VPN Routing and Forwarding

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

1 of 23 vrf_jun-cis.doc

Avaya Solution & Interoperability Test Lab

Configuring VPN Routing and Forwarding (VRF) on Juniper J4300 router and Cisco 3550 Catalyst Multi-layer Switch to support Avaya IP Telephony - Issue 1.0

Abstract

These Application Notes describes a procedure for configuring Multi-VRF (aka VRF-Lite) for the purpose of maintaining separate, independent virtual routing tables, one dedicated to voice traffic and another one dedicated to data traffic. The configuration described in these Application Notes implement Multi-VRF between a Juniper J4300 enterprise router at a main site and a Cisco Catalyst 3550 multi-layer switch at a branch site. These application notes were requested by a customer for a proof of concept.




1. Introduction and Scope Multiprotocol Label Switching (MPLS) based networks implementing IP-VPN services must maintain multiple, independent routing tables per VPN instance. The VPN Routing and Forwarding (VRF) feature of the Provider Edge (PE) router accomplishes this by logically splitting the router into multiple virtual routers, where each virtual router contains its own set of interfaces, routing table, and forwarding table. A VRF is associated with the following components:

• IP routing table • Derived forwarding table • Set of interfaces; physical or virtual • Set of routing protocols and routing peers that inject information into the VRF

VRF functionally was initially reserved only for MPLS PE routers. A subset of the PE VRF functionality, known as "Multi-VRF" or "VRF-Lite", was later made available for non-PE routers. Some of the highlights of a Multi-VRF router are:

• VRF functionality with out using MPLS labels • Multiprotocol BGP not required • Detailed routing scenarios can be implemented without being connected to an MPLS

VPN network via PE. A key requirement for implementing any converged voice and data network is to be able to identify, segment and prioritize traffic types. At Layer 2, 802.1Q VLANs are used for this by implementing a separate Voice VLAN and Data VLAN with appropriate prioritization however a common routing table is used for both of these traffic types at Layer 3. Multi-VRF enables separately routed (virtual) networks with distinct routing tables and potentially overlapping address space to co-exist on the same router. Multi-VRF provides an option to further segment data and voice traffic by maintain separate virtual routing instances providing Layer 3 segmentation, complimenting Layer 2 VLAN segmentation. The configuration described in these Application Notes implement Multi-VRF between a Juniper J4300 enterprise router at a main site and a Cisco Catalyst 3550 multi-layer switch at a branch site. Two VRF tables, “vrf Voice” and “vrf Data” are configured on each router. The Open Shortest Path First (OSPF) routing protocol is used by the VRF tables. Two OSPF instances are configured for each VRF table. These Application Notes focus on the VRF configuration of the Juniper J4300 Router and Cisco 3550 Multi-layer switch providing full configurations for each.




Figure 1 provides a high-level overview of the network used to verify these Application Notes.

Figure 1: Network Overview

2. Equipment and Software Validated Table 1 lists the equipment and software/firmware versions used in the sample configuration provided.

Network Component Version Information Avaya S8700 Media Servers Avaya Communication Manager R3.0.1

(R013x.00.1.346.0) Avaya G650 Media Gateway - TN2312BP IPSI (HV6) FW12 TN799DP C-LAN (HV1) FW12 TN2302AP IP Media Processor (HV12) FW95 Avaya G700 Media Gateway 23.17.0 Avaya 2420 Series Digital Telephones - Juniper J4300 JunOS 7.4R1.7 Cisco Catalyst 3550 IOS 12.3(25)

Table 1 – Equipment Version Information




3. Configurations

3.1. Cisco Catalyst 3550 Layer 2/3 switch configuration – Branch Site

Global Configuration Description no service pad service timestamps debug uptime service timestamps log uptime ! !

ip subnet-zero ip routing

Enable IP routing.

mls qos

Globally enable QoS.

mls qos map cos-dscp 0 8 16 26 32 46 48 56

Configures the CoS-to-DSCP map (maps CoS values in incoming packets to a DSCP value).

mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34

Configures the buffer size of minimum reserve levels 5 – 8 to be used by the four egress queues. Level 1-4 can hold 100 packets (default) Level 5 can hold 170 packets Level 6 can hold 85 packets Level 7 can hold 51 packets Level 8 can hold 34 packets When the buffer specified for the minimum-reserve level is full, packets are dropped until space is available.

no ip domain-lookup !

ip vrf Data rd 100:2 ! ip vrf Voice rd 100:1

Names the VRF table. vrf Data is the name of the routing table to be used for data traffic and vrf Voice is the name of the routing table to be used for voice traffic..

