VLAN Configuration

VLAN (Virtual Local Area Network) is a logical (virtual) local area network that represents a group of devices, which communicate on channel level regardless of their physical location. VLAN operation is based on the use of additional Ethernet header fields according to 802.1q standard. In fact, VLAN isolates the broadcast domain by limiting the switching of only those Ethernet frames which have the same VLAN-ID in the Ethernet header.

Configuration algorithm

Step

Description

Command

Keys

1

Create VLAN.

esr(config)# vlan <VID>

<VID> – VLAN identifier, set in the range of [2..4094].

It is also possible to create multiple vlan (comma separated), vlan range (hyphen separated) or combined entry containing commas and hyphens.

2

Specify vlan name (optional).

esr(config-vlan)# name <vlan-name>

<vlan-name> – up to 255 characters.

3

Disable monitoring of the status of interfaces on which processing of the given VLAN Ethernet frames is allowed (optional).

esr(config-vlan)# force-up


4

Disable the processing of incoming untagged Ethernet frames based on the default VLAN's switching table (VLAN-ID – 1) (optional).

esr(config-if-gi)# switchport forbidden default-vlan


5

Set L2 interface operation mode.

esr(config-if-gi)# mode switchport


6

Set the combined mode of the physical interface.

esr(config-if-gi)# mode hybrid

Only for ESR-1000/1200/1500/1511/1700.

7


Set L2 interface operation mode.


esr(config-if-gi)# switchport access

Only for ESR-10/12V(F)/14VF/15/20/21/30/100/200/3100/3200.

This mode is the default mode and is not displayed in the configuration.

esr(config-if-gi)# switchport trunk

Only for ESR-10/12V(F)/14VF/20/21/100/200/3100.

esr(config-gi)# switchport general

Only for ESR-1000/1200/1500/1511/1700.

This mode is the default mode and is not displayed in the configuration.

8

Configure VLAN list on the interface in tagged mode.

esr(config-if-gi)# switchport trunk allowed vlan add <VID>

Only for ESR-10/12V(F)/14VF/15/20/21/30/100/200/3100/3200.

<VID> – VLAN identifier, set in the range of [2..4094].
It is also possible to create multiple vlan (with a comma) or vlan range (with a hyphen).

esr(config-if-gi)# switchport general allowed vlan add <VID> tagged

For ESR-1000/1200/1500/1511/1700.

<VID> – VLAN identifier, set in the range of [2..4094].
It is also possible to create multiple vlan (with a comma) or vlan range (with a hyphen).

9

Configure VLAN on the interface in tagged mode (optional).

esr(config-if-gi)# switchport trunk native-vlan <VID>

Only for ESR-10/12V(F)/14VF/15/20/21/30/100/200/3100/3200.

<VID> – VLAN identifier, set in the range of [2..4094].

esr(config-if-gi)# switchport general allowed vlan add <VID> untagged

For ESR-1000/1200/1500/1511/1700.

<VID> – VLAN identifier, set in the range of [2..4094].

10

Enable the processing of Ethernet frames of all created VLANs on the interface (optional).


esr(config-if-gi)# switchport trunk allowed vlan auto-all

Only for ESR-10/12V(F)/14VF/15/20/21/30/100/200/3100/3200.

esr(config-if-gi)# switchport general allowed vlan auto-all

Only for ESR-1000/1200/1500/1511/1700.

11Set VLAN port identifier (PVID) for incoming untagged traffic (optional).esr(config-if-gi)# switchport general pvid <PVID>Only for ESR-1000/1200/1500/1511/1700.

Configuration example 1. VLAN removal from the interface

Objective:

On the basis of the factory configuration, remove gi1/0/1 port from VLAN 2.

Solution:

Remove VLAN2 from gi1/0/1 port:

esr(config)# interface gi 1/0/1
esr(config-if-gi)# switchport general allowed vlan remove 2 untagged
esr(config-if-gi)# no switchport general pvid 
CODE

Configuration example 2. Enabling VLAN processing in tagged mode

Objective:

Configure gi1/0/1 and gi1/0/2 ports for packet transmission and reception in VLAN 2, VLAN 64, VLAN 2000.

Solution:

Create VLAN 2, VLAN 64, VLAN 2000 on ESR-1000:

esr-1000(config)# vlan 2,64,2000 
CODE

Specify VLAN 2, VLAN 64, VLAN 2000 for gi1/0/1-2 port:

esr-1000(config)# interface gi1/0/1
esr-1000(config-if-gi)# mode switchport
esr-1000(config-if-gi)# switchport forbidden default-vlan
esr-1000(config-if-gi)# switchport general allowed vlan add 2,64,2000 tagged
CODE

Configuration example 3. Enabling VLAN processing in tagged and untagged modes

Objective:

Configure gi1/0/1 ports for packet transmission and reception in VLAN 2, VLAN 64, VLAN 2000 in trunk mode, configure gi1/0/2 port in access mode for VLAN 2 on ESR-100/ESR -200.

Solution:

Create VLAN 2, VLAN 64, VLAN 2000 on ESR-100/ESR-200:

esr(config)# vlan 2,64,2000
CODE

Specify VLAN 2, VLAN 64, VLAN 2000 for gi1/0/1 port:

esr(config)# interface gi1/0/1
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport forbidden default-vlan
esr(config-if-gi)# switchport mode trunk
esr(config-if-gi)# switchport trunk allowed vlan add 2,64,2000 
CODE

Specify VLAN2 to gi1/0/2 port:

esr(config)# interface gi1/0/2
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport access vlan 2
CODE

LLDP configuration

Link Layer Discovery Protocol (LLDP) is a data link layer protocol allowing network equipment to notify the devices operating in a local network of its existence and to transmit parameters to it as well as to receive similar information.

Configuration algorithm

Step

Description

Command

Keys

1

Enable LLDP on the router.

esr(config)# lldp enable


2

Enable the LLDPDU receiving and proceeding on the physical interface.

esr(config-if-gi)# lldp receive


3

Enable LLDPDU transmission on the physical interface.

esr(config-if-gi)# lldp transmit


8

Set the LLDPDU sending period (optional).

esr(config)# lldp timer <SEC>

<SEC> – time interval in seconds, takes values of [1..32768].

Default value: 30

4

Set the period during which the router keeps the information received via LLDP (optional)

esr(config)# lldp hold-multiplier <SEC>

<SEC> – time interval in seconds, takes values of [1..10].

Default value: 4

5

Set IP address which will be transmitted to LLDP TLV as the management-address (optional).

esr(config)# lldp management-address <ADDR>

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

One of the existent is set by default

6

Set the system-description field which will be transmitted to LLDP TLV as the system-description (optional).

esr(config)# lldp system-description <DESCRIPTION>

<DESCRIPTION> – system description, set by the string of up to 255 characters.

By default contains the information of the router model and firmware version.

7

Set the system-name field which will be transmitted to LLDP TLV as the system-name (optional).

esr(config)# lldp system-name <NAME>

<NAME> – system name, set by the string of up to 255 characters.

By default coincides with the specified hostname

Configuration example

Objective:

Organize the LLDPDU exchange and proceeding between ESR-1 and ESR-2 routers.

Solution:
  1. R1 configuration
    Enable LLDP globally on the router:

    esr(config)# lldp enable
    CODE

    Enable the receiving and transmission of LLDPDU on the gi 1/0/1 interface.

    esr(config)# interface gigabitethernet 1/0/1
    esr(config-if-gi)# lldp receive
    esr(config-if-gi)# lldp transmit
    CODE
  2. R2 configuration

    Enable LLDP globally on the router:

    esr(config)# lldp enable
    CODE

    Enable the receiving and transmission of LLDPDU on the gi 1/0/1 interface.

    esr(config)# interface gigabitethernet 1/0/1
    esr(config-if-gi)# lldp receive
    esr(config-if-gi)# lldp transmit
    CODE

    To view LLDP neighbors information, use the following command:

    esr# show lldp neighbors
    CODE

    To view more detailed information on the certain interface neighbor, use the following command:

    esr# show lldp neighbors gigabitethernet 1/0/1
    CODE

    To view LLDP statistics, use the following command:

    esr# show lldp statistics
    CODE

LLDP MED configuration

LLDP MED — LLDP standard enhancement which allows to transmit network policies: VLAN ID, DSCP, priority.

Configuration algorithm

Step

Description

Command

Keys

1

Enable LLDP on the router

esr(config)# lldp enable


2

Enable LLDPDU transmission on the physical interface.

esr(config-if-gi)# lldp transmit


3

Enable MED LLDP enhancement on the router

esr(config)# lldp med fast-start enable


4

Create network policy.

esr(config)# network-policy <NAME>

<NAME> – network-policy name, set by the string of up to 31 characters.

5

Specify the application type.

esr(config-net-policy)# application <APP_TYPE>

<APP-TYPE> – type of the application for which network-policy will be enabled.

Takes the following values:

  • voice;
  • voice-signaling;
  • guest-voice;
  • guest-voice-signaling;
  • softphone-voice;
  • video-conferencing;
  • streaming-video;
  • video-signaling.

6

Set the DSCP value (optional).

esr(config-net-policy)# dscp <DSCP>

<DSCP> – DSCP code value, takes values in the range of [0..63].

7

Set the CoS value (optional).

esr(config-net-policy)# priority <PRIORITY>

<COS> – priority value, takes the following values:

  • best-effort – COS0;
  • background – COS1;
  • excellent-effort – COS2;
  • critical-applications – COS3;
  • video – COS4;
  • voice – COS5;
  • internetwork-control – COS6;
  • network-control – COS7.

