual-server virtual-slb-service 377

AR-Filter Commands
This section illustrates the ar-filter commands.
ar-filter Command
Use the ar-filter command to create an Application Redirection (AR) filter.

ar-filter <id>
{<source-ip> <source-wildcard> | any | host <source-ip}
{<destination-ip> <destination-wildcard> | any | host
<destination-ip}
<vSrvc> [<uni-directional | bi-directional>]
id The identification number, an integer from 1 to 1024.
source-ip The client IP address.
source-wildcard The client IP network wildcard.
destination-ip The server IP address.
any Any IP address.
destination- The server IP network wildcard.

wildcard
vSrvc Name (up to 32 characters), service ID (an integer

from 1 to 1024), or "no-ar".
uni-directional The ar-filter will be applied in the direction from the

source to the destination.
bi-directional The ar-filter will be applied in both directions.
Examples:
Router-N(configure)# ar-filter 1 10.1.1.1 0.0.0.128 any Vsrvc1
Router-N(configure)# ar-filter 2 host 10.1.1.1 10.2.2.2
0.0.0.128 3 uni-directional

ar-filter-admin-status Command
Use the ar-filter-admin-status command to enable or disable the
administrative status of an AR filter.

ar-filter-admin-status <id> <enable | disable>
id The identification number of the AR filter, an integer

from 1 to 1024.
enable Set administrative status of an AR filter to enable.
disable Set administrative status of an AR filter to disable.
Example:
Router-N(configure)# ar-filter-admin-status 1 disable

LB Control Commands
This section illustrates the lb control commands.
lb control ar Command
Use the lb control ar command to enable Application Redirection (AR).

lb control ar
Example:
Router-N(configure)# lb control ar
no lb control ar Command
Use the no lb control ar command to disable AR.

no lb control ar
Example:
Router-N(configure)# no lb control ar
lb control fwlb Command

Use the lb control fwlb command to enable Firewall Load Balancing (FWLB).

lb control fwlb
Example:
Router-N(configure)# lb control fwlb
no lb control fwlb Command

Use the no lb control fwlb command to disable FWLB.

no lb control fwlb
Example:
Router-N(configure)# no lb control fwlb

lb control precedence Command

Use the lb control precedence command to set the precedence between
applications, meaning, which application should be performed to a packet if it
matches two applications. The lb control precedence command is applicable
if the packet can be routed using Server Load Balancing (SLB) and AR.

lb control precedence <precedence-relation>
Where <precedence-relation> is <ar-prior-to-slb | slb-prior-
to-ar>
ar-prior-to-slb The default, redirection can be applied on packets

that should be server-load-balanced. If such a packet
comes from the clients-vlan-area and it matches a
redirection rule, it will be redirected. If the same
packet will arrive from the vlan-area of AR real-
servers, it will be load-balanced. This allows load
balanced packets to first go through the AR real-
servers, and afterwards be load-balanced as SLB
packets.
slb-prior-to-ar Cache redirection will never be applied on SLB

packets.
Example:
Router-N(configure)# lb control precedence ar-prior-to-slb
lb control slb Command

Use the lb control slb command to enable Server Load Balancing (SLB).

lb control slb
Example:
Router-N(configure)# lb control slb

no lb control slb Command

Use the no lb control slb command to disable SLB.

no lb control slb
Example:
Router-N(configure)# no lb control slb

Health Check Commands

To configure a Health Check for a Virtual Service:
1 Use the appropriate hc command to create/enter a Health Check context.
2 For a new Health Check, enter the hc-id of the service to set the index
number for the Health Check service.
3 Use the remaining hc commands to finish defining the Health Check. The
remaining Health Check commands are performed in the specific Health Check
context configured, depending on the Health Check type chosen.
4 Within the Virtual Service context, choose an index number of one of the Health
Checks created.
hc ping Command
Use the hc ping command to configure a Ping Health Check.

hc ping <hc-id>
hc-id The index number of the Health Check, an integer up

to 32.
Example:
Router-N(super)# hc ping 12
hc tcp-connect Command
Use the hc tcp-connect command to configure a TCP Health Check.

hc tcp-connect <hc-id> [<port>]

to 32.
port The port number used to open a TCP session, an

integer between 0 and 65535.
Example:
Router-N(super)# hc tcp-connect 16 80

hc http Command
Use the hc http command to create/enter the HTTP Health Check context.

hc http <hc-id>

to 32.
Example:
Router-N(super)# hc http 7
hc http port Command

Use the port command to set the HTTP Health Check port. The no port
command sets this to the default value and the Virtual Service port is used. You
achieve the same result by not entering the port command with no port number, or
with port number 0.

port <port number>
port number The port number used to open an HTTP session, an

integer from 0 - 65535.
Example:
Router-N(super-hc-http:7)# port 65
hc http version Command

Use the version command to set the HTTP Health Check version. The no
version command sets this to the default value.

version <1.0|1.1>
1.0 Sets the version number for the Health Check to 1.0
(default).
1.1 Sets the version number for the Health Check to 1.1.
Example:

Router-N(super-hc-http:7)# version 1.1
hc http method Command

Use the method command to set the HTTP Health Check method. The no
method command sets this to the default value.

method <get|head>
get Sets the method for the Health Check to GET - to

retrieve all data from the server.
head Sets the method for the Health Check to HEAD -

retrieves only the HTTP headers without the
document body. This is the default.
Example:
Router-N(super-hc-http:7)# method get
hc http url Command

Use the url command to set the HTTP Health Check URL. The no url
command sets this to the default value ("/").

url <url>
url The URL for the Health Check to retrieve from the
server - a string up to 255 characters.
Example:
Router-N(super-hc-http:7)# url /index.html
hc http success-response Command

Use the success-response command to set the HTTP Health Check success
response. The no success-response command sets this to the default value.


success-response <any-response|any-ok|exact-ok|>
any-response The server is considered functional when any

response is received.
any-ok The server is considered functional when the server’s

response is one of the OK responses (return codes
201-204).
exact-ok The server is functional only when the exact response

expected is received (return code 200). This is the
default.
Example:
Router-N(super-hc-http:7)# success-response any-ok
hc http domain Command

Use the domain command to set the HTTP Health Check domain. The no
domain command clears the domain. This command is for HTTP 1.1 only.

domain <domain>
domain The domain name for the Health Check to retrieve

from - a string up to 255 characters.
Example:
Router-N(super-hc-http:7)# domain www.avaya.com
Note: To define a name that includes spaces, enclose the entire name in quotation
marks (e.g. "new york").
hc http expected-string Command

Use the expected-string command to set the HTTP Health Check expected
response string. The no expected-string command sets this to the default
value (no string).


expected-string <string>
string The string containing the expected response for the

Health Check to compare the response from the
Example:
Router-N(super-hc-http:7)# expected-string <HTML><HEAD>
hc http expected-string-offset Command

Use the expected-string-offset command to set the HTTP Health Check
expected string offset from the end of the Layer 4 Header. The no expected-
string-offset command sets this to the default value.

expected-string-offset <offset>
offset The offset of the Health Check’s expected string - an

Example:
Router-N(super-hc-http:7)# expected-string-offset 5
hc script Command
Use the hc script command to create/enter the Script Health Check context.

hc script <hc-id>

to 32.
Example:
Router-N(super)# hc script 3
hc script port Command

Use the port command to set the Script Health Check port. The no port
command sets this to the default value (the Virtual Service port). You achieve the

same result by not entering the port command with no port number, or with port
number 0.

port <port number>
port number The port number used to run a script, an integer from
0 - 65535.
Example:
Router-N(super-hc-script:5)# port 34
hc script query Command

Use the query command to set the Script Health Check query to be executed on
the Real Server. The no query command disables this function.

query <query-text>
query-text A string up to 255 characters.
Example:
Router-N(super-hc-script:5)# query "GET /index.html HTTP/
1.1\r\nHOST:149.49.1.1\r\n"
Note: To define a name that includes spaces, enclose the entire name in quotation
marks (e.g. "new york").
hc script expected-string Command

Use the expected-string command to set the Script Health Check expected
response string. The no expected-string command disables this function.

expected-string <string>
string The string containing the expected response for the

Health Check to compare the response from the

Example:
Router-N(super-hc-script:5)# expected-string <HTML><HEAD>

hc script expected-string-offset Command

Use the expected-string-offset command to set the Script Health Check
expected string offset from the end of the Layer 4 Header. The no expected-
string-offset command sets this to the default value.

expected-string-offset <offset>
offset The offset of the Health Check’s expected string - an

Example:
Router-N(super-hc-script:5)# expected-string-offset 7

Proxy IP (PIP) Commands

To configure a Proxy IP (PIP) for a Virtual Service:
1 Use the pip-bank command to create/enter the PIP context.
2 For a new PIP, enter the bank-id of the PIP to set the index number for the
PIP.
3 Use the pip address command to finish defining the PIP.
4 Within the Virtual Service context, choose an index number of one of the PIPs
created.
pip-bank Command
Use the pip-bank command to configure a PIP.

pip-bank <bank-id>
bank-id The index number of the PIP, an integer up to 64.
Example:
Router-N(super)# pip-bank 12
pip-addresses Command
Use the pip-addresses command to configure the range of PIP addresses.

pip-addresses <pip start address> <pip end address>
pip start address The first PIP address of the range.
pip end address The last PIP address of the range.
Example:
Router-N(super-pip-bank:1)# pip-addresses 10.1.1.1 10.1.2.2

