A:ALA-48>config>service>ies# info
----------------------------------------------
interface "test123" create
address 10.10.42.41/24
local-proxy-arp
proxy-arp
policy-statement "ProxyARP"
exit
sap 1/1/7:0 create
anti-spoof ip
exit
arp-populate
dhcp
lease-populate 1
no shutdown
exit
exit
no shutdown
----------------------------------------------
A:ALA-48>config>service>ies#
A:ALA-48>config>service# info
----------------------------------------------
vpls 800 customer 6001 create
description "VPLS with residential split horizon for DSL"
stp
shutdown
exit
sap 2/1/4:100 split-horizon-group "DSL-group2" create
description "SAP for RSHG"
mac-pinning
exit
no shutdown
----------------------------------------------
A:ALA-48>config>service#
A:ALA-48>config>service# info
----------------------------------------------
vpls 800 customer 6001 create
no shutdown
split-horizon-group "mygroup" create
restrict-protected-src
exit
description "VPLS with residential split horizon for DSL"
mac-protect
mac 00:00:17:FE:82:D8
mac 93:33:00:00:BF:92
exit
----------------------------------------------
A:ALA-48>config>service#
A:ALA-48>config>service# info
----------------------------------------------
vpls 800 customer 6001 create
no shutdown
description "VPLS with restricted access on a SAP"
mac-protect
mac 00:00:17:FE:82:D8
mac 93:33:00:00:BF:92
exit
sap 1/1/4:30 create
restrict-unprotected-dst
exit
----------------------------------------------
A:ALA-48>config>service#
Figure 26 displays an IP filter entry configuration for VPLS redirect policy.
A:ALA-A>config>filter# info
----------------------------------------------
ip-filter 10
default-action forward
entry 10
match
dscp be
exit
action forward next-hop sap 1/1/1:100
exit
exit
exit
ip-filter 11
default-action forward
entry 10
match
dscp be
exit
dscp be
exit
action forward next-hop sap 1/1/2:100
exit
exit
---------------------------------------------
A:ALA-A>config>filter#
A:ALA-A>config>service>vpls# info
----------------------------------------------
vpls 10 customer 1 create
description “vpls10”
sap 1/2/3:100 create
ingress ip filter 10
exit
sap 1/1/1:100 create
exit
sap 1/1/2:100 create
exit
mesh-sdp 100:10 create
ingress ip filter 11
exit
exit
exit
----------------------------------------------
A:ALA-A>config>service>vpls#
The implementation of proxy ARP with support for local proxy ARP allows the 7750 SR to respond to ARP requests in the subnet assigned to an IES
or VPRN interface.
A:ALA-48>config>service>ies# info
----------------------------------------------
interface "test123" create
address 10.10.42.41/24
local-proxy-arp
proxy-arp-policy "ProxyARP"
exit
exit
no shutdown
----------------------------------------------
A:ALA-48>config>service>ies#
When local proxy ARP is enabled on an IP interface, the 7750 SR responds to all ARP requests for IP addresses belonging to the subnet with it's own MAC address, and forwards all traffic between hosts in that subnet. Local proxy ARP is disabled by default.
Note: When local-proxy-arp is enabled under a IES or VPRN service, all ICMP redirects on the ports associated with the service are automatically blocked. This prevents users from learning each other's MAC address (from ICMP redirects).
A:ALA-A>config>service>ies# info
----------------------------------------------
interface "test" create
shutdown
address 10.10.36.2/24
local-proxy-arp
exit
----------------------------------------------
A:ALA-A>config>service>ies#
When ARP reply agent is enabled, the 7750 SR will respond to ARP requests from the network, with information from the DHCP lease state table.
A:ALA-48>config>service# info
----------------------------------------------
...
vpls 800 customer 6001 create
description "VPLS with ARP Reply Agent active"
sap 2/1/4:100 split-horizon-group "DSL-group2" create
arp-reply-agent sub-ident
exit
sap 3/1/4:200 split-horizon-group "DSL-group2" create
arp-reply-agent sub-ident
exit
no shutdown
...
----------------------------------------------
A:ALA-48>config>service#
A:ALA-49>config>service>ies# info
----------------------------------------------
interface "test-1A" create
address 10.10.26.3/24
remote-proxy-arp
exit
no shutdown
----------------------------------------------
A:ALA-49>config>service>ies#
A:ALA-1>config>service>ies>if# info
----------------------------------------------
arp-populate
dhcp
description "snooping_only"
lease-populate 1
no shutdown
exit
----------------------------------------------
A:ALA-1>config>service>ies>if#
A:ALA-1>config>service>vprn>if# info
----------------------------------------------
dhcp
description "test"
lease-populate 1
no shutdown
exit
----------------------------------------------
A:ALA-1>config>service>ies>if#
Configuring Web Portal Redirect
A:ALA-A>config>filter# info
----------------------------------------------
ip-filter 10 create
description “filter to forward DNS and web traffic to my portal; redirect all
other web traffic to the portal and drop everything else”
default-action drop
entry 10 create
description “allows DNS traffic”
match protocol 17
dst-port 53
exit
action forward
exit
entry 20 create
description “allows web traffic destined to portal (IP address 10.0.0.1)”
match protocol 6
dst-port eq 80
dst-ip 10.0.0.1
exit
action forward
exit
entry 30
description “redirects all web traffic to portal”
match protocol 6
dst-port eq 80
exit
action http-redirect http://www.myportal.com/defaultportal
/login.cgi?ip=$IP&mac=$MAC&orig_url=$URL&usb=$SUB
exit
exit
----------------------------------------------
A:ALA-A>config>filter#
→
|
The 7750 SR will intercept the HTTP GET from the subscriber and respond with an HTTP 302 (temporarily moved) with the URL configured in the filter entry. This URL can contain some variables, notably the customer IP and MAC addresses to allow the portal to create an entry for the customer. The original requested URL is also included to redirect the client site back to the original requested site when the process is done.
|
A:ALA-A>config>service>vpls# info
----------------------------------------------
vpls 3 customer 6 create
description "VPLS with web portal redirection filter applied"
sap 2/1/5:0 create
ingress
filter ip 10
exit
exit
no shutdown
exit
----------------------------------------------
A:ALA-A>config>service>vpls#