8

Set VLAN ID value.

esr(config-net-policy)# vlan <VID> [tagged]

<VID>  – VLAN ID, takes values of [1..4094];

  • tagged – key, during the installation of which, the subscriber device will send Ethernet frames of the specified application in a tagged form.

9

Set a network policy on the interface.

esr(config-if-gi)# lldp network-policy <NAME>

<NAME> – network-policy name, set by the string of up to 31 characters.

Voice VLAN configuration example

Voice VLAN — VLAN ID, in receiving of which an IP phone switches to the trunk mode with the specified VLAN ID for VoIP traffic reception and transmission. VLAN ID transmission is performed by LLDP MED enhancement.

Objective:

VoIP traffic and data traffic  should be grouped in different VLANs - vid 10 for data and vid 20 for VoIP - and the sending of Voice VLAN from the gi 1/0/1 ESR port should be configured. Voice VLAN should be supported and enabled on the IP phone.

Solution:

First create VLAN 10 and 20 and configure the gi 1/0/1 interface in the trunk mode:

esr(config)# vlan 10,20
esr(config-vlan)# exit
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# mode switchport
esr(config-if-gi)# switchport mode trunk
esr(config-if-gi)# switchport trunk allowed vlan add 10,20
esr(config-if-gi)# exit
CODE

Enable LLDP and MED capability in LLDP globally on the router:

esr(config)# lldp enable
esr(config)# lldp med fast-start enable
CODE

Create and configure network policy in the way that VLAN ID 20 is specified for the voice application:

esr(config)# network-policy VOICE_VLAN 
esr(config-net-policy)# application voice
esr(config-net-policy)# vlan 20 tagged 
esr(config-net-policy)# exit
CODE

Configure LLDP on the interface and set a network policy:

esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# lldp transmit 
esr(config-if-gi)# lldp receive 
esr(config-if-gi)# lldp network-policy VOICE_VLAN
esr(config-if-gi)# exit
CODE

Sub-interface termination configuration

To terminate Ethernet frames of a certain VLAN on a specific physical interface, create a sub-interface with the number of VLAN, frames of which will be terminated. When creating two sub-interfaces having the same VLAN but located on different physical/aggregated interfaces, switching of Ethernet frames between these sub-interfaces will not be possible as external segments will be separate broadcast domains. For data exchange between subscribers of different sub-interfaces (even with the same VLAN-ID) routing will be used, i.e. data exchange will occur at the third level of the OSI model.

Configuration algorithm

Step

Description

Command

Keys

1

Create a sub-interface of a physical interface (possible if the physical interface is in routeport or hybrid mode).

esr(config)# interface gigabitethernet <PORT>.<S-VLAN>

or

interface tengigabitethernet <PORT>.<S-VLAN>

or

interface port-channel <CH>.<S-VLAN>

<PORT> – physical interface number.

<CH> – aggregated interface number.

<S-VLAN> – identifier of created S-VLAN.

If a physical interface is included in bridge-group, it will be impossible to create sub-interface.

2

Specify sub-interface description (optional).

esr(config-subif)# description <DESCRIPTION>

<DESCRIPTION> – interface description, set by the string of up to 255 characters.

3

Specify VRF instance, in which the given sub-interface will operate (optional).

esr(config-subif)# ip vrf forwarding <VRF>

<VRF> – VRF name, set by the string of up to 31 characters.

4

Specify the IPv4/IPv6 address and subnet mask for the interface to be configured or enable IP address obtain dynamically.

esr(config-subif)# ip address <ADDR/LEN>

<ADDR/LEN> – IP address and subnet mask length, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].

For advanced IPv4 addressing features see section IP addressing configuration.

esr(config-subif)# ipv6 address <IPV6-ADDR/LEN>

<IPV6-ADDR/LEN> – IP address and prefix of a subnet, defined as X:X:X:X::X/EE where each X part takes values in hexadecimal format [0..FFFF] and EE takes values of [1..128].
For advanced IPv6 addressing features see section IPv6 addressing configuration.

Several IPv4/IPv6 addresses can be specified separated by commas. Up to 8 IPv4/IPv6 addresses can be assigned to the interface.

esr(config-subif)# ip address dhcp

For advanced DHCP client operation features, see section DHCP Client management.

5

Disable the Firewall features on the interface or enable the interface in the security zone (see Firewall configuration).

esr(config-subif)# ip firewall disable


esr(config-subif)# security-zone <NAME>

<NAME> – security zone name, set by the string of up to 31 characters.

6

Set the time interval during which statistics on the sub-interface load is collected. (optional).

esr(config-subif)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

7

Set the lifetime of IPv4/IPv6 entries in the ARP table studied on the given interface (optional).

esr(config-subif)# ip arp reachable-time <TIME>

or

esr(config-subif)# ipv6 nd reachable-time <TIME>

<TIME> – lifetime of dynamic MAC addresses, in milliseconds.

Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.

8

Change MTU (MaximumTransmitionUnit) size. MTU above 1500 will be active only when using the 'system jumbo-frames' command (optional).

esr(config-subif)# mtu <MTU>

<MTU> – MTU value in bytes.

Default value: 1500.

9

Enable recording of the current interface usage statistics (optional).

esr(config-subif)# history statistics


10

Override the MSS (Maximum segment size) field in incoming TCP packets (optional).

esr(config-subif)# ip tcp adjust-mss <MSS>

esr(config-subif)# ipv6 tcp adjust-mss <MSS>

<MSS> – MSS value, takes values in the range of [500..1460].

Default value: 1460

It is also possible to configure the sub-interface:

Sub-interface configuration example

Objective:

Configure subnet 192.168.3.1/24 in VLAN: 828 on the physical interface gigabitethernet 1/0/1.

Solution:

Create sub-interface for VLAN: 828

esr(config)# interface gigabitethernet 1/0/1.828
CODE

Configure IP address from necessary subnet.

esr(config)# interface gigabitethernet 1/0/1.828
esr(config-subif)# ip address 192.168.3.1/24
esr(config-subif)# exit
CODE

In addition to assigning an IP address, either disable the firewall or configure the corresponding security zone on the sub interface.

Q-in-Q termination configuration

Q-in-Q is a technology of packet transmission with two 802.1q tags. The technology is used for extending quantity of VLANs in data networks. 802.1q header, which is closer to payload, is an Inner Tag. also known as C-VLAN (Customer VLAN). 802.1q header, which is comes before C-VLAN, is an Outer Tag also known as S-VLAN (Service VLAN). Using of double tags in Ethernet frames is describing by 802.1ad protocol.

Configuration algorithm

Step

Description

Command

Keys

1

Create a sub-interface of a physical interface (possible if the physical interface is in routeport or hybrid mode).

esr(config)# interface gigabitethernet <PORT>.<S-VLAN>

or

interface tengigabitethernet <PORT>.<S-VLAN>

or

interface port-channel <CH>.<S-VLAN>

<PORT> – physical interface number.

<CH> – aggregated interface number.

<S-VLAN> – identifier of created S-VLAN.

If a physical interface is included in bridge-group, it will be impossible to create sub-interface.

2

Create Q-in-Q interface.

esr(config)# interface gigabitethernet <PORT>.<S-VLAN>.<C-VLAN>

or

esr(config)# interface tengigabitethernet <PORT>.<S-VLAN>.<C-VLAN>

or

esr(config)# interface port-channel <CH>.<S-VLAN>.<C-VLAN>

<PORT> – physical interface number.

<CH> – aggregated interface number.

<S-VLAN> – identifier of created S-VLAN.

<C-VLAN> – identifier of created C-VLAN.

If a physical interface or a sub-interface is included in bridge-group, it will be impossible to create sub-interface.

3

Specify Q-in-Q interface description (optional).

esr(config-qinq-if)# description <DESCRIPTION>

<DESCRIPTION> – interface description, set by the string of up to 255 characters.

4

Specify VRF instance, in which the given Q-in-Q interface will operate (optional).

esr(config-qinq-if) # ip vrf forwarding <VRF>

<VRF> – VRF name, set by the string of up to 31 characters.

5

Specify the IPv4/IPv6 address and subnet mask for the interface to be configured or enable IP address obtain dynamically.

esr(config-qinq-if)# ip address <ADDR/LEN>

<ADDR/LEN> – IP address and subnet mask length, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].

For advanced IPv4 addressing features see section IP addressing configuration.

esr(config-qinq-if)# ipv6 address <IPV6-ADDR/LEN>

<IPV6-ADDR/LEN> – IP address and prefix of a subnet, defined as X:X:X:X::X/EE where each X part takes values in hexadecimal format [0..FFFF] and EE takes values of [1..128].

For advanced IPv6 addressing features see section IPv6 addressing configuration.

Several IPv4/IPv6 addresses can be specified separated by commas. Up to 8 IPv4/IPv6 addresses can be assigned to the interface.

esr(config-qinq-if)# ip address dhcp

For advanced DHCP client operation features, see section DHCP Client management.

6

Disable the Firewall features on the interface or enable the interface in the security zone (see Firewall configuration).

esr(config-qinq-if)# ip firewall disable


esr(config-qinq-if)# security-zone <NAME>

<NAME> – security zone name, set by the string of up to 31 characters.

