James EdwardsRichard Bramante

Al Martin

Nortel Guide to VPN Routing

for Security and VoIP

01_781274 ffirs.qxp 6/21/06 10:06 PM Page iii

File AttachmentC1.jpg

01_781274 ffirs.qxp 6/21/06 10:06 PM Page ii

Nortel Guide to VPN Routing for Security and VoIP

01_781274 ffirs.qxp 6/21/06 10:06 PM Page i

01_781274 ffirs.qxp 6/21/06 10:06 PM Page ii

James EdwardsRichard Bramante

Al Martin

Nortel Guide to VPN Routing

for Security and VoIP

01_781274 ffirs.qxp 6/21/06 10:06 PM Page iii

Nortel Guide to VPN Routing for Security and VoIPPublished byWiley Publishing, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256www.wiley.com

Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN-13: 978-0-471-78127-1ISBN-10: 0-471-78127-4

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

1MA/SU/QX/QW/IN

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any formor by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except aspermitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the priorwritten permission of the Publisher, or authorization through payment of the appropriate per-copy feeto the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978)646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, WileyPublishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, oronline at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations orwarranties with respect to the accuracy or completeness of the contents of this work and specifically dis-claim all warranties, including without limitation warranties of fitness for a particular purpose. Nowarranty may be created or extended by sales or promotional materials. The advice and strategies con-tained herein may not be suitable for every situation. This work is sold with the understanding that thepublisher is not engaged in rendering legal, accounting, or other professional services. If professionalassistance is required, the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that an organization orWebsite is referred to in this work as a citation and/or a potential source of further information does notmean that the author or the publisher endorses the information the organization or Website may provideor recommendations it may make. Further, readers should be aware that Internet Websites listed in thiswork may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please con-tact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993or fax (317) 572-4002.

Library of Congress Cataloging-in-Publication DataEdwards, James, 1962-Nortel guide to VPN routing / James Edwards, Richard Bramante, Al Martin.

p. cm.“Wiley Technology Publishing.”Includes index.ISBN-13: 978-0-471-78127-1 (cloth)ISBN-10: 0-471-78127-4 (cloth)1. Routing (Computer network management) 2. Extranets (Computer networks) I. Bramante,

Richard, 1944- II. Martin, Al, 1964- III. Title. TK5105.543.E39 2006004.6’2--dc22

2006011213

Trademarks: Wiley and related trade dress are registered trademarks of Wiley Publishing, Inc., in theUnited States and other countries, and may not be used without written permission. All other trade-marks are the property of their respective owners. Wiley Publishing, Inc., is not associated with anyproduct or vendor mentioned in this book.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print maynot be available in electronic books.

01_781274 ffirs.qxp 6/21/06 10:06 PM Page iv

www.wiley.com

This book is dedicated to my wife, Denise, and our children: Natasia, Shaun, Nick, Emily, and Samantha.

For the support, pride, admiration, love, laughter, life lessons, and so much more that they give to me each

and every day of my life.

—Jim Edwards

This book is dedicated to my beloved departed wife, Barbara, who showed great courage and perseverance in facing and battling the illnesses that eventually took her from this life.

Her constant encouragement in whatever I wanted to pursue is not forgotten, nor will her memory fade. For without her in my life, I would not have my son, Richard, who is a source of joy and pride.

I thank him and his loving wife, Michelle, for the three beautiful grandchildren they blessed me with, my three amigos,

Vanessa, Ethan, and Olivia.

—Richard Bramante

01_781274 ffirs.qxp 6/21/06 10:06 PM Page v

01_781274 ffirs.qxp 6/21/06 10:06 PM Page vi

James Edwards (Nashua, NH) is a Nortel Networks Certified Support Spe-cialist (NNCSS) in VPN Routers. Working in the Premium Support Group(consisting of Nortel’s largest Enterprise customers), he has extensive experi-ence with many Nortel products, in particular in support for VPN Routers forthe last two years. Jim has previous technical writing experience and is alsoauthor of Nortel Networks: A Beginner’s Guide (McGraw-Hill, 2001).

Richard Bramante (Tewksbury, MA) is a Nortel Networks Certified SupportSpecialist (NNCSS) in VPN Routers. Richard has been in Nortel VPN Routersupport for three years and prior to this, was a technology lead on the InstantInternet (now part of the VPN Router portfolio) for four years. He has previ-ous technical writing experience drafting functional specifications and testingprocedures for various technologies and devices.

