Router Teldat - Departamento de Ingeniería Telemática - UC3M
Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
Transcript of Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 1/19
www.asistp.com
TELEF NICA DEL PER
Protocolo de Pruebas – Agencias BBVA
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 2/19
Hoja de Información General
Entidad de Destino: Telefónica del Perú (TdP)
Versión: 01.00 Rev. 02
Contacto Soporte
ASIS Technology Partners:
Walter Lazarte R
Teléfono : (+511) 212 1134
Dirección : Av. Canaval y Moreyra #340,
Piso 13 San Isidro, Lima 27, Perú
E-mail : [email protected]
Contacto Comercial
ASIS Technology Partners:
Guillermo Yrigoyen
Teléfono : (+511) 212 1134
Dirección : Av. Canaval y Moreyra #340,
Piso 13 San Isidro, Lima 27, Perú
E-mail : [email protected]
A la Atención de: Julio Ayala Ancajima
Confidencialidad
Este documento contiene información confidencial, propiedad de ASIS Technology Partners, que no puede ser copiada,
duplicada o entregada a otros, o usada para cualquier otro fin que no sea el de su revisión por parte de Telefónica del Perú.
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 3/19
INDICE
1. Introducción ...................................................................................................................................... 4
1.1. Objetivos ................................................................................................................................ 4
1.2. Alcance ................................................................................................................................... 4
1.3
Router Teldat ATLAS 60 ........................................................................................................ 4
2. Escenario Tipo 01: Principal y backup de Telefónica ...................................................................... 5
2.1 Caso 01: Principal UP ........................................................................................................... 5
2.2 Caso 02: Principal DOWN ..................................................................................................... 5
3. Escenario Tipo 02: Doble Operador ................................................................................................. 6
3.1 Caso 01: Principal UP ............................................................................................................ 6
3.2 Caso 02: Principal DOWN ...................................................................................................... 6
4. Funcionalidades ............................................................................................................................... 7
4.1 Protocolo de Enrutamiento BGP ........................................................................................... 7
4.1.1 Estado de Sesión BGP .......................................................................................................... 7
4.1.2 Rutas aprendidas ................................................................................................................... 7
4.1.3 Rutas enviadas a un PEER BGP especifico .......................................................................... 7
4.2 Protocolo Data Link Switching ............................................................................................... 7
4.2.1
Consideraciones .................................................................................................................... 7
4.2.2 Monitoreo ............................................................................................................................... 8
4.3 Protocolo de Backup TVRP ................................................................................................... 9
4.3.1 Comando de diagnóstico como ACTIVO ............................................................................... 9
4.3.2 Registro de logs TVRP ........................................................................................................... 9
4.4 Calidad de Servicio .............................................................................................................. 10
4.4.1 Verificar el marcado de los paquetes entrantes ................................................................. 11
4.5 Netflow ................................................................................................................................. 12
4.5.1 Verificación de Estadisticas Netflow .................................................................................... 12
4.6 Access List ........................................................................................................................... 12
4.7 Route Maps .......................................................................................................................... 14
4.7.1 Filtros para rutas de exportación ......................................................................................... 14
4.7.2 Diagnóstico y visualización de prefix-list configurado .......................................................... 15
4.7.3
Registro de ejecución de route-map .................................................................................... 15
4.8 Tacacs .................................................................................................................................. 16
4.9 NTP ...................................................................................................................................... 17
4.9.1 Visualización de logs NTP ................................................................................................... 17
4.9.2 Verificación de fecha y hora sincronizado a través de NTP ................................................ 18
4.10 Syslog ................................................................................................................................... 18
4.10.1 Habilitación de eventos SysLog....................................................................................... 18
4.10.2 Verificar parámetros SYSLOG......................................................................................... 18
4.11 SNMP ................................................................................................................................... 19
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 4/19
1. Introducción
1.1. Objetivos
El presente documento tiene por objetivo plasmar las funcionalidades, test de prueba y comandos de
monitoreo solicitados para las agencias BBVA.