7

Set the time interval during which statistics on the sub-interface load is collected. (optional).

esr(config-subif)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

8

Set the lifetime of IPv4/IPv6 entries in the ARP table studied on the given interface (optional).

esr(config-subif)# ip arp reachable-time <TIME>

or

esr(config-subif)# ipv6 nd reachable-time <TIME>

<TIME> – lifetime of dynamic MAC addresses, in milliseconds.

Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.

9

Change MTU (MaximumTransmitionUnit) size.
MTU above 1500 will be active only when using the 'system jumbo-frames' command
(optional).

esr(config-subif)# mtu <MTU>

<MTU> – MTU value in bytes.

Default value: 1500.

10

Enable recording of the current interface usage statistics (optional).

esr(config-subif)# history statistics


11

Override the MSS (Maximum segment size) field in incoming TCP packets (optional).

esr(config-subif)# ip tcp adjust-mss <MSS>

esr(config-subif)# ipv6 tcp adjust-mss <MSS>

<MSS> – MSS value, takes values in the range of [500..1460].

Default value: 1460

It is also possible to configure the Q-in-Q interface:

Q-in-Q configuration example

Objective:

Configure the termination of subnet 192.168.1.1/24 combination C-VLAN: 741, S-VLAN: 828 on the physical interface gigabitethernet 1/0/1.

Solution:

Create sub-interface for S-VLAN: 828

esr(config)# interface gigabitethernet 1/0/1.828
esr(config-subif)# exit
CODE

Create a Q-in-Q interface for the S-VLAN: 741 and configure the IP address from the required subnet.

esr(config)# interface gigabitethernet 1/0/1.828.741
esr(config-qinq-if)# ip address 192.168.1.1/24
esr(config-qinq-if)# exit
CODE

Besides assigning IP address, it is necessary to disable firewall or to configure corresponding security zone on Q-in-Q interface.

USB modems configuration

The use of USB modems allows organizing additional link channel for router operation. When connecting USB modems, use USB hubs can be used. Up to 10 USB modems can be configured in the system at the same time.

USB modems configuration algorithm

Step

Description

Command

Keys

1

After USB modem connection, wail until the system detects the connected device.



2

Define which number of the device is allocated to the connected USB modem.

esr# show cellulars status modem

The connected device identifier will be specified in 'USB port' field

3

Create parameter profile for USB modem and switch to the profile configuration mode.

esr(config)# cellular profile <ID>

<ID> – identifier of USB modem parameter profile, set in the range of [1..10].

4

Specify parameter profile description (optional).

esr(config-cellular-profile)# description <DESCRIPTION>

<DESCRIPTION> – profile description, set by the string of up to 255 characters.

5

Set mobile network access point

esr(config-cellular-profile)# apn <NAME>

<NAME> – mobile network access point, set by the string of up to 31 characters.

6

Set the name of mobile network user (if authentication by login/password required by cellular carrier).

esr(config-cellular-profile)# user <NAME>

<NAME> – user name, set by the string of up to 31 characters.

7

Set the password of mobile network user (if authentication by login/password required by cellular carrier).

esr(config-user)# password ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – unencrypted password, set by the string of [1..64] characters, may include [0-9a-fA-F] characters.

<ENCRYPTED-TEXT> – unencrypted password, set by the string of [2..128] characters.

8

Activate user (if authentication by login/password required by cellular carrier).

esr(config-user)# enable


9

Set the dial-up number for connection to the mobile network.

esr(config-cellular-profile)# number <WORD>

<WORD> – dial-up number for connection to a mobile network, set by the string of up to 15 characters.

10

Set the method of user authentication in the mobile network (optional).

esr(config-cellular-profile)# allowed-auth <TYPE>

<TYPE> – method of user authentication in a mobile network [none, PAP, CHAP, MSCHAP, MSCHAPv2, EAP].

Default value: PAP

11

Limit the possibility of the use of IP addresses in mobile network.

esr(config-cellular-profile)# ip-version
{ ipv4 | ipv6 }

  • ipv4 – IPv4 family;
  • ipv6 – IPv6 family;

12

Create USB modem in the router configuration and switch to the modem configuration mode.

esr(config)# cellular modem <ID>

<ID> – USB modem identifier, set in the range of [1..10].

13

Specify modem description (optional).

esr(config-cellular-modem)# description <DESCRIPTION>

<DESCRIPTION> – modem description, set by the string of up to 255 characters.

14

Specify VRF instance, in which the given modem will operate (optional).

esr(config-cellular-modem)# ip vrf forwarding <VRF>

<VRF> – VRF name, set by the string of up to 31 characters.

15

Set USB modem identifier allocated by the system (specified in item 2).

esr(config-cellular-modem)# device <WORD>

<WORD> – identifier of connected modem’s USB port, set in the range of [1..12].

16

Set the previously established parameter profile to the USB modem.

esr(config-cellular-modem)# profile <ID>

<ID> – identifier of USB modem parameter profile, set in the range of [1..10].

17

Set SIM card unlock code (if necessary).

esr(config-cellular-modem)# pin <WORD>

<WORD> – SIM card unblock code [4..8]. Only digits are allowed.

18

Allow the use of any USB modem operation mode (optional).

esr(config-cellular-modem)# allowed-mode <MODE>

<MODE> – acceptable USB modem operation mode [2g, 3g, 4g].

By default: all modes supported by the modem are allowed.

19

Set the size of the largest received packet (optional).

esr(config-cellular-modem)# mru { <MRU> }

<MRU> – MRU value, takes values in the range of [128..16383].

Default value: 1500.

20

Change the maximum size of processed MTU (MaximumTransmissionUnit) packets.
MTU above 1500 will be active only when using the «system jumbo-frames» command (optional).

esr(config-cellular-modem)# mtu <MTU>

<MTU> – MTU value in bytes.

Default value: 1500.

21

Set the preferable USB modem operation mode in the mobile network (optional).

esr(config-cellular-modem)# preferred-mode { <MODE> }

<MODE> – preferable USB modem operation mode [2g, 3g, 4g].

22

Disable the Firewall features on the interface or enable the interface in the security zone (see Firewall configuration).

esr(config-subif)# ip firewall disable


esr(config-subif)# security-zone <NAME>

<NAME> – security zone name, set by the string of up to 31 characters.

23

Activate USB modem.

esr(config-cellular-modem)# enable


It is also possible to configure a cellular network modem:

For the full modem mobile network functionality, additionally configure the routing and NAT functionality.

Configuration example

Objective:

Configure connection to the Internet by using USB modem.

Solution:

For example, consider the connection to the cellular operator MTS.

After modem connection, wait until the system detects the device. Determine the port of the device that was assigned to the connected USB modem:

esr# show cellular status modem
Number
device	USB port	Manufacturer	Model	Current state	Interface	Link    state
1	    1-2         huawei          E3372   Disabled        --          Down
CODE

Create the parameter profile for USB modem:

esr(config)# cellular profile 1
CODE

Specify the required APN or any other necessary address. The example of connection to MTS APN is given below:

esr(config-cellular-profile)# apn internet.mts.ru
CODE

If necessary, create user name, password, dial-up number and authentication number:

esr(config-cellular-profile)# user mts 
esr(config-ppp-user)# password ascii-text mts 
esr(config-cellular-profile)# number *99#
esr(config-cellular-profile)# allowed-auth PAP
CODE

Proceed to configuring the USB modem and set the identifier corresponding to the device port that was defined at the beginning:

esr(config)# cellular modem 1 
esr(config-cellular-modem)# device 1-2
CODE

Set the corresponding parameter profile and activate the modem:

esr(config-cellular-modem)# profile 1
esr(config-cellular-modem)# enable
CODE

STP/RSTP configuration 

Spanning Tree Protocol is a network protocol to bring an Ethernet network with redundant connections to a tree topology that excludes loops. Network devices exchange configuration messages using frames of a special format and selectively enable and disable transmission on ports.

Rapid STP (RSTP) is an improvement of the STP protocol, characterized by a shorter time to bring the network to a tree topology and has higher stability.

Spanning Tree configuration algorithm 

StepDescriptionCommandKeys
1Enable spanning-tree in the vlan-aware mode.esr(config)# spanning-tree


2Set the amount of time to spend listening and learning states before switching to transmit state.esr(config)# spanning-tree forward-time <TIME>

<TIME> – time in seconds, takes values [4..30].

Default value: 15 seconds.

3Set the time interval between sending BPDU packets.esr(config)# spanning-tree hello-time <TIME>

<TIME> – time in seconds, takes values [1..10].

Default value: 2 seconds.

4Set STP lifetime.esr(config)# spanning-tree max-age <TIME>

<TIME> – time in seconds, takes values [6..40].

Default value: 20 seconds.

5Select a supported protocol from the STP family.esr(config)# spanning-tree mode <MODE>

<MODE> – STP family protocol:

  • STP – IEEE 802.1D Spanning Tree Protocol;
  • RSTP – IEEE 802.1W Rapid Spanning Tree Protocol;
  • MSTP – IEEE 802.1s Multiple Spanning Trees.

Default value: RSTP.

6Set the path value determination method.esr(config)# spanning-tree pathcost method <short | long>

long – value in the range of [1..200000000];

short – value in the range of [1..65535].

Default value: short.

7Set STP priority.esr(config)# spanning-tree priority <PRIORITY>

<PRIORITY> – priority, specified in the range with increments of 4096 [0..61440].

Default value: 32768.