About the Authors

vii

01_781274 ffirs.qxp 6/21/06 10:06 PM Page vii

01_781274 ffirs.qxp 6/21/06 10:06 PM Page viii

Executive EditorCarol Long

Development EditorKevin Shafer

Production EditorAngela Smith

Copy EditorNancy Rapoport

Editorial ManagerMary Beth Wakefield

Production ManagerTim Tate

Vice President and Executive Group Publisher

Richard Swadley

Vice President and Executive Publisher

Joseph B. Wikert

Project CoordinatorJennifer Theriot

Graphics and Production Specialists

Jennifer ClickLauren GoddardDenny HagerStephanie D. JumperLynsey OsbornHeather RyanAlicia B. South

Quality Control TechnicianLeeann HarneyJoe Niesen

Proofreading and IndexingTechbooks

Cover ImageKristin Corley

Credits

ix

01_781274 ffirs.qxp 6/21/06 10:06 PM Page ix

01_781274 ffirs.qxp 6/21/06 10:06 PM Page x

Chapter 1 Networking and VPN Basics 1Networking Basics 2

The OSI Reference Model 2The Application Layer (Layer 7) 3The Presentation Layer (Layer 6) 4The Session Layer (Layer 5) 4The Transport Layer (Layer 4) 4The Network Layer (Layer 3) 5The Data Link Layer (Layer 2) 6The Physical Layer (Layer 1) 6

Overview of a Local Area Network 7Overview of a Wide Area Network 8Media Access Control Addressing 8Internet Protocol Addressing 9

IP Address Classes 10Class A Addresses 10Class B Addresses 11Class C Addresses 11Class D Addresses 11

Protocols and Other Standards 12Internet Protocol 12Interior Gateway Protocol 13Exterior Gateway Protocol 14Routing Information Protocol 14Open Shortest Path First 15Virtual Router Redundancy Protocol 16Digital Subscriber Line 16

Contents

xi

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xi

Integrated Services Digital Network 17Lightweight Directory Access Protocol 18Remote Authentication Dial-In User Service 18

Networking Hardware 19Random Access Memory 19Modem 19Channel Service Unit/Data Service Unit 20Computer Workstations 20Servers 20Network Interface Cards 21Switch 21Hub 22Router 22Repeater 22

Remote Access 24Remote Access Services 24Dial Access to a Single Workstation 25Remote Access System 25Terminal Servers 25

Network Security 26The Firewall 26

Proxy Server 27Packet Filtering 27Stateful Packet Inspection 27

Demilitarized Zone 27Hackers 28

VPN Basics 29VPN Overview 29VPN Tunneling Protocols and Standards 30

Secure Sockets Layer 30Public Key Infrastructure 32SecurID 32Internet Protocol Security 33Layer 2 Forwarding 34Point-to-Point Tunneling Protocol 35Layer 2 Tunneling Protocol 36Generic Routing Encapsulation 37

Summary 38

Chapter 2 The Nortel VPN Router 39The Nortel VPN Router Portfolio 40Modules and Interfaces 41

SSL VPN Module 1000 41Hardware Interface Options 42

Peripheral Component Interconnect Expansion Slots 4210/100Base-T Ethernet 421000Base-SX/1000Base-T Ethernet 42

xii Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xii

CSU/DSU 43T1/E1 43ADSL 44Serial Interfaces (V.35, X.21, RS-232) 44V.90 Dial Access Modem 45High Speed Serial Interface 45Encryption Accelerator Modules 45Console Port (DB-9) 45

Nortel VPN Router Solutions 46VPN Router 100 48

Overview 50Technical Specifications 50

VPN Router 200 Series 50VPN Router 221 50VPN Router 251 52VPN Router 600 53

VPN Router 1000 Series 55VPN Router 1010 55VPN Router 1050 57VPN Router 1100 58

VPN Router 1700 Series 59VPN Router 1700 60VPN Router 1740 61VPN Router 1750 62

VPN Router 2700 63Overview 64

VPN Router 5000 66Overview 66

VPN Router Features Comparison 67Deployment Examples 70

Branch Office Tunnel VPN Solution 70Extranet VPN Solution 71Remote Access VPN Solution 72