1.2. Alcance
Las pruebas son las siguientes:
1. Oficinas Tipo 01: Enlace principal y backup son Telefónica
2. Oficinas Tipo 02: Enlace principal Telefónica y backup Claro o viceversa(doble operador)
N° Item Ocurrencia /Peculiaridad Soporta No Soporta
1 Soporte Datalink Switching, se debe considerar 3
conexiones permanentes con tres peer remoto /
convergencia datalink switching.
2 Funcionalidad de Backup HSRP:
Acceso principal Telefónica / Acceso respaldo Telefónica),
verificación HSRP a nivel LAN
3 Calidad de Servicio, marcado de paquetes y priorización
de colas.
4 Doble operador (BGP), la convergencia de BGP
considerando el tiempo de conmutación
5 Trunking en la interface de red
4 Soporte Netflow
6 Soporte ACL, route-maps
7 Tacacs, NTP, Syslog
8 Soporte SNMP v3
1.3 Router Teldat ATLAS 60
Atlas-60 es un concepto innovador y revolucionario que unifica la infraestructura de comunicaciones y procesos de negocio en
una misma plataforma hardware de doble núcleo, donde convive un router profesional de alto rendimiento con un servidor de
aplicaciones seguro y basado en estándares, aportando sobre todo ello una gestión unificada destinada a facilitar las labores
de provisión y mantenimiento.
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 5/19
2. Escenario Tipo 01: Principal y backup de Telefónica
En el escenario tipo 01 el enlace principal y secundario son de Telefónica. Para el piloto elegido se implementóun router Teldat ATLAS 60 para el enlace principal.
2.1 Caso 01: Principal UP
2.2 Caso 02: Principal DOWN
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 6/19
3. Escenario Tipo 02: Doble Operador
En el escenario tipo 02 uno de los enlaces pertenece a otro operador. Para el piloto elegido el enlaceprincipal pertenece a Telefónica implementado con un router Teldat ATLAS 60 y el enlace secundariopertenece a otro operador.
3.1 Caso 01: Principal UP
3.2 Caso 02: Principal DOWN
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 7/19
4. Funcionalidades
4.1 Protocolo de Enrutamiento BGP
4.1.1 Estado de Sesión BGP
*p 3 (enter) +protocol bgp
BGP+ summary
Configuration running
Neighbor V AS MsgRcvd MsgSent NumEst State Time
10.193.70.161 4 6147 76 97 7 Established 7m41s
BGP summary, 1 group, 1 peer.
4.1.2 Rutas aprendidas
BGP+ routes
Flags: A active, M multipath, D deleted, N not install, I incompleteProto Route/Mask NextHop Pref Pref2 Metr Metr2 ASPath
A---- BGP 0.0.0.0/0 10.193.70.161 170 0 none none (65519) 6147 6147 IGP (Id 22)( a02010)
A---- BGP 7.220.0.10/32 10.193.70.161 170 0 none none (65519) 6147 65164 64514 64002 IGP (Id 25)( a02010)
A---- BGP 7.220.0.11/32 10.193.70.161 170 0 none none (65519) 6147 65164 64514 64002 IGP (Id 25)( a02010)
A---- BGP 7.220.0.12/32 10.193.70.161 170 0 none none (65519) 6147 65164 64514 64002 IGP (Id 25)( a02010)
A--N- Dir 7.238.45.89/32 7.238.45.89 0 0 1 0 Incomplete (Id 1) ( a00002)
A---- BGP 10.1.240/24 10.193.70.161 170 0 none none (65519) 6147 6147 Incomplete (Id 23)( a02010)
A--N- Dir 10.193.70.160/30 10.193.70.162 0 0 1 0 Incomplete (Id 1) ( a00002)
A--N- Sta 10.193.70.161/32 10.193.70.162 60 0 1 0 Incomplete (Id 1) ( a02002)
A--N- Dir 117.238.45.88/29 117.238.45.89 0 0 1 0 Incomplete (Id 1) ( a00002)
A--N- Dir 117.241.45.88/29 117.241.45.89 0 0 1 0 Incomplete (Id 1) ( a00002)
A---- BGP 118.220/16 10.193.70.161 170 0 none none (65519) 6147 6147 Incomplete (Id 23)( a02010)
A---- BGP 118.254.254/24 10.193.70.161 170 0 none none (65519) 6147 6147 IGP (Id 24)( a02010)
A---- BGP 118.254.254/29 10.193.70.161 170 0 none none (65519) 6147 6147 IGP (Id 26)( a02010)
A---- BGP 118.254.254.6/32 10.193.70.161 170 0 none none (65519) 6147 6147 Incomplete (Id 23)( a02010)
4.1.3 Rutas enviadas a un PEER BGP especifico
BGP+ routes sent_to_peer 10.130.251.113
Flags: A active, M multipath, D deleted, N not install, I incomplete
Proto Route/Mask NextHop Pref Pref2 Metr Metr2 ASPath
A--N- Dir 192.168.4/24 192.168.4.1 0 0 1 0 Incomplete (Id 1) ( a00002)
4.2 Protocolo Data Link Switching
Teldat es compatible con el protocolo DLSw (Data Link Switching).
