Options for Layer 2 Bridging Ports
You can configure the following parameters.
Encapsulation
CTP layer 2 bridging works with the following protocols: CISCO HDLC, PPP, and Frame Relay.
Cisco HDLC
After selecting Cisco HDLC, you can specify HDLC keepalive interval (range 1–100 seconds, default 10) and keepalive timeout values (range 1–30 seconds, default 30).
Select the encapsulation for this port. Please select a number from the following list: ------------------------------------- 0) Cisco HDLC 1) PPP 2) Frame Relay ------------ Your choice [0]: 0 Enter the HDLC keepalive interval. (1-100)[10]: 10 Enter the HDLC keepalive timeout. (1-100)[30]: 30
PPP
There are no values to specify for PPP.
Frame Relay
After selecting Frame Relay, you can configure individual permanent virtual circuits (PVCs). Ethernet interface, AutoMAC, AutoARP, and static MAC options do not appear on the menu when Frame Relay encapsulation is selected because these options are configured per PVC.
Select the encapsulation for this port. Please select a number from the following list: ------------------------------------- 0) Cisco HDLC 1) PPP 2) Frame Relay ------------ Your choice [2]: 2
Configuring LMI Settings and Timers
You can configure standard link management interface (LMI) settings by selecting 1) Configure LMI settings from the Frame Relay Config menu. Configure LMI settings and timers by selecting the corresponding options.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Configure LMI settings 2) Edit DLCI 301 - eth0.301 3) Edit DLCI 302 - eth0.302 4) Add a new DLCI configuration ------------ Your choice [0]: 1 Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Frame-relay LMI type: ITU 2) Frame-relay interface mode: DTE 3) t391 DTE polling timer: 10 4) t392 DCE polling verification timer: 15 5) n391 DTE full status polling interval: 6 6) n392 DTE/DCE error threshold: 3 7) n393 DTE/DCE monitored event count: 4 ------------ Your choice [0]:
Creating and Editing PVCs and DLCIs
From the Frame Relay Config menu, you can create and configure up to eight PVCs per Frame Relay interface. Normal bridge options can be configured on a per-DLCI basis. Each data-link connection identifier (DLCI) is bridged to a unique Ethernet VLAN.
To add a new PVC, choose 4) Add a new DLCI configuration. After a DLCI is created, it is added to the option list, and the menu option numbers increment by one. To edit a DLCI, select the corresponding edit option for that interface. For example, to edit DLCI 301, select 2) Edit DLCI 301 - eth0.301.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Configure LMI settings 2) Edit DLCI 301 - eth0.301 3) Edit DLCI 302 - eth0.302 4) Add a new DLCI configuration ------------ Your choice [0]: 2
Deleting a PVC
To delete a PVC, you must first edit it and then select 1) Delete this PVC.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Delete this PVC 2) Frame-relay DLCI: 301 3) Interface/VLAN: eth0.301 4) AutoMAC: enabled 5) AutoARP: enabled 6) Static dst-MAC for TX: ffff.ffff.ffff ------------ Your choice [0]:
Interface/VLAN
Make the mapping, or bridge, between the serial and Ethernet interfaces by selecting 5) Interface/VLAN from the Config menu. After selecting the bridge, you can enter the VLAN IDs on the Ethernet interface that will be mapped to the serial port.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Port descriptor text: 2) Interface: RS-232/DCE/NRZ 3) Clock config: 128.000000 / Configured Rate, w/o Ext Tx Clk (TT) 4) Encapsulation: cisco-hdlc / interval=10 timeout=30 5) Interface/VLAN: eth0.200 6) AutoMAC: enabled 7) AutoARP: enabled 8) Static dst-MAC for TX: ffff.ffff.ffff 9) Advanced options... ------------ Your choice [0]: 5 Select the Ethernet interface to bridge this port to. Please select a number from the following list: ------------------------------------- 0) Interface eth0 ------------ Your choice [0]: 0 Enter the VLAN ID on interface eth0 to bridge this port to. (1-4095)[200]: 200
Static Destination MAC Address
Any packets bridged from the serial interface to the Ethernet interface need to have an Ethernet header added. Because the destination MAC address is usually unknown, by default ffff.ffff.ffff is used. This default guarantees that the attached router will see the packet. You can define the destination MAC address for packets sent out the Ethernet interface by using the static dst-MAC option.