8Switch to interface/tunnel/network bridge configuration mode.esr(config)# interface <IF-TYPE><IF-NUM>

<IF-TYPE> – interface type;

<IF-NUM> – F/S/P – F frame (1), S – slot (0), P – port.

esr(config)# tunnel <TUN-TYPE><TUN-NUM>

<TUN-TYPE> – tunnel type;

<TUN-NUM> – tunnel number.

esr(config)# bridge <BR-NUM><BR-NUM> – bridge number.
9Enable spanning-tree.esr(config-bridge)# spanning-tree
10Set the amount of time to spend listening and learning states before switching to transmit state.esr(config-bridge)# spanning-tree forward-time <TIME>

<TIME> – time in seconds, takes values [4..30].

Default value: 15 seconds.

11Set the time interval between sending BPDU packets.esr(config-bridge)# spanning-tree hello-time <TIME>

<TIME> – time in seconds, takes values [1..10].

Default value: 2 seconds.

12Set STP lifetime.esr(config-bridge)# spanning-tree max-age <TIME>

<TIME> – time in seconds, takes values [6..40].

Default value: 20 seconds.

13Select a supported protocol from the STP family.esr(config-bridge)# spanning-tree mode <MODE>

<MODE> – STP family protocol:

  • STP – IEEE 802.1D Spanning Tree Protocol;
  • RSTP – IEEE 802.1W Rapid Spanning Tree Protocol.

Default value: RSTP.

14Set STP priority.esr(config-bridge)# spanning-tree priority <PRIORITY>

<PRIORITY> – priority, specified in the range with increments of 4096 [0..61440].

Default value: 32768.

15Disable STP on the configured interface.esr(config-if-gi)# spanning-tree disable
16Set the path value determination method.esr(config-if-gi)# spanning-tree cost

<COST> – path cost in the range [1..20000000].

Default value: 4.

17Allow this port to be set as root.esr(config-if-gi)# spanning-tree guard root


18Set the RSTP protocol to the transmitting state and determine the type of connection for the selected port – 'point-to-point', 'branched'.esr(config-if-gi)# spanning-tree link-type {point-to-point|shared}

point-to-point – the command defines the interface as 'point-to-point';

shared – the command defines the interface as 'shared'.

Default value: point-to-point.

19Set interface priority in STP spanning tree.esr(config-if-gi)# spanning-tree port-priority <PRIORITY><PRIORITY> – priority, specified in the range with increments of 16 [0..240].
20The mode is activated, in which the port, when the link is up, immediately switches to the transmitting state, without waiting for the timer to expire.esr(config-if-gi)# spanning-tree portfast

The commands for configuring MSTP are only available on the ESR-1000 as the MSTP protocol is currently supported solely on this device.

Configuration example

Objective:

Configure STP on the router to prevent a loop with a 10 second listen and learn interval and a spanning tree lifetime of 15 seconds.

Solution:

Example of a diagram with a router and a switch connected by two links is given below.

RSTP protocol on the ESR is enabled by defalut.

Go to the configuration mode:

esr-20# configure
CODE

Set STP as default:

esr-20(config)# spanning-tree mode stp
CODE

Set spanning tree lifetime to 15 seconds and network listening and learning interval to 10 seconds:

esr-20(config)# spanning-tree max-age 15
esr-20(config)# spanning-tree forward-time 10
CODE

Show spanning-tree active command output:

esr-20# show spanning-tree active 
Protocol version: STP
          Root ID: [32768] a8:f9:4b:ad:5a:00
                    Root port: [128] gi1/0/1
                    Pathcost 32768
                    Message Age 300
                    Hello time: 2 Max age time: 20 Forward delay: 15
        Bridge ID: [32768] a8:f9:4b:ad:8e:5d
                    Hello time: 2 Max age time: 15 Forward delay: 10
                    Transmit hold count: 6 Topology change: 0
                    Time since topology change: 16 Topology change count: 2
Name           State   Prio.Num   Cost        Status     Role       PortFast   Type                   
------------   -----   --------   ---------   --------   --------   --------   -----  
gi1/0/1        en      128.2      32768       FRW        Root       No         STP                    
gi1/0/2        en      128.3      32768       BLK        Altr       No         STP           
CODE

PPP through E1 configuration

PPP (Point-to-Point Protocol) — point-to-point link layer protocol, used to establish direct communication between two network nodes. It can provide connection authentication, encryption and data compression.

To establish a PPP connection through the E1 stream, there must be TOPGATE-WAN-E1 media converter in the ESR router.

Configuration algorithm

Step

Description

Command

Keys

Preconfiguration:
1

Enable support for Jumbo frames.

To apply changes, the device restart is required.

esr(config)# system jumbo-frames
Physical interface configuration:
2Select the interface where TOPGATE-WAN-E1 is installed.esr(config)# interface gigabitethernet 1/0/3

3

Put physical interface in switch mode.

esr(config-if-gi)# mode switchport


4

Set the operation mode of the E1 interface.

esr(config-if-gi)# switchport mode e1


5

Set the synchronization source (optional).

esr(config-if-gi)# switchport e1 clock source <SOURCE>

<SOURCE> – synchronization source:

  • Internal (default) – synchronize with an internal source;
  • line – synchronize with a linear signal.

6

Specify MTU (Maximum Transmission Unit) size for physical interfaces.

esr(config-if-gi)# mtu <MTU>

<MTU> – MTU value, for E1 and Multilink interfaces may take values in the range of [1510..9600].

7

Specify frame check hash algorithm (optional).

esr(config-if-gi)# switchport e1 crc <FCS>

<FCS> – frame check sequence:

  • 16 (default) – FCS16;
  • 32 – FCS32.

8

Set check for transmission errors (optional).

esr(config-if-gi)# switchport e1 framing <CRC>

<CRC> – cyclic redundancy check:

  • crc-4 – use CRC-4 algorithm;
  • no-crc4 (default) – do not use check.

9

Set transmitting bits inversion (optional).

esr(config-if-gi)# switchport e1 invert data


10

Set linear encoding type (optional).

esr(config-if-gi)# switchport e1 linecode <CODE>

<CODE> – linear encoding type;

  • ami – alternate mark inversion;
  • hdb3 (default) – high density bipolar of order 3.

11

Set amount of timeslots.

esr(config-if-gi)# switchport e1 timeslots <RANGE>

<RANGE> – amount of timeslots.

12

Use E1 as a single entity, without time slots (optional).

esr(config-if-gi)# switchport e1 unframed


E1 interface configuration:
13Select E1 interface.esr(config)# interface e1 1/<SLOT>/1<SLOT> – slot number.
14Specify IPv4 and network mask for the configured interface.esr(config-e1)# ip address <ADDR/LEN><ADDR/LEN> – IP address network mask length specified as AAA.BBB.CCC.DDD/EE, where each AAA – DDD part takes values [0..255] and EE takes values [1..32].
15Disable Firewall functions on the interface or include the interface in the security zone (see the Firewall configuration section).esr(config-e1)#  ip firewall disable
esr(config-e1)# security-zone <NAME><NAME> – name of the security zone, specified as a string of up to 31 characters.
Additional PPP settings for E1:

16

Enable CHAP authentication for PPP (optional).

esr(config-e1)# ppp authentication chap


17

Specify router name that is sent to a remote party for CHAP authentication (optional).

esr(config-e1)# ppp chap hostname <NAME>

<NAME> – router name.

18

Set authentication password (optional).

esr(config-e1)# ppp chap password ascii-text <CLEAR-TEXT>

<CLEAR-TEXT> – unencrypted password, set by the string of [1..64] characters, may include [0-9a-fA-F] characters.

19

Enable authentication override (optional).

esr(config-e1)# ppp chap refuse


20

Set authentication username (optional).

esr(config-e1)# ppp chap username <NAME>

<NAME> – user name.

21

Allow any non-null IP address to be accepted as a local IP address from the neighbour (optional).

esr(config-e1)# ppp ipcp accept-address


22

Set IP address that is sent to a remote party for the further allocation (optional).

esr(config-e1)# ppp ipcp remote-address <ADDR>

<ADDR> – IP address of a remote gateway.

23

Set the amount of attempts to send Configure-Request packets before the remote peer is found to be unable to respond (optional).

esr(config-e1)# ppp max-configure <VALUE>

<VALUE> – number of retries.

24

Set the amount of attempts to send Configure-NAK packets before all options are confirmed (optional).

esr(config-e1)# ppp max-failure <VALUE>

<VALUE> – number of retries.

25

Set the amount of attempts to send Terminate-Request packets before the session is aborted (optional).

esr(config-e1)# ppp max-terminate <VALUE>

<VALUE> – number of retries.

26

Set MRU (Maximum Receive Unit) size for the interface (optional).

esr(config-e1)# ppp mru <MRU>

<MRU> – MRU value.

27

Specify the time interval in seconds after which the router sends a keepalive message (optional).

esr(config-e1)# ppp timeout keepalive <TIME>

<TIME> – time in seconds.

28

Specify the interval after which the router sends a keepalive message (optional).

esr(config-e1)# ppp timeout retry <TIME> 

<TIME> – time in seconds.

Enable E1 interface in Multilink PPP:

29

Add to MLPPP group (optional).

esr(config-e1)# ppp multilink-group <GROUP-ID>

<GROUP-ID> – group number. 

30

Enable MLPPP mode (optional).

esr(config-e1)# ppp multilink 


Configuration example

Objective:

Configure PPP connection to the opposite side with IP address 192.0.2.2/24 via TOPGATE-WAN-E1 using 1-8 channel slots for data transmission; the clock source is the opposite side.