Route Distinguisher (RD) creates the VRF table and specifies the default route-distinguisher for a VPN. The RD is added to the beginning of the networks IPv4 prefixes to change them into globally unique VPN-IPv4 prefixes. The RD feature allows for use of private, overlapping IP address across different VPN networks.

A RD is either an ASN, in which case it




Global Configuration Description is composed of an autonomous system number and an arbitrary number, or it is an IP-address, in which case it is composed of an IP address and an arbitrary number.

You can enter an RD in either of these formats:

16-bit AS number: your 32-bit number For example, 101:3

32-bit IP address: your 16-bit number For example, 192.168.122.15:1

We have chosen to use ASN format for this configuration.

no file verify auto spanning-tree mode pvst

Enables per-vlan spanning-tree.

! vlan internal allocation policy ascending !

Sets the VLAN ID allocation direction for internally assigned VLAN’s starting with ID 4096.

! interface Loopback1 no ip address ! interface Loopback2 no ip address !

interface FastEthernet0/1 description Avaya G700 MG switchport access vlan 20 switchport trunk encapsulation dot1q switchport mode trunk duplex full speed 100 mls qos trust dscp

Physical port connection to Avaya G700 MG.. Binds port to VLAN 20 (voice VLAN) and sets mode to support VLAN tagging using standard 802.1Q tags. Configures port to trust DSCP value of ingress traffic.

interface FastEthernet0/13 switchport access vlan 60 switchport mode access duplex full speed 100 mls qos trust dscp auto qos voip trust wrr-queue bandwidth 20 20 5 80

Physical port connection to IXIA data traffic generator. Binds port to VLAN 60 (data VLAN) and sets port to access mode. Configures port to trust DSCP value of ingress traffic.

Weighted Round Robin (WRR) is a mechanism used in output QoS scheduling on the 3550. WRR works between three or four queues (if there is no strict priority queue). The queues used in the WRR are emptied in a round robin fashion, and you can configure the




Global Configuration Description wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 2 wrr-queue cos-map 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast

weight for each queue.

In our lab configuration, we’ve defined WRR so the 4 queues are served 20%, 20%, 5%, and 80% of the time.

Assigns one of the min-reserve values, specified earlier in this config with the mls qos min-reserve command, to each of four the queues. Maps each of the eight possible CoS values to one of the four possible queues using the CoS to queue map command: Places CoS values 0,1,2 in Q1 Places CoS values 4 in Q2 Places CoS values 3,6,7 in Q3 Places CoS values 5 in Q4

interface FastEthernet0/24 switchport access vlan 38 switchport trunk encapsulation dot1q switchport mode trunk duplex full speed 10 mls qos trust dscp

Physical port connection to Juniper J4300. Bind the port to specific VLAN and sets the mode to support VLAN tagging using standard 802.1q tags. Speed set to 10MB to simulate Metro Ethernet service uplink.

interface Vlan20 ip vrf forwarding Voice ip address 172.28.20.1 255.255.255.0 ! interface Vlan38 ip vrf forwarding Data ip address 38.0.0.8 255.255.255.0 ! interface Vlan60 ip vrf forwarding Data ip address 172.28.60.1 255.255.255.0 ! interface Vlan80 ip vrf forwarding Voice ip address 80.0.0.8 255.255.255.0

Creates a Layer 3 switch virtual interface (SVI). Vlan20 = the Interface ID. Associates the interface with a VRF table and assigns the interface an ip address.

router ospf 2 vrf Voice log-adjacency-changes network 80.0.0.0 0.0.0.255 area 0.0.0.0 network 172.28.20.0 0.0.0.255 area 0.0.0.0 ! router ospf 1 vrf Data

Enables OSPF routing for the specified VRF table, Defines the network address(s)/mask and area ID for OSPF to use per VRF instance.