Real-AR-Server Commands
To configure a real server to be used by the Application Redirection (AR)
application:
1 Use the real-ar-server command to enter a real AR server context.
2 Use any of the remaining real-ar-server commands as required.
real-ar-server Command
You can also configure this command in user mode.
Use the real-ar-server command to create and/or enter a real AR server
context.

real-ar-server <server-ip>
server-ip The IP address of the real server.
Example:
Router-N(configure)# real-ar-server 10.1.1.2
no real-ar-server Command
Use the no real-ar-server command to delete a real server from using AR.

no real-ar-server <server-ip>
ip-address The IP address of the real server.
Example:
Router-N(configure)# no real-ar-server 10.1.1.1
real-ar-server admin-status Command

Use the admin-status command to set the administrative status to enable or
disable.

admin-status <enable | disable>
enable Set admin status to enable.

disable Set admin status to disable.
Example:
Router-N(configure)# admin-status enable
real-ar-server backup Command

Use the backup command to set a backup real AR server.

backup <r-ar-srvr-ip>
r-ar-srvr-ip The IP address of the backup real AR server.
Example:
Router-N(configure)# backup 10.1.1.2
real-ar-server no backup Command

Use the no backup command to remove a backup real AR server.

no backup <r-ar-srvr-ip>
r-ar-srvr-ip The IP address of the backup real AR server.
Example:
Router-N(configure)# no backup 10.1.1.2
real-ar-server hc failure-retries Command

Use the hc failure-retries command to set the number of times the real AR
server should be health-checked before determining failure.

hc failure-retries <failure-retries>
failure-retries The number of times, an integer from 1 to 32.
Example:
Router-N(configure)# hc failure-retries 10

real-ar-server no hc failure-retries Command

Use the no hc failure-retries command to return the failure-retries (the
number of times the real AR server should be health-checked before determining
failure) to the default (4).

no hc failure-retries
Example:
Router-N(configure)# no hc failure-retries
real-ar-server hc interval Command

Use the hc interval command to set the interval between health-checks.

hc interval <time-sec>
time-sec The amount of time in seconds, an integer from 1 to

36.
Example:
Router-N(configure)# hc interval 10
real-ar-server no hc interval Command

Use the no hc interval command to return the interval between health-checks
to the default (5 seconds).

no hc interval
Example:
Router-N(configure)# no hc interval

real-ar-server hc success-retries Command

Use the hc success-retries command to set the number of times the real AR
server should be health-checked before determining success.

hc success-retries <success-retries>
success-retries The number of times, an integer from 1 to 32.
Example:
Router-N(configure)# hc success-retries 10
real-ar-server no hc success-retries Command

Use the no hc success-retries command to set the success-retries (the
number of times the real AR server should be health-checked before determining
success) to the default (1).

no hc success-retries
Example:
Router-N(configure)# no hc success-retries
real-ar-server hc timeout Command

Use the hc timeout command to set the amount of time after which the real AR
server is considered to have "timed out".

hc timeout <time-sec>
time-sec The amount of time in seconds, an integer.
Example:
Router-N(configure)# hc timeout 10

real-ar-server no hc timeout Command

Use the no hc timeout command to set the amount of time after which the real
AR server is considered to have "timed out" to the default (1 second).

no hc timeout
Example:
Router-N(configure)# no hc timeout
real-ar-server weight Command

Use the weight command to set a weight for the real AR server.

weight <weight>
weight The weight of the real server, an integer from 1 to 256.
Example:
Router-N(configure)# weight 5
real-ar-server no weight Command

Use the no weight command to set the weight of the real AR server to the default
(10).

no weight
Example:
Router-N(configure)# no weight

Real-SLB-Server Commands
To configure a real server to be used by the Server Load Balancing (SLB)
application:
1 Use the real-slb-server command to enter a real SLB server context.
2 Use any of the remaining real-slb-server commands as required.
real-slb-server Command
Use the real-slb-server command to create and/or enter a real SLB server
context.

real-slb-server <server-ip>
Example:
Router-N(configure)# real-slb-server 10.1.1.2
no real-slb-server Command
Use the no real-slb-server command to delete a real server from using SLB.

no real-slb-server <server-ip>
Example:
Router-N(configure)# no real-slb-server 10.1.1.1

real-slb-server admin-status Command

disable.

Example:
real-slb-server backup Command

Use the backup command to set a backup real SLB server.

backup <r-slb-srvr-ip>
r-slb-srvr-ip The IP address of the backup real SLB server.
Example:
real-slb-server no backup Command

Use the no backup command to remove a backup real SLB server.

no backup <r-slb-srvr-ip>
r-slb-srvr-ip The IP address of the backup real SLB server.
Example:

real-slb-server direct-server-return Command

Use the direct-server-return command to notify the P333R-LB that a real
SLB server is configured in direct server return (triangulation) mode.

Example:
Router-N(configure)# direct-server-return
real-slb-server no direct-server-return Command

Use the no direct-server-return command to notify the P333R-LB that a
real SLB server is not configured in direct server return (triangulation) mode.

no direct-server-return
Example:
Router-N(configure)# no direct-server return
real-slb-server hc failure-retries Command

Use the hc failure-retries command to set the number of times the real SLB
server should be health-checked before determining failure.

Example:
real-slb-server no hc failure-retries Command

number of times the real SLB server should be health-checked before determining
failure) to the default (4).

Example:

real-slb-server hc interval Command



36.
Example:
real-slb-server no hc interval Command


no hc interval
Example:
real-slb-server hc success-retries Command

Use the hc success-retries command to set the number of times the real SLB
server should be health-checked before determining success.

Example:

real-slb-server no hc success-retries Command

number of times the real SLB server should be health-checked before determining
success) to the default (1).

Example:
real-slb-server hc timeout Command

Use the hc timeout command to set the amount of time after which the real SLB
server is considered to have "timed out".

Example:
real-slb-server no hc timeout Command

SLB server is considered to have "timed out" to the default (1 second).

no hc timeout
Example:

real-slb-server weight Command

Use the weight command to set a weight for the real SLB server.

weight <weight>
Example:
real-slb-server no weight Command

Use the no weight command to set the weight of the real SLB server to the
default (10).

no weight
Example:

Real-Bridging-FW Commands
To configure a real firewall to be used by the Bridging Firewall Load Balancing
(FWLB) application:
1 Use the real-bridging-fw command to enter a real bridging firewall
context.
2 Use any of the remaining real-bridging-fw commands as required.
real-bridging-fw Command
Use the real-bridging-fw command to create and/or enter a real bridging
firewall context.

real-bridging-fw <server-ip>
Example:
Router-N(configure)# real-bridging-fw 10.1.1.2
no real-bridging-firewall Command
Use the no real-bridging-fw command to delete a real firewall from using
Bridging FWLB.

no real-bridging-fw <server-ip>
Example:
Router-N(configure)# no real-bridging-fw 10.1.1.1

real-bridging-fw admin-status Command

disable.

Example:
real-bridging-fw backup Command

Use the backup command to set a backup real bridging firewall.

backup <r-bridging-fw-ip>
r-bridging-fw-ip The IP address of the backup real bridging firewall.
Example:
real-bridging-fw no backup Command

Use the no backup command to remove a backup real bridging firewall.

no backup <r-bridging-fw-ip>
r-bridging-fw-ip The IP address of the backup real bridging firewall.
Example:

real-bridging-fw hc failure-retries Command

Use the hc failure-retries command to set the number of times the real
bridging firewall should be health-checked before determining failure.

Example:
real-bridging-fw no hc failure-retries Command

number of times the real bridging firewall should be health-checked before
determining failure) to the default (4).

Example:
real-bridging-fw hc interval Command



36.
Example:

real-bridging-fw no hc interval Command


no hc interval
Example:
real-bridging-fw hc success-retries Command

Use the hc success-retries command to set the number of times the real
bridging firewall should be health-checked before determining success.

Example:
real-bridging-fw no hc success-retries Command

number of times the real bridging firewall should be health-checked before
determining success) to the default (1).

Example:

real-bridging-fw hc timeout Command

Use the hc timeout command to set the amount of time after which the real
bridging firewall is considered to have "timed out".

Example:
real-bridging-fw no hc timeout Command

bridging firewall is considered to have "timed out" to the default (1 second).

no hc timeout
Example:
real-bridging-fw weight Command

Use the weight command to set a weight for the real bridging firewall.

weight <weight>
Example:

real-bridging-fw no weight Command

Use the no weight command to set the weight of the real bridging firewall to the
default (10).

no weight
Example:

Real-Routing-FW Commands
To configure a real firewall to be used by the Routing Firewall Load Balancing
(FWLB) application:
1 Use the real-routing-fw command to enter a real routing firewall context.
2 If you are creating a new real routing firewall, you must use the
real-routing-fw id command to give it an identification number (see page
331).
3 Use any of the remaining real-routing-fw commands as required.
real-routing-fw Command
Use the real-routing-fw command to create and/or enter a real routing
firewall context.

real-routing-fw <server-ip>
Example:
Router-N(configure)# real-routing-fw 10.1.1.2
no real-routing-firewall Command
Use the no real-routing-fw command to delete a real firewall from using
Routing FWLB.

no real-routing-fw <server-ip>
Example:
Router-N(configure)# no real-routing-fw 10.1.1.1

real-routing-fw id Command
Use the id command to set an identification number for a real routing firewall.

id <r-routing-fw-id>
r-routing-fw-id The identification number, an integer from 1 to 1024.
Example:
Router-N(configure)# id 2
real-routing-fw admin-status Command

disable.