4.2.1 Consideraciones
Para el caso particular y propietario de redundancia a nivel de sesiones DLSw de forma transparente
se deberá agregar una sonda en el router secundario a fin de forzar el flujo de tráfico SNA por lasinterfaces correspondientes.
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 8/19
Esta variación solo aplicará cuando el router secundario no sea Teldat y afecta únicamente al tráficode cajeros (SNA), para las vlans de datos y voz la configuración se mantiene.
track 1 ip sla 1
ip sla 1
icmp-echo IP_WAN_Principalip sla schedule 1 life forever start-time now
logging esm config
scheduler allocate 20000 1000
event manager applet WAN1_DOWN
event track 1 state down
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface fastEthernet 0/1.3"
action 4 cli command "no shutdown"
event manager applet WAN1_UP
event track 1 state up
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface fastEthernet 0/1.3"
action 4 cli command "shutdown"
4.2.2 Monitoreo
*p 3
+protocol dls
Data Link Switching Console
DLSw+DLSw+list dlsw sessions all
Source (TKR) Destinat. (TKR) State Flags Dest IP Addr Id
--------------- --------------- --------- ------- -------------- ----
1 00582b98d008/04 400000012144/04 CONNECTED 7.220.0.10 0
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 9/19
4.3 Protocolo de Backup TVRP
Teldat utiliza el protocolo TVRP (TELDAT) el cual es compatible con el protocolo propietario HSRP de cisco
4.3.1 Comando de diagnóstico como ACTIVO
CPE1 TVRP+ list all
===== Global TVRP Parameters =====
TVRP is currently: ENABLED
TVRP port (UDP): 1985
Virtual redirects: ENABLED
Unknown packets: 0
Authentication Failed packets: 0
===== List of TVRP groups =====
+------------------------------------------------------------+
| TVRP GROUP: 1 |
+------------------------------------------------------------+
Virtual IP: 192.168.1.1
Virtual MAC: 00-00-0c-07-ac-01
Current local IP/Interface: 192.168.1.2 ethernet0/0
ACTIVE Router: 192.168.1.2
STANDBY Router: 192.168.1.3
Hellotime: 5 Holdtime: 15
TVRP state: ACTIVE Previous state: STANDBY
Currently RUNNING Last event: HELO_EXP
Initial: 1 Learn: 0 Listen: 1
Speak: 1 Standby: 1 Active: 1
Hello messages --> sent: 589, received: 4
Coup messages ---> sent: 1, received: 0
Resign messages -> sent: 0, received: 1
4.3.2 Registro de logs TVRP
CPE2
10/04/12 16:01:35 TVRP.005 hel tim exp grp 1
10/04/12 16:01:35 TVRP.019 snt Hello grp 1
10/04/12 16:01:35 TVRP.007 hel+ act grp 1
10/04/12 16:01:35 TVRP.014 lrnt hi 5, ho 15, vIP 192.168.1.1 grp 1
10/04/12 16:01:35 TVRP.021 strt Active tim 15 grp 1
10/04/12 16:01:40 TVRP.005 hel tim exp grp 1
10/04/12 16:01:40 TVRP.019 snt Hello grp 1
10/04/12 16:01:40 TVRP.007 hel+ act grp 1
10/04/12 16:01:40 TVRP.014 lrnt hi 5, ho 15, vIP 192.168.1.1 grp 1
10/04/12 16:01:40 TVRP.021 strt Active tim 15 grp 1
10/04/12 16:01:45 TVRP.005 hel tim exp grp 1
10/04/12 16:01:45 TVRP.019 snt Hello grp 1
10/04/12 16:01:45 TVRP.007 hel+ act grp 1
10/04/12 16:01:45 TVRP.014 lrnt hi 5, ho 15, vIP 192.168.1.1 grp 1
10/04/12 16:01:45 TVRP.021 strt Active tim 15 grp 1
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 10/19
10/04/12 16:01:50 TVRP.005 hel tim exp grp 1
10/04/12 16:01:50 TVRP.019 snt Hello grp 1
10/04/12 16:01:50 TVRP.007 hel+ act grp 1
