rfc1538.Advanced SNA IP A Simple SNA Transport Protocol
华为调试
#interface Ethernet0/0/6#interface Ethernet0/0/7#interface GigabitEthernet0/0/0ip address 192.168.1.1 255.255.255.0#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0 nat outbound 2000#wlan#interface Wlan-Radio0/0/0#interface Cellular0/0/0link-protocol ppp#interface Cellular0/0/1link-protocol ppp#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 218.24.164.1 #user-interface con 0user-interface vty 0 4user-interface vty 16 20#return[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo 218.24.164.213 www in 192.168.1 .200 8080Error: The address conflicts with interface or ARP IP.[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]undo nat ou 2000[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo 218.24.164.213 www in 192.168.1 .200 8080Error: The address conflicts with interface or ARP IP.[Huawei-GigabitEthernet0/0/1][Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0#return[Huawei-GigabitEthernet0/0/1]nat ou 2000 ?address-group IP address-group of NATinterface Specify the interface<cr> Please press ENTER to execute command[Huawei-GigabitEthernet0/0/1]nat ou 2000 ad[Huawei-GigabitEthernet0/0/1]nat ou 2000 address-group 1Error: The address conflicts with interface or ARP IP. [Huawei-GigabitEthernet0/0/1]di cu[V200R001C01]#snmp-agent local-engineid 800007DB034C1FCC45D3A6 snmp-agent#voice#http server enable#drop illegal-mac alarm#dhcp enable#set transceiver-monitoring disable#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 deny#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default[Huawei-GigabitEthernet0/0/1][Huawei-GigabitEthernet0/0/1][Huawei-GigabitEthernet0/0/1][Huawei-GigabitEthernet0/0/1]qu[Huawei]acl 2000[Huawei-acl-basic-2000]di th[V200R001C01]#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 deny#return[Huawei-acl-basic-2000]undo rule 0[Huawei-acl-basic-2000]undo rule 1[Huawei-acl-basic-2000]rule permi ?fragment Check fragment packetnone-first-fragment Check the subsequence fragment packet source Specify source addresstime-range Specify a special timevpn-instance Specify a VPN-Instance<cr> Please press ENTER to execute command [Huawei-acl-basic-2000]rule permi[Huawei-acl-basic-2000]qu[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0#return[Huawei-GigabitEthernet0/0/1]nat ou[Huawei-GigabitEthernet0/0/1]nat outbound 2000 add 1Error: The address conflicts with interface or ARP IP.[Huawei-GigabitEthernet0/0/1]qu[Huawei]acl 2000[Huawei-acl-basic-2000]di th[V200R001C01]#acl number 2000rule 5 permit#return[Huawei-acl-basic-2000]undo rule 5[Huawei-acl-basic-2000]rule 0 per so[Huawei-acl-basic-2000]rule 0 per source ?IP_ADDR<X.X.X.X> Address of sourceany Any source[Huawei-acl-basic-2000]rule 0 per source 192.168.1.0 0.0.0.255 [Huawei-acl-basic-2000]rule 1 de^Error:Ambiguous command found at '^' position.[Huawei-acl-basic-2000]di th[V200R001C01]#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255#return[Huawei-acl-basic-2000]rule 1 deny ?fragment Check fragment packetnone-first-fragment Check the subsequence fragment packetsource Specify source addresstime-range Specify a special timevpn-instance Specify a VPN-Instance<cr> Please press ENTER to execute command [Huawei-acl-basic-2000]rule 1 deny[Huawei-acl-basic-2000]di th[V200R001C01]#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 deny#return[Huawei-acl-basic-2000]qu[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0#return[Huawei-GigabitEthernet0/0/1]nat ou[Huawei-GigabitEthernet0/0/1]nat outbound 2000 ?address-group IP address-group of NATinterface Specify the interface<cr> Please press ENTER to execute command [Huawei-GigabitEthernet0/0/1]nat outbound 2000 ad 1Error: The address conflicts with interface or ARP IP.[Huawei-GigabitEthernet0/0/1]nat outbound 2000[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]dis nat ad[Huawei-GigabitEthernet0/0/1]qu[Huawei]dis nat ad 1NAT Address-Group Information:--------------------------------------Index Start-address End-address--------------------------------------1 218.24.164.213 218.24.164.213--------------------------------------Total : 1[Huawei]di cu[V200R001C01]#snmp-agent local-engineid 800007DB034C1FCC45D3A6 snmp-agent#voice#http server enable#drop illegal-mac alarm#dhcp enable#set transceiver-monitoring disable#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 deny#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#firewall zone trust#nat address-group 1 218.24.164.213 218.24.164.213 #interface Ethernet0/0/0#interface Ethernet0/0/1#interface Ethernet0/0/2#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface GigabitEthernet0/0/0ip address 192.168.1.1 255.255.255.0#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0 nat outbound 2000#wlan#interface Wlan-Radio0/0/0#interface Cellular0/0/0link-protocol ppp#interface Cellular0/0/1link-protocol ppp#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 218.24.164.1 #user-interface con 0user-interface vty 0 4user-interface vty 16 20#return[Huawei][Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]nat pro ?^Error: Unrecognized command found at '^' position.[Huawei-GigabitEthernet0/0/1]qu[Huawei]nat ?address-group IP address-group of NATalg Application level gatewaydns-map DNS mappingfilter-mode NAT filter modelink-down Link down reset session functionmapping-mode NAT mapping modeoverlap-address Overlap address pool to temp address pool map static Specify static NAT[Huawei]dis cu[V200R001C01]#snmp-agent local-engineid 800007DB034C1FCC45D3A6snmp-agent#voice#http server enable#drop illegal-mac alarm#dhcp enable#set transceiver-monitoring disable#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 deny#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#firewall zone trust#nat address-group 1 218.24.164.213 218.24.164.213 #interface Ethernet0/0/0#interface Ethernet0/0/1#interface Ethernet0/0/2#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface GigabitEthernet0/0/0ip address 192.168.1.1 255.255.255.0#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0 nat outbound 2000#wlan#interface Wlan-Radio0/0/0#interface Cellular0/0/0link-protocol ppp#interface Cellular0/0/1link-protocol ppp#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 218.24.164.1#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return[Huawei]dis cu[V200R001C01]#snmp-agent local-engineid 800007DB034C1FCC45D3A6 snmp-agent#voice#http server enable#drop illegal-mac alarm#dhcp enable#set transceiver-monitoring disable#acl number 2000rule 0 permit source 192.168.1.0 0.0.0.255rule 1 denyaaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#firewall zone trust#nat address-group 1 218.24.164.213 218.24.164.213 #interface Ethernet0/0/0#interface Ethernet0/0/1#interface Ethernet0/0/2#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#[Huawei][Huawei]undo nat add 1[Huawei]nat ?address-group IP address-group of NATalg Application level gatewaydns-map DNS mappingfilter-mode NAT filter modelink-down Link down reset session functionmapping-mode NAT mapping modeoverlap-address Overlap address pool to temp address pool mapstatic Specify static NAT[Huawei]int g0/0/1[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo 218.24.164.213 7008 ins 192.168 .1.200 7008Error: The address conflicts with interface or ARP IP.