Global Configuration Description log-adjacency-changes network 38.0.0.0 0.0.0.255 area 0.0.0.0 network 172.28.60.0 0.0.0.255 area 0.0.0.0

! ip classless ip http server ip http secure-server ! ! snmp-server community public RW snmp-server community avaya RW ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco login line vty 5 15 login ! ! end

3.2. Juniper J4300 Enterprise Router configuration – Main Site

system { host-name CE1; root-authentication { encrypted-password "$1$NsK8iEEW$4lnbpL1mdL8olJKLVcglh."; ## SECRET-DATA } login { user admin { uid 2001; class super-user; authentication { encrypted-password "$1$EHH3Zjx0$Ow4LkDfh0sCOWUIkNtATr0"; ## SECRET-DATA } } }




services { ssh; telnet; web-management { http; } } syslog { file messages { any any; } } } -------------------------------------------------------------------------------------- Configure FastEthernet physical interfaces fe-0/0/0 and fe-0/0/1. Assign Vlan ID’s and IP address to logical interfaces unit 2, unit 10, unit 38, unit 80 --------------------------------------------------------------------------------------

interfaces { fe-0/0/0 { description "Main 3550 L2"; per-unit-scheduler; vlan-tagging; unit 2 { vlan-id 2; family inet { address 172.25.2.1/24; } } unit 10 { vlan-id 10; family inet { address 172.28.10.1/24; } } } ls-0/0/0 { unit 1 { compression { rtp; } } } fe-0/0/1 { description "Remote Branch C3550 L2/L3 sw"; per-unit-scheduler; vlan-tagging;




speed 10m; unit 38 { vlan-id 38; family inet { address 38.0.0.3/24; } } unit 80 { vlan-id 80; family inet { address 80.0.0.3/24; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } forwarding-options { helpers { bootp { server 192.168.60.250; interface { fe-0/0/0; } } } } routing-options { router-id 1.1.1.5; autonomous-system 101; } policy-options { policy-statement data-export { term 1 { then { community add Data; accept; } } }




policy-statement data-import { term 1 { from { protocol bgp; community Data; } then accept; } } policy-statement voice-export { term learn-ospf { from protocol ospf; then accept; } term learn-direct { from protocol direct; then accept; } term nothing-else { then reject; } } policy-statement voice-import { term learn-all-CE-route { from { protocol bgp; community Voice; } then accept; } term learn-no-more { then reject; } } community Data members target:10:1; community Voice members target:10:2; community externalce members target:101:1; community public-comm1 members target:1:111; } -------------------------------------------------------------------------------------- Create classifier rules to select traffic based on DSCP value. Use expedited-forwarding for DSCP 101110 (46) and assured-forwarding for DSCP 100010 (34) --------------------------------------------------------------------------------------

class-of-service { classifiers { dscp avaya-voip {




forwarding-class expedited-forwarding { loss-priority high code-points 101110; } forwarding-class assured-forwarding { loss-priority low code-points 100010; } } ieee-802.1 cos { forwarding-class expedited-forwarding { loss-priority high code-points 101; } } } drop-profiles { novoip { fill-level 90 drop-probability 100; } } -------------------------------------------------------------------------------------- Bind scheduler-map “voip” to associated interfaces and assign classifier “avaya-voip” to logical interfaces unit 10 and unit 80 to identify ingress traffic based on DSCP value. --------------------------------------------------------------------------------------

interfaces { fe-0/0/0 { unit 2 { scheduler-map voip; } unit 10 { scheduler-map voip; classifiers { dscp avaya-voip; } } } fe-0/0/1 { unit 38 { scheduler-map voip; } unit 80 { scheduler-map voip; classifiers { dscp avaya-voip; } } }




} -------------------------------------------------------------------------------------- Create QoS scheduler-map “voip” and assign forwarding-class to each scheduler. --------------------------------------------------------------------------------------

scheduler-maps { voip { forwarding-class expedited-forwarding scheduler voip-ef; forwarding-class assured-forwarding scheduler voip-af; forwarding-class best-effort scheduler novoip; } } -------------------------------------------------------------------------------------- Assign priority value to each scheduler. --------------------------------------------------------------------------------------

schedulers { voip-ef { priority high; } voip-af { priority low; } novoip { drop-profile-map loss-priority high protocol any drop-profile novoip; } } } -------------------------------------------------------------------------------------- Routing-instances is were the VRF routing tables are defined with the associated interfaces and routing protocols. Two VRF tables are created, vrf Data and vrf Voice --------------------------------------------------------------------------------------