10/04/12 16:01:50 TVRP.014 lrnt hi 5, ho 15, vIP 192.168.1.1 grp 1
10/04/12 16:01:50 TVRP.021 strt Active tim 15 grp 1
4.4 Calidad de ServicioVerificación de contadores de QoS:
R1 +feature bandw
-- Bandwidth Reservation user console --
R1 BRS+net ppp1
R1 BRS [i ppp1]+counters
Bandwidth Reservation Counters
Interface ppp1
Class: local
Input packets: 100 Input bytes: 4997
Transmitted packets: 100 Transmitted bytes: 4997
Discarded packets: 0 Discarded bytes: 0
Disc pkts rate-limit: 0 Disc bytes rate-limit: 0
Remarked packets: 0 Remarked bytes: 0
Reassigned packets: 0 Reassigned bytes: 0
Disc packets loop: 0 Disc bytes loop: 0
Disc pkts queue ovfl: 0 Disc bytes queue ovfl: 0
Disc pkts wred: 0 Disc bytes wred: 0
Class: default
Input packets: 1025 Input bytes: 89834
Transmitted packets: 1025 Transmitted bytes: 89834
Discarded packets: 0 Discarded bytes: 0
Disc pkts rate-limit: 0 Disc bytes rate-limit: 0
Remarked packets: 0 Remarked bytes: 0
Reassigned packets: 0 Reassigned bytes: 0
Disc packets loop: 0 Disc bytes loop: 0
Disc pkts queue ovfl: 0 Disc bytes queue ovfl: 0
Disc pkts wred: 0 Disc bytes wred: 0
Class: http
Input packets: 3362 Input bytes: 198122
Transmitted packets: 3290 Transmitted bytes: 164005
Discarded packets: 72 Discarded bytes: 34117
Disc pkts rate-limit: 72 Disc bytes rate-limit: 34117
Remarked packets: 0 Remarked bytes: 0
Reassigned packets: 0 Reassigned bytes: 0
Disc packets loop: 0 Disc bytes loop: 0
Disc pkts queue ovfl: 0 Disc bytes queue ovfl: 0
Disc pkts wred: 0 Disc bytes wred: 0
Class: ftp
Input packets: 75 Input bytes: 3356
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 11/19
Transmitted packets: 75 Transmitted bytes: 3356
Discarded packets: 0 Discarded bytes: 0
Disc pkts rate-limit: 0 Disc bytes rate-limit: 0
Remarked packets: 0 Remarked bytes: 0
Reassigned packets: 0 Reassigned bytes: 0
Disc packets loop: 0 Disc bytes loop: 0
Disc pkts queue ovfl: 0 Disc bytes queue ovfl: 0
Disc pkts wred: 0 Disc bytes wred: 0
TOTAL:
Input packets: 4562 Input bytes: 296309
Transmitted packets: 4490 Transmitted bytes: 262192
Discarded packets: 72 Discarded bytes: 34117
Disc pkts rate-limit: 72 Disc bytes rate-limit: 34117
Remarked packets: 0 Remarked bytes: 0
Reassigned packets: 0 Reassigned bytes: 0
Disc packets loop: 0 Disc bytes loop: 0
Disc pkts queue ovfl: 0 Disc bytes queue ovfl: 0Disc pkts wred: 0 Disc bytes wred: 0
4.4.1 Verificar el marcado de los paquetes entrantes
R1 + feature bandwidth-reservation
R1 BRS+net ppp1
R1 BRS [i ppp1]+cache
10 entries in cache1 ethernet0/2 20.20.20.200 -> 200.236.31.2 tos 0 label 0 protocol 6 tcp ports 4544 -> 80
class http priority urgent set tos 160 mask 224
2 ethernet0/2 20.20.20.200 -> 74.125.137.83 tos 0 label 0 protocol 6 tcp ports 4607 -> 443
no match
3 internal 10.130.251.114 -> 10.130.251.113 tos 0 label 0 protocol 6 tcp ports 1024 -> 179
no match
4 ethernet0/2 20.20.20.200 -> 74.125.137.189 tos 0 label 0 protocol 6 tcp ports 4620 -> 443
no match
5 ethernet0/2 20.20.20.200 -> 74.125.137.83 tos 0 label 0 protocol 6 tcp ports 4608 -> 443
no match
6 ethernet0/2 20.20.20.200 -> 74.125.137.189 tos 0 label 0 protocol 6 tcp ports 4619 -> 443no match
7 ethernet0/2 20.20.20.200 -> 192.168.52.1 tos 0 label 0 protocol 6 tcp ports 4634 -> 80