[Huawei-GigabitEthernet0/0/1]di veHuawei Versatile Routing Platform SoftwareVRP (R) software, Version 5.90 (AR1200 V200R001C01)Copyright (C) 2011 HUAWEI TECH CO., LTDHuawei AR1220 Router uptime is 0 week, 0 day, 3 hours, 14 minutesBKP 0 version information:1. PCB Version : AR01BAK1A VER.A2. If Supporting PoE : Yes3. Board Type : AR12204. MPU Slot Quantity : 15. LPU Slot Quantity : 2MPU 0(Master) : uptime is 0 week, 0 day, 3 hours, 14 minutes SDRAM Memory Size : 512 M bytesFlash Memory Size : 256 M bytesNVRAM Memory Size : 512 K bytesMPU version information :1. PCB Version : AR01SRU1A VER.C2. MAB Version : 03. Board Type : AR1220W-S4. CPLD1 Version : 1045. BootROM Version : 225[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1ip address 218.24.164.213 255.255.255.0nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]undo ip add ?IP_ADDR<X.X.X.X> IP addressbootp Bootp clientbootp-alloc Bootp client allocdhcp Dynamic host configure protocoldhcp-alloc IP address allocunnumbered Share an address with another interface<cr> Please press ENTER to execute command[Huawei-GigabitEthernet0/0/1]undo ip add[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo ?X.X.X.X Global IP address of NATcurrent-interface Address of current interfaceinterface Specify the interface[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo 218.24.164.213 7008 ?inside Specify inside information of NAT[Huawei-GigabitEthernet0/0/1]nat ser pro tcp glo 218.24.164.213 7008 inside 192. 168.1.200 7008[Huawei-GigabitEthernet0/0/1]di th[V200R001C01]#interface GigabitEthernet0/0/1nat server protocol tcp global 218.24.164.213 7008 inside 192.168.1.200 7008nat outbound 2000#return[Huawei-GigabitEthernet0/0/1]Please check whether system data has been changed, and save data in timeConfiguration console time out, please press any key to log on<Huawei><Huawei><Huawei><Huawei>saThe current configuration will be written to the device.Are you sure to continue? (y/n)[n]:yIt will take several minutes to save configuration file, please wait.......... ...Configuration file had been saved successfullyNote: The configuration file will take effect after being activated<Huawei>。
IP RFC中文摘要材料
[RFC中文翻译]在串行线路上传输IP数据报的非标准协议TCP/IP协议组运行在各种各样的网络媒介上:IEEE802.3(以太网)和802.5(令牌环)局域网(LAN)、X.25线路、卫星链路以及串行线路。
其中许多网络已经有IP分组的标准封装格式,但没有用于串行线路的标准。
SLIP(串行线路IP)目前已成为事实上的标准,广泛地用于在点对点串行连接上运行TCP/IP。
这并不是一个Internet标准,本备忘录的发布不受限制。
历史(HISTORY)SLIP源于80年代初期的3COMUNETTCP/IP实现。
SLIP只是一个分组分帧协议,仅仅定义了一系列在串行线路上构造IP分组的字符。
它没有提供地址、分组类型标识、错误检查/修正或者压缩机制。
因为这个协议所作的工作这么少,通常很容易实现。
大约在1984年,RickAdam为4.2BerkeleyUnix和SunMicrosystem工作站实现了SLIP并公之于众,并作为一种使用串行线路连接TCP/IP主机和路由器的简单可靠的方法很快流行起来。
SLIP通常专门用于串行连接,有时候也用于拨号网络,使用的线路速率一般介于1200bps 和19.2Kbps之间。
SLIP允许主机和路由器混合连接(主机-主机、主机-路由器、路由器-路由器都是SLIP网络通用的配置),因而非常有用。
可用性(A V AILABILITY)SLIP可用于大多数基于BerkeleyUNIX的系统,并且被包括进了Berkeley的4.3BSD标准版。
SLIP可用于Ultrix、SunUNIX和大多数派生自Berkeley的UNIX系统。
一些终端集线器和IBMPC的实现也支持该协议。
BerkeleyUNIX的SLIP可以使用匿名FTP从上的pub/sl.shar.Z中获得。
确保传输的是二进制文件,并使用UNIX解压程序打开它,然后把解开的文件作为UNIX/bin/sh(如/bin/shsl.shar)的SHELL命令使用协议(PROTOCOL)SLIP定义了两个特殊字符:END和ESC。
计算机网络名词 英文缩写解释大全
计算机网络名词 英文缩写解释大全计算机网络名词 英文缩写解释大全 AAL ATM适配层ATM Adaptation Layer ABR 可用比特率Available Bit Rate ACR 衰减串扰比 ADPCM 自适应差分PCM ADSL 非对称数字环路Asymmetric DigitalSubscriber Line AMI ATM Management Interface AMPS 先进型移动电话系统Advanced MobilePhone System ANS 高级网络与服务Advanced Networks andServices ANSI 美国国家标准协会American NationalStandard Institute APON 无源光纤网络 ARP 地址解析协议Address Resolution Protocol ARQ 自动重发请求Automatic Repeat Request AS 自制系统Autonomous System ASIC Application Specific IntegratedCircuit(Chip) ASN.1 Abstract Syntax Notation One ATD 异步时分复用Asynchronous Time Division ATM 异步传输模式Asynchronous Transfer Mode BBS 电子公告板Bulletin Board System BER 误比特率bit error rate BGP 边界网关协议Border Gateway Protocol BICMOS 双极型CMOS BIP-8 Bit Interleaved Parity-8 B-ISDN 宽带综合业务数字网Broadband Integrated Services Digital Network BMI Bus-Memory Interface BOOTP 引导协议BOOTstrapping Protocol BRI 单一ISDN基本速率 BUS 广播和未知服务器Broadcast/Unknown Server CAC 连接接纳控制Connection Admission Control CATV 公用天线电视 CBDS 无连接宽带数据服务 CBR 连续比特率Continuous Bit Rate CCITT 国际电话电报咨询委员会 CD Carrier Detect CDB Configuration Database CDMA 码分多址Code Division Multiple Access CDPD 蜂窝数字分组数据 Cellular Digital Packet Data CDV 信元延时变化Cell Delay Variation CEC Common Equipment Card CERNET 中国教育科研网 CIDR 无类型域间路由Classless InterDomain Routing CLIP Classical IP CLP 信元丢失优先级 CMIS/CMIP the Common Management Information Service/Protocol CMOS 互补型金属氧化物半导体 CMOT CMIS/CMIP on TCP/IP CNOM 网络营运与管理专业委员会Committee of Network Operation and Management CORBA 公共对象请求代理结构Common Object Request Broker Architecture CPAN Comprehensive Perl archieve Network CPE Customer Premises Equipment CPCS 公共部分会聚子层Common PartConvergence Sublayer CR Carriage Return CS 会聚子层Convergence Sublayer CSDN 电路交换数据网 CSMA/CD 载波侦听多路访问/冲突检测Carrier Sense Multi-Access/Collision Detection DAC Dual Attach Concentrator DAS Dual Attach Station DCD Data Carrier Detect DCE 数据电路端接设备DigitalCircuit-terminating Equipment DHCP 动态主机控制协议 DIME 直接内存执行Direct Memory Execute DME 分布式管理环境Distributed Management Environment DNS 域名系统Domain Name System DPI 每英寸可打印的点数Dot Per Inch DQDB 分布式队列双总线Distributed Queue Dual Bus DS-3 Digital Standard-3 DSMA 数字侦听多重访问Digital Sense Multiple Access DSP Digital Signal Processing DTE 数据终端设备Data Terminal Equipment DTR Data Terminal Ready DVMRP 距离向量多目路径协议Distance Vector Multicast Routing Protocol ECL 硅双极型 ECSRN 华东南地区网 EGP 外部网关协议Exterior Gateway Protocol EIA/TIA Electronic Industries Association and the Telecommunication Industries Association EMA 以太网卡Ethernet Media Adapter E-mail 电子邮件Electronic Mail EPD 提前舍弃分组数据包 FAQ 常见问题解答Frequently Answer Question FCS 快速电路交换Fast Circuit Switching FDDI 光纤分布式数据接口Fiber Distributed Data Interface FDM 频分多路复用Frequency Division Multiplexing FEC 前向差错纠正Forward Error Correction FEMA 快速以太网卡Fast Ethernet Media Adapter FEXT 远端串扰 FITL 光纤环路 FMA FDDI网卡FDDI Media Adapter FOIRL Fiber Optic Inter-repeater Link FTP 文件传输协议File Transfer Protocol FTTC 光纤到楼群Fiber To The Curb FTTH 光纤到户Fiber To The Home GCRA 通用信元速率算法Generic Cell Rate Algorithm GGP 网关-网关协议Gateway-Gateway Protocol GSM 移动通信全球系统(全球通) Global Systems for Mobile communications HEC 信头错误控制Header Error Control HCS 头校验序列Header Check Sequence HDLC 高级数据链路控制(协议)High-Level Data Link Control HDTV 数字高清晰度电视High Definition TeleVision HFC 混合光纤同轴Hybrid Fiber Coax HIPPI 高性能并行接口High Performance Parallel Interface HOL 队头阻塞 HTTP 超文本传输协议HyperText TransferProtocol Hub 集线器 IAB 因特网结构委员会Internet Architecture Board IAP 因特网接入提供商Internet Access Provider ICCB Internet控制与配置委员会Internet Control and Configuration Board ICMP 因特网控制信息协议Internet Control Message Protocol ICP Internet Content Provider ICX 部件间交换Inter-Cartridge Exchange IDP 网间数据报协议Internetwork Datagram Protocol IDU 接口数据单元Interface Data Unit IEEE 电子和电气工程师协会Institute of Electrical and Electronics Engineers IETF 因特网工程特别任务组Internet Engineering Task Force IGMP Internet组管理协议Internet Group Management Protocol IGP 内部网关协议Interior Gateway Protocol IISP 间歇交换机信令协议 ILMI 过渡性局域管理界面(?) IMP 接口信息处理机Interface Message Processor IMTS 改进型移动电话系统Emproved Mobile Telephone System IP 因特网协议Internet Protocol IRC Internet Relay Chat IRTF 因特网研究特别任务组Internet Research Task Force ISDN 综合业务数字网Integrated Services Digital Network ISO 国际标准化组织International Organization for Standardization (或简称International Standard Organization) ISP 因特网服务提供商Internet Service Proveder IT 信息技术Information Technology ITU 国际电信联盟International Telecommunications Union JPEG 图像专家联合小组Joint Photographic Experts Group L2F 第二层转发 L2TP 第二层隧道协议 LAN 局域网Local Area Network LANE 局域网仿真LAN Emulation LAP 链路访问过程Link Access Procedure LCP 链路控制协议Link Control Protocol LE_ARP LAN仿真地址转换协议 LEC 局域网仿真客户端LAN Emulation Client LECS 局域网仿真配置服务LAN Emulation Configure Service LED 发光二极管 LES 局域网仿真服务器LAN Emulation Server LF Line Feed LI 长度指示 LIM 插件板 LLC 逻辑链路控制Logical Link Control MAC 介质访问控制Media Access Control MAN 城域网Metropolitan Area Network MACA 避免冲突的多路访问(协议) (IEEE802.11无线局域网标准的基础) Multiple Access with Access Avoidance MAU Medium Access Unit MIB 管理信息库Management Information Base MIC Media interface connector Modem 调制解调器 MOTD 当日消息Message Of The Day MPC MPOA Client MPEG 活动图像专家组Motion Picture Experts Group MRFCS 多速率快速电路交换Multirate Fast Circuit Switching MPOA Multi-Protocol Over ATM MPS MPOA Server MRCS 多速率电路交换Multirate Circuit Switching MSC 移动交换中心Mobile Switching Center MTBF 两次故障间的平均时间Media Time Between Faults MTOR 故障修复所需平均时间Media Time of Repair MTP 邮件传输协议Mail Transfer Protocol MTSO 移动电话交换站Mobile