Example:
real-routing-fw backup Command

Use the backup command to set a backup real routing firewall.

backup <r-routing-fw-ip>
r-routing-fw-ip The IP address of the backup real routing firewall.
Example:

real-routing-fw no backup Command

Use the no backup command to remove a backup real routing firewall.

no backup <r-routing-fw-ip>
r-routing-fw-ip The IP address of the backup real routing firewall.
Example:
real-routing-fw hc failure-retries Command

Use the hc failure-retries command to set the number of times the real
routing firewall should be health-checked before determining failure.

Example:
real-routing-fw no hc failure-retries Command

number of times the real routing firewall should be health-checked before
determining failure) to the default (4).

Example:

real-routing-fw hc interval Command



36.
Example:
real-routing-fw no hc interval Command


no hc interval
Example:
real-routing-fw hc success-retries Command

Use the hc success-retries command to set the number of times the real
routing firewall should be health-checked before determining success.

Example:

real-routing-fw no hc success-retries Command

number of times the real routing firewall should be health-checked before
determining success) to the default (1).

Example:
real-routing-fw hc timeout Command

Use the hc timeout command to set the amount of time after which the real
routing firewall is considered to have "timed out".

Example:
real-routing-fw no hc timeout Command

routing firewall is considered to have "timed out" to the default (1 second).

no hc timeout
Example:

real-routing-fw weight Command

Use the weight command to set a weight for the real routing firewall.

weight <weight>
Example:
real-routing-fw no weight Command

Use the no weight command to set the weight of the real routing firewall to the
default (10).

no weight
Example:

RSG Commands
To configure a real server group:
1 Use the rsg command to enter a real server group context.
2 Use any of the remaining rsg commands as required.
rsg Command
Use the rsg command to create/enter a real server group context.

rsg <name>
name The name of the real server, a string of up to 32

characters.
Example:
Router-N(configure)# rsg rsg 1
no rsg Command
Use the no rsg command to delete a real server group.

no rsg <name>
name The name of the real server, string of up to 32

characters.
Example:
Router-N(configure)# no rsg rsg1

rsg admin-status Command

Use the admin-status command to set the administrative status of a real server
group to enable or disable.

Example:
rsg backup Command

Use the backup command to set a backup real server group.

backup <backup-group>
backup-group The name (up to 16 characters) or ID (an integer from

1 to 1024) of the backup real server group.
Example:
Router-N(configure)# backup 2
rsg no backup Command

Use the no backup command to remove a backup real server group.

no backup <backup-group>
backup-group The name (up to 16 characters) or ID (an integer from

1 to 1024) of the backup real server group.
Example:
Router-N(configure)# no backup 2

rsg real-ar-server Command

Use the real-ar-server command to map a real AR server to the real server
group as well as to set the real server to use Application Redirection.

real-ar-server <server-ip>
Example:
Router-N(configure)# real-ar-server 10.1.1.2
rsg no real-ar-server Command

Use the no real-ar-server command to remove a real AR server from the
real-server group.

no real-ar-server <server-ip>
Example:
Router-N(configure)# no real-ar-server 10.1.1.1
rsg real-slb-server Command

Use the real-slb-server command to map a real SLB server to the real server
group as well as to set the real server to use Server Load Balancing.

real-slb-server <server-ip>
Example:
Router-N(configure)# real-slb-server 10.1.1.2

rsg no real-slb-server Command

Use the no real-slb-server command to remove a real SLB server from the
real-server group.

no real-slb-server <server-ip>
Example:
Router-N(configure)# no real-slb-server 10.1.1.1
rsg real-bridging-fw Command

Use the real-bridging-fw command to map a real bridging firewall to the real
server group as well as to set the real firewall to use Bridging Firewall Load
Balancing.

real-bridging-fw <server-ip>
Example:
Router-N(configure)# real-bridging-fw 10.1.1.2
rsg no real-bridging-fw Command

Use the no real-bridging-fw command to remove a real bridging firewall
from the real-server group.

no real-bridging-fw <server-ip>
Example:
Router-N(configure)# no real-bridging-fw 10.1.1.1

rsg real-routing-fw Command

Use the real-routing-fw command to map a real routing firewall to the real
server group as well as to set the real firewall to use Routing Firewall Load
Balancing.

real-routing-fw <server-ip> [<server-id>]
server-id The identification number of the real server, an

integer from 1 to 1024, only relevant for routing
firewalls. It is only necessary to add the parameter
server-id if the real server group does not yet
exist since typing it creates a real server.
Example:
Router-N(configure)# real-routing-fw 10.1.1.2 5
rsg no real-routing-fw Command

Use the no real-routing-fw command to remove a real routing firewall from
the real-server group.
The syntax for this command can be one of the following:

no real-routing-fw <server-ip> [<server-id>]
server-id The identification number of the real server, an

integer from 1 to 1024, only relevant for routing
firewalls. It is only necessary to add the parameter
server-id if the real server group does not yet
exist since typing it creates a real server.
Example:
Router-N(configure)# no real-routing-fw 10.1.1.1 5

Set Commands
This section illustrates the set commands.
set vlan-area Command

Use the set vlan-area command to create a mapping between the vlan and the
area.

set vlan-area <VlanID> <clients | servers>
VlanID An integer between 1 and 4094.
clients Map to the client area.
servers Map to the server area.
Example:
Router-N(configure)# set vlan-area 1 servers

Show Commands
This section illustrates the show commands.
show ar filter Command

Use the show ar-filter command to display all AR filters.

show ar-filter [<id>]

between 1 and 1024.
Example:
Router-N(configure)# show ar-filter 1
show ar filter details Command

Use the show ar-filter details command to display the full details of all
AR filters.

show ar-filter details [<id>]

between 1 and 1024.
Example:
Router-N(configure)# show ar-filter details 1
show hc Command
Use the show hc command to display the Health Check configuration.

show hc [<hc-type> [<hc-id>]]
hc type Type of Health Check mechanism: ping, tcp-

connect, http, or string.
hc id The index number of the Health Check, an integer

between 1 and 32.

Example:
Router-N(configure)# show hc tcp-connect 1
show hc details Command

Use the show hc details command to show the details of a Health Check.

show hc details [<hc-type> [<hc-id>]]
hc-type The type of Health Check: ping, tcp-connect,

http, or script.

to 32.
Example:
Router-N(super)# show hc details http 2
show hc last response Command

Use the show hc last response command to show the last data response of a
HTTP or Script Health Check. This assists in verifying the correct offset or contents
of an expected string.

show hc last response <type> <service-name> <rip>
type The type of service: SLB or AR.
service-name The name of the service - a string up to 32 characters.
rip The IP address.
Example:
Router-N(super)# show hc last response slb avaya7 10.1.1.3
show lb control Command

Use the show lb control command to display the LB control status. Any
configured load balancing application, administrative status, and precedence level
is shown.


show lb control
Example:
Router-N(configure)# show lb control
show lb real-ar-server cache Command

Use the show lb real-ar-server cache command to display the LB real AR
server cache.

show lb real-ar-server cache [server]
server The IP address of the real server.
Example:
Router-N(configure)# show lb real-ar-server cache 10.1.1.1
show lb real-ar-server cache details Command

Use the show lb real-ar-server cache details command to display the
full details of the LB real AR server cache.

show lb real-ar-server cache [server]
Example:
Router-N(configure)# show lb real-ar-server cache details
10.1.1.1
show lb real-slb-server cache Command

Use the show lb real-slb-server cache command to display the LB real
SLB server cache.

show lb real-slb-server cache [server]

Example:
Router-N(configure)# show lb real-slb-server cache 10.1.1.1
show lb real-slb-server cache details Command

Use the show lb real-slb-server cache details command to display the
full details of the LB real SLB server cache.

show lb real-slb-server cache details [server]
Example:
Router-N(configure)# show lb real-slb-server cache details
10.1.1.1
show lb real-bridging-firewall cache Command

Use the show lb real-bridging-firewall cache command to display the
LB real bridging firewall cache.

show lb real-bridging-fw cache [server]
Example:
Router-N(configure)# show lb real-bridging-firewall cache
10.1.1.1
show lb real-bridging-firewall cache details Command

Use the show lb real-bridging-firewall cache details command to
display the full details of the LB real bridging firewall cache.

show lb real-bridging-fw cache details [server]

Example:
Router-N(configure)# show lb real-bridging-fw cache details
10.1.1.1
show lb real-routing-fw cache Command

Use the show lb real-routing-fw cache command to display the LB real
routing firewall cache.

show lb real-routing-fw cache [server]
Example:
Router-N(configure)# show lb real-routing-fw cache 10.1.1.1
show lb real-routing-fw cache details Command

Use the show lb real-routing-fw cache details command to display the
full details of the LB real routing firewall cache.

show lb real-routing-fw cache details [server]
Example:
Router-N(configure)# show lb real-routing-fw cache details
10.1.1.1
show lb virtual-server cache Command

Use the show lb virtual-server cache command to display the LB virtual
server cache.

show lb virtual-server cache [<virtual server name>]
virtual server The name of the virtual server, a string of up to 80

name characters.