class http priority urgent set tos 160 mask 224
8 ethernet0/2 20.20.20.200 -> 192.168.52.1 tos 0 label 0 protocol 6 tcp ports 4602 -> 80
class http priority urgent set tos 160 mask 224
9 ethernet0/2 20.20.20.200 -> 199.7.55.72 tos 0 label 0 protocol 6 tcp ports 4610 -> 80
class http priority urgent set tos 160 mask 224
10 ethernet0/2 20.20.20.200 -> 74.125.137.189 tos 0 label 0 protocol 6 tcp ports 4618 -> 443
no match
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 12/19
4.5 Netflow
Verificar que el Router Teldat soporta el protocolo NetFlow Versión 5 y 9
network ethernet0/2
; -- Ethernet Interface User Configuration --
ip address 172.25.254.1 255.255.255.0
;
ip flow egress
ip flow ingress
exit
;
feature netflow
ip cache timeout active 1
ip export destination 172.25.254.52 9996
;
ip export source 172.25.254.1
ip export version 5
exit
;
4.5.1 Verificación de Estadisticas Netflow
iRouter +feature netflow
NETFLOW Monitor
iRouter NETFLOW Mon+list statistics
Number of active flows: 206
Packets processed: 24882665
Fragments: 0
Ignored packets: 0 (0 ipsec, 0 sampled)
Flows expired: 109777 (0 forced)
Flows exported: 109777 in 9135 packets (0 failures)
Sampling factor 1 out of 1
iRouter NETFLOW Mon+list cache
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Bytes Expiry
------------------------------------------------------------------------------------------------------
ethernet0/2 172.25.254.22 ethernet0/1 8.8.8.8 17 58333 53 1 133 0
4.6 Access List
Veirifcación de las veces que encuentra un MATCH el ACL.
Feature access-list
Access Lists+list all access-list 101
Extended Access List 101, assigned to IP
ACCESS LIST CACHE. Hits = 946, Miss = 842 (Success rate: 52%)
Cache size: 32 entries, Promotion zone: 6 entries
192.178.1.3 <-> 200.41.9.39 TCP 2408 <-> 80 HTTP [ESTAB]
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 13/19
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 59
192.178.1.3 <-> 173.194.37.149 TCP 1986 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 60
192.178.1.4 <-> 173.194.37.149 TCP 4219 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 115
192.178.1.3 <-> 74.125.140.94 TCP 2405 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 110
192.178.1.3 <-> 216.137.47.95 TCP 2420 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 23
192.178.1.3 <-> 173.194.37.143 TCP 2390 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 42
192.178.1.3 <-> 157.55.130.166 TCP 1987 <-> 443 [ESTAB]Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 89
192.178.1.4 <-> 65.55.223.34 TCP 4215 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 35
192.178.1.3 <-> 74.125.130.125 TCP 2360 <-> 443 [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:2 Hits = 19
192.178.1.4 <-> 91.189.90.40 TCP 4493 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 13
192.178.1.3 <-> 173.194.37.135 TCP 2384 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 11
192.178.1.3 <-> 216.137.47.95 TCP 2418 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 5
192.178.1.3 <-> 200.41.9.39 TCP 2429 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 3
192.178.1.3 <-> 200.41.9.39 TCP 2430 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 3
192.178.1.4 <-> 74.125.140.95 TCP 4504 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 0