Summary 74

Chapter 3 The Nortel VPN Router Software Overview 75Nortel VPN Software 76

Accounting Services 76Bandwidth Management Services 76Certifications 77Encryption Services 77IP Routing Services 77Management Services 78Stateful Firewall 78User Authentication 78VPN Tunneling Protocols 79Secure Sockets Layer Services 79WAN Services 79

Contents xiii

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xiii

VPN Router Software Version 6.00 79Memory Requirements 80Optional Software Licenses 80

Advanced Router License Key 80Contivity Stateful Firewall License Key 81Additional VPN Tunnel Support License Key 81Features Introduced in VPN Router Version 6.00 81

Loading, Verifying, and Upgrading the VPN Router Software 82Release Notes 83Loading a New Version of VPN Router Software 83

Removing Unused Versions 102VPN Client Software 106

Installing the VPN Client Software 106Release Notes 107Installing the VPN Client 107

Upgrading the VPN Client Software 113Uninstalling the Existing Version of VPN Client Software 113Installing the Upgrade 115

Starting the VPN Client 122The VPN Client Connection Wizard Process 125

Selecting Username and Password Authentication Type 126Selecting Hardware or Software Token Card

Authentication Type 130Summary 132

Chapter 4 The Nortel VPN Router in the Network 133What Is a Virtual Private Network? 133Tunneling Basics 135

Branch Office Tunnel 136Aggressive Mode Branch Office Tunnel 138User/Client Tunnel 141PC-Based VPN Tunnels 142VPN-Enabled Device Acting in Client Mode 145Small Office or Home Office 148DMZ Creation and Usages 154

The Regional Office 158Nortel 100 VPN Router Added to Existing

Regional Office Network 160Upgrading a Regional Office to VPN Technology 162

The Central Office 164The VPN Router as an Access Point 166Client Access to the Corporate Network 168Client Load Balancing and Failover 171Corporate User Access to the Internet 172

Backup Interface Services 173Interface Group Fails 175Route Unreachable 175

xiv Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xiv

Ping Failure 175Time of Day or Day of the Week 176

Placement in the Network 177Network Administration of VPN Routers 180

Direct Access 181Control Tunnels 181Out-of-Band Management 181Logging 182SNMP 182Other Management Considerations 184

Summary 184

Chapter 5 Management Options and Overview 185Serial Port Management 186Command Line Interface 187

Accessing the CLI Through a Telnet Session 187Accessing the CLI Through the Serial Port 188CLI Command Modes 188

User EXEC Mode 189Privileged EXEC Mode 189Global Configuration Mode 190

CLI Help 191CLI Keystroke Shortcuts 196

Web-Based Management 197System 200Services 200Routing 201QoS 201Profiles 201Servers 202Admin 202Status 203Help 203

VPN Router Administrator 204File Management 205Checking the Current Status of Your VPN Router 206

Logs 206Configuration Log 206Event Log 208Security Log 210System Log 212

VPN Router System Status Tools 214Sessions 214Reports 215System 215Health Check 216Statistics 217Accounting 218

Contents xv

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xv

Other VPN Router Tools 218Trace Route 218Ping 219Address Resolution Protocol 219

VPN Router Administration 221Software Upgrades 221

Lightweight Directory Access Protocol 222Remote Authentication Dial-In User Service 222

Automatic System Backups 223System Recovery 223System Shutdown 224

Bandwidth Management 225Configuring Bandwidth Management 225Summary 227

Chapter 6 Authentication 229Understanding LDAP 230

LDAP Principles 231LDAP Request Flowchart 232Configuring Internal LDAP 232External LDAP 235Enabling LDAP Proxy 237Monitoring LDAP Servers 240

Using Remote Authentication Dial-in User Service 242Enabling RADIUS Authentication 242

RADIUS Server Selection 243RADIUS Authentication Options 245RADIUS Diagnostics 246

RADIUS Proxy 246Enabling RADIUS Accounting 248

Understanding Certificates 250SSL Encryption with LDAP Server 251

LDAP Certificate Installation 251LDAP Special Characters 252

External LDAP Proxy 252Tunnel Certificates 253

Using Public Key Infrastructure 254PKI Setup 254

CA and X.509 Certificates 254Loading Certificates 255Requesting a Server Certificate 255Server Certificates Using CMP 255Trusted CA Certificate Installation 260Trusted CA Certificate Settings 261