Example:
Router-N(configure)# show lb virtual-server cache vServer1
show lb virtual-server cache details Command

Use the show lb virtual-server cache details command to display the
full details of the LB virtual server cache.

show lb virtual-server cache details [<virtual server name>]
virtual server The name of the virtual server, a string of up to 80

name characters.
Example:
Router-N(configure)# show lb virtual-server cache details
vServer1

show persistency-table Command

When the persistency is enabled in the virtual service, use the
show persistency-table command to display the resulting persistency table.

show persistency-table <virtual-service> <type ><rsg> [<src-
ip> <src-wildcard> [<dst-ip> <dst-wildcard>]]
virtual-service The name of the virtual service, a string of up to 32

characters.
type The application type. Can be:

routing-fw | bridging-fw | ar | slb
rsg The name of the real server group, a string of up to 16

characters.
src-ip The IP address of the source.
src-wildcard The source IP address’s network wildcard.
dst-ip The destination IP address.
dst-wildcard The destination IP address’s network wildcard.
Example:
RLB_3-1(develop)# show persistency-table fw-service routing-fw
fw-group
Showing 10 entries:
Source IP Destination IP Real IP
--------------- --------------- ---------------
193.170.2.1 10.2.1.10 10.1.1.2
193.170.2.2 10.2.1.10 10.1.1.1
193.170.2.3 10.2.1.10 10.1.1.2
193.170.2.4 10.2.1.10 10.1.1.1
193.170.2.5 10.2.1.10 10.1.1.2
193.170.2.6 10.2.1.10 10.1.1.1
193.170.2.7 10.2.1.10 10.1.1.2
193.170.2.8 10.2.1.10 10.1.1.1
193.170.2.9 10.2.1.10 10.1.1.2
193.170.2.10 10.2.1.10 10.1.1.1

show pip-bank Command

Use the show pip-bank command to display details for a specific PIP.

pip-bank <bank-id>
Example:
Router-N(super)# show pip-bank 1
show pip-bank details Command

Use the show pip-bank details command to display details for all PIPs.

pip-bank details
Example:
Router-N(super)# show pip-bank details
show real-ar-server Commands

Use the show real-ar-server command to display all real servers using AR.

show real-ar-server [<server-ip>]
Example:
Router-N(configure)# show real-ar-server 10.1.1.2
show real-ar-server details Command

Use the show real-ar-server details command to display the full details
of a real server using AR.

show real-ar-server details [<server-ip>]

Example:
Router-N(configure)# show real-ar-server details 10.1.1.2
show real-slb-server Commands

Use the show real-slb-server command to display all real servers using SLB.

show real-slb-server [<server-ip>]
Example:
Router-N(configure)# show real-slb-server 10.1.1.2

show real-slb-server details Command

Use the show real-slb-server details command to display the full details
of a real server using SLB.

show real-slb-server details [<server-ip>]
Example:
Router-N(configure)# show real-slb-server details 10.1.1.2
show real-bridging-fw Commands

Use the show real-bridging-fw command to display all real firewalls using
Bridging FWLB.

show real-bridging-fw [<server-ip>]
Example:
Router-N(configure)# show real-bridging-fw 10.1.1.2
show real-bridging-fw details Command

Use the show real-bridging-fw details command to display the full
details of a real firewall using Bridging FWLB.

show real-bridging-fw details [<server-ip>]
Example:
Router-N(configure)# show real-bridging-fw details 10.1.1.2

show real-routing-fw Commands

Use the show real-routing-fw command to display all real firewalls using
Routing FWLB.

show real-routing-fw [<server-ip>]
Example:
Router-N(configure)# show real-routing-fw 10.1.1.2
show real-routing-fw details Command

Use the show real-routing-fw details command to display the full details
of a real firewall using Routing FWLB.

show real-routing-fw details [<server-ip>]
Example:
Router-N(configure)# show real-routing-fw details 10.1.1.2
show rsg Command

Use the show rsg command to display all real server groups.

show rsg [<rsg>]
rsg The name of the real server group, string, up to 32

characters.
Example:
Router-N(configure)# show rsg rsg1

show rsg details Command

Use the show rsg details command to display the full details of all real server
groups.

show rsg details [<rsg>]
rsg The name of the real server group, string, up to 32

characters.
Example:
Router-N(configure)# show rsg details rsg1
show virtual-ar-service Command

Use the show virtual-ar-service command to display all virtual AR
services.

show virtual-ar-service [<service>]
service The name of the virtual AR service, string, up to 32

characters.
Example:
Router-N(configure)# show virtual-ar-service ArSrvc1
show virtual-ar-service details Command

Use the show virtual-ar-service details command to display the full
details of all virtual AR services.

show virtual-ar-service details [<service>]
service The name of the virtual AR service, string, up to 32

characters.
Example:
Router-N(configure)# show virtual-ar-service details ArSrvc1

show virtual-fw-service Command

Use the show virtual-fw-service command to display all virtual firewall
services.

show virtual-fw-service [<service>]
service The name of the virtual firewall service, string, up to

32 characters.
Example:
Router-N(configure)# show virtual-fw-service Vsrvc1
show virtual-fw-service details Command

Use the show virtual-fw-service details command to display the full
details of all virtual firewall services.

show virtual-fw-service details [<service>]

32 characters.
Example:
Router-N(configure)# show virtual-fw-service details Vsrvc1
show virtual-server Command

Use the show virtual-server command to display all virtual servers.

show virtual-server [<server name>]
server name The name of the virtual server, string, up to 80

characters.
Example:
Router-N(configure)# show virtual-server

show virtual-server details Command

Use the show virtual-server details command to display the full details
of all virtual servers.

show virtual-server details [<server name>]
server name The name of the virtual server, string, up to 80

characters.
Example:
Router-N(configure)# show virtual-server details
show virtual-slb-service Command

Use the show virtual-slb-service command to display virtual SLB services.

show virtual-slb-service [<server name> [<service name>]]
server name The name of the virtual SLB server, string, up to 80

characters.
service name The name of the virtual SLB service, string, up to 32

characters.
Example:
Router-N(configure)# show virtual-slb-service SrvrName

show virtual-slb-service details Command

Use the show virtual-slb-service details command to display the full
details of virtual SLB services.

show virtual-slb-service details [<server name> [<service name>]]
server name The name of the virtual SLB server, string, up to 80

characters.
service name The name of the virtual SLB service, string, up to 32

characters.
Example:
Router-N(configure)# show virtual-slb-service details SrvrName
ServiceName
show vlan-area-mapping Command

Use the show vlan-area-mapping command to display all vlan-area
mappings.

show vlan-area-mapping [<vlanID>]
vlanID The vlan identification number, an integer between 1

and 4094.
Example:
Router-N(configure)# show vlan-area-mapping 1

Virtual AR-Service Commands

To configure a virtual Application Redirection (AR) service:
1 Use the virtual-ar service command to enter a virtual AR context.
2 For a new AR service, use the id command to set the identification number of
the virtual ar service (see virtual-ar-service id Command on page 360).
3 Use any of the remaining virtual-ar service commands as required.
virtual ar-service Command

Use the virtual-ar service command to create/enter a virtual AR service
context.

virtual-ar service <name>
name The name of the virtual AR service, a string of up to

32 characters.
Example:
Router-N(configure)# virtual-fw service Vsrvc1
virtual-ar-service admin-status Command

Use the admin-status command to set the virtual AR service administrative
status to enable or disable.

Example:

virtual-ar-service application Command

Use the application command to set the application for the virtual AR service.

application <udp | tcp | ip | <protocol>> [<min-v-port> [max-v-port]]
protocol An integer, from 0 to255.
min-v-port Minimum port number (from 0).
max-v-port Maximum port number (up to 65535).
Example:
Router-N(configure)# application udp 12 15
virtual-ar-service no application Command

Use the no application command to set the application for the virtual AR
service to the default (IP-all ports).

no application
Example:
Router-N(configure)# no application
virtual-ar-service failure-action Command

Use the failure-action command to set the failure-action decision when no
operating real servers were found.

failure-action <forward | drop>
forward Forwards the packet.
drop Drops the packet.
Example:
Router-N(configure)# failure-action

virtual-ar-service hash-key Command

Use the hash-key command to set the hash table’s key for the virtual AR service.

hash-key <src | dst | src-dst>
src The hash key is based on the source IP address.
dst The hash key is based on the destination IP address.
src-dst The hash key is based on the source and destination

IP addresses.
Example:
Router-N(configure)# hash-key src
virtual-ar-service no hash-key Command

Use the no hash-key command to set the hash table’s key of the virtual AR
service to the default (dest).

no hash-key
Example:
Router-N(configure)# no hash-key
virtual-ar-service hc Command
Use the hc command to set a health check method for the virtual AR service.

hc <auto | ping | tcp-connect | http | script> [<specific-id>]
auto The default, which is the ping health check method.
ping Each server is periodically pinged and checked if an answer

was received.
tcp-connect A TCP connection is periodically opened to every server,

http Enables verifying HTTP server functioning by comparing the

response from the server with a user-configurable response.

script Verifies the functioning of the server by running a script on

the server.
specific-id The identification number of the health check.
Example:
Router-N(configure)# hc ping
virtual-ar-service no hc Command
Use the no hc command to set the health check method for the virtual AR service
to the default (auto).

no hc
Example:
Router-N(configure)# no hc
virtual-ar-service id Command
Use the id command to set the identification number for the virtual AR service.