Solution:

First, configure system jumbo-frames, save changes to the configuration and reboot the router:

esr(config)# system jumbo-frames 
esr(config)# exit 
esr# commit 
esr# confirm
esr# reload system 
Do you really want to reload system ? (y/N): y
CODE

Configure the physical interface gigabitethernet 1/0/3, in which TOPGATE-WAN-E1 is installed:

  • Set mtu equal to 1510 or more;
  • Switch interface to the e1 operation mode;
  • Specify channel e1 – 0;
  • Specify e1 channel range from 1 to 8.
esr# configure 
esr(config)# interface gigabitethernet 1/0/3
esr(config-if-gi)# mode switchport 
esr(config-if-gi)# mtu 1510
esr(config-if-gi)# switchport mode e1 
esr(config-if-gi)# switchport e1 slot 0
esr(config-if-gi)# switchport e1 timeslots 1-8
esr(config-if-gi)# exit
CODE

Configure e1 interface:

esr(config)# interface e1 1/0/1 
esr(config-e1)# ip address 192.0.2.1/24
esr(config-e1)# security-zone trusted 
esr(config-e1)# exit
CODE

Information about the physical state of e1 can be obtained using the following command:

esr# show controllers e1 gigabitethernet 1/0/3
Interface 'gi1/0/3':
 SFP present:     Yes
 SFP Vendor name: --
 is te:    No
 SFP Vendor PN:   --
 SFP SW Version:  LPOS 1.0.9.4SR42 (20.12.2017) [
 Line code:       HDB3
 Clock source:    Internal
 Timeslot:        1-8
 Invert Data:     No
 Framing CRC4:    No
 Loopback:        --
 CRC algorithm:   FCS16
 E1 Link:         Up
 E1 Synced:       Yes
 E1 RX AIS:       No
 E1 RX RAI:       No
 E1 TX AIS:       No
CODE

Information about the state of e1 can be obtained using the following command:

esr# show interfaces status e1 1/0/1 
Interface 'e1 1/0/1' status information:
 Description:          --
 Operational state:    Up
 Administrative state: Up
 Track ID:             0
 Supports broadcast:   No
 Supports multicast:   Yes
 MTU:                  1492
 MAC address:          none
 Last change:          1 minute and 3 seconds
 Mode:                 routerport
CODE

MLPPP Configuration

Multilink PPP (MLPPP) is an aggregated channel that encompasses methods of traffic transition via multiple physical channels while having a single logical connection. This option allows enhancing bandwidth and enables load balancing.

Configuration algorithm

Step

Description

Command

Keys

1

Configure aggregation group.

esr(config)# interface multilink <IF>

<IF> – interface name.

2

Specify the description of configured aggregation group (optional).

esr(config-multilink)# description <DESCRIPTION>

<DESCRIPTION> – aggregation group description, set by the string of up to 255 characters.

3

Specify the time interval during which the statistics on the aggregation group load is averaged (optional).

esr(config-multilink)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

Default value: 5.

4

Specify MTU (Maximum Transmission Unit) size for the aggregation group (optional). MTU above 1500 will be active only when using the 'system jumbo-frames' command.

esr(config-multilink)# mtu <MTU>

<MTU> – MTU value, takes values in the range of [1280..1500].

Default value: 1500.

5

Enable CHAP authentication.

esr(config-multilink)# ppp authentication chap


6

Enable authentication override (optional).

esr(config-multilink)# ppp chap refuse


7

Specify the router name that is sent to a remote party for CHAP authentication.

esr(config-multilink)# ppp chap hostname <NAME>

<NAME> – router name, set by the string of up to 31 characters

8

Specify the password that is sent with the router name to a remote party for CHAP authentication.

esr(config-multilink)# ppp chap password ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – unencrypted password, set by the string of [8..64] characters, may include [0-9a-fA-F] characters.

<ENCRYPTED-TEXT> – unencrypted password, set by the string of [16..128] characters.

9

Allow any non-null IP address to be accepted as a local IP address from the neighbour (optional).

esr(config-multilink)# ppp ipcp accept-address


10

Set IP address that is sent to a remote party for the further allocation.

esr(config-multilink)# ppp iccp remote-address <ADDR>

<ADDR> – IP address of a remote gateway.

11

Specify a user for remote party authentication and switch to the specified user configuration mode.

esr(config-multilink)# chap username <NAME>

<NAME> – user name, set by the string of up to 31 characters.

12

Set encrypted or unencrypted password for a specific user to authenticate the remote party.

esr(config-ppp-user)# password ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – unencrypted password, set by the string of [8..64] characters, may include [0-9a-fA-F] characters.

<ENCRYPTED-TEXT> – unencrypted password, set by the string of [16..128] characters.

13

Set the amount of attempts to send Configure-Request packets before the remote peer is found to be unable to respond (optional).

esr(config-multilink)# ppp max-configure <VALUE>

<VALUE> – time in seconds, takes values of [1..255].

Default value: 10.

14

Set the amount of attempts to send Configure-NAK packets before all options are confirmed (optional).

esr(config-multilink)# ppp max-failure <VALUE>

<VALUE> – time in seconds, takes values of [1..255].

15

Set the amount of attempts to send Terminate-Request packets before the session is aborted (optional).

esr(config-multilink)# ppp max-terminate <VALUE>

<VALUE> – time in seconds, takes values of [1..255].

Default value: 2.

16

Set MRU (Maximum Receive Unit) size for the interface.

esr(config-multilink)# ppp mru <MRU>

<MRU> – MRU value, takes values in the range of [128..1485].

Default value: 1500.

17

Specify the time interval in seconds after which the router sends a keepalive message (optional).

esr(config-multilink)# ppp timeout keepalive <TIME>

<TIME> – time in seconds, takes values of [1..32767].

Default value: 10.

18

Specify the time interval in seconds after which the router sends a keepalive message (optional).

esr(config-multilink)# ppp timeout retry <TIME>

<TIME> – time in seconds, takes values of [1..255].

Default value: 3.

19

Specify the maximum packet size for MLPP interface.

esr(config-multilink)# mrru <MRRU>

<MRRU> – maximum size of a received packet for MLPP interface, takes value in the range of [1500..10000].

20

Bind e1 port to the physical interface.

esr(config-if-gi)# switchport e1 <SLOT>

<SLOT> – slot identifier, takes values in the range of [0..3].

21

Put the physical port into SFPe1 module operation mode.

esr(config-if-gi)# switchport mode e1


22

Enable MLPPP mode on E1 interface.

esr(config-e1)# ppp multilink


23

Include E1 interface in the aggregation group.

esr(config-e1)# ppp multilink-group <GROUP-ID>

<GROUP-ID> – group identifier, takes values in the range of [1..4].

Configuration example

Objective:

Configure MLPPP connection to the opposite side with IP address 192.0.2.2/24 via e1 1/0/1 and e1 1/1/1 interfaces. To build an aggregated PPP link, gi 1/0/3 and gi 1/0/4 interfaces are used, into which TOPGATE-WAN-E1 is inserted.

Solution:

First, configure system jumbo-frames, save changes to the configuration and reboot the router:

esr# configure
esr(config)# system jumbo-frames 
esr(config)# exit 
esr# commit 
esr# confirm
esr# reload system 
Do you really want to reload system ? (y/N): y
CODE

Configure the gigabitethernet 1/0/3-4 physical interfaces that have TOPGATE-WAN-E1 installed. When configuring physical interfaces, specify mtu at least 1510, set the interface to the e1 mode, and specify the e1 channel:

esr# configure
esr(config)# interface gigabitethernet 1/0/3
esr(config-if-gi)# mode switchport 
esr(config-if-gi)# mtu 1510
esr(config-if-gi)# switchport mode e1 
esr(config-if-gi)# switchport e1 slot 0
esr(config-if-gi)# switchport e1 timeslots 1-31
esr(config-if-gi)# exit
esr(config)# interface gigabitethernet 1/0/4
esr(config-if-gi)# mode switchport 
esr(config-if-gi)# mtu 1510
esr(config-if-gi)# switchport mode e1 
esr(config-if-gi)# switchport e1 slot 1
esr(config-if-gi)# switchport e1 timeslots 1-31
esr(config-if-gi)# exit
CODE

Configure multilink interface:

esr(config)# interface multilink 3
esr(config-multilink)# ip address 192.0.2.1/24
esr(config-multilink)# security-zone trusted
esr(config-multilink)# exit
CODE

Bind E1 interfaces to Multilink PPP. When configuring E1 interface, specify multilink-group and enable multilink:

esr(config)# interface e1 1/0/1
esr(config-e1)# ppp multilink-group 3
esr(config-e1)# ppp multilink
esr(config-e1)# exit
esr(config)# interface e1 1/1/1
esr(config-е1)# ppp multilink-group 3
esr(config-е1)# ppp multilink
esr(config-е1)# exit
CODE

Information about the state of the multilink interface can be obtained using the following command:

esr# show interfaces status multilink 3
Interface 'mu1' status information:
 Description:          --
 Operational state:    Up
 Administrative state: Up
 Track ID:             0
 Supports broadcast:   No
 Supports multicast:   Yes
 MTU:                  1492
 MAC address:          none
 Last change:          6 seconds
 Mode:                 routerport
CODE

Bridge configuration

Bridge is a method of connection for two Ethernet segments on data-link level without any higher level protocols, such as IP. Packet transmission is based on Ethernet addresses, not on IP addresses. Given that the transmission is performed on data-link level (Level 2 of the OSI model), higher level protocol traffic passes through the bridge transparently.