To set the static destination MAC address, select 8) Static dst-MAC for TX from the Config menu. Note that AutoMAC must be disabled before you set a static dst-MAC.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Port descriptor text: 2) Interface: RS-232/DCE/NRZ 3) Clock config: 128.000000 / Configured Rate, w/o Ext Tx Clk (TT) 4) Encapsulation: cisco-hdlc / interval=10 timeout=30 5) Interface/VLAN: eth0.200 6) AutoMAC: disabled 7) AutoARP: enabled 8) Static dst-MAC for TX: ffff.ffff.ffff 9) Advanced options... ------------ Your choice [0]: 8
AutoMAC
If the Ethernet interface is directly connected to a router, the CTP chassis can dynamically learn the MAC address of the router if AutoMAC is enabled. AutoMAC works by listening for Address Resolution Protocol (ARP) packets from the router. When an ARP packet is received, the source MAC address is assumed to be the MAC address of the directly connected router, and thus the MAC address that the CTP should use as a destination in any frames bridged from the serial port.
AutoMAC should be used only if the Ethernet router is directly connected to the CTP chassis. See other limitations below.
AutoMAC has the following limitations:
Should be used only if the Ethernet router is directly connected to the CTP chassis.
Works by assuming that every ARP packet seen belongs to the next-hop router.
If there is a switch or other device on the same broadcast domain, AutoMAC should not be used. If enabled, AutoMAC constantly switches the destination MAC used by the CTP system between each of the various devices in the broadcast domain each time it sees an ARP from a different address than the MAC it is currently using.
To configure AutoMAC, select 6) AutoMAC from the Config menu.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Port descriptor text: 2) Interface: RS-232/DCE/NRZ 3) Clock config: 128.000000 / Configured Rate, w/o Ext Tx Clk (TT) 4) Encapsulation: cisco-hdlc / interval=10 timeout=30 5) Interface/VLAN: eth0.200 6) AutoMAC: enabled 7) AutoARP: enabled 8) Static dst-MAC for TX: ffff.ffff.ffff 9) Advanced options... ------------ Your choice [0]: 6 ------------------------------------- * * * NOTE * * * The AutoMAC feature configures the CTP to automatically learn the MAC address of the connected Ethernet router. All traffic bridged from the serial interface will be sent to this MAC address. AutoMAC should only be used when a router is directly connected to the Ethernet interface. If AutoMAC is enabled on an Ethernet interface connected to a switch or other shared segment, the CTP will learn multiple MAC addresses and may not use the correct address. Please select a number from the following list: ------------------------------------- 0) Disable AutoMAC 1) Enable AutoMAC ------------ Your choice [1]:
AutoARP
Normally, the Ethernet-attached router sends ARP packets to find the MAC address for the IP address configured on the serial-attached router. However, the serial-attached router will not respond to ARP packets. You can configure a static ARP entry on the Ethernet-attached router with the MAC address of the CTP system, or you can use AutoARP.
AutoARP causes the CTP system to respond to any ARP packet with its own MAC address and configures the CTP system to automatically respond to all ARP requests received on the Ethernet VLAN interface for the bridge. AutoARP also sends IPv6 neighbor advertisements in response to any IPv6 neighbor solicitation.
AutoARP should be used only when a router is directly connected to the Ethernet interface. If AutoARP is enabled on an Ethernet interface that connects to a switch or other shared segment, serious network disruption can occur.