Certificate Revocation List Configuration 264CRL Server Configuration 265CRL Distribution Points 267

xvi Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xvi

CRL Retrieval 268Enabling Certificate Use for Tunnels 268Identifying Individual Users with Certificates 269Identifying Branch Offices with Certificates 270IPSec Authentication 271L2TP/IPSec Authentication 273Adding L2TP Access Concentrators 274

Summary 275

Chapter 7 Security 277Stateful Firewall Basics 277

Using Stateful Inspection 278Interfaces 278Filter Rules 279Anti-Spoofing 280Attack Detection 280Access Control Filters 281Network Address Translation 282

Configuring Stateful Firewall 283Configuration Prerequisites 283Stateful Firewall Manager System Requirements 284Enabling Firewall Options 284

Enabling the Stateful Firewall Feature 285Connection Limitation and Logging 286Application-Specific Logging 286Remote Logging of Firewall Events 287Anti-Spoofing Configuration 288Malicious Scan Detection Configuration 289

Firewall Policies 290Firewall Policy Creation and Editing 290

Policy Creation 290Rules 292

Implied Rules 292Static Pre-Implied Rules 293Dynamic Implied Rules 294Override Rules 295Interface Specific Rules 295Default Rules 296

Rule Creation 296Header Row Menu 297Row Menu 297Cell Menus 297Rule Columns 298

Creating a New Policy 305Firewall Configuration Verification 306Sample Security Policy Configuration 306

Contents xvii

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xvii

Firewall Examples 308Residential Example 309Business Example 309

Filters 311Adding / Editing Filters 311Next Hop Traffic Filter 314

NAT 315Types of Address Translation 315

Dynamic Many-to-One NAT 316Dynamic Many-to-Many NAT 317Static One-to-One NAT 318Port Forwarding NAT 319Double NAT 320IPSec Aware NAT 321

NAT Modes 322Full Cone NAT 322Restricted Cone NAT 322Port Restricted Cone NAT 323Symmetric NAT 324

NAT Traversal 325NAT and VoIP 326Address/Port Discovery 327NAT Usage 327

Branch Office Tunnel NAT 328Interface NAT 329Dynamic Routing Protocols 329

Configuring a NAT Policy 330NAT Policy Sets 330Creating Rules 331

NAT ALG for SIP 331Application Level Gateways 331Configuring NAT ALG for SIP 332

Firewall SIP ALG 332Hairpinning 332

Hairpinning with SIP 333Hairpinning with a UNIStim Call Server 333Hairpinning with a STUN Server 333Hairpinning Requirements 334Hairpinning Configuration 334

Time-Outs 334NAT Statistics 334Proxy ARP 335

Summary 335

xviii Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xviii

Chapter 8 Overview of Ethernet LANs and Network Routing 337Ethernet Networking 338

Basic Physical Topology Types 339Bus Topology 339Star Topology 339

Carrier Sense Multiple Access with Collision Detection 340Ethernet Variants 341

Traditional Ethernet 342Fast Ethernet 342Gigabit Ethernet 343

Network Cables 343Coaxial Cable 343

Twisted-Pair 344Fiber-Optic 345

Data Transmission Modes 346Simplex 346Half-Duplex 346Full-Duplex 347

Collision Domains 347Broadcast Domains 348Network Addressing 349

Media Access Control (MAC Addressing) 350Internet Protocol (IP Addressing) 351Address Resolution Protocol 351Reverse Address Resolution Protocol 353

Virtual Local Area Network 353Network Routing 355

Routing Basics 356Routing Tables 358Routing Algorithms 359

Distance-Vector Routing 360Link-State Routing 361

Routing Protocols 362Routing Protocol Types 363Routing Protocol Concepts 363

Routing Information Protocol 364RIP History Overview 366RIP Route Determination 367RIP Updates 368

RIP Request 368RIP Response 368Timelines 369

Open Shortest Path First 370OSPF History 371OSPF Considerations 371

Router Unique Name 372Adjacencies 372OSPF Processes 372

Contents xix

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xix

OSPF Areas 373OSPF Overview 374

Hello Messages 375LSDB 375Shortest Path First 375

Border Gateway Protocol 376BGP History 376BGP Overview 376

BGP Topologies 377Routing Concepts 378Routing Information 379

Path Vector Routing Algorithm 380Virtual Router Redundancy Protocol 381

VRRP Failover 382Summary 382

Chapter 9 Tunneling, VoIP, and Other Features 385Layer 2 Forwarding 386Point-to-Point Tunneling Protocol 390Layer 2 Tunneling Protocol 396IP Security Tunneling Protocol 400Quality of Service 405Voice over IP 410Point-to-Point Protocol over Ethernet 413Client Address Redistribution 416Circuitless IP 418Backup Interface Services 419Summary 421