Configuration algorithm

Step

Description

Command

Keys

1

Add a network bridge to the system and switch to its configuration mode.

esr(config)# bridge <BRIDGE-ID>

<BRIDGE-ID> – bridge identification number, takes values in the range of:

  • for ESR-10/12V(F)/14VF/15 – [1..50];
  • for ESR-20/21/30/100/200 – [1..250];
  • for ESR-1000/1200/1500/1511/1700/3100/3200 – [1..500].

2

Enable network bridge.

esr(config-bridge)# enable


3

Specify VRF instance, in which the given modem will operate (optional).

esr(config-bridge)# ip vrf forwarding <VRF>

<VRF> – VRF name, set by the string of up to 31 characters.

4

Specify the configured network bridge description (optional).

esr(config-bridge)# description <DESCRIPTION>

<DESCRIPTION> – network bridge description, set by the string of up to 255 characters.

5

Connect sub interface, qinq interface, L2GRE tunnel or L2TPv3 tunnel with the network bridge. Connected interfaces/tunnels and network bridges automatically become participants of the shared L2 domain (optional).

esr(config-if-gi)# bridge-group <BRIDGE-ID>

esr(config-if-l2tpv3)# bridge-group <BRIDGE-ID>

<BRIDGE-ID> – bridge identification number, takes values in the range of:

  • for ESR-10/12V(F)/14VF/15 – [1..50];
  • for ESR-20/21/30/100/200 – [1..250];
  • for ESR-1000/1200/1500/1511/1700/3100/3200 – [1..500].

6

Connect the current network bridge with VLAN. All interfaces and L2 tunnels that are members of the assigned VLAN are automatically included in the network bridge and become members of the shared L2 domain (optional)

esr(config-bridge)# vlan <VID>

<VID> – VLAN identifier, set in the range of [1..4094].

7

Specify the size of MTU packets that can be passed by the bridge (optional; possible if only VLAN is included in the bridge).
MTU above 1500 will be active only when using the 'system jumbo-frames' command.

esr(config-bridge)# mtu <MTU>

<MTU> – MTU value, takes values in the range of:

  • for ESR-10/12V(F)/14VF – [552..9600];
  • for ESR-20/21 – [552..9500];
  • for ESR-100/200/1000/1200/1500/1511/1700 – [552..10000]
  • for ESR-1500/1511/1700/3100 – [552..9190].

Default value: 1500

8

Specify the IPv4/IPv6 address and subnet mask for the interface to be configured or enable IP address obtain dynamically.

esr(config-bridge)# ip address <ADDR/LEN>

<ADDR/LEN> – IP address and subnet mask length, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].

For advanced IPv4 addressing features see section IP addressing configuration.

esr(config-bridge)# ipv6 address <IPV6-ADDR/LEN>

<IPV6-ADDR/LEN> – IP address and prefix of a subnet, defined as X:X:X:X::X/EE where each X part takes values in hexadecimal format [0..FFFF] and EE takes values of [1..128].

For advanced IPv6 addressing features see section IPv6 addressing configuration.

Several IPv4/IPv6 addresses can be specified separated by commas. Up to 8 IPv4/IPv6 addresses can be assigned to the interface.

esr(config-bridge)# ip address dhcp

For advanced DHCP client operation features, see section DHCP Client management.

9

Disable the Firewall features on the interface or enable the interface in the security zone (see Firewall configuration).

esr(config-bridge)# ip firewall disable


esr(config-bridge)# security-zone <NAME>

<NAME> – security zone name, set by the string of up to 31 characters.

10

Enable recording of the current interface usage statistics (optional).

esr(config-bridge)# history statistics


11

Specify the time interval during which the statistics on the bridge load is averaged (optional).

esr(config-bridge)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

Default value: 5

12

Specify the network bridge MAC address different from a system one (optional).

esr(config-bridge)# mac-address <ADDR>

<ADDR> – network bridge MAC address, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF].

13

Enable interface isolation mode on the bridge.
In this mode, the traffic exchange between members of the network bridge is prohibited.

(Optional; relevant only for ESR-1000/1200/1500/1511/1700/3100)

esr(config-bridge)# protected-ports [ exclude vlan ]

exclude vlan – when specifying the given key, VLAN (connected with bridge) is excluded from the isolated interfaces list.

14

Prohibit unknown-unicast traffic switching (when a destination MAC address is not included in the switching table) in the given bridge.

(Optional; relevant only for ESR-1000/1200/1500/1511/1700/3100)

esr(config-bridge)# unknown-unicast-forwarding disable


15

Set the lifetime of IPv4/IPv6 entries in the ARP table studied on the given bridge (optional).

esr(config-bridge)# ip arp reachable-time <TIME>

or

esr(config-bridge)# ipv6 nd reachable-time <TIME>

<TIME> – lifetime of dynamic MAC addresses, in milliseconds. Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.

It is also possible to configure for the bridge interface:

Example of bridge configuration for VLAN and L2TPv3 tunnel

Objective:

Combine router interfaces related to LAN and L2TPv3 tunnel passing through the public network into a single L2 domain. For combining, use VLAN 333.

Solution:

Create VLAN 333:

esr(config)# vlan 333
esr(config-vlan)# exit
CODE

Create 'trusted' security zone:

esr(config)# security-zone trusted
esr(config-zone)# exit
CODE

Add gi1/0/11, gi1/0/12 interfaces to VLAN 333:

esr(config)# interface gigabitethernet 1/0/11-12
esr(config-if)# mode switchport
esr(config-if)# switchport general allowed vlan add 333 tagged
CODE

Create bridge 333, map VLAN 333 to it and specify membership in 'trusted' zone:

esr(config)# bridge 333
esr(config-bridge)# vlan 333
esr(config-bridge)# security-zone trusted
esr(config-bridge)# enable 
CODE

Specify the affiliation of L2TPv3 tunnel to bridge mapped to LAN (for L2TPv3 tunnel configuration, see Section L2TPv3 tunnel configuration). In general, bridge and tunnel identifiers should not match the VID, unlike this example.

esr(config)# tunnel l2tpv3 333
esr(config-l2tpv3)# bridge-group 333
CODE

Example of bridge configuration for VLAN

Objective:

Configure routing between VLAN 50 (10.0.50.0/24) and VLAN 60 (10.0.60.0/24). VLAN 50 should belong to 'LAN1', VLAN 60 – to 'LAN2', enable free traffic transmission between zones.

Solution:

Create VLAN 50, 60:

esr(config)# vlan 50,60
esr(config-vlan)# exit
CODE

Create 'LAN1' and 'LAN2’ security zones:

esr(config)# security-zone LAN1
esr(config-zone)# exit
esr(config)# security-zone LAN2
esr(config-zone)# exit
CODE

Map VLAN 50 to gi1/0/11, gi1/0/12 interfaces:

esr(config)# interface gigabitethernet 1/0/11-12
esr(config-if-gi)# switchport general allowed vlan add 50 tagged
CODE

Map VLAN 60 to gi1/0/14 interface:

esr(config)# interface gigabitethernet 1/0/14
esr(config-if-gi)# switchport general allowed vlan add 60 tagged
CODE

Create bridge 50, map VLAN 50, define IP address 10.0.50.1/24 and membership in 'LAN1' zone:

esr(config)# bridge 50
esr(config-bridge)# vlan 50
esr(config-bridge)# ip address 10.0.50.1/24
esr(config-bridge)# security-zone LAN1
esr(config-bridge)# enable 
CODE

Create bridge 60, map VLAN 60, define IP address 10.0.60.1/24 and membership in 'LAN2' zone:

esr(config)# bridge 60
esr(config-bridge)# vlan 60
esr(config-bridge)# ip address 10.0.60.1/24
esr(config-bridge)# security-zone LAN2
esr(config-bridge)# enable 
CODE

Create firewall rules that enable free traffic transmission between zones:

esr(config)# security zone-pair LAN1 LAN2
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# exit
esr(config)# security zone-pair LAN2 LAN1
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# exit
esr(config)# exit
CODE

To view an interface membership in a bridge, use the following command:

esr# show interfaces bridge
CODE

Configuration example of the second VLAN tag adding/removing

Objective:

The gigabitethernet 1/0/1 interface receives Ethernet frames with various VLAN tags. It is necessary to redirect them to the gigabitethernet 1/0/2 interface, adding the second VLAN-ID 828. When Ethernet frames with VLAN-ID 828 come on the gigabitethernet 1/0/2, this tag must be removed and sent to the gigabitethernet 1/0/1 interface.

Solution:

Create the bridge without VLAN and IP address on the route:

esr(config)# bridge 1
esr(config-bridge)# enable 
esr(config-bridge)# exit 
CODE

Include the gigabitethernet 1/0/1 interface in bridge 1:

esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# bridge-group 1
esr(config-if-gi)# exit 
CODE

Include the gigabitethernet 1/0/2.828 sub interface in bridge 1:

esr(config)# interface gigabitethernet 1/0/2.828
esr(config-subif)# bridge-group 1
esr(config-subif)# exit 
CODE

When adding the second VLAN tag to an Ethernet frame, its size is increased by 4 bytes. MTU must be increased by 4 bytes or more on the gigabitethernet 1/0/2 router interface and on all equipment transmitting Q-in-Q frames.