192.178.1.3 <-> 72.21.195.161 TCP 2427 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 0
192.178.1.3 <-> 200.41.9.39 TCP 2432 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 0
192.178.1.3 <-> 200.41.9.39 TCP 2431 <-> 80 HTTP [ESTAB]
Conn:0x0 TOS Octet:0 Label:0 Entry id:1 Hits = 2
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 14/19
ACCESS LIST ENTRIES
1 PERMIT SRC=0.0.0.0/0 DES=0.0.0.0/0 Conn:0
PROT=6 DPORT=80
Hits: 449
(192.178.1.3 <-> 216.137.47.95 Conn:0x0 TCP 2420 <-> 80 HTTP TOS Octet:0 LABEL=0)
2 PERMIT SRC=0.0.0.0/0 DES=0.0.0.0/0 Conn:0
PROT=6 DPORT=443
Hits: 666
(192.178.1.4 <-> 173.194.37.149 Conn:0x0 TCP 4219 <-> 443 TOS Octet:0 LABEL=0)
3 PERMIT SRC=0.0.0.0/0 DES=0.0.0.0/0 Conn:0
PROT=17 DPORT=53
Hits: 24
(192.178.1.3 <-> 8.8.8.8 Conn:0x0 UDP 1399 <-> 53 DNS TOS Octet:0 LABEL=0)
4.7 Route Maps
4.7.1 Filtros para rutas de exportación
Este artículo se refiere a la configuración para seleccionar las rutas que serán exportadas a la tabla de enrutamiento del PE,
derivada de las rutas estáticas, las redes conectadas directamente o aprendido a través de otros protocolos.
30.30.30.0/24
192.168.1.1
192.168.1.2
192.168.1.3
20.20.20.0/30
20.20.20/30
En el CPE1 limita la exportación de la LAN, en esta configuración se limita las rutas exportadas al PE, impidiendo la
publicación de la red 192.168.1.0/24
feature prefix-lists
; -- Prefix Lists user configuration --
prefix-list 100entry 1 default
entry 1 permit
entry 1 prefix 192.168.1.0 255.255.255.0
exit
exit
feature route-map
; -- Route maps user configuration --
route-map "TO_PE"
entry 1 default
entry 1 deny
entry 1 match ip prefix-list 100
;
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 15/19
entry 2 default
entry 2 permit
;
exit
protocol ip
; -- Internet protocol user configuration --
router-id 192.168.1.2
exit
protocol bgp
; -- Border Gateway Protocol user configuration --
enable
;
as 65000
export as 10429 prot direct all
;
group type external peer-as 10429
; -- BGP group configuration --
peer 20.20.20.1peer 20.20.20.1 hold-time 15s
peer 20.20.20.1 out-route-map TO_PE
exit
exit
4.7.2 Diagnóstico y visualización de prefix-list configurado
CPE1 Prefix Lists+ list all
Prefix List 100
PREFIX LIST ENTRIES
1 PERMIT PREFIX=192.168.1.0/29 Exact prefix match
Hits: 1
Last route match: 192.168.1.0/29
4.7.3 Registro de ejecución de route-map
01/01/00 00:16:20 BGP.019 notif sent to 20.20.20.1 (Ext AS 10429): Cease/0
01/01/00 00:16:20 BGP.005 Send Notification msg to peer 20.20.20.1/AS 10429
01/01/00 00:16:20 BGP.002 Lost connection to peer 20.20.20.1/AS 10429
01/01/00 00:16:20 BGP.028 Backward status transition. Peer 20.20.20.1/AS 10429
01/01/00 00:16:20 BGP.002 Lost connection to peer 192.168.1.3/AS 65000
01/01/00 00:16:20 BGP.028 Backward status transition. Peer 192.168.1.3/AS 65000
01/01/00 00:16:20 BGP.020 Peer 1.1.1.1 (Ext AS 10429) idled: Int. not found
01/01/00 00:16:32 BGP.018 Connecting to 20.20.20.1 (Ext AS 10429)