Telephone Switching Office MTTD 故障诊断所需平均时间Media Time to Diagnose MTU 最大传输单元Maximum Transfer Unit NAP 网络接入点Network Access Point NCA 网络计算结构Network Computing Architecture NCFC 中国国家计算机网络设施,国内也称中关村网The National Computing and Network Facility of China NCP 网络控制协议Network Control Protocol NCP 网络核心协议Network Core Protocol NEXT 近端串扰 NFS 网络文件系统Network File System NHRP 下一个节点路由协议 NHS NHRP Server NIC Null-Attach Concentrator NIC 网卡Network Interface Card NIC 网络信息中心Network Information Centre NIM 网络接口模块Network Interface Module NISDN 窄带ISDN Narrowband Integrited Services Digital Network NLAM 网络层地址管理 NNI 网络-网络接口Network-Network Interface NOMS 网络营运与管理专题讨论会Network Operation and Management Symposium NREN (美国)国家研究和教育网NationalResearch and Education Network NSAP 网络服务接入点Network Service Access Point NSF (美国)国会科学基金会 NVRAM Non-volatile RAM NVT 网络虚拟终端Network Virtual Terminal OAM 操作与维护Operation And Maintenance ODBC 开放数据库互连Open Database Connection ORB 对象请求代理Object REquest Broker OSF 开放软件基金会Open Software Fundation OSI 开放系统互联Open System Interconnection OSPF 开放最短路径优先(协议) Open Shortest Path First PBX 用户交换机Private Branch eXchange PCM 脉冲编码调制Pulse Code Modulation PCN 个人通信网络Personal Communications Network PCR 峰值信元速率Peak Cell Rate PCS 个人通信服务Personal Communications Service PDH 准同步数字系列 PDA 个人数字助理Personal Digital Assistant PDN 公用数据网Public Data Network PDU 协议数据单元Protocol Data Unit PER 分组差错率packet error rate PEM Port Expansion Module PIR 分组插入率 packet insertion rate PI/SO Primary In/Secondary Out PLCP 物理层会聚协议Physical Layer Convergence Protocol PLR 分组丢失率packet loss rate PMD 物理媒体相关(子层)Physical Medium Dependent POH 通道开销 PON 无源光纤网 POP Post Office Protocol PO/SI Primary Out/Secondary In POTS 普通老式电话业务Plain Old Telephone Service PPD 部分舍弃分组数据包Partial Packet Discard PPP 点到点协议Point to Point Protocol PPTP 点对点隧道协议 PRM 每分钟可打印输出的页数Page Per Minute PRM 协议参考模型Protocol Reference Model PRN 分组无线网Packet Radio Network PSN 分组交换节点Packet Switch Node PSDN 分组交换数据网 PSTN 公用电话交换网Public Switched Telephone Network PVC 永久虚电路(包括PVPC和PVCC)Permanent Virtual Circuit PVPC permanent virtual path connection PVCC permanent virtual channel connection PVP 永久虚路径Permanent Virtual Path QoS 服务质量Quality of Service RADIUS 远端授权拨号上网用户服务 RARP 逆向地址解析协议Reverse Address Resolution Protocol RAS 远程访问服务器 RFC 请求评注Request for Comments RFT Request for Technology RIP Routing Information Protocol RMON 远程网络管理 Router 路由器 RPC 远程过程调用Remote Procedure Call RSVP 资源重复利用协议 RTMP Routing Table Maintenance Protocol(用于Appletalk) RTP 接收和发送端口 RTS 往返样本Round Trip Sample RTS 剩余时间标签 SAP 业务接入点Service Access Point SAP 服务公告协议Service Advertising Protocol SAR 分段和重组(子层) Segmentation and Reassembly SAS Single Attached Station SC Stick and Click connector SCR 信号串扰比 SCR 持续信元速率Sustained Cell Rate SCS 交换控制软件 SDH 同步数字系列Synchronous Digital Hierarchy SDLC 同步数据链路控制(协议) Advanced Data Communication Control Procedure SDTV 标准数字电视 SDU 业务数据单元Service Data Unit SIPP 增强的简单因特网协议Simple InternetProtocol Plus SLIP 串行线路IP Serial Line Interface Protocol SMDS 交换式多兆比特数据业务Switched Multimegabit Data Services SMF 单模光纤Single-mode Fiber SMI Structure of Management Information (MIB的结构) SMT 站点管理Station Management SMTP 简单邮件传输协议Simple Mail Transfer Protocol SNA 系统网络体系结构System Network Architecture SNMP 简单网络管理协议Simple Network Management Protocol SNR 信噪比Signal-Noise ratio SOH 段开销 SONET 同步光纤网络Synchronous Optical Network SPE 同步净荷包Synchronous Payload Envelope SPP 定序分组协议 (XNS中,相当于TCP)Sequential Packet Protocol SRTS 同步剩余时间标签法 SSCS 业务特定部分会聚子层 SSI 服务器端包含Server Side Include ST Stick and Turn connector STM 同步传输方式Synchronous Transfer Mode STP 屏蔽双绞线Shielded Twisted Pair STS 同步传输信号Synchronous Transport Signal SVC 交换虚电路Switched Virtual Circuit Switch 交换机 TAC Technical Assistance Center TAST 时间分配话音插空技术Time Assignment by Speech Interpolation TC 传输汇集(子层) Transmission Convergence TCP 传输控制协议Transmission Control Protocol TDM 时分多路复用Time Division Multiplexing TFTP 单纯文件传输协议Trivial File Transfer protocol TIP 终端接口处理机Terminal Interface Processor TP 双绞线Twisted Pair TSAP 传输层服务访问点Transport Service Access Point TTL 生存时间Time To Live TTR 定时令牌旋转 UBR 未定义比特率Undefined Bit Rate UEM 通用以太网模块Universal Ethernet Module UDP 用户数据报协议User Datagram Protocol UI Unix国际 UNI 用户-网络接口User-Network Interface UPC 使用参数控制Usage Parameter Control URL 统一资源定位Universal Resource Locator USB 通用串行总线Universal Serial Bus UTP 非屏蔽双绞线Unshielded Twisted Pair UUCP Unix to Unix Copy Program VAN 增值网Value Added Network VBR 可变比特率Variable Bit Rate VCC 虚信道连接Virtual Channel Connection VCI virtual channel identifier V-D 向量-距离(算法) 又叫Bellman-Ford算法)vector-distance VLAN Virtual LAN VLSI 超大规模集成电路 VOD 点播图像Video on Demand VPC 虚路径连接Virtual Path Connection VPI 虚路径标识virtual path identifier VPN 虚拟专用网络Virtual Private Network VRML 虚拟现实造型语言Virtual Reality Modeling Language VTP 虚拟隧道协议 WAN 广域网Wide Area Network WDM 波分多路复用Wavelength Division Multiplexing WDMA 波分多路访问Wavelength Division Multiple Access WRB Web请求代理Web Request Broker WWW 万维网World Wide Web XNS Xerox Network System。
华三MSR830配置
华三MSR830配置XJGZD_EG>dis enPassword:XJGZD_EG#so how runBuilding configuration...Current configuration: 15723 bytesversion 11.1(1)B1hostname XJGZD_EG!ip session filter 0flow-pre-mgr enableflow-pre-mgr protocol-enableflow-pre-mgr upload-pps-limit 0flow-pre-mgr new-session-limit start-up limit 0flow-pre-mgr new-session-limit virtual-host limit 0flow-pre-mgr new-session-limit real-host limit 0flow-pre-mgr total-limit 0flow-pre-mgr 1 subscriber any action trust total-limit 0 per-ip-limit 1000port-label Interactive port 7,23,37,107,179,513-514,1718-1720,2000-2003,2427,2727,5060,5631,5900-5903,6000 port-label Secure port 22,49,261,443,448,465,563,585,614,636,684,695,989-990,992-995,1701,1723,2252,2478-2479,2482,2484,2492,2679,2762,2998,3077-3078,3183,3191,3220,3269,3410,3424,3471,3496,3509,3529,353 9,3660-3661,3713,3747,3864,3885in-path rule pass-through dstport name Secure description Secure(bypass)in-path rule pass-through dstport name Interactive description Interactive(bypass)!interface-group 过载保护interface-member GigabitEthernet 0/5interface-member GigabitEthernet 0/4!no bypass couple 0!ip access-list standard 1--More-- 10 permit any!ip tcp keepalive!time-range anyperiodic Daily 0:00 to 23:59!time-range day_timeperiodic Daily 6:00 to 18:00!time-range night_timeperiodic Weekdays 0:00 to 5:59periodic Daily 18:01 to 23:59!time-range unwork_timeperiodic Weekdays 0:00 to 7:59periodic Weekdays 12:00 to 13:00 periodic Weekdays 18:01 to 23:59!time-range weekendperiodic Weekend 0:00 to 23:59!time-range work_timeperiodic Weekdays 8:00 to 12:00--More-- periodic Weekdays 13:00 to 18:00 !time-range working_timeperiodic Weekdays 0:00 to 23:59!no vwan loss-recover access-listno vwan loss-recover enablevwan loss-recover mss 1360!vwan mss 1360!web-auth template iportal!web-auth template eportalv1!no apm sample enableapm sample default interval 300apm sample url-topn send-time 1apm sample url-topn top 50!identify-application enableidentify-application terminate enable!identify-application key 网络游戏软件--More-- identify-application key DNS identify-application key ICMP-DETAIL identify-application key 安全协议identify-application key QQ应用identify-application key HTTP游戏identify-application key IP网络电话identify-application inhibitive P2P应用软件identify-application inhibitive 互联网文件传输identify-application inhibitive 下载工具_MOBILE identify-application inhibitive 网络硬盘identify-application inhibitive 软件更新identify-application inhibitive 视频流媒体软件identify-application inhibitive HTTP视频identify-application block 非法DNSidentify-application block 非法类网页identify-application other 即时通讯软件identify-application other 股票软件identify-application other WEB应用identify-application other 电子邮件协议identify-application other 数据库identify-application other 网络管理协议identify-application other 路由协议identify-application other VPN应用identify-application other 远程访问协议--More-- identify-application other 网银identify-application other 即时通讯_MOBILEidentify-application other 视频|影音_MOBILEidentify-application other 游戏_MOBILEidentify-application other 社交_MOBILEidentify-application other 网盘_MOBILEidentify-application other WEB_MOBILEidentify-application other 网购_MOBILEidentify-application other 证券_MOBILEidentify-application other 网上支付|网上银行_MOBILEidentify-application other 微博identify-application other 办公OAidentify-application other 视频会议identify-application other RFCidentify-application other IP-RAWidentify-application other IP协议组identify-application other 普通网页浏览明细!web-bbs-audit cache enable!url-filter-notice display 你被禁止访问这个网站,请联系网站管理员!url-audit exact-filterno url-rule apply-referer!