routing-instances { Data { - Names VRF table instance-type vrf; - Defines it to be a VRF route table

interface fe-0/0/0.2; - Logical interfaces to be associated with

interface fe-0/0/1.38; this VRF table. route-distinguisher 10.0.0.1:1; - The RD is added to the beginning of the

vrf-import data-import; networksIPv4 prefixes to change it into vrf-export data-export; globally unique VPN-IPv4 prefixes. The IP address format is used here. protocols { - Enables OSPF routing for the specified VRF ospf { table area 0.0.0.0 { - Defines the network address(s)/mask and area interface fe-0/0/0.2; ID for OSPF to use per VRF instance




interface fe-0/0/1.38; } } } } Voice { instance-type vrf; interface fe-0/0/0.10; interface fe-0/0/1.80; route-distinguisher 10.0.0.1:2; vrf-import voice-import; vrf-export voice-export; protocols { ospf { area 0.0.0.0 { interface fe-0/0/0.10; interface fe-0/0/1.80; } } } } }

4. Verification and Troubleshooting Commands Several VRF specific commands are described here to assist in troubleshooting and configuring a Multi-VRF implementation. Several standard practice commands, such as ping, traceroute and telnet, require a VRF attribute in the syntax, as described below. .

show ip vrf Shows a summary of all VRF tables present on the router and their associated route-distinguishers and interface(s). CE2# show ip vrf

Name Default RD Interfaces Data 100:2 Vlan38 Vlan60 Voice 100:1 Vlan20 Vlan80 show ip vrf detail Shows detailed configurations about each VRF table present in the router.




CE2# show ip vrf detail

VRF Data; default RD 100:2; default VPNID <not set> VRF Table ID = 1 Interfaces: Vlan38 Vlan60 Connected addresses are not in global routing table No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map

VRF Voice; default RD 100:1; default VPNID <not set> VRF Table ID = 2 Interfaces: Vlan20 Vlan80 Connected addresses are not in global routing table No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map

show ip vrf interfaces Shows additional information on the interfaces associated with each VRF table.

CE2# show ip vrf interfaces Interface IP-Address VRF Protocol Vlan38 38.0.0.8 Data up Vlan60 172.28.60.1 Data up Vlan20 172.28.20.1 Voice up Vlan80 80.0.0.8 Voice down

show ip route vrf {vrf name} Shows the routing table contents of a specific vrf table.

CE2# show ip route vrf Data Routing Table: Data Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area




N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets C 38.0.0.0 is directly connected, Vlan38 172.25.0.0/24 is subnetted, 1 subnets O 172.25.2.0 [110/2] via 38.0.0.3, 00:28:48, Vlan38 172.28.0.0/24 is subnetted, 1 subnets C 172.28.60.0 is directly connected, Vlan60

CE2# show ip route vrf Voice Routing Table: Voice Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.28.0.0/24 is subnetted, 1 subnets C 172.28.20.0 is directly connected, Vlan20

Ping vrf {vrf name} ip {ip address} Operates same as standard ping command but requires a VRF table name to be specified. Ping vrf must be used when the route to the destination is associated with a VRF table. Using standard ping format to a destination address associated with a VRF table will fail as shown in the example below. Global routes can continue to use standard ping format. CE2# ping vrf Data ip 38.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 38.0.0.3, timeout is 2 seconds: !!!!!




Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms

CE2# ping ip 38.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 38.0.0.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

Traceroute vrf {vrf name} ip {ip address} Operates same as standard traceroute command but requires a VRF table name to be specified. Traceroute vrf must be used when the route to the destination is associated with a VRF table. Using standard traceroute format to a destination address associated with a VRF table will fail. Global routes can continue to use standard traceroute format.

CE2# traceroute vrf Data ip 38.0.0.3 Type escape sequence to abort. Tracing the route to 38.0.0.3 1 38.0.0.3 12 msec 8 msec 12 msec

Telnet {ip address} /vrf {vrf name} Operates same as standard telnet command but requires a VRF table name to be specified. Telnet vrf must be used when the route to the destination is associated with a VRF table. Using standard telnet format to a destination address associated with a VRF table will fail as show in the example below. Global routes can continue to use standard telnet format.