01/01/00 00:16:32 BGP.028 Backward status transition. Peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.005 Send Open msg to peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.004 Rcv Open msg from peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.005 Send KeepAlive msg to peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.004 Rcv KeepAlive msg from peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.008 Connection ESTABLISHED with peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.024 route 20.20.20.0/255.255.255.252 discarded. Route-map: TO_PE01/01/00 00:16:32 BGP.024 route 192.168.1.0/255.255.255.248 discarded. Route-map: TO_PE
01/01/00 00:16:32 BGP.024 route 192.168.1.1/255.255.255.255 discarded. Route-map: TO_PE
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 16/19
01/01/00 00:16:32 BGP.005 Send KeepAlive msg to peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.004 Rcv Update msg from peer 20.20.20.1/AS 10429
01/01/00 00:16:32 BGP.010 rte upd 20.20.20.0/255.255.255.252 via 20.20.20.1 pref 170 metric 1 locprf none
01/01/00 00:16:32 BGP.015 Add rte 20.20.20.0/255.255.255.252 20.20.20.1
01/01/00 00:16:32 BGP.004 Rcv KeepAlive msg from peer 20.20.20.1/AS 10429
01/01/00 00:16:36 BGP.018 Connecting to 192.168.1.3 (Int AS 65000)
01/01/00 00:16:36 BGP.028 Backward status transition. Peer 192.168.1.3/AS 65000
01/01/00 00:16:37 BGP.005 Send KeepAlive msg to peer 20.20.20.1/AS 10429
01/01/00 00:16:37 BGP.004 Rcv KeepAlive msg from peer 20.20.20.1/AS 10429
4.8 Tacacs
Configuración Teldat para habilitar funcionalidad de AAA contra servidores TACACs
feature aaa
; -- AAA user configuration --
tacacs-servers
server "T1"
host <IP_Servidor_Tacacs>
key plain <Clave_Tacacs>
source-address <interface>
exit
;
exit
;
group server tacacs+ "GrupoTac"
server T1
exit
;
authentication login "AuthenLogin"method 1 group GrupoTac
method 2 local
exit
;
authorization exec "default"
method 1 group GrupoTac
method 2 local
exit
;
authorization commands "default"
privilege-level 10method 1 group GrupoTac
method 2 local
exit
;
privilege-level 15
method 1 group GrupoTac
method 2 local
exit
;
exit
;
accounting exec "default"
action-type start-stop
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 17/19
method 1 group GrupoTac
exit
;
accounting commands "default"
privilege-level 1
action-type start-stop
method 1 group GrupoTac
exit
;
privilege-level 10
action-type start-stop
method 1 group GrupoTac
exit
;
privilege-level 15
action-type start-stop
method 1 group GrupoTac
exit;
exit
;
exit
4.9 NTP
Configuración el router ATLAS como cliente NTP.
time timezone -5 {Zona Horaria}
;
feature ntp; -- NTP Protocol user configuration --
protocol
peer address 1 10.125.25.16 {Servidor NTP}
peer poll-interval 1 16
exit
;
4.9.1 Visualización de logs NTP
Luego de configurar vemos el debug como va sincronizando con el servidor NTP
iRouter*p 3
iRouter+event
iRouter ELS+enable trace subsystem ntp all
iRouter ELS+view
09/10/12 03:20:03 NTP.014 Server Mode Pkt from hst 10.125.25.16
09/10/12 03:20:03 NTP.022 D/T Rx Monday, 09/10/12 03:19:47 2 ms 33989 ticks
09/10/12 03:20:03 NTP.019 Exact Date/Time Monday, 09/10/12 03:20:04 2 ms
09/10/12 03:20:03 NTP.019 Exact Date/Time Monday, 09/10/12 13:20:03 424 ms
09/10/12 03:20:03 NTP.015 Clk Update Delay 8 ms - Offset 35999.422 secs
09/10/12 03:20:03 NTP.016 To Stablish Monday, 09/10/12 13:20:04 Stablished Monday, 09/10/12 13:20:04
09/10/12 03:20:03 NTP.017 Time since timer throw 578 ms09/10/12 13:20:19 NTP.002 tx NTP pkt to hst 10.125.25.16 ref D3F82129.5EBB0000 org D3F82133.6B924000 recv