Dual-Homing configuration

In the current firmware version, this functionality is supported only by ESR-1000 router.

Dual-Homing is a technology based on redundant links that creates a secure connection in order to prevent failures of the key network resources.

Configuration algorithm

Step

Description

Command

Keys

1

Specify a redundant interface to which the switching will occur when the connection is lost on a primary one.

esr(config-if-gi)# backup interface<IF> vlan <VID>

<IF> – interface to which the switching will be.

<VID> – VLAN ID, set in the range of [2..4094].

The parameter can also be specified by the range with '-' or by comma-separated list.

2

Specify the number of packets copies with the same MAC address that will be sent to an active interface when switching (optional).

esr(config)# backup-interface mac-duplicate <COUNT>

<COUNT> – amount of packets copies, takes values of [1..4].

3

Specify the number of packets per second that will be sent to an active interface when switching (optional).

esr(config)# backup-interfacemac-per-second<COUNT>

<COUNT> – amount of MAC addresses per second, takes value of [50..400].

4

Specify that it is necessary to carry out the switching to the primary interface when restoring the communication (optional).

esr(config)# backup-interface preemption


Configuration example

Objective:

Establish redundancy of the ESR router L2 connections for VLAN 50-55 using SW1 and SW2 devices.

Solution:

First, do the following:

Create VLAN 50, -55:

esr(config)# vlan 50-55
CODE

Disable STP for gigabitethernet 1/0/9 and gigabitethernet 1/0/10 interfaces, i.e. these protocols cannot operate simultaneously:

esr(config)# interface gigabitethernet 1/0/9-10
esr(config-if-gi)# spanning-tree disable
CODE

Add gigabitethernet 1/0/9 and gigabitethernet 1/0/10 interfaces into VLAN 50-55 in 'general' mode.

esr(config-if-gi)# switchport general allowed vlan add 50-55
esr(config-if-gi)# exit
CODE

Main configuration step:

Make gigabitethernet 1/0/10 redundant for gigabitethernet 1/0/9:

esr(config)# interface gigabitethernet 1/0/9
esr(config-if-gi)# backup interface gigabitethernet 1/0/10 vlan 50-55 
CODE

To view information on redundant interfaces, use the following command:

esr# show interfaces backup 
CODE

Mirroring configuration (SPAN/RSPAN)

In the current firmware version the RSPAN functionality is supported only by ESR-1000/1200/1500/1511/1700 routers.

Traffic mirroring is a feature of the router that allows for redirection of traffic from a specific port of the router to another port of the same router (local mirroring) or to a remote device (remote mirroring).

Configuration algorithm

Step

Description

Command

Keys

1

Define VLAN over which the mirrored traffic will be transmitted (in case of using remote mirroring).

esr(config)# port monitor remote vlan <VID> <DIRECTION>

<VID> – VLAN ID, set in the range of [2..4094];

<DIRECTION> – traffic direction:

  • tx – mirroring only outgoing traffic to the specified VLAN;
  • rx – mirroring only incoming traffic to the specified VLAN.

2

Enable the remote mirroring mode (in case of using remote mirroring).

esr(config)# port monitor remote


3

Define the mode of the port transmitting mirrored traffic (optional).

esr(config)# port monitor mode <MODE>

<MODE> – mode:

  • network – combined data transfer and mirroring (default);
  • monitor-only – mirroring only.

4

Enable mirroring in the interface configuration mode.

esr(config-if-gi)# port monitor interface <IF> [ <DIRECTION> ]

<IF> – interface from which the frames will be mirrored;

<DIRECTION> – traffic direction:

  • tx –  mirroring only output traffic;
  • rx –  mirroring only input traffic;

Configuration example

Objective:

Establish remote mirroring of traffic through VLAN 50 from gi1/0/11 interface to be sent to server for processing purposes.

Solution:

First, do the following:

  • Create VLAN 50:
  • On gi 1/0/5 interface, add VLAN 50 in 'general' mode.

Main configuration step:

Specify VLAN that will be used for transmission of mirrored traffic:

еsr1000(config)# port monitor remote vlan 50 
CODE

For gi 1/0/5 interface, specify a port for mirroring:

еsr1000(config)# interface gigabitethernet 1/0/5
еsr1000(config-if-gi)# port monitor interface gigabitethernet 1/0/11 
CODE

For gi 1/0/5 interface, specify the remote mirroring mode:

еsr1000(config-if-gi)# port monitor remote
CODE

LACP configuration

LACP is a link aggregation protocol that allows multiple physical links to be combined into a single logical link. This process allows to increase the communication link bandwidth and robustness.

Configuration algorithm

Step

Description

Command

Keys

1

Set the system priority for LACP.

esr(config)# lacp system-priority <PRIORITY>

<PRIORITY> – priority, set in the range of [1..65535].

Default value: 1.

2

Set the load balancing mechanism for channel aggregation groups.

esr(config)# port-channel load-balance { src-dst-mac-ip |
src-dst-mac | src-dst-ip | src-dst-mac-ip-port }

  • src-dst-mac-ip – balancing mechanism is based on source and destination MAC addresses and IP addresses;
  • src-dst-mac – balancing mechanism is based on the MAC address of a sender and receiver;
  • src-dst-ip – balancing mechanism is based on the IP address of a sender and receiver;
  • src - dst - mac - ip - port – balancing mechanism is based on source and destination MAC address, IP address and port.

3

Set LACP administration timeout.

esr(config)# lacp timeout {short | long }

  • long – long timeout;
  • short – short timeout.

Default value: long.

4

Create and switch to the aggregated interface configuration mode.

esr(config)# interface port-channel <ID>

<ID>  – sequence number of a channel aggregation group, takes values of [1..12].

5

Configure the required parameters of aggregated channel.



6

Switch to the physical interface configuration mode.

esr(config)# interface <IF-TYPE><IF-NUM>

<IF-TYPE> interface type (gigabitethernet or tengigabitethernet).

<IF-NUM> – F/S/P – F frame (1), S – slot (0), P – port.

7

Include a physical interface in the channel aggregation group specifying the mode of the channel aggregation group formation.

esr(config-if-gi)# channel-group <ID> mode <MODE>

<ID>  – sequence number of a channel aggregation group, takes values of [1..12].

<MODE> – mode of the channel aggregation group formation:

  • auto – add interface to the dynamic aggregation group with the support of LACP;
  • on – add interface to the static aggregation group.

8

Set the Ethernet interface LACP priority.

esr(config-if-gi)# lacp port-priority <PRIORITY>

<PRIORITY> – priority, set in the range of [1..65535].

Default value: 1

9

Set the time interval during which statistics on the sub-interface load is collected (optional).

esr(config-subif)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

10

Set the lifetime of IPv4/IPv6 entries in the ARP table studied on the given interface (optional).

esr(config-subif)# ip arp reachable-time <TIME>

or

esr(config-subif)# ipv6 nd reachable-time <TIME>

<TIME> – lifetime of dynamic MAC addresses, in milliseconds.

Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.

11

Change MTU (MaximumTransmitionUnit) size. MTU above 1500 will be active only when using the 'system jumbo-frames' command (optional).

esr(config-subif)# mtu <MTU>

<MTU> – MTU value in bytes.

Default value: 1500.

12

Enable recording of the current interface usage statistics (optional).

esr(config-subif)# history statistics


13

Override the MSS (Maximum segment size) field in incoming TCP packets (optional).

esr(config-subif)# ip tcp adjust-mss <MSS>

esr(config-subif)# ipv6 tcp adjust-mss <MSS>

<MSS> – MSS value, takes values in the range of [500..1460].

Default value: 1460

It is also possible to configure the aggregated interface:

·     IPv4/IPv6 addressing (see sections IP addressing configuration, IPv6 addressing configuration and DHCP client management);

·     Firewall (see section Firewall configuration);

·     QoS in basic or advanced mode (see section QoS management);

·     proxy (see section HTTP/HTTPS traffic proxying);

·     traffic monitoring (see sections Netflow configuration and sFlow configuration);

·     routing protocols functionality (see section Routing management);

·     VRRF protocol (see section Redundancy management)

·     BRAS functionality (see section BRAS (Broadband Remote Access Server) management);

·     IDS/IPS functionality (see section IPS/IDS configuration).

Configuration example

Objective:

Configure aggregated link between ESR router and the switch.

Solution:
First, do the following settings:

For gi1/0/1, gi1/0/2 interfaces disable security zone with 'no security-zone' command.

Main configuration step:

Create port-channel 2 interface:

esr(config)# interface port-channel 2
CODE

Add gi1/0/1, gi1/0/2 physical interfaces into the created link aggregation group:

esr(config)# interface gigabitethernet 1/0/1-2
esr(config-if-gi)# channel-group 2 mode auto 
CODE

Further port-channel configuration is performed by analogy to the common physical interface.

AUX configuration

For ESR-21.

AUX configuration is used to specify parameters for interacting with external devices connected via serial interfaces to the ESR.

Configuration algorithm

Step

Description

Command

Keys

1

Switch to the serial interface configuration mode.

esr(config)# line aux <NUM>

<NUM> – a number of a serial interface from the range [1..3].

2

Set the necessary serial interface parameters to communicate with the connected device (optional).

These parameters are usually specified in the operation manual of the device to be connected.

By default, the standard values will be used.

esr(config-line-aux) databits <BITS>

esr(config-line-aux) flowcontrol <FMODE>

esr(config-line-aux) parity <PMODE>

esr(config-line-aux) speed <SPEED>

esr(config-line-aux) stopbits <STOP-BITS>

<BITS> – a number of data bits sent [7..8].