--More-- url-class un_audit_classcomment unaudit!url-object un_audit_objectclass 软件升级class 脚本未知class un_audit_class!url-object illegalclass 暴力class 病毒class 成人class 赌博class 犯罪技能class 色情class 违反法律!content-policy _AUDIT_DEFAULTmail-rule audit-default-enableim-rule audit-default-enableweb-bbs-rule audit-default-enableweb-search-rule audit-default-enableweb-mail-rule audit-default-enableurl-rule audit-default-enable--More-- !content-policy _TOP_PRIORITYapp-rule 198 time-range any app-group any action permit audit vpn vipapp-rule 199 time-range any app-group any action permit audit vipapp-rule 200 time-range any app-group Block_Group action deny auditapp-rule 197 time-range any app-group Block_Group action deny audit vpnurl-rule 997 url-object un_audit_object time-range any action permit comment 不审计的网站url-rule 1000 url-object illegal time-range any action deny audit comment 黑名单网站策略!content-policy-relate relate auth-subscriber any policy _TOP_PRIORITYcontent-policy-relate relate subscriber any policy _TOP_PRIORITYcontent-policy-relate relate subscriber any policy _AUDIT_DEFAULT!cwmp!dev-audit enable!ip dhcp pool dhcp_1439956733298371lease 0 8 0network 172.17.1.0 255.255.255.0dns-server 61.128.114.134 8.8.8.8default-router 172.17.1.254!ip name-server 61.128.114.133--More-- ip name-server 8.8.8.8!dns-proxy!mail-service enablefeedback enablefeedback frequency 60flow-audit enableflow-audit intf-rt refresh 1flow-audit intf-rt storage 10 max!layer23 classify enable!layer23 flow-detect flow 0layer23 flow-detect time-interval 15!sam-online recycle 20sam-offline recycle 20!network-group name "Out_Server" parent "/"network-group name "阻断" parent "/" ip-host 192.168.11.17 !subscriber static name "Default_Group" parent "/"subscriber static name "without_auth_user" parent "/Default_Group" password 7 "050f0f2a0b2000061804075e051e022a3f16"--More-- subscriber static name "不受控" parent "/Default_Group"subscriber static name "郭亮手机1" parent "/Default_Group/不受控" mac 20a2.e440.f261subscriber static name "郭亮ipad" parent "/Default_Group/不受控" mac 848e.0cad.533asubscriber static name "郭亮台式机" parent "/Default_Group/不受控" mac fc4d.d42e.1742subscriber static name "郭亮手机2" parent "/Default_Group/不受控" mac 9067.1c66.425asubscriber static name "Vpn_Group" parent "/"subscriber static name "192.168.15.12" parent "/" ip-host192.168.15.12subscriber static name "192.168.15.17" parent "/" ip-host 192.168.15.17subscriber static name "192.168.15.11" parent "/" ip-host 192.168.15.11subscriber static name "192.168.11.17" parent "/" ip-host 192.168.11.17subscriber static name "192.168.16.107" parent "/" ip-host 192.168.16.107subscriber static name "192.168.1.9" parent "/" ip-host 192.168.1.9subscriber static name "192.168.1.7" parent "/" ip-host 192.168.1.7!subscriber set "郭亮手机1" attribute vipsubscriber set "郭亮ipad" attribute vipsubscriber set "郭亮台式机" attribute vipsubscriber set "郭亮手机2" attribute vip!subscriber allow "without_auth_user" privilege webauthsubscriber allow "郭亮手机1" privilege nonesubscriber allow "郭亮ipad" privilege nonesubscriber allow "郭亮台式机" privilege nonesubscriber allow "郭亮手机2" privilege none--More-- !sys-mode gateway!specify interface GigabitEthernet 0/0 lanspecify interface GigabitEthernet 0/1 lanspecify interface GigabitEthernet 0/2 lanspecify interface GigabitEthernet 0/3 lan specify interface GigabitEthernet 0/4 wan specify interface GigabitEthernet 0/5 wan specify interface GigabitEthernet 0/6 wan specify interface GigabitEthernet 0/7 wan !no nat-log enableno ip nat-log onservice password-encryption!ip http port 9090ip http secure-port 4430enable service web-server allenable service web-server httpenable service web-server https!control-planeef-rnfp enable--More-- anti-arp-spoof scan 20 attack threshold 500!control-plane protocolno acpp!control-plane manageno port-filterno arp-carno acpp!control-plane datano glean-carno acpp!clock timezone UTC +8 0!vpdn limit_rate 15!web quick-setwebmaster username admin password 7 04361c0b370d0f444074!flow-control Gi0/5comment tpl-ibar--More-- !channel-tree inboundno auto-pir enable!channel-group root parent null cir 200000 pir 200000 pri 4 per-net per-pir 2000 limit 1000channel-group key parent root cir 120000 pir 200000 pri 0 per-net per-pir 5000 limit 1000channel-group normal parent root cir 40000 pir 200000 pri 4 per-net per-pir 3000 limit 1000channel-group unkey parent root cir 20000 pir 180000 pri 7 per-net limit 1000channel-default normal!channel-tree outboundno auto-pir enable!channel-group root parent null cir 200000 pir 200000 pri 4 per-net per-pir 2000 limit 1000channel-group key parent root cir 120000 pir 200000 pri 0 per-net per-pir 5000 limit 1000channel-group normal parent root cir 40000 pir 200000 pri 4 per-net per-pir 3000 limit 1000channel-group unkey parent root cir 20000 pir 200000 pri 7 per-net per-pir 3000 limit 1000channel-default normal!flow-rule 1000 app-group Other_Group time-range anyflow-rule 1000 action pass in-channel normal out-channel normal default comment Match_Normal_Group_of_NON_VPN flow-rule 999 app-group Key_Group time-range anyflow-rule 999 action pass in-channel key out-channel key default comment Match_Key_Group_of_NON_VPNflow-rule 998 app-group Unkey_Group time-range any--More-- flow-rule 998 action pass in-channel unkey out-channel unkey default comment Match_Inhib_Group_of_NON_VPNflow-rule 992 subscriber VIP time-range anyflow-rule 992 action pass in-channel key out-channel key comment Match_VIP_Group_of_NON_VPNflow-rule 991 network-group Out_Server time-range anyflow-rule 991 action pass in-channel key out-channel key comment Match_Out_Server_of_NON_VPNflow-rule 900 app-group TC_AD_Key time-range anyflow-rule 900 action pass in-channel key out-channel key comment Match_AD_Key_of_NON_VPNflow-rule 900 disable!flow-control Gi0/4comment tpl-ibar!channel-tree inboundno auto-pir enable!channel-group root parent null cir 200000 pir 200000 pri 4 per-net per-pir 2000 limit 1000channel-group key parent root cir 120000 pir 200000 pri 0 per-net per-pir 5000 limit 1000channel-group normal parent root cir 40000 pir 200000 pri 4 per-net per-pir 3000 limit 1000channel-group unkey parent root cir 20000 pir 180000 pri 7 per-net limit 1000channel-default normal!channel-tree outboundno auto-pir enable!