id <v-service-id>
v-service-id Identification number for the virtual AR service, an

integer from 1 to 1024.
Example:

virtual-ar-service metric Command

Use the metric command to set a metric for the virtual AR service.

metric <round-robin | hash | minmiss-hash>
round-robin New sessions are issued to each server in turn.
hash Sessions are distributed to real servers using a

predefined mathematical hash function.
minmiss-hash MinMiss distributes sessions to servers in the same

way as Hash. However, MinMiss sustains persistency
even when a server is removed or added to the server
group.
For more information on server metrics, see Load Balancing Metrics on page 237.
Example:
Router-N(configure)# metric round-robin
virtual-ar-service persistency Command

Use the persistency command to enable persistency for the virtual AR service.

persistency
Example:
Router-N(configure)# persistency
virtual-ar-service no persistency Command

Use the no persistency command to disable persistency for the virtual AR
service (the default).

no persistency
Example:
Router-N(configure)# no persistency

virtual-ar-service persistency time Command

Use the persistency time command to set the persistency time for the virtual
AR service.

persistency time <time>
time The time in seconds, an integer.
Example:
Router-N(configure)# persistency time 3000
virtual-ar-service no persistency time Command

Use the no persistency time command to set the persistency time for the
virtual AR service to the default (3600 seconds).

no persistency time
Example:
Router-N(configure)# no persistency time
virtual-ar-service persistency wildcard Command

Use the persistency wildcard command to set the persistency wildcard for
the virtual AR service. The persistency wildcard command extends the
range of client IP addresses to those which the persistency applies.

persistency wildcard <wildcard>
wildcard The client IP network wildcard.
Example:
Router-N(configure)# persistency wildcard 0.0.15.255

virtual-ar-service no persistency wildcard Command

Use the no persistency wildcard command to set the persistency wildcard
for the virtual AR service to the default (0.0.0.0).

no persistency wildcard
Example:
Router-N(configure)# no persistency wildcard
virtual-ar-service rsg Command

Use the rsg command to map a real server group to the virtual AR service.

rsg <rsg>
rsg The name of the real server group, either a string of

up to 32 characters (which is the rsg-name), or an
integer from 1 to 1024 (which is the rsg-id).
Examples:
Router-N(configure)# rsg rsg1
Router-N(configure)# rsg 21
virtual-ar-service no rsg Command

Use the no rsg command to delete the mapping of a real server group from the
virtual AR service.

no rsg <rsg>

Examples:
Router-N(configure)# no rsg 21

virtual-ar-service simulate-hash Command

Use the simulate-hash command to predict which Real Server will be selected
based on packet IP address.
The syntax for the command is:
simulate-hash <src-IP>
src-IP The source IP address of the device.
Example:
RLB_3-1(config-v-ar-srvc:aaa:aaa)# simulate-hash 193.170.1.1

Virtual FW-Service Commands

To configure a virtual firewall service:
1 Use the virtual-fw service command to enter a virtual firewall context.
2 For a new virtual firewall service, use the id command to set the identification
number and type of the virtual firewall service (see virtual-fw-service id
Command on page 368).
3 Use any of the remaining virtual-fw service commands as required.
virtual fw-service Command

Use the virtual-fw service command to create/enter a virtual firewall
service context.

virtual-fw service <name>
name The name of the virtual firewall service, a string of up

to 32 characters.
Example:
Router-N(configure)# virtual-fw service Vsrvc1
no virtual-fw-service Command
Use the no virtual-fw-service command to delete a virtual firewall service.

no virtual-fw-service [<service>]

32 characters.
Example:
Router-N(configure)# no virtual-fw-service Vsrvc1

virtual-fw-service admin-status Command

Use the admin-status command to set the virtual firewall service administrative
status to enable or disable.

Example:
virtual-fw-service hash-key Command

Use the hash-key command to set the hash table’s key for the virtual firewall
service.


IP addresses.
Example:
virtual-fw-service no hash-key Command

Use the no hash-key command to set the hash table’s key of the virtual firewall
service to the default (src-dst).

no hash-key
Example:

virtual-fw-service hc Command
Use the hc command to set a health check method for the virtual fw service.

hc <auto | ping> [<specific-id>]
ping Each server is periodically pinged and checked if an

answer was received.
Example:
Router-N(configure)# hc ping 1
virtual-fw-service no hc Command
Use the no hc command to set the health check method for the virtual firewall
service to the default (auto).

no hc
Example:
virtual-fw-service hc-ip Command

Use the hc-ip command to set the health check IP addresses for the virtual
firewall service.

hc-ip <my-ip> <partner-ip>
my-ip My IP address.
partner-ip Partner’s IP address.
Example:
Router-N(configure)# hc-ip 10.10.1.2 10.20.2.3

virtual-fw-service id Command
Use the id command to set the identification number and type for the virtual
firewall service.

id <id> [bridging-fw]
id Identification number for the virtual firewall service,

an integer from 1 to 1024.
bridging-fw Add this parameter to configure a bridging firewall

type. If this parameter is not included in the
command, a routing firewall type is configured.
Examples:
Router-N(configure)# id 2 bridging-fw
virtual-fw-service ip route Command

Use the ip route command to add a static route to the virtual firewall service.

ip route <ip-address> <mask>
ip-address The IP address of the virtual firewall service.
mask The mask for the IP address.
Example:
Router-N(configure)# ip route 10.1.1.2 255.255.255.0

virtual-fw-service no ip route Command

Use the no ip route command to delete the static route from the virtual firewall
service.

no ip route <ip-address> <mask>
ip-address The IP address of the virtual firewall service.
mask The mask for the IP address.
Example:
Router-N(configure)# no ip route 10.1.1.2 255.255.255.0
virtual-fw-service metric Command

Use the metric command to set a metric for the virtual firewall service.

metric <hash | minmiss-hash>


group.
Example:
Router-N(configure)# metric hash

virtual-fw-service partner-mgmnt-ip Command

Use the partner-mgmnt-ip command to set the IP address of the P333R-LB on
the other side of the firewall (for management purposes).

partner-mgmnt-ip <ip-address>
ip-address The IP address.
Example:
Router-N(configure)# partner-mgmnt-ip 10.1.1.2
virtual-fw-service no partner-mgmnt-ip Command

Use the no partner-mgmnt-ip command to set the IP address of the P333R-LB
on the other side of the firewall (for management purposes) to the default (0.0.0.0).

no partner-mgmnt-ip
Example:
Router-N(configure)# no partner-mgmnt-ip
virtual-fw-service persistency Command

Use the persistency command to enable persistency for the virtual firewall
service.

persistency
Example:
virtual-fw-service no persistency Command

Use the no persistency command to disable persistency for the virtual firewall

no persistency
Example:

virtual-fw-service persistency time Command

firewall service.

Example:
virtual-fw-service no persistency time Command

Use the no persistency time command to set the persistency time for the
virtual firewall service to the default (3600 seconds).

no persistency time
Example:
virtual-fw-service persistency wildcard Command

the virtual firewall service. The persistency wildcard command extends the

Example:

virtual-fw-service no persistency wildcard Command

for the virtual firewall service to the default (0.0.0.0).

Example:
virtual-fw-service rsg Command

Use the rsg command to map a real server group to the virtual firewall service.

rsg <rsg>

Examples:
virtual-fw-service no rsg Command

Use the no rsg command to delete the mapping of a real server group from the
virtual firewall service.

no rsg <rsg>

Examples:

virtual-fw-service simulate-hash Command

simulate-hash <src-IP> <dest-IP>
src-IP The source IP address.
dest-IP The destination IP address.
Example:
RLB_3-1(config-v-fw-srvc:aaa)# simulate-hash 193.170.1.1
10.1.1.1

Virtual-Server Commands
To configure a virtual server:
1 Use the virtual-server command to create/enter a virtual server context.
2 For a new virtual server, use the id command to set the identification number
for the virtual server (see virtual-server id Command on page 375).
3 Use any of the remaining virtual-server commands as required.
virtual-server Command
Use the virtual-server command to create/enter a virtual server context.

virtual-server <server name>
server name The name of the virtual server, a string of up to 80

characters.
Example:
Router-N(configure)# virtual-server srvr1
no virtual-server Command
Use the no virtual-server command to delete a virtual server.

no virtual-server <server name>
server name The name of the virtual server, a string of up to 80

characters.
Example:
Router-N(configure)# no virtual-server srvr1

virtual-server admin-status Command

disable.

Example:
virtual-server id Command
Use the id command to set the identification number for the virtual server.

id <server-id>
server-id Identification number for the virtual server, an

Example:
virtual-server vip Command

Use the virtual-server vip command to configure a virtual IP address to the
virtual server.

vip <IP-address>
IP-address The IP address of the virtual server.
Example:
Router-N(configure)# vip 192.46.10.44

virtual-server no vip Command

Use the no vip command to remove a vitual IP address of the virtual server.

no vip <IP-address>
IP-address The IP address of the virtual server.
Example:
Router-N(configure)# no vip 192.46.10.44

Virtual-Server Virtual-SLB-Service Commands

To configure a virtual Server Load Balancing (SLB) service for a virtual server:
1 Use the virtual-server virtual-slb service command to create/
enter a virtual SLB service context.
2 For a new virtual SLB service, use the id command to set the identification
number for the virtual SLB service (see virtual-server virtual-slb-service id
Command on page 380).
3 Use any of the remaining virtual-server virtual-slb-service
commands as required.
virtual-server virtual-slb-service Command

Use the virtual-slb service command to create/enter a virtual SLB service
context.

virtual-slb service <service name>
service name The name of the virtual SLB service, a string of up to

32 characters.
Example:
Router-N(configure)# virtual-slb service Srvc1
virtual-server no virtual-slb-service Command

Use the no virtual-slb service command to delete a virtual SLB service.

no virtual-slb service <service name>
service name The name of the virtual SLB service, a string of up to

32 characters.
Example:
Router-N(configure)# no virtual-slb service Srvc1

virtual-server virtual-slb-service admin-status Command

disable.