AutoARP has the following limitations:
AutoARP should be used only if the Ethernet router is directly connected to the CTP chassis.
AutoARP works by assuming that every ARP packet seen belongs to the next-hop router.
If there is a switch or other device on the same broadcast domain, AutoARP should not be used. If enabled, AutoARP responds to every ARP on the broadcast domain and disrupts communication between other devices on the network.
To configure AutoARP, select 7) AutoARP from the Config menu.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Port descriptor text: 2) Interface: RS-232/DCE/NRZ 3) Clock config: 128.000000 / Configured Rate, w/o Ext Tx Clk (TT) 4) Encapsulation: cisco-hdlc / interval=10 timeout=30 5) Interface/VLAN: eth0.200 6) AutoMAC: enabled 7) AutoARP: enabled 8) Static dst-MAC for TX: ffff.ffff.ffff 9) Advanced options... ------------ Your choice [0]: 7 ------------------------------------- * * * WARNING * * * The AutoARP feature configures the CTP to automatically respond to *ALL* ARP requests received on the Ethernet VLAN interface for this bridge. AutoARP should only be used when a router is directly connected to the Ethernet interface. If AutoARP is enabled on an Ethernet interface that connects to a switch or other shared segment, SERIOUS NETWORK DISRUPTION can occur. Please select a number from the following list: ------------------------------------- 0) Disable AutoARP 1) Enable AutoARP ------------ Your choice [1]:
Advanced Options (Crypto Resync)
CTP chassis can be used with federally approved cryptographic (crypto) devices. You can configure synchronized (in-sync) and pulse crypto resynchronized (resync) options for use with these devices.
If an error occurs on a secure link, the crypto devices may get out of sync. When the CTP software detects that a crypto device is out of sync or that keepalives or LMI has been lost, it signals to the crypto device to resync by pulsing DSR and/or CTS.
You can configure how long the CTP software waits before requesting a resynchronization, set the pulse width, and set the pulse period of the resync request. You can also configure the direction of the pulse (0 to 1 or 1 to 0). (Other common terms for 0 are space, low, and on; and other commons terms for 1 are mark, high, and off). To disable the pulse, set the in-sync and pulse value to the same value.
Crypto resync wait time—Time between loss of sync and the first pulse (range 1-60 seconds).
Crypto resync pulse width—Time that the pulse is asserted (range 1–15 seconds).
Crypto resync pulse period—Time between the beginnings of each pulse (range 1–1000 seconds). Should be greater than the pulse width; otherwise, the pulse will always be asserted.
To set crypto resync parameters, select 9) Advanced options from the Config menu.
Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 1) Port descriptor text: 2) Interface: V.35/DCE/NRZ 3) Clock config: 128.000000 / Configured Rate, w/o Ext Tx Clk (TT) 4) Encapsulation: ppp 5) Interface/VLAN: eth0.201 6) AutoMAC: enabled 7) AutoARP: enabled 8) Static dst-MAC for TX: ffff.ffff.ffff 9) Advanced options... ------------ Your choice [4]: 9 ========================================================================== = (ctp 05/26/07 10:55:17 GMT) | Advanced Option Menu for PBS port 1 ========================================================================== Please select a number from the following list: ------------------------------------- 0) Back to Previous Menu 3) Crypto resync wait time: 4 sec 4) Crypto resync pulse width: 1 sec 5) Crypto resync pulse period: 8 sec 6) Crypto resync DSR in-sync value: 1 (mark/high/off) 7) Crypto resync DSR pulse value: 0 (space/low/on) 8) Crypto resync CTS in-sync value: 1 (mark/high/off) 9) Crypto resync CTS pulse value: 0 (space/low/on) ------------ Your choice [5]:
When you use a DTE cable, the DSR settings apply to DTR, and the CTS settings apply to RTS. Both signals are provided to allow for different requirements of the crypto device:
DSR (DTR) provides an unbalanced signal
CTS (RTS) provides a balanced signal