CE2# telnet 38.0.0.3 /vrf Data Trying 38.0.0.3 ... Open CE1 (ttyp1) login: admin Password: --- JUNOS 7.4R1.7 built 2005-10-21 01:55:06 UTC




admin@CE1> admin@CE1> exit [Connection to 38.0.0.3 closed by foreign host] CE2# CE2#

CE2# telnet 38.0.0.3

Trying 38.0.0.3 ...

% Destination unreachable; gateway or host down

CE2#

5. Conclusion As illustrated in these Application Notes, implementing Multi-VRF provides an option for Layer 3 traffic segmentation. Several potential benefits exist by using Multi-VRF, in addition to traffic segmentation for customers interfacing with an MPLS VPN service provider. Multi-VRF connectivity between the Juniper and Cisco products depicted can be achieved by following the guidelines demonstrated in these Application Notes.

6. References

1. JUNOS 7.4 VPN Configuration Guide @ Juniper.com

http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-vpns/html/

2. NAT/VRF Inter-working Solutions for JUNOS @ Juniper.com

http://www.juniper.net/solutions/literature/app_note/350035.pdf 3. Provisioning Multi-VRF CEs in VPN Solutions Center @ Cisco.com

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/vpnsc/mpls/2_2/prov_gd/pgmpls11.htm

4. Additional Avaya Application Notes and Resources are available @ Avaya.com

http://avaya.com/gcm/master-usa/en-us/resource/




7. Appendix A: Cisco Catalyst 3550 Layer 2 switch configuration – Main Site

no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C3550-DHSS-main ! ! ip subnet-zero ! no ip domain-lookup vtp domain avaya vtp mode transparent mls qos map cos-dscp 0 8 16 26 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ! spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! vlan 2,10,20 ! ! interface FastEthernet0/1 description "eth0 S8710-2" switchport access vlan 10 switchport mode dynamic desirable speed 100 duplex full mls qos trust cos ! interface FastEthernet0/2 description "eth0 S8710-1" switchport access vlan 10 switchport mode dynamic desirable




speed 100 duplex full mls qos trust cos ! interface FastEthernet0/3 description "G650 IPSI" switchport access vlan 10 switchport mode dynamic desirable speed 100 duplex full mls qos cos 3 mls qos trust cos no cdp enable ! interface FastEthernet0/4 description "G650 C-LAN" switchport access vlan 10 switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full mls qos trust cos no cdp enable ! interface FastEthernet0/5 description "G650 MEDPRO" switchport access vlan 10 switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full mls qos trust cos no cdp enable ! interface FastEthernet0/6 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/7 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/8 switchport mode dynamic desirable mls qos trust cos




! interface FastEthernet0/9 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/10 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/11 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/12 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/13 description "IXIA Card 2 Port 8" switchport access vlan 2 switchport mode access speed 100 duplex full mls qos trust cos auto qos voip trust wrr-queue bandwidth 20 20 5 80 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 2 wrr-queue cos-map 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast spanning-tree bpdufilter enable ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access speed 100 duplex full mls qos trust cos spanning-tree portfast




! interface FastEthernet0/15 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/16 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/17 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/18 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/19 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/20 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/21 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/22 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/23 switchport access vlan 10 switchport mode access speed 100 duplex full mls qos trust cos




! interface FastEthernet0/24 description "Tagged Trunk to J4300" switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,10 switchport mode trunk speed 100 duplex full mls qos trust cos ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan10 ip address 172.28.10.10 255.255.255.0 no ip route-cache ! ip default-gateway 172.28.10.1 no ip classless ip route 0.0.0.0 0.0.0.0 172.28.10.1 ip http server ! ! line con 0 exec-timeout 0 0 privilege level 15 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco login line vty 5 15 login ! ! end




©2006 Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice. The configurations, technical data, and recommendations provided in these Application Notes are believed to be accurate and dependable, but are presented without express or implied warranty. Users are responsible for their application of any products specified in these Application Notes. Please e-mail any questions or comments pertaining to these Application Notes along with the full title name and filename, located in the lower right corner, directly to the Avaya Solution & Interoperability Test Lab at [email protected]

VPN Routing and Forwarding

Documents

byte icmp echos

interoperability test lab

globally unique vpn

priority high code

standard ping format

standard traceroute format

admin ce1

standard telnet format