Chapter 10 The Nortel VPN Client 423Overview of the Nortel VPN Client 424

Operating System Compatibility 424Supported Operating Systems 425

Operating Systems Supported Prior to the Nortel VPN Client Version 4.91 426

Operating Systems Supported in the Nortel VPN Client Version 6.01 426

Optional Licensing Operating Systems Supported 426Installing the Nortel VPN Client 426Using the Nortel VPN Client 433

Status and Monitoring 434VPN Client Main Menu Items 435

The File Menu Option 436The Edit Menu Option 437The Options Menu Option 437The Help Menu Option 439

xx Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xx

Nortel VPN Client Customization 440VPN Custom Client Installation Modes 441VPN Customer Client Group Profiles Overview 442VPN Custom Client Icons and Custom Bitmaps 442

VPN Client Event Logging and Keepalives Overview 442VPN Client Event Log 443VPN Client Keepalive 445

Internet Security Association and Key Management Protocol Keepalive 446

Network Address Translation Traversal Keepalive 446Silent Keepalive 447

IPSec Mobility 447Security Banner 449Split Tunneling 451

Considerations 453Inverse Split Tunneling 454

Support for All Zeros Addressing in Inverse Split Mode 455TunnelGuard 455

TunnelGuard Daemon 455Software Requirement Set Builder 456TunnelGuard Agent 456TunnelGuard Features Overview 457

TunnelGuard Icon Information 457TunnelGuard Installation Considerations 457TunnelGuard Event Logs 457Banner Messages 458

VPN Client Failover 458Summary 461

Chapter 11 VPN Router Administration Lab Exercises 463Installing the VPN Client Software 464

Lab Requirements 464Lab Setup 464Lab Summary 465

Initial Setup of the Nortel VPN Router 465Lab Requirements 465Lab Setup 466Lab Summary 468

Enabling and Using VPN Client Logging 468Lab Requirements 468Lab Setup 468Lab Summary 469

Configuring Groups 469Lab Requirements 469Lab Setup 469Lab Summary 470

Contents xxi

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxi

Configuring Users 471Lab Requirements 471Lab Setup 471Lab Summary 472

Configuring Client Failover 473Lab Requirements 473Lab Setup 473Lab Summary 475

Configuring IPSec Mobility 475Lab Requirements 475Lab Setup 476Lab Summary 477

Configuring Automatic Backups 477Lab Requirements 477Lab Setup 477Lab Summary 479

Configuring a Peer-to-Peer Branch Office Tunnel 479Lab Requirements 479Lab Setup 480Lab Summary 482

Configuring RIP Routing 482Lab Requirements 482Lab Setup 482Lab Summary 483

Configuring Network Time Protocol 484Lab Requirements 484Lab Setup 484Lab Summary 487

Configuring DHCP Server 488Lab Requirements 488Lab Setup 488

DHCP Relay Lab 489DHCP Server Lab 491

Lab Summary 492Configuring the Nortel 100 VPN Router 492

Lab Requirements 492Lab Setup 493

Basic Configuration Lab 493Tunneling Lab 495

Lab Summary 502Configuring CLIP for Management IP Address 502

Lab Requirements 503Lab Setup 503Lab Summary 505

Configuring Administrator User Tunnels 505Lab Requirements 505Lab Setup 506Lab Summary 511

xxii Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxii

Configuring Syslog Server 512Lab Requirements 512Lab Setup 513Lab Summary 515

Configuring User IP Address Pools 515Lab Requirements 515Lab Setup 516

Configuring User IP Address Assignment Using DHCP Lab 516Configuring User IP Address Assignment Using

Address Pool Lab 519Lab Summary 521

Client Address Redistribution Configuration 521Lab Requirements 522Lab Setup 522Lab Summary 526

Summary 527

Chapter 12 Troubleshooting Overview 529Overview of Network Troubleshooting 530Logical Steps 530

Make Sure You Understand the Problem 530Diagnosing the Problem 531Testing 531Reaching a Resolution 532

TCP/IP Utilities 533Ping 533Traceroute 536Routing Tables 538Netstat 539IPconfig 541