Example:
virtual-server virtual-slb-service application Command

Use the application command to set an application for the virtual SLB service.

application <tcp | udp | ip <protocol>> [<min-v-port> [<max-v-port>]]
protocol The protocol of the virtual SLB service: UDP, TCP, IP,
or protocol number from 0 to 255.
min-v-port Minimum port number, from 0.
max-v-port Maximum port number, up to 65535.
Example:
Router-N(configure)# application udp 12 15
virtual-server virtual-slb-service no application Command

Use the no application command to set the application for the virtual SLB
service to the default (IP-all ports).

no application
Example:
Router-N(configure)# no application

virtual-server virtual-slb-service hash-key Command

Use the hash-key command to set the hash table’s key for the virtual SLB service.


IP addresses.
Example:
virtual-server virtual-slb-service no hash-key Command

Use the no hash-key command to set the hash key, for the virtual SLB service, to
the default (src).

no hash-key
Example:

virtual-server virtual-slb-service hc Command

Use the hc command to set a health check method for the virtual SLB service.

hc <auto | ping | tcp-connect | http | script> [<specific-id>]
ping Each server is periodically pinged and checked if an answer

was received.
tcp-connect A TCP connection is periodically opened to every server,

http Enables verifying HTTP server functioning by comparing

the response from the server with a user-configurable
response.
script Verifies the functioning of the server by running a script on

the server.
Example:
Router-N(configure)# hc ping
virtual-server virtual-slb-service no hc Command

Use the no hc command to set the health check method for the virtual SLB service
to the default (auto).

no hc
Example:
virtual-server virtual-slb-service id Command

Use the id command to set the identification number for the virtual SLB service.


id <service-id>
service-id Identification number for the virtual SLB service, an

Example:
virtual-server virtual-slb-service metric Command

Use the metric command to set a metric for the virtual SLB service.

metric <round-robin | hash | minmiss-hash>
round-robin New sessions are issued to each server in turn.


group.
Example:
Router-N(configure)# metric round-robin
virtual-server virtual-slb-service persistency Command

Use the persistency command to enable persistency for the virtual SLB service.

persistency
Example:

virtual-server virtual-slb-service no persistency Command

Use the no persistency command to disable persistency for the virtual SLB

no persistency
Example:
virtual-server virtual-slb-service persistency time Command

SLB service.

Example:
virtual-server virtual-slb-service no persistency time Command

Use the no persistency command to set the persistency aging time of the
virtual SLB service to the default (3600 seconds).

no persistency time
Example:

virtual-server virtual-slb-service persistency wildcard Command

the virtual SLB service. The persistency wildcard command extends the

Example:
virtual-server virtual-slb-service no persistency wildcard Command

for the virtual SLB service to the default (0.0.0.0).

Example:
virtual-server virtual-slb-service pip-bank Command

Use the pip-bank command to connect an existing PIP bank, and to create a new
PIP bank with a defined address range.

pip-bank <bank-id>[<pip start address><pip end address>]
pip start address The first PIP address of the range (for creating a PIP bank).
pip end address The last PIP address of the range (for creating a PIP bank).
Example:
Router-N(super-v-slb-srvc:slb:http)# pip-bank 12 10.1.1.1
10.1.2.1

virtual-server virtual-slb-service no pip-bank Command

Use the no pip-bank command to delete a PIP.

no pip-bank <bank-id>
Example:
Router-N(super-v-slb-srvc:slb:http)# no pip-bank 12
virtual-server virtual-slb-service real-port Command

Use the real-port command to map a real port to the virtual SLB service.

real-port <min-r-port>
min-r-port Minimum real port number, from 0 to 65535.
Example:
Router-N(configure)# real-port 12
virtual-server virtual-slb-service no real-port Command

Use the no rport command to set the real-port for the virtual SLB service to the
default (0).

no real-port
Example:
Router-N(configure)# no real-port

virtual-server virtual-slb-service rsg Command

Use the rsg command to map a real server group to the virtual SLB service.

rsg <rsg>

Examples:
virtual-server virtual-slb-service no rsg Command

Use the no rsg command to delete a real server group mapping from the virtual
SLB service.

no rsg <rsg>

Example:

virtual-slb-service simulate-hash Command

simulate-hash <src-IP>
src-IP The source IP address of the device.
Example:
RLB_3-1(config-v-slb-srvc:aaa:aaa)# simulate-hash 193.170.1.1

AppendixA
Embedded Web Manager

The Embedded Web Manager provides the following:
• Device Configuration - Viewing and modifying the different device configurations.
• Virtual LANs - Viewing and editing Virtual LAN information.
• Link Aggregation Groups (LAGs) - Viewing and editing LAG information.
• Software Redundancy - Setting software redundancy for ports in a P330 Switch.
• Port Mirroring - Setting up port mirroring for ports in a P330 Switch.
• Trap Managers Configuration - Viewing and modifying the Trap Managers
Table.
• Switch Connected Addresses - View devices connected to selected ports.
• IP Multicast filtering with IGMP snooping (new hardware)
— Software support from s/w 3.0.
— Hardware support - from Hardware Ver. C/S 2.0.
• Port Security.
• Intermodule Redundancy
— One pair per stack.
— Also operates as a result of a module fault, e.g., power failure.
• Routing Manager - Viewing configurations of IP Routing protocols and general
information.
• Load Balancing Manager - Viewing load balancing applications and general
information.
System Requirements
Minimum hardware and Operating System requirements are:
• One of the following operating systems:
— Windows® 95
— Windows 98 SP1
— Windows 98 OSR (Second Edition)
— Windows ME
— Windows NT® Workstation or Server
— Windows 2000 Professional or Server
• Pentium® II 400 Mhz-based computer with 256 Mb of RAM
(512 Mb recommended)
• Minimum screen resolution of 1024 x 768 pixels
• Sun Microsystems Java™ plug-in version 1.2.2 (supplied)

Appendix A Embedded Web Manager
• Microsoft® Internet Explorer® or Netscape Navigator/Communicator® (see

table)
Windows 95 or NT Windows 98, ME or 2000
Internet Explorer 5.0 or higher 5.01 or higher
Netscape Navigator/ 4.7 4.73

Communicator
Note for users of Netscape Navigator: The Java plug-in requires certain services from
Windows 95 which are not present if Internet Explorer is not installed. In order to
add these services to the operating system, please install Internet Explorer version 3
or higher. You can then use either browser to manage the switch.
Running the Embedded Manager
Note: You should assign an IP address to the switch before beginning this procedure.
1 Open your browser.

2 Enter the url of the switch in the format http://aaa.bbb.ccc.ddd where
aaa.bbb.ccc.ddd is the IP address of the switch.
Note: The user name is “root”

The default password for read-write access is “root”.
Note: The Web management passwords are the same as those of the CLI. If you
have created additional CLI user names or changed the default passwords then you
can use those passwords for Web management as well.

The welcome page is displayed:

Figure A.1 The Welcome Page

— If you have the Java plug-in installed, the Web-based manager should open
in a new window (see Figure A.2).
Figure A.2 Web-based Manager
— If you do not have the Java plug-in installed, follow the instructions on the
Welcome page that offers a variety of options to install the plug-in (see
Figure A.1).

Installing the Java Plug-in

If the network manager has configured the system, the plug-in should be installed
automatically.
Note: Ensure that Java or JavaScript is enabled on your Web browser. Please refer to
your browser on-line help or documentation for further information.
If the plug-in is not installed automatically, then you have three options for
installing it manually:
1 Installing from the P330 Documentation and Utilities CD

1 Close all unnecessary applications on your PC.
2 Insert the “Avaya P330 Documentation and Utilities” CD into the CD drive.
3 Click Start on the task bar.
4 Select Run.
5 Type x:\emweb-aux-files\plug-in_1_2_2.exe where x: is the CD
drive letter.
6 Follow the instructions on screen.
2 Install from the Avaya Site

Click on the link in the Welcome page.
3 Install from your Local Web Site

Click on the link in the Welcome page.
Note: This option is only available if the network manager has placed the files on
the local Web server.

Installing the On-Line Help and Java Plug-In on your Web Site
Note: This procedure is optional
Copying the help files and Java plug-in to a local Web server allows users to access
the on-line help for the Embedded Manager and enables automatic installation of
the Java plug-in the first time the users tries to manage the device.
1 Copy the emweb-aux-files directory from the “Avaya P330 Documentation
and Utilities” CD to your local Web server. Please refer to your Web server
documentation for full instructions.
2 Define the URL in the P330 using the following CLI command:
set web aux-files-url //IP address/directory name
where //IP address/directory name is the location of the directory
from the previous step.
Refer to set web aux-files-url on page 125 for further details of the command.
Documentation and Online Help

Refer to the Avaya P330 Documentation and Utilities CD.
Software Download
You can perform software download using the CLI or Avaya UpdateMaster.