--More-- channel-group root parent null cir 200000 pir 200000 pri 4 per-net per-pir 2000 limit 1000channel-group key parent root cir 120000 pir 200000 pri 0 per-net per-pir 5000 limit 1000channel-group normal parent root cir 40000 pir 200000 pri 4 per-net per-pir 3000 limit 1000channel-group unkey parent root cir 20000 pir 200000 pri 7 per-net per-pir 3000 limit 1000channel-default normal!flow-rule 1000 app-group Other_Group time-range anyflow-rule 1000 action pass in-channel normal out-channel normal default comment Match_Normal_Group_of_NON_VPN flow-rule 999 app-group Key_Group time-range anyflow-rule 999 action pass in-channel key out-channel key default comment Match_Key_Group_of_NON_VPNflow-rule 998 app-group Unkey_Group time-range anyflow-rule 998 action pass in-channel unkey out-channel unkey default comment Match_Inhib_Group_of_NON_VPN flow-rule 992 subscriber VIP time-range anyflow-rule 992 action pass in-channel key out-channel key comment Match_VIP_Group_of_NON_VPNflow-rule 991 network-group Out_Server time-range anyflow-rule 991 action pass in-channel key out-channel key comment Match_Out_Server_of_NON_VPNflow-rule 900 app-group TC_AD_Key time-range anyflow-rule 900 action pass in-channel key out-channel key comment Match_AD_Key_of_NON_VPNflow-rule 900 disable!over-load-protect interface-group 过载保护enable secret 5 $1$7eyy$v2yq2y9pFwD0Ev08interface GigabitEthernet 0/0no ip unreachables--More-- no ip redirectsno ip mask-replyip address 172.16.1.1 255.255.255.0ip nat inside!interface GigabitEthernet 0/1 description To_HX_S5500_RC-gi1/no ip unreachablesno ip redirectsno ip mask-replyip address 172.16.0.2 255.255.255.0ip nat inside!interface GigabitEthernet 0/2no ip unreachablesno ip redirectsno ip mask-replyip address 172.17.1.254 255.255.255.0ip nat inside!interface GigabitEthernet 0/3!interface GigabitEthernet 0/4 description 电信1--More-- bandwidth 200000nexthop 218.31.200.1reverse-pathip address 218.31.200.122 255.255.255.128 ip nat outside!interface GigabitEthernet 0/5 description 电信2bandwidth 200000nexthop 124.118.249.65reverse-pathip address 124.118.249.126 255.255.255.0ip nat outside!interface GigabitEthernet 0/6!interface GigabitEthernet 0/7!interface SSLVPN 0!interface SSLVPN 1!ip nat pool nat_pool prefix-length 24address interface GigabitEthernet 0/4 match interface GigabitEthernet 0/4--More-- address interface GigabitEthernet 0/5 match interface GigabitEthernet 0/5!ip nat inside source static tcp 192.168.10.10 23 interface GigabitEthernet 0/4 23 permit-insideip nat inside source static tcp 192.168.1.240 8000 interface GigabitEthernet 0/4 8000 permit-insideip nat inside source static tcp 192.168.1.240 554 interface GigabitEthernet 0/4 554 permit-insideip nat inside source static tcp 192.168.1.240 81 interface GigabitEthernet 0/4 81 permit-insideip nat inside source static tcp 192.168.1.240 443 interface GigabitEthernet 0/4 443 permit-insideip nat inside source static tcp 192.168.1.122 122 interface GigabitEthernet 0/4 122 permit-insideip nat inside source static tcp 192.168.1.152 3389 interfaceGigabitEthernet 0/4 3389 permit-insideip nat inside source static tcp 192.168.1.173 9277 interface GigabitEthernet 0/4 9277 permit-insideip nat inside source static udp 192.168.1.173 9277 interface GigabitEthernet 0/4 9277 permit-insideip nat inside source static tcp 192.168.10.10 80 interface GigabitEthernet 0/4 9100 permit-insideip nat inside source static tcp 192.168.1.199 8080 interface GigabitEthernet 0/4 8080 permit-insideip nat inside source static udp 192.168.1.199 2001 interface GigabitEthernet 0/5 2001 permit-insideip nat inside source static tcp 192.168.1.199 2001 interface GigabitEthernet 0/5 2001 permit-insideip nat inside source static tcp 192.168.1.199 3001 interface GigabitEthernet 0/4 3001 permit-insideip nat inside source static udp 192.168.1.199 3001 interface GigabitEthernet 0/4 3001 permit-insideip nat inside source static tcp 192.168.1.199 2001 interface GigabitEthernet 0/4 2001 permit-insideip nat inside source static udp 192.168.1.199 2001 interface GigabitEthernet 0/4 2001 permit-insideip nat inside source static tcp 192.168.1.173 21 124.118.249.126 9288 permit-insideip nat inside source static udp 192.168.1.173 21 124.118.249.126 9288 permit-insideip nat inside source static udp 192.168.1.110 37778 interface GigabitEthernet 0/4 37778 permit-insideip nat inside source static tcp 192.168.1.110 37777 interface GigabitEthernet 0/4 37777 permit-insideip nat inside source list 1 pool nat_pool overload--More-- ip nat application source list 1 destination udp 0.0.0.0 53 dest-change 61.128.114.133 53!ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/4 218.31.200.1ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/5 124.118.249.65 ip route 172.16.0.0 255.255.0.0 172.16.0.1ip route 192.168.0.0 255.255.0.0 172.16.0.1!line con 0line vty 0 4loginpassword 7 111323081b442d704078!endXJGZD_EG#show ip nt int bInterface IP-Address(Pri) IP-Address(Sec) Status ProtocolGigabitEthernet 0/0 172.16.1.1/24 no address down down GigabitEthernet 0/1 172.16.0.2/24 no address up upGigabitEthernet 0/2 172.17.1.254/24 no address down down GigabitEthernet 0/3 no address no address down downGigabitEthernet 0/4 218.31.200.122/25 no address up upGigabitEthernet 0/5 124.118.249.126/24 no addressup upGigabitEthernet 0/6 no address no address up downGigabitEthernet 0/7 no address no address down downSSLVPN 1 no address no address down downSSLVPN 0 no address no address down downXJGZD_EG#int bXJGZD_EG#int b inXJGZD_EG#int conf tEnter configuration commands, one per line. End with CNTL/Z.XJGZD_EG(config)#intXJGZD_EG(config)#intXJGZD_EG(config)#interface ?Aggregateport Aggregate port interfaceDialer Dialer interfaceGigabitEthernet Gigabit Ethernet interfaceLoopback Loopback interfaceNull Null interfacerange Interface range commandSSLVPN SSLVPN interfaceTunnel Tunnel interfaceVirtual-ppp Virtual PPP interfaceVirtual-template Virtual Template interfaceXJGZD_EG(config)#interface aXJGZD_EG(config)#interface aggregateport ?<1-16> Aggregateport port numberXJGZD_EG(config)#interface aggregateport 1XJGZD_EG(config-if-AggregatePort 1)#?Interface configuration commands:arp ARP interface subcommandsarp-learning Dynamic arp learning abilitybandwidth Set bandwidth informational parametercarrier-delay Specify delay for interface transitionscrypto Apply crypto commanddampening Enable event dampeningdefault Set a command to its defaultsdescription Interface specific descriptiondldp Exec data link detection commanddns-proxy Dns proxy enabledo To run exec commands in config modeduplex Configure duplex operationend Exit from interface configuration modeexit Exit from interface configuration modefull-duplex Force full duplex operationhalf-duplex Force half duplex operationhelp Description of the interactive help systemip Interface Internet Protocol config commandsipv6 IPv6 interface subcommandsload-interval Specify interval for load calculation for an interfacemac-address Set mac-addressmtu Set the interface Maximum Transmission Unit (MTU)nexthop Configure interface gateway--More-- no Negate a command or set its defaultsntp Configure NTPpppoe Pppoe interface subcommandspppoe-client Pppoe clientreverse-path Enable reverse path limiteshow Show running system informationshutdown Shutdown the selected interfacesnmp Modify SNMP interface parametersspeed Configure speedoperationvlan-terminal Config vlan-terminalvrrp VRRP interface subcommandsXJGZD_EG(config-if-AggregatePort 1)#qu% Unknown command.XJGZD_EG(config-if-AggregatePort 1)#exitXJGZD_EG(config)#dis th% Unknown command.XJGZD_EG(config)#show diis thisBuilding configuration...!version 11.1(1)B1hostname XJGZD_EGip session filter 0flow-pre-mgr enableflow-pre-mgr protocol-enableflow-pre-mgr upload-pps-limit 0flow-pre-mgr new-session-limit start-up limit 0flow-pre-mgr new-session-limit virtual-host limit 0flow-pre-mgr new-session-limit real-host limit 0flow-pre-mgr total-limit 0flow-pre-mgr 1 subscriber any action trust total-limit 0 per-ip-limit 1000port-label Interactive port 7,23,37,107,179,513-514,1718-1720,2000-2003,2427,2727,5060,5631,5900-5903,6000 port-label Secure port 22,49,261,443,448,465,563,585,614,636,684,695,989-990,992-995,1701,1723,2252,2478-2479,2482,2484,2492,2679,2762,2998,3077-3078,3183,3191,3220,3269,3410,3424,3471,3496,3509,3529,3539,3660-3661,3713,3747,3864,3885in-path rule pass-through dstport name Secure description Secure(bypass)in-path rule pass-through dstport name Interactive description Interactive(bypass)interface-group 过载保护no bypass couple 0ip access-list standard 1ip tcp keepalivetime-range anytime-range day_timetime-range night_timetime-range unwork_time--More-- time-range weekendtime-range work_timetime-range working_timeno vwan loss-recover access-listno vwan loss-recover enablevwan loss-recover mss 1360vwan mss 