Other Troubleshooting Tools 541Packet Sniffer 542Cable Testing 543Network Management Station 544

Nortel VPN Router Troubleshooting 545Tools 546

Console Cable 546Crossover Cable 548System Recovery Disk 548Laptop 549FTP Server 551FTP Client 552

VPN Router System Recovery 553System Recovery for Disk-Based Versions 554

System Restore Option 555Reformat Hard Disk Option 557Apply New Version Option 557

Contents xxiii

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxiii

Perform File Maintenance option 557View Event Log Option 557Restart System 558

System Recovery for Diskless Versions 558System Restore Option 559Reformat Hard Disk Option 559Apply New Version Option 559Perform File Maintenance Option 559View Event Log Option 561

Use of the Nortel VPN Router Reporting Utilities 562Status 563

Sessions 564Reports 566System 566Health Check 568Statistics 569Accounting 571Security Log 572Config Log 574System Log 574Event Log 576

Admin Tools 577Ping 578Trace Route 579ARP 581

Packet Capture 582General Network Proactive Measures 584

Perform Regular Backups 585Research 585Always Have a System Recovery Disk Available 586Dial Access for Support Personnel 587Knowledge Sharing 587Documentation 588Upgrades and Configuration Changes 588

Research 589Pre-Testing 590Action Plan 590

Nortel Support 591Summary 592

Appendix A Abbreviation and Acronym Reference Listing 593

Appendix B Command Line Interpreter Commands 613Access via Console Connection 614Access via Telnet Session 615User EXEC Mode 615

help Command 616File System Commands 616

xxiv Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxiv

who Command 619terminal Command 619verify Command 619reset Command 620exit Command 620IP Connectivity Commands 620clear Command 621show Commands 622

show version Command 623show flash Command 623show admin Command 625show file Command 625show clock Command 625show ip Command 626show ip route Command 626show ip interface Command 627show ip traffic Command 627show services Command 629show switch-settings Command 630

enable Command 631Privileged EXEC Mode 631

clear Command 632reset Command 633show Command 633

show all Command 635show current-config-file Command 636show dhcp Command 636show health Command 636show interface Command 638show ip Command 639show hosts Command 641show ipsec Command 642show logging Command 643show ntp command 644show router Command 644show snmp Command 645show software Command 645show status Command 646show system Command 647show running Configuration Command 647

boot Command 654capture Command 654create Command 655delete Command 656forced-logoff Command 656kill Command 656mkdir Command 657rmdir Command 657

Contents xxv

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxv

more Command 657reformat Command 658reload Command 658rename Command 659retrieve Command 659

Global Configuration Mode 660Summary 663

Appendix C Related Request for Comments Reference Guide 665

Appendix D References and Resources 687Nortel Networks Documentation 687RFCs 688Internet Resources 689

Index 691

xxvi Contents

02_781274 ftoc.qxp 6/21/06 10:06 PM Page xxvi

Words cannot describe the mixture of emotions that we have experienced overthe past few months in trying to complete this book. From the uncertainty andthe nervousness we experienced when the concept of the book was first dis-cussed, to the excitement of penning the very last word, it is certain that wehave many memories to forever replay in our minds. The challenges that wereput before all of the individuals who assisted in the development and enrich-ment of this book were many, but everyone pulled together to ensure that thisproject reached completion. For this, we are very thankful.

We would first like to thank Jamie Turbyne. This book was his brainchildand would not have been written had he not had the vision to pursue it. Wewere sad that Jamie was eventually unable to participate in the developmentof the book, but life happens. We will always be grateful to Jamie and his con-tribution to the launch of this book.

We would also like to thank one another for being co-authors. Not only forthe portions of the book that each of us individually wrote, but also for thesupport we gave to one another during the submission process. There is noway that this could have been completed without that teamwork.

We would also like to thank all of the people from Wiley that were involvedwith this book. A special thank you goes to our developmental editor, KevinShafer, and to the acquisitions editor, Carol Long, for all of the time they spenthelping us keep this project rolling.

Finally, a special thank you goes out to our families and close friends forbeing patient and understanding about the amount of time that we had tospend working on this book. All of the help and sacrifices that you all madehelped ensure that we had the time to work on and to complete this book.Without you all, this would have never been possible.

Acknowledgments

xxvii

03_781274 flast.qxp 6/21/06 10:06 PM Page xxvii

03_781274 flast.qxp 6/21/06 10:06 PM Page xxviii