AppendixB
Specifications
P333R-LB Switch
Physical
Height 2U (88 mm, 3.5”)
Width 482.6 mm (19”)
Depth 450 mm(17.7”)
Weight 7.5 kg (16.5 lb)
Power Requirements – AC
Input voltage 85 to 265 VAC, 50/60 Hz
Power dissipation 150 W max
Input current 1.94 A@100 VAC

0.97 A@200VAC
Inrush current 25 A@100 VAC (max.)

50 A@200VAC (max.)
Power Requirements – DC
Input voltage -32 to -72 VDC
Power dissipation 150 W max
Input current 5.2 A max
Inrush current 50 A max

Appendix B Specifications
Environmental
Operating Temp. -5 to 50°C (23 to 122°F)
Rel. Humidity 5% to 95% non-condensing
Safety – AC
• UL for US approved according to UL195O Std.
• C-UL(UL for Canada) approved according to C22.2 No.950 Std.
• CE for Europe approved according to EN 60950 Std.
• Laser components are Laser Class I approved:
— EN-60825/IEC-825 for Europe
— FDA CFR 1040 for USA
• Overcurrent Protection: A readily accessible Listed safety-approved protective
device with a 16A rating must be incorporated in series with building
installation AC power wiring for the equipment under protection.
Safety – DC
• Restricted Area Access: This device should only be installed in a restricted
access area.
• Installation Codes: This device must be installed in accordance with the US
National Electrical Code, Articles 110-26 and 110-27, and the Canadian
Electrical Code, Section 12.
• Overcurrent Protection: A readily accessible Listed branch-circuit overcurrent
protective device with a 15A rating must be incorporated in the building wiring.
EMC Emissions
Emissions
Approved according to:
• US - FCC Part 15 sub part J, class A
• Europe - EN55022 class A
EN 61000-3-2
EN 61000-3-3
Immunity
• EN 55024

Interfaces
• 24 x 10/100BASE-T RJ-45 port connectors.
• RS-232 for terminal setup via RJ-45 connector on front panel.
Standards Compliance
The P333R-LB complies with:
IEEE
• IEEE 802.3x Flow Control
• IEEE 802.1Q VLAN Tagging and 802.1p compatible
• IEEE 802.1D Spanning Tree protocol
• IEEE 803.3z Gigabit Ethernet ports
• IETF MIB-II, Bridge MIB, RMON, SMON
IETF
• MIB-II - RFC 1213
• Bridge MIB for Spanning Tree - RFC 1493
• RMON - RFC 1757
• SMON - RFC 2613
Basic MTBF
• 187,563 hrs minimum
Stacking Sub-module
Table B.1 Stacking Sub-module
Number of
Name
Ports
X330STK 2

Expansion Sub-modules
Gigabit Ethernet Expansion Sub-modules
Table B.2 Gigabit Ethernet Expansion Sub-modules
Number of
Name Interface
Ports
X330S2 2 1000Base-SX
X330L2 2 1000Base-LX
X330S1 1 1000Base-SX
X330L1 1 1000Base-LX
Laser Safety
The X330S1/S2 multi-mode transceivers and the X330L1/X330L2 single mode
transceivers are Class 1 laser products.
They comply with IEC 825-1 and Food and Drug Administration (FDA) 21 CFR
1040.10 and 1040.11.
The transceivers must be operated under recommended operating conditions.
Laser Classification
CLASS 1
LASER PRODUCT
Note: Class 1 lasers are inherently safe under reasonably foreseeable conditions of
operation.
Caution: The use of optical instruments with this product will increase eye hazard.

Usage Restriction
The optical ports of the module must be terminated with an optical connector or a
dust plug when not in use.
Laser Data
X330S1/2 Expansion Sub-modules

Wavelength: 850 nm
Output power dissipation: Max. 0.63W
Transmit power: Min. -9 dbm, Max. -4 dbm
Receive power: Min. -17 dbm, Max. 0 dbm
X330L1/2 Expansion Sub-modules

Wavelength: 1300 nm
Output power dissipation: Max. 0.68W
Transmit power (9 µm SMF): Min. -9.5 dbm, Max. -3 dbm
Transmit power (62.5 µm and 50 µm MMF): Min. -11.5 dbm, Max. -3 dbm
Receive sensitivity (9 µm SMF, 62.5 µm and 50 µm MMF): Min. -20 dbm, Max. -3
dbm
Fast Ethernet Fiber Expansion Sub-module
Table B.3 Fiber Fast Ethernet Expansion Sub-module
Number of
Name Interface
Ports
X330F2 2 100Base-FX
Ethernet/Fast Ethernet Expansion Sub-module
Table B.4 Ethernet/Fast Ethernet Expansion Sub-module
Number of
Name Interface
Ports
X330T16 16 10/100Base-T

GBIC Expansion Sub-module

The X330G2 Expansion Sub-Module is the GBIC (1.25 Gbit/s Gigabit Ethernet)
Expansion sub-module for the Avaya P330 family of stackable switches.
Note: In order to use this module the Avaya P330 switch must have Embedded S/W
Version 2.2 or higher. You can download this from:
http://www.avaya.com/
The X330G2 can be used either as a Gigabit Ethernet link or as a high Bandwidth
backplane for connecting switches. The introduction of the GBIC interface to the
Avaya P330 family presents an added value over the existing Gigabit Ethernet
expansion modules. You can insert any of the Avaya-authorized GBIC transceivers
into the X330G2 Expansion sub-module socket. This provides you with a highly
modular and customized Gigabit Ethernet interface. The GBIC transceivers are hot-
swappable.
Safety Information
The multimode and single-mode GBIC transceivers are Class 1 Laser products.
They comply with EN 60825-1 and Food and Drug Administration (FDA) 21 CFR
1040.10 and 1040.11.
The GBIC transceivers must be operated under recommended operating conditions.
Laser Classification
CLASS 1
LASER PRODUCT
Note: Class 1 lasers are inherently safe under reasonably foreseeable conditions of
operation.
Caution: The use of optical instruments with this product will increase eye hazard.
Usage Restriction
When a GBIC transceiver is inserted in the X330G2 Expansion sub-module but is not
in use, then the Tx and Rx ports should be protected with an optical connector or a
dust plug.

Avaya Approved GBIC Transceivers
Caution: All Avaya approved GBICs are 5V. Do not insert a 3.3V GBIC.
Avaya supplies the following two GBIC transceivers for the Avaya P330 X330G2
Expansion Sub-modules. You can order these directly from your local Avaya
representative using the PEC or COM Codes:
Type Description PEC Code COM Code
GBIC SX Multimode Fiber 4705-122 108659228

Transceiver 1000BaseSx (550 m)
GBIC LX Single-mode Fiber 4705-121 108659210

Transceiver 1000BaseLx (10 km)
In addition, Avaya has tested and approved a number of GBIC transceivers from
other manufacturers for use with the Avaya X330G2 Expansion sub-module. An up-
to-date list can be found in Avaya’s World-Wide Web site at the following address:
http://www.avaya.com/
Click on the “Supported Devices” icon.
Specifications
X330G2- LX GBIC Transceiver

A 9 µm or 10 µm single-mode fiber (SMF) cable may be connected to a 1000Base-LX
GBIC port. The maximum length is 10 km (32,808 ft).
A 50 µm or 62.5 µm multimode (MMF) fiber cable may be connected to a
1000Base-LX GBIC port. The maximum length is 550 m (1,804 ft.) for 50 µm and
62.5 µm cable.
The LX transceiver has a Wavelength of 1300 nm, Transmission Rate of 1.25 Gbps
and Input Power of 5V.
X330G2- SX GBIC Transceiver

A 50 µm or 62.5 µm multimode (MMF) fiber cable may be connected to a 1000Base-
SX GBIC port. The maximum length is 500 m (1,640 ft.) for 50 µm cable and 220 m
(722 ft.) for 62.5 µm cable.
The SX transceiver has a Wavelength of 850 nm, Transmission Rate of 1.25 Gbps and
Input Power of 5V.

Agency Approval
The transceivers comply with:
• EMC Emission: US – FCC Part 15, Subpart B, Class A;
Europe – EN55022 class A
• Immunity: EN50082-1
• Safety: UL for US UL 1950 Std., C-UL (UL for Canada) C22.2 No.950 Std., Food
and Drug Administration (FDA) 21 CFR 1040.10 and 1040.11, and CE for
Europe EN60950 Std. Complies with EN 60825-1.
MTBF
The Mean Time Between Failures (MTBF) for the X330G2 Expansion Sub-module is
594,639 hours.
X330GT2 Gigabit Ethernet Expansion Sub-module

The X330GT2 Expansion sub-module provides two copper Gigabit Ethernet
1000Base-T ports.
Note: The X330GT2 module is only supported by Avaya P330 embedded software
versions 2.4 and higher.
Installing the Expansion Sub-module in the Avaya P330

1 Remove the blanking plate or other sub-module (if installed).
2 Insert the sub-module gently into the slot, ensuring that the Printed Circuit
Board (PCB) is aligned with the guide rails.
The PCB not the metal base plate fits into the guide rail.
3 Press the sub-module in firmly until it is completely inserted into the
Avaya P330.
4 Gently tighten the two screws on the front panel of the expansion sub-module
by turning the screws.
Warning: The expansion sub-modules contain components sensitive to electrostatic


Removing an Existing Expansion Sub-module

1 Loosen the screws by turning the knobs.
2 Grasp the two knobs one near each side of the front panel, and pull gently but
firmly towards yourself.
3 Insert another expansion sub-module or the blanking plate.
Note: The Avaya P330 switch must not be operated with the expansion slot open;
the expansion sub-module should be covered with the supplied blanking plate if
necessary.
Note: X330GT2 sub-modules are hot swapable and can be inserted or removed in an
operating base unit.
Cabling
A Category 5 copper cable with RJ-45 termination should be used. You should use
all eight wires in the cable.
The maximum copper cable length connected to a 1000Base-T port is 100 m
(328 ft.)