1360web-auth template iportalweb-auth template eportalv1no apm sample enableapm sample default interval 300apm sample url-topn send-time 1apm sample url-topn top 50identify-application enableidentify-application terminate enableidentify-application key 网络游戏软件identify-application key DNSidentify-application key ICMP-DETAILidentify-application key 安全协议identify-application key QQ应用identify-application key HTTP游戏identify-application key IP网络电话identify-application inhibitive P2P应用软件identify-application inhibitive 互联网文件传输--More-- identify-application inhibitive 下载工具_MOBILE identify-application inhibitive 网络硬盘identify-application inhibitive 软件更新identify-application inhibitive 视频流媒体软件identify-application inhibitive HTTP视频identify-application block 非法DNSidentify-application block 非法类网页identify-application other 即时通讯软件identify-application other 股票软件identify-application other WEB应用identify-application other 电子邮件协议identify-application other 数据库identify-application other 网络管理协议identify-application other 路由协议identify-application other VPN应用identify-application other 远程访问协议identify-application other 网银identify-application other 即时通讯_MOBILEidentify-application other 视频|影音_MOBILEidentify-application other 游戏_MOBILEidentify-application other 社交_MOBILEidentify-application other 网盘_MOBILEidentify-application other WEB_MOBILEidentify-application other 网购_MOBILE--More-- identify-application other 证券_MOBILEidentify-application other 网上支付|网上银行_MOBILEidentify-application other 微博identify-application other 办公OAidentify-application other 视频会议identify-application other RFCidentify-application other IP-RAWidentify-application other IP协议组identify-application other 普通网页浏览明细web-bbs-audit cache enableurl-filter-notice display 你被禁止访问这个网站,请联系网站管理员!url-audit exact-filterno url-rule apply-refererurl-class un_audit_classurl-object un_audit_objecturl-object illegalcontent-policy _AUDIT_DEFAULTcontent-policy _TOP_PRIORITYcontent-policy-relate relate auth-subscriber any policy _TOP_PRIORITYcontent-policy-relate relate subscriber any policy _TOP_PRIORITYcontent-policy-relate relate subscriber any policy _AUDIT_DEFAULTcwmpdev-audit enableip dhcp pool dhcp_1439956733298371--More-- ip name-server 61.128.114.133ip name-server 8.8.8.8dns-proxymail-service enablefeedback enablefeedback frequency 60flow-audit enableflow-audit intf-rt refresh 1flow-audit intf-rt storage 10 maxlayer23 classify enablelayer23 flow-detect flow 0layer23 flow-detect time-interval 15sam-online recycle 20sam-offline recycle 20network-group name "Out_Server" parent "/"network-group name "阻断" parent "/" ip-host 192.168.11.17 subscriber static name "Default_Group" parent "/"subscriber static name "without_auth_user" parent "/Default_Group" password 7 "06113717271a07333a135f19292d3b2d1656"subscriber static name "不受控" parent "/Default_Group"subscriber static name "郭亮手机1" parent "/Default_Group/不受控" mac 20a2.e440.f261subscriber static name "郭亮ipad" parent "/Default_Group/不受控" mac 848e.0cad.533asubscriber static name "郭亮台式机" parent "/Default_Group/不受控" mac fc4d.d42e.1742subscriber static name "郭亮手机2" parent "/Default_Group/不受控" mac 9067.1c66.425asubscriber static name "Vpn_Group" parent "/"--More-- subscriber static name "192.168.15.12" parent "/" ip-host 192.168.15.12subscriber static name "192.168.15.17" parent "/" ip-host 192.168.15.17subscriber static name "192.168.15.11" parent "/" ip-host 192.168.15.11subscriber static name "192.168.11.17" parent "/" ip-host 192.168.11.17subscriber static name "192.168.16.107" parent "/" ip-host 192.168.16.107subscriber static name "192.168.1.9" parent "/" ip-host 192.168.1.9 subscriber static name "192.168.1.7" parent "/" ip-host 192.168.1.7subscriber set "郭亮手机1" attribute vipsubscriber set "郭亮ipad" attribute vipsubscriber set "郭亮台式机" attribute vipsubscriber set "郭亮手机2" attribute vipsubscriber allow "without_auth_user" privilege webauthsubscriber allow "郭亮手机1" privilege nonesubscriber allow "郭亮ipad" privilege nonesubscriber allow "郭亮台式机" privilege nonesubscriber allow "郭亮手机2" privilege nonesys-mode gatewayspecify interface GigabitEthernet 0/0 lanspecify interface GigabitEthernet 0/1 lanspecify interface GigabitEthernet 0/2 lanspecify interface GigabitEthernet 0/3 lanspecify interface GigabitEthernet 0/4 wanspecify interface GigabitEthernet 0/5 wanspecify interface GigabitEthernet 0/6 wan--More-- specify interface GigabitEthernet 0/7 wanno nat-log enableno ip nat-log onservice password-encryptionip http port 9090ip http secure-port 4430enable service web-server allenable service web-server httpenable service web-server httpscontrol-planecontrol-plane protocolcontrol-plane managecontrol-plane dataclock timezone UTC +8 0vpdn limit_rate 15web quick-setwebmaster username admin password 7 06073a0e261b32765741flow-control Gi0/5flow-control Gi0/4over-load-protect interface-group 过载保护enable secret 5 $1$7eyy$v2yq2y9pFwD0Ev08interface GigabitEthernet 0/0interface GigabitEthernet 0/1interface GigabitEthernet 0/2--More-- interface GigabitEthernet 0/3interface GigabitEthernet 0/4interface GigabitEthernet 0/5interface GigabitEthernet 0/6interface GigabitEthernet 0/7interface AggregatePort 1interface SSLVPN 0interface SSLVPN 1ip nat pool nat_pool prefix-length 24ip nat inside source static tcp 192.168.10.10 23 interface GigabitEthernet 0/4 23 permit-insideip nat inside source static tcp 192.168.1.240 8000 interface GigabitEthernet 0/4 8000 permit-insideip nat inside source static tcp 192.168.1.240 554 interface GigabitEthernet 0/4 554 permit-insideip nat inside source static tcp 192.168.1.240 81 interface GigabitEthernet 0/4 81 permit-insideip nat inside source static tcp 192.168.1.240 443 interface GigabitEthernet 0/4 443 permit-insideip nat inside source static tcp 192.168.1.122 122 interface GigabitEthernet 0/4 122 permit-insideip nat inside source static tcp 192.168.1.152 3389 interface GigabitEthernet 0/4 3389 permit-insideip nat inside source static tcp 192.168.1.173 9277 interface GigabitEthernet 0/4 9277 permit-insideip nat inside source static udp 192.168.1.173 9277 interface GigabitEthernet 0/4 9277 permit-insideip nat inside source static tcp 192.168.10.10 80 interface GigabitEthernet 0/4 9100 permit-insideip nat inside source static tcp 192.168.1.199 8080 interface GigabitEthernet 0/4 8080 permit-insideip nat inside source static udp 192.168.1.199 2001 interface GigabitEthernet 0/5 2001 permit-insideip nat inside source static tcp 192.168.1.199 2001 interface。
F5配置SNAT实例
新建 virtual server :client_VS : 192.168.10.237:0 VS 关联一个 irule:isnat_rule2,内容如下: rule isnat_rule2 { when CLIENT_ACCEPTED { set MYPORT [TCP::local_port] log local0. “port is $MYPORT” switch $MYPORT { 80{ Snatpool snatpool_80 Pool http } 21 { Snatpool snatpool_21 Pool ftp_pool } Default { Snatpool internal_snat_pool Pool http } } } }
此方案配置完成后,BIG-IP 系统会做如下动作:
(如从 server 访问 client 的 HTTP 服务)
一个 HTTP 请求从 server 端到达 BIG-IP 系统,命中 VS 0.0.0.0:0; ISNAT_Rule 被引用,检查请求数据包,BIG-IP 系统被中 SNATPool_80 和负载均衡 pool
}
3. 需求三:iSNAT 功能(server 访问 client),一个内网节点转换成多个源地址 解决方案 1: 新建必要的出向的 pool(将访问的目的地址+端口 做成 pool 形式,以便 irule 调用) Pool http_pool {member 172.16.10.71:80} Pool ftp_pool {member 172.16.10.71:21} 新建必要的 snatpool:
深信服下一代防火墙AF 快速安装手册
SANGFOR NGAF 快速安装手册
0
技术支持说明
为了让您在安装,调试、配置、维护和学习 SANGFOR 设备时,能及时、快速、有效 的获得技术支持服务,我们建议您:
SANGFOR 技术论坛: 公司网址: 技术支持服务热线: 400-630-6430(手机、固话均可拨打) 邮箱:support@
1
目录
技术支持说明................................................................................................................................... 1 声明 .................................................................................................................................................. 3 前言 .................................................................................................................................................. 4 第 1 章 NGAF 系列硬件设备的安装 .......................................................