Default is '8'.

<FMODE> – data flow control mode. Takes the following values:

  • software – software flow control;
  • hardware – hardware flow control;
  • disabled – flow control disabled;

Default is 'disabled'.

<PMODE> – parity bit setting mode. Takes the following values:

  • odd – a check for oddness;
  • even – a check for evenness;
  • none – parity bit is not set;

Default is 'none'.

<SPEED> – a speed of a serial interface in bps.

Takes the following values:

  • 300;
  • 1200;
  • 2400;
  • 4800;
  • 9600;
  • 19200;
  • 38400;
  • 57600;
  • 115200;

 Default is '115200'.

<STOP-BITS> – the number of stop bits transmitted[ 1..2];

Default is '1'.

3

Specify serial interface description (optional).

esr(config-line-aux)# description <DESCRIPTION>

<DESCRIPTION> – interface description, set by the string of up to 255 characters.

4

When using the device to be connected as a modem, set the serial interface to modem mode (optional).

Note: cannot be used in conjunction with the «transport telnet port» command.

esr(config-line-aux)# modem inout


5

When using the ESR as a terminal server to control a connected device on the serial interface, set the TCP port number to be used as the TCP port number to connect to the ESR via telnet (optional).

Note: cannot be used in conjunction with the 'modem inout' command.

esr(config-line-aux)# transport telnet port <PORT>

<PORT> – TCP port number for console server mode. Takes values in the range of [1..65535].

Configuration examples

Objective 1:

Configure IP communication between two ESRs on the serial port, using modems in Leased line mode (automatic modem mode), connected to each other by a telephone cable.

Modems should be previously switched to automatic connection setting mode.

Modem compatibility verified

Modem Zyxel U-336E Plus.

Solution:

Configure the first ESR-21 

Configure negotiation parameters:

esr-21-1(config)# line aux 2 
esr-21-1(config-line-aux)# flowcontrol hardware
esr-21-1(config-line-aux)# exit
esr-21-1(config)# 
CODE

Configure the required RS-232 interfaces:

esr-21-1(config)# interface serial 1/0/2 
esr-21-1(config-serial)# ip address 1.1.1.1/24 
esr-21-1(config-serial)# exit
esr-21-1(config)# 
CODE

Configure firewall for security zones:

esr-21-1(config)# security zone xx
esr-21-1(config-zone)# exit
esr-21-1(config)# security zone-pair xx self 
esr-21-1(config-zone-pair)#   rule 1 
esr-21-1(config-zone-pair-rule)# action permit 
esr-21-1(config-zone-pair-rule)# enable 
esr-21-1(config-zone-pair-rule)# exit 
esr-21-1(config-zone-pair)# exit
esr-21-1(config)# 
CODE

Specify that the interfaces belong to the security zone:

esr-21-1(config)# interface serial 1/0/2
esr-21-1(config-serial)# security-zone xx 
esr-21-1(config-serial)# exit
esr-21-1(config)#
CODE

Configure the second ESR-21 

Configure negotiation parameters:

esr-21-2(config)# line aux 2 
esr-21-2(config-line-aux)# flowcontrol hardware
esr-21-2(config-line-aux)# exit
esr-21-2(config)# 
CODE

Configure the required RS-232 interfaces:

esr-21-2(config)# interface serial 1/0/2 
esr-21-2(config-serial)# ip address 1.1.1.2/24 
esr-21-2(config-serial)# exit
esr-21-2(config)# 
CODE

Configure firewall for security zones:

esr-21-2(config)# security zone xx
esr-21-2(config-zone)# exit
esr-21-2(config)# security zone-pair xx self 
esr-21-2(config-zone-pair)#   rule 1 
esr-21-2(config-zone-pair-rule)# action permit 
esr-21-2(config-zone-pair-rule)# enable 
esr-21-2(config-zone-pair-rule)# exit 
esr-21-2(config-zone-pair)# exit
esr-21-2(config)# 
CODE

Specify that the interfaces belong to the security zone:

esr-21-2(config)# interface serial 1/0/2
esr-21-2(config-serial)# security-zone xx 
esr-21-2(config-serial)# exit
esr-21-2(config)#
CODE

Objective 2:

Set up IP connectivity between two ESRs on a Serial port, using Dial-Up modems and the Public Switched Telephone Network (PSTN).

The ESR-12VF with the following configuration is used as a PSTN emulation:

dialplan pattern factory_test
  description "dialplan for factory test" 
  pattern "S5, L5 (00[1-3]@{local} | [xABCD*#].S)" 
  enable
exit
sip profile 1
  dialplan pattern "factory_test" 
  enable
  proxy primary
    enable
    ip address proxy-server 192.0.2.5
    registration
    ip address registration-server 192.0.2.5
  exit
exit
interface voice-port 1
  sip user phone 001
  profile sip 1
exit
interface voice-port 2
  sip user phone 002
  profile sip 1
  caller-id mode fsk-bell
exit
CODE

Modem compatibility verified

  • Modem ZyXEL OMNI 56K (MINI)
  • Modem Acorp-M56SCD

Solution:

Configure the first ESR-21 

Configure the parameters for negotiation with the modem:

esr-21-1(config)# line aux 2 
esr-21-1(config-line-aux)# flowcontrol hardware
esr-21-1(config-line-aux)# modem inout
esr-21-1(config-line-aux)# exit
esr-21-1(config)# 
CODE

Configure the required RS-232 interfaces:

esr-21-1(config)# interface serial 1/0/2 
esr-21-1(config-serial)# ip address 1.1.1.1/24 
esr-21-1(config-serial)# exit
esr-21-1(config)# 
CODE

Configure firewall for security zones:

esr-21-1(config)# security zone xx
esr-21-1(config-zone)# exit
esr-21-1(config)# security zone-pair xx self 
esr-21-1(config-zone-pair)#   rule 1 
esr-21-1(config-zone-pair-rule)# action permit 
esr-21-1(config-zone-pair-rule)# enable 
esr-21-1(config-zone-pair-rule)# exit 
esr-21-1(config-zone-pair)# exit
esr-21-1(config)# 
CODE

Specify that the interfaces belong to the security zone:

esr-21-1(config)# interface serial 1/0/2
esr-21-1(config-serial)# security-zone xx 
esr-21-1(config-serial)# exit
esr-21-1(config)#
CODE

Enable dialing by number:

esr-21-1(config)# interface serial 1/0/2 
esr-21-1(config-serial)# dialer string 002
esr-21-1(config-serial)# dialer
esr-21-1(config-serial)# exit
esr-21-1(config)# 
CODE

Configure the second ESR-21 

Configure negotiation parameters:

esr-21-2(config)# line aux 2 
esr-21-2(config-line-aux)# flowcontrol hardware
esr-21-2(config-line-aux)# modem inout
esr-21-2(config-line-aux)# exit
esr-21-2(config)# 
CODE

Configure the required RS-232 interfaces:

esr-21-2(config)# interface serial 1/0/2 
esr-21-2(config-serial)# ip address 1.1.1.2/24 
esr-21-2(config-serial)# exit
esr-21-2(config)# 
CODE

Configure firewall for security zones:

esr-21-2(config)# security zone xx
esr-21-2(config-zone)# exit
esr-21-2(config)# security zone-pair xx self 
esr-21-2(config-zone-pair)#   rule 1 
esr-21-2(config-zone-pair-rule)# action permit 
esr-21-2(config-zone-pair-rule)# enable 
esr-21-2(config-zone-pair-rule)# exit 
esr-21-2(config-zone-pair)# exit
esr-21-2(config)# 
CODE

Specify that the interfaces belong to the security zone:

esr-21-2(config)# interface serial 1/0/2
esr-21-2(config-serial)# security-zone xx 
esr-21-2(config-serial)# exit
esr-21-2(config)#
CODE
Objective 3:

Use additional modem settings for Objective 2:

  • for modem 1 enable the V.22bis protocol;
  • disable the speakers on both modems.

Solution

Create a line with additional modem initialization parameters for the first ESR-21, where

  • AT&N1 – enable V.22bis on modem mode;
  • ATM0L0 – disable modem speaker.
esr-21-1(config)# chat-script dial_test "ABORT 'BUSY' ABORT 'NO CARRIER' ABORT ERROR '' AT OK AT&F OK AT&N14 OK ATM0L0 OK ATD\\T CONNECT ''"
esr-21-1(config)#
CODE

Enable the use of the modem initialization string:

esr-21-1(config)# interface serial 1/0/2
esr-21-1(config-serial)# dialer string 001 modem-script dial_test
esr-21-1(config-serial)# exit
esr-21-1(config)#
CODE

Create a line with additional modem initialization parameters for the second ESR-21:

esr-21-2(config)# chat-script answer_test "ABORT 'BUSY' ABORT 'NO CARRIER' '' AT OK AT&F OK ATM0L0 RING ATAr CONNECT ''" 
esr-21-2(config)#
CODE

Enable the use of the modem initialization string:

esr-21-2(config)# interface serial 1/0/2
esr-21-2(config-serial)# dialer string 000 modem-script answer_test
esr-21-2(config-serial)# exit
esr-21-2(config)#
CODE

Adapter soldering schemes

RJ-45 <--> DB-25  pinout

RJ-45 <-->  RJ-45 pinout (rolled over cable)