Backup Power Supply (BUPS)
Physical
Height 2U (88 mm, 3.5”)
Width 482.6 mm (19”)
Depth 450 mm(17.7”)
Weight 10 kg (22 lb)
Power Requirements
Input voltage 85-265VAC, 50/60Hz
Input current 7.76 A@100 VAC

3.82 A@200 VAC
Inrush current 70 A@100 VAC (max.)

150 A@200 VAC (max.)
Output power 4 x 27 A@ 5.5 V
Output voltage 5.5V

Environmental
Operating Temp. 0 to 40°C (32 to 105°F)
Rel. Humidity 30% to 9% non-condensing
Safety
• UL for US approved according to UL195O Std.
• C-UL(UL for Canada) approved according to C22.2 No.950 Std.
• CE for Europe approved according to EN 60950 Std.
• Overcurrent Protection: A readily accessible Listed safety-approved protective
device with a 16A rating must be incorporated in series with building
installation AC power wiring for the equipment under protection.
EMC Emissions
Emissions
• Europe - EN55022 class B, 1994
• Europe - EN 6150-3-2 (Harmonics Current Emissions)
• Europe - EN 6150-3-3 (Flicker)
Immunity
• EN 50082-1
• IEC 150-4-5
BUPS MTBF
• 200,000 hrs minimum

Connector Pin Assignments
Console Pin Assignments

For direct Console communications, connect the Avaya P330 to the Console
Terminal using the supplied RJ-45 crossed cable and RJ-45 to DB-9 adapter.
Table B.5 Pinout for Console Communications
Terminal Modem
Avaya P330 RJ-45 Pin Name
DB-9 Pins DB-25 Pins
1 For future use NC See note
2 TXD 3 3
(P330 input)
3 RXD 2 2
(P330 output)
4 CD 4 8
5 GND 5 7
6 DTR 1 20
7 RTS 8 4
8 CTS 7 5
Note: Pin 1 of the Modem DB-25 connector is internally connected to Pin 7 GND.

AppendixC
How to Contact Us
To contact Avaya’s technical support, please call:
In the United States

Dial 1-800-237-0016, press 0, then press 73300.
In the EMEA (Europe, Middle East and Africa) Region
Local Dial-In Local Dial-In

Country Country
Number Number
Albania +31 70 414 8001 Finland +358 981 710 081
Austria +43 1 36 0277 1000 France +33 1 4993 9009
Azerbadjan +31 70 414 8047 Germany +49 69 95307 680
Bahrain +800 610 Ghana +31 70 414 8044
Belgium +32 2 626 8420 Gibraltar +31 70 414 8013
Belorussia +31 70 414 8047 Greece +00800 3122 1288
Bosnia +31 70 414 8042 Hungary +06800 13839

Herzegovina
Bulgaria +31 70 414 8004 Iceland +0800 8125
Croatia +31 70 414 8039 Ireland +353 160 58 479
Cyprus +31 70 414 8005 Israel +1 800 93 00 900
Czech Rep. +31 70 414 8006 Italy +39 02 7541 9636
Denmark +45 8233 2807 Jordan +31 70 414 8045
Egypt +31 70 414 8008 Kazakhstan +31 70 414 8020
Estonia +372 6604736 Kenya +31 70 414 8049
Estonia +372 6604736 Kuwait +31 70 414 8052

How to Contact Us

Country Country
Number Number
Latvia +371 721 4368 Saudi Arabia +31 70 414 8022
Lebanon +31 70 414 8053 Slovakia +31 70 414 8066
Lithuania +370 2 756 800 Slovenia +31 70 414 8040
Luxemburg +352 29 6969 5624 South Africa +0800 995 059
Macedonia +31 70 414 8041 Spain +34 91 375 3023
Malta +31 70 414 8022 Sweden +46 851 992 080
Mauritius +31 70 414 8054 Switzerland +41 22 827 8741
Morocco +31 70 414 8055 Tanzania +31 70 414 8060
Netherlands +31 70 414 8023 Tunisia +31 70 414 8069
Nigeria +31 70 414 8056 Turkey +800 4491 3919
Norway +47 235 001 00 UAE +31 70 414 8036
Oman +31 70 414 8057 Uganda +31 70 414 8061
Pakistan +31 70 414 8058 UK +44 0207 5195000
Poland +0800 311 1273 Ukraine +31 70 414 8035
Portugal +351 21 318 0047 Uzbekistan +31 70 414 8046
Qatar +31 70 414 8059 Yemen +31 70 414 8062
Romania +31 70 414 8027 Yugoslavia +31 70 414 8038
Russia +7 095 733 9055 Zimbabwe +31 70 414 8063
Email: csctechnical@avaya.com

How to Contact Us
In the AP (Asia Pacific) Region

Country Country
Number Number
Australia +1800 255 233 Malaysia +1800 880 227
Hong Kong +2506 5451 New +00 800 9828 9828

Zealand
Indonesia +800 1 255 227 Philippines +1800 1888 7798
Japan +0 120 766 227 Singapore +1800 872 8717
Korea +0 80 766 2580 Taiwan +0 80 025 227
Email: sgcoe@avaya.com
In the CALA (Caribbean and Latin America) Region

Email: caladatasupp@avaya.com
Hot Line:+1 720 4449 998
Fax:+1 720 444 9103
For updated information, visit avaya.com/support

How to Contact Us
All trademarks, registered trademarks, service names, product and/or brand names are the sole property of
their respective owners.
Copyright © 2002 Avaya Inc. All rights reserved.

Avaya P333R-LB 3.12 UG

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Avaya P333R-LB 3.12 UG

Uploaded by

Copyright:

Available Formats

Avaya

List of Tables .................................................................................................... xxi

List of Figures ............................................................................................... xxiii

Avaya P333R-LB User’s Guide i

Load Balancing Features ................................................................................. 12

Chapter 2 P333R-LB Front and Rear Panels ................................................................... 21

Chapter 3 Installation and Setup...................................................................................... 25

ii Avaya P333R-LB User’s Guide

Connecting Stacked Switches......................................................................... 27

Chapter 4 Avaya CLI – Architecture, Access & Conventions ..................................... 39

Chapter 5 CLI – Layer 2.................................................................................................... 47

Avaya P333R-LB User’s Guide iii

show time ...............................................................................................53

iv Avaya P333R-LB User’s Guide

show rmon alarm .................................................................................. 78

Avaya P333R-LB User’s Guide v

set snmp community ..........................................................................101

vi Avaya P333R-LB User’s Guide

set spantree priority ........................................................................... 122

Avaya P333R-LB User’s Guide vii

Chapter 6 P330 CLI - Layer 3 .......................................................................................... 145

viii Avaya P333R-LB User’s Guide

show ip reverse-arp Command ............................................. 159

Avaya P333R-LB User’s Guide ix

timers basic Command ...........................................................178

x Avaya P333R-LB User’s Guide

Fragmentation Commands........................................................................... 195

Chapter 7 Firewall Load Balancing ............................................................................... 199

Chapter 8 Server Load Balancing................................................................................... 225

Avaya P333R-LB User’s Guide xi

DNS Configuration .............................................................................236

Chapter 9 Application Redirection ................................................................................ 245

Chapter 10 Redundancy .................................................................................................... 261

xii Avaya P333R-LB User’s Guide

Configuration Example ...................................................................... 269

Chapter 11 Policy................................................................................................................ 283

Avaya P333R-LB User’s Guide xiii

ip simulate Command ............................................................294

Chapter 12 Load Balancing Command Reference ......................................................... 297

xiv Avaya P333R-LB User’s Guide

real-ar-server hc interval Command ................................................ 315

Avaya P333R-LB User’s Guide xv

no real-routing-firewall Command ..................................................330

xvi Avaya P333R-LB User’s Guide

show lb real-routing-fw cache Command ...................................... 346

Avaya P333R-LB User’s Guide xvii

virtual-ar-service rsg Command .......................................................363

xviii Avaya P333R-LB User’s Guide

virtual-server virtual-slb-service id Command .............................. 380

Appendix A Embedded Web Manager ............................................................................. 387

Appendix B Specifications .................................................................................................. 393

Avaya P333R-LB User’s Guide xix

Laser Safety ...............................................................................396

Appendix C How to Contact Us ......................................................................................... 405

xx Avaya P333R-LB User’s Guide

Avaya P333R-LB User’s Guide xxi

xxii Avaya P333R-LB User’s Guide

Avaya P333R-LB User’s Guide xxiii

xxiv Avaya P333R-LB User’s Guide

Avaya P333R-LB User’s Guide 1

P330 Family Features

2 Avaya P333R-LB User’s Guide

Multiple VLANs per Port

Avaya P333R-LB User’s Guide 3