Cisco思科常用英文缩写及英语单词大全(中英文)
A10BaseT 10M bit/s基带以太网规范,采用两对双绞线(类型3、4或5):一对线用于传输数据,另一对线用于接收数据。
作为IEEE 802.3规范的一部分的10BaesT,其每段的距离限制大约为328英尺(100m)。
802.x 定义局域网协议的一套IEEE标准。
AAA 验证、授权和统计。
此网络安全服务提供了一个主要框架,通过它可以控制对路由器和接入服务器的访问。
两种主要的AAA是TACACS+和RADIUS。
ABR 区域边界路由器。
位于一个或多个OSPF区域边界上、将这些区域连接到主干网络的路由器。
ABR被认为同时是OSPF主干和相连区域的成员。
因此,它们同时维护着描述主干拓扑和其他区域拓扑的路由选择表。
访问层(access layer)在体系化网络中为工作组/用户提供到网络的访问的分层。
访问列表(access list)路由器和交换机所保持的列表用来针对一些进出路由器或交换机的服务(如组织某个IP地址的分组从路由器或交换机的特定端口出发)做访问控制。
访问方法(access methed)一般来说是指网络设备访问网络介质的方法。
访问服务器(access server)将异步设备通过网络和终端仿真软件连接到局域网或广域网上的通信处理器。
能对所支持的协议进行同步和异步路由。
有时也被称为网络访问服务器(NAS)统计(accounting)跟踪可以连接和恶意行为的方法。
统计管理(accounting management)ISO为OSI网络管理所定义的5种网络管理类型之一。
统计管理子系统负责收集有关资源使用的网络数据。
准确性(accuracy)在系统上被正确地传输的有用数据流与包括传输错误在内的总数数据流的百分比。
ACK 1. TCP分段中的确认位。
2. 参见acknowledgment(确认)。
确认(acknowledgment)从一台网络设备发往另一台网络设备的通知,用来确认某个事件的发生(例如,一条消息的接收)。
H3C IGMP Snooping配置
目录
目录
第 1 章 IGMP Snooping配置 ...................................................................................................1-1 1.1 IGMP Snooping简介 .......................................................................................................... 1-1 1.1.1 IGMP Snooping原理................................................................................................ 1-1 1.1.2 IGMP Snooping基本概念 ........................................................................................ 1-2 1.1.3 IGMP Snooping工作机制 ........................................................................................ 1-3 1.1.4 交换机对组播协议报文的特殊处理规则 ................................................................... 1-6 1.1.5 协议规范 .................................................................................................................. 1-6 1.2 IGMP Snooping配置任务简介............................................................................................ 1-6 1.3 配置IGMP Snooping基本功能............................................................................................ 1-7 1.3.1 配置准备 .................................................................................................................. 1-7 1.3.2 使能IGMP Snooping................................................................................................ 1-8 1.3.3 配置IGMP Snooping版本 ........................................................................................ 1-8 1.4 配置IGMP Snooping端口功能............................................................................................ 1-9 1.4.1 配置准备 .................................................................................................................. 1-9 1.4.2 配置动态端口老化定时器......................................................................................... 1-9 1.4.3 配置静态端口......................................................................................................... 1-10 1.4.4 配置模拟主机加入.................................................................................................. 1-11 1.4.5 配置端口快速离开.................................................................................................. 1-12 1.5 配置IGMP Snooping查询器 ............................................................................................. 1-13 1.5.1 配置准备 ................................................................................................................ 1-13 1.5.2 使能IGMP Snooping查询器................................................................................... 1-14 1.5.3 配置IGMP查询和响应............................................................................................ 1-14 1.5.4 配置IGMP查询报文源IP地址 ................................................................................. 1-16 1.6 配置IGMP Snooping策略 ................................................................................................. 1-16 1.6.1 配置准备 ................................................................................................................ 1-16 1.6.2 配置组播组过滤器.................................................................................................. 1-16 1.6.3 配置组播数据报文源端口过滤 ............................................................................... 1-17 1.6.4 配置丢弃未知组播数据报文 ................................................................................... 1-18 1.6.5 配置IGMP成员关系报告报文抑制.......................................................................... 1-20 1.6.6 配置端口加入的组播组最大数量............................................................................ 1-20 1.6.7 配置组播组替换 ..................................................................................................... 1-21 1.7 IGMP Snooping显示和维护 ............................................................................................. 1-22 1.8 IGMP Snooping典型配置举例.......................................................................................... 1-23 1.8.1 组策略及模拟主机加入配置举例............................................................................ 1-23 1.8.2 静态路由器端口配置举例....................................................................................... 1-25 1.8.3 IGMP Snooping查询器配置举例............................................................................ 1-28
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Network Working Group W. Behl Request for Comments: 1538 McDATA Corporation Category: Informational B. Sterling McDATA Corporation W. Teskey I/O Concepts October 1993 Advanced SNA/IP : A Simple SNA Transport ProtocolStatus of this MemoThis memo provides information for the Internet community. It doesnot specify an Internet standard. Distribution of this memo isunlimited.AbstractThis RFC provides information for the Internet community about amethod for establishing and maintaining SNA sessions over an IPinternet. While the issues discussed may not be directly relevant to the research problems of the Internet, they may be interesting to anumber of researchers and implementors. Any questions or commentsrelative to the contents of this RFC may be sent to the followingInternet address: snaip@.Table of Contents1. Introduction (2)2. Motivation and Rationale (2)3. SNA/IP Protocol Specification (3)3.1 Glossary (3)3.2 Conventions and Assumptions (3)3.3 The Protocol (3)3.3.1 Connection Establishment (3)3.3.2 Data Transfer (5)3.3.3 Connection Termination and Loss (6)3.3.4 Session Data Flow (7)3.3.5 State Transition Table for the Initiating Node (8)4. LLC to SNA/IP Conversion (8)5. Performance (8)6. VTAM Definition (9)7. Acknowledgments (9)8. References (9)9. Security Considerations (10)10. Authors’ Addresses (10)11. Disclaimer (10)Behl, Sterling & Teskey [Page 1]1. IntroductionAdvanced SNA/IP suggests a method for the transmission of SNA session data over an IP network. This memo documents the SNA/IP protocol as implemented in the McDATA LinkMaster(R) 6200 Network Gateway, McDATA LinkMaster(R) 7100 Network Controller, and I/O Concepts X-DirectTN3270 Server.Advanced SNA/IP differs from other protocols designed to enablerouting of SNA session traffic over an IP network. SNA/IP wasoriginally designed for implementation in peripheral network nodeslike SNA gateways and downstream nodes (DSNs). It is the authors’view, however, that SNA/IP could also be implemented in intermediate network nodes like routers as the base for an LLC to IP subnetgateway or data link switch function.2. Motivation and RationaleThe token-ring media access control (MAC) protocol 802.5 and logical link control (LLC) protocol 802.2 were the first set of LAN protocols used to provide a reliable and connection-oriented data link service for SNA sessions in a LAN environment.McDATA’s experience with transporting SNA over 802.5 networks led to an 802.3/802.2 (Ethernet) based variation. As prospective customers were introduced to these Ethernet products, the question ofroutability arose. Network administrators, accustomed to workingwith Ethernet networks and the IP-based protocols, required an IProutable solution. McDATA’s "SNA over Ethernet" products werebridgeable, but were not routable.SNA sessions require a reliable and connection-oriented data link.TCP running over IP provides a reliable and connection-orientedtransport service and has the added benefit of being routable. Itseemed the UDP and TCP protocols could be used in place of 802.2 Type I and Type II levels of service used in traditional SNA token-ringimplementations. Advanced SNA/IP was created as a result of theseobservations.Behl, Sterling & Teskey [Page 2]3. SNA/IP Protocol Specification3.1. GlossaryData Link Switching (DLSw) - This is best described as a routingprotocol used for the conversion of LLC-based SNA sessions to an IPform. The initial version of the DLSw protocol is documented in the informational RFC 1434 [1].Downstream Node (DSN) - An SNA Physical Unit (PU) type 2.0 or 2.1device connected to the SNA network via a LAN (802.5, 802.3, etc.) as opposed to an SDLC, X.25, or channel connection.SNA Gateway - A device that provides a data link control (DLC)conversion function for SNA PU type 5 (host) devices and LAN-attached DSNs.Subnet SNA Gateway - A device connected to both a traditional SNAtoken-ring segment and an IP network that performs local termination of the LLC connections, a mapping function of source address todestination IP address, and a conversion (switching) function of LLC to IP.3.2. Conventions and AssumptionsFrame formats are shown starting with the IP header. Other headerswill, of course, appear in the actual frames sent, but these headers, and the numbers of them, will vary across MAC types.It is assumed the reader is familiar with both the standard SNAprotocol (to the extent it applies to SNA Gateway and DSN functions) and the base set of TCP/IP protocols. Where practical, the reader is asked to refer to appropriate SNA and TCP/IP documentation.3.3. The ProtocolConceptually, there are three phases to the Advanced SNA/IP protocol: the Connection Establishment phase, the Data Transfer phase, and the Connection Termination phase.3.3.1. Connection EstablishmentConnection Establishment involves the exchange of logical XID packets between the connecting end nodes and culminates in the establishment of a TCP connection. This process is similar to the IBM-specifiedTest, XID, SABME and UA exchange used to establish a Type II 802.2connection for SNA traffic [2]. In place of the 802.2 Type Imessages, SNA/IP defines the following set of UDP datagrams:Behl, Sterling & Teskey [Page 3]Logical Null XIDUse: Sent by an initiating node (such as a DSN) when theconnection to another SNA node is desired.The Logical Null XID communicates the sending node’sdesire to negotiate connection parameters. Once thoseparameters are established, the Logical Null XIDcommunicates the sender’s TCP port to which a connectionis to be made.Format:------------------------------------| IP Header | UDP Header | 0xBF |------------------------------------Source IP address: The IP address of the initiatingnode.Destination IP address: The IP address of the partner SNAnode.Source UDP Port: Must match the TCP port number to beused in the eventual TCP connection.Destination UDP Port: A known port on the partner nodethat expects SNA/IP datagrams.XID RequestUse: Sent in response to a Logical Null XID and requests thereceiving node to send a Logical SNA XID datagram.Format:------------------------------------| IP Header | UDP Header | 0xBF |------------------------------------The source and destination IP and UDP port numbers follow,logically, from those provided in the Logical Null XIDdatagram.The format of the XID Request and Logical Null XID are thesame. The two types are distinguished by the roles assumed bythe two nodes. In current implementations, the DSN initiatesthe XID exchange by sending the Logical Null XID. The SNAGateway responds with the XID request.Behl, Sterling & Teskey [Page 4]Logical SNA XIDUse: Sent in response to an XID Request and in the context ofSNA XID negotiation.Format:----------------------------------------------------| IP Header | UDP Header | 0xBF | SNA XID data |----------------------------------------------------For PU 2.0 nodes, the SNA XID data consists of a Format 0 XID[3].For PU 2.1 nodes, the SNA XID data consists of a Format 3 XID[3].A typical Connection Establishment data flow appears below.Node 1 Node 2Logical Null XID -------------------------><------------------------ XID RequestLogical SNA XID --------------------------><------------------------ TCP SYNTCP SYN ACK -----------------------------><------------------------ TCP ACKNote: The source UDP port of the Logical Null XID equals thedestination TCP port of the TCP SYN segment.Retries of the Logical Null XID by the initiating node should occurperiodically until an XID Request is received in reply. The frequency of the retries is left up to the implementor. The lower bound on the retry timer should be more than the expected round trip time for apacket on the network.3.3.2. Data TransferThere are no special packets defined for the Data Transfer phase.Once the TCP connection is established, SNA Request Units (RUs) maybe exchanged between the two end nodes. The SNA session data appears as TCP segment data. The only added SNA/IP requirement is that each SNA message consisting of a Transmission Header (TH),Request/Response Header (RH) and an optional Request/Response Request Unit (RU) be preceded by a two octet length field. Examples of Data Behl, Sterling & Teskey [Page 5]Transfer frames are shown below.-------------------------------------------------------| IP Header | TCP Header | SNA Msg 1 len | SNA Msg 1 |-----------------------------------------------------------------------------------------------------| IP Header | TCP Header | SNA Msg 1 cont’d ->------------------------------------------------------------------------------| SNA Msg 2 len | SNA Msg 2 |--------------------------------The length field is passed in big endian format. 0 is a valid length value.The format of the SNA Message pieces are as defined by SNA [3].Reliable and sequential delivery of data is provided by the TCPprotocol [5,6].3.3.3. Connection Termination and LossEither SNA node may, at any time, terminate the logical SNAconnection by issuing a TCP-level FIN segment. Dictates of the TCPprotocol apply to this termination process [5,6].A connection is also terminated, though not as cleanly, if a TCPReset segment is sent by either SNA node.Once a connection is terminated, a new connection may be established by the process outlined in the Connection Establishment section. For reconnections made to the LinkMaster 6200 gateway, the same UDPsource port must be used by the initiating node. This implies thatthe same TCP port is used. This requirement stems from the fact thegateway may not always be aware that a TCP connection has beenterminated. This would happen if the DSN became disabled prior tosending a FIN or Reset segment. Under these circumstances, SNA host resources remain allocated and a reconnection from a DSN, which thehost believes to already be in session, is not allowed. By requiring the DSN to use the same port when reestablishing a connection, theLinkMaster 6200 is able to recognize when a reset of the hostconnection is required.Behl, Sterling & Teskey [Page 6]3.3.4. Complete Session Data FlowNode 1 Node 2Logical Null XID ------------------------->(UDP Datagram)Logical Null XID ------------------------->(UDP Datagram)<------------------------ XID Request(UDP Datagram)Logical SNA XID -------------------------->(UDP Datagram)<------------------------ TCP SYN(TCP Message)TCP SYN ACK ----------------------------->(TCP Message)<------------------------ TCP SYN(TCP Message)****************** Connection Established *******************<------------------------ SNA ACTPU(TCP Message)SNA ACTPU Response --------------------->(TCP Message)<------------------------ SNA ACTLU(TCP Message)SNA ACTLU Response --------------------->(TCP Message)...<------------------------ TCP FIN(TCP Message)TCP FIN ACK ------------------------>(TCP Message)<------------------------ TCP ACK(TCP Message)******************** Connection Closed *********************Logical Null XID ----------------------->(UDP Datagram)....Behl, Sterling & Teskey [Page 7]3.3.5. State Transition Table for the Initiating NodeTransition StateGiven State | No Conn | Null XID Sent | SNA XID Sent | Conn Estb------------+---------+---------------+--------------+-----------No | | Internal Act. | |Connection | | Stimulus | || | ---> Sends | || | 1st Null XID | |------------+---------+---------------+--------------+-----------Null XID | | Internal | XID Request |Sent | | Timer Event | Received || | ----> Resend | ----> Sends || | Null XID | SNA XID |------------+---------+---------------+--------------+-----------SNA XID | | Internal | SNA XID | IndicationSent | | Timer Event | Received | that TCP| | ----> Resend | ----> Send | connection| | Null XID | SNA XID | is estb.| | | |------------+---------+---------------+--------------+-----------Connection | Indica- | | | SNAEstablished | tion | | | Session| that | | | Data| TCP conn| | || term. | | |A gateway state transition table is not provided here because thestate transitions are dependent on the nature of the SNA hostinterface (3172 Channel Protocol, 3174 Channel Protocol, SDLC, etc.).4. LLC to SNA/IP ConversionThe use of Advanced SNA/IP to convert conventional token ring- based SNA traffic to a routable form is both conceivable and practical.While interesting, a discussion of this application falls outside the context of this RFC. Very briefly, it can be said that an SNA/IP-based "subnet SNA gateway" application could do many of the thingsbeing discussed in the context of the DLSw specification [1].5. PerformanceThe performance of SNA sessions running over an SNA/IP connectionwill be affected by the bandwidth available on the network and by how much traffic is on the network. SNA/IP is poised to take fulladvantage of the prioritization and class of service enhancementspromised in the next generation of IP. Today, SNA/IP can takeBehl, Sterling & Teskey [Page 8]advantage of router packet prioritization schemes based on portnumber. SNA/IP also leaves intact the standard SNA class of service prioritization protocol.Performance measures taken at McDATA comparing the throughput ofSNA/IP and LLC across a single token-ring segment showedapproximately a 15 percent decrease in the maximum transactions perhour (1500 bytes to the DSN, 50 bytes out to the host) for SNA/IP.This decrease is well within the expected levels given the addedprocessing requirements of TCP/IP over LLC in the LinkMaster 6200 and LinkMaster 7100 operating environments.6. VTAM DefinitionThe host VTAM definition of SNA/IP downstream nodes is dependent onthe gateway implementation. Downstream nodes may appear as switched major nodes connected to an XCA or as downstream nodes connected to a PU 2.0 controller [4].7. AcknowledgmentsThe authors wish to acknowledge that the definition of SNA/IP was acollaborative effort involving many individuals ranging fromcustomers to sales and marketing personnel to engineers. Particularthanks go to David Beal, Steve Cartwright, Tracey Floming, AudreyMcEwen, Mark Platte, Paul Schroeder, Chuck Weil, and Marty Wright,who all played key roles in the development and testing of thisprotocol and also in the editing of this RFC.8. References[1] Dixon, R., and D. Kushi, "Data Link Switching: Switch-to-SwitchProtocol", RFC 1434, IBM, March 1993.[2] "Token-Ring Network Architecture Reference", IBM document #SC30- 3374-02.[3] "Systems Network Architecture Formats", IBM document #GA27-3136- 12.[4] "VTAM Resource Definition Reference", IBM document #SC31-6438-1.[5] Comer, D., "Internetworking with TCP/IP Volume I", Prentice Hall 1991.[6] Postel, J., "Transmission Control Protocol - DARPA InternetProgram Protocol Specification", STD 7, RFC 793, USC/Information Sciences Institute, September 1981.Behl, Sterling & Teskey [Page 9]9. Security ConsiderationsThis RFC does not address issues of security. SNA level securityprocedures and protocols apply when SNA/IP is used as the transport.10. Authors’ AddressesWilfred Behl310 Interlocken ParkwayBroomfield, Colorado 80021Phone: 303-460-4142Email: wil@Barbara Sterling310 Interlocken ParkwayBroomfield, Colorado 80021Phone: 303-460-4211Email: bjs@William Teskey2125 112th Ave. North EastSuite 303Bellevue, WA 98004Phone: 206-450-0650Email: wct@Note: Any questions or comments relative to the contents of this RFC should be sent to snaip@. This address will be used tocoordinate the handling of responses.11. DisclaimerMcDATA, the McDATA logo, and LinkMaster are registered trademarks of McDATA Corporation. All other product names and identifications aretrademarks of their respective manufacturers, who are not affiliated with McDATA Corporation.Behl, Sterling & Teskey [Page 10]。