D3F79494.83126E tx D3F82143.6BC6A773
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 18/19
09/10/12 13:20:19 NTP.021 D/T Tx Monday, 09/10/12 03:20:04 421 ms 65971 ticks
09/10/12 13:20:19 NTP.001 rcvd possible pkt NTP from hst 10.125.25.16 ref D3F82129.5EBB0000 org D3F82143.6BC6A773
recv D3F82143.4EBF6000 tx D3F82143.4EC2D000
09/10/12 13:20:19 NTP.014 Server Mode Pkt from hst 10.125.25.16
09/10/12 13:20:19 NTP.022 D/T Rx Monday, 09/10/12 03:20:04 430 ms 65989 ticks
09/10/12 13:20:19 NTP.019 Exact Date/Time Monday, 09/10/12 13:20:19 430 ms
09/10/12 13:20:19 NTP.019 Exact Date/Time Monday, 09/10/12 13:20:19 313 ms
09/10/12 13:20:19 NTP.015 Clk Update Delay 8 ms - Offset -0.117 secs
09/10/12 13:20:19 NTP.016 To Stablish Monday, 09/10/12 13:20:20 Stablished Monday, 09/10/12 13:20:20
09/10/12 13:20:19 NTP.017 Time since timer throw 689 ms
4.9.2 Verificación de fecha y hora sincronizado a través de NTP
iRouter *conf
iRouter Config>time list
Set by: operator
Date: Monday, 09/10/12 Time: 13:20:29
4.10 Syslog
4.10.1 Habilitación de eventos SysLog
event
; -- ELS Config --
enable syslog subsystem ICMP ALL
enable syslog subsystem IP ALL
enable syslog subsystem BGP ALL
enable syslog subsystem ETH ALL
enable syslog subsystem DNS ALL
enable syslog subsystem AAA ALL
enable syslog subsystem DHCP ALL
enable syslog subsystem NTP ALL
enable syslog subsystem SNMP ALL
console
; -- Console Events Configuration --
log prompt
log source-ip
exit
;
exit
;
feature syslog
; -- SYSLOG client configuration --
enable
server 172.25.254.52
exit
4.10.2 Verificar parámetros SYSLOG
Verificación en router ATLAS de las sesiones Syslog
*p 3
+feature syslog
-- SYSLOG client console --SYSLOG+
8/18/2019 Protocolo de Pruebas Agencia BBVA_v2 - Router Teldat ATLAS 60
http://slidepdf.com/reader/full/protocolo-de-pruebas-agencia-bbvav2-router-teldat-atlas-60 19/19
SYSLOG+list
Syslog client active configuration:
Syslog client status: ENABLED
Facility: 16 (Local0)
Severity: 3 (Error)
Source IP address: 172.25.254.1
Active syslog servers:
IP address Domain name
--------------- -----------
172.25.254.52
Syslog client statistics:
Total number of transmitted messages: 0
Emergency messages: 0
Alert messages: 0
Critical messages: 0Error messages: 0
Warning messages: 0
Notice messages: 0
Informational messages: 0
Debug messages: 0
Events with severity greater than established level: 6167
Lost messages due to buffer overflow: 0
4.11 SNMP
protocol snmp
; -- SNMP user configuration --
community pubCajerosBBV subnet 118.180.54.115 255.255.255.255
community pubCajerosBBV subnet 118.180.36.92 255.255.255.255
community pubCajerosBBV subnet 118.180.54.58 255.255.255.255
;
community pubgrc subnet 118.180.54.115 255.255.255.255
community pubgrc subnet 118.180.36.92 255.255.255.255
community pubgrc subnet 118.180.54.58 255.255.255.255
;
host 10.192.17.204 trap version v2c pubCajerosBBV allhost 10.192.17.204 trap version v2c pubcgrc all
host 10.192.17.92 trap version v2c pubCajerosBBV all
host 10.192.17.92 trap version v2c pubcgrc all
host 10.192.17.93 trap version v2c pubCajerosBBV all
host 10.192.17.93 trap version v2c pubcgrc all
;
trap sending-parameters reachability-checking ip-route
exit