Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure synchronous serial interface with Frame Relay encapsulation in SSG devices?

0

0

Article ID: KB11208 KB Last Updated: 10 Jun 2010Version: 3.0
Summary:
This article provides an example of how to make a simple configuration of synchronous serial interface using Frame Relay encapsulation in the SSG series Juniper Firewall platforms.
Symptoms:
Configure synchronous serial interface with Frame Relay encapsulation in the SSG series and be able to have IP connectivity using simple configuration.
Solution:
The example provided is based on a connection between SSG20 and SSG350M according to the diagram below. It's a basic example using the configuration defaults whenever possible. X.21 interfaces are used. (The configuration is the same if SSG350M is replaced by SSG140 or SSG500 series).


diagram


SSG20 platform supports the Single-port Serial mini PIM (http://www.juniper.net/products/integrated/dsheet/100198.pdf)

NOTE: this card only supports DTE mode, so it's not possible to connect two SSG20's back to back.

SSG140, SSG300 series and SSG500 series support the Dual-port Synchronous Serial PIM (http://www.juniper.net/products/jseries/dsheet/100116.pdf).

1. Serial Interface Configuration:

SSG20 Configuration:

        Mode: SSG20 is DTE by default so no configuration is necessary.

        Clocking Mode: For X.21 interfaces the clocking-mode must be set to "loop" for DTE, but it's already default configuration so no extra configuration is necessary

SSG350M Configuration:

        Mode: SSG350M is DCE by default so no configuration is necessary.

        Clocking-mode: For DCE the recommendation is to use internal clocking-mode

        Command:
                SSG350M-> set interface serial4/0 serial-options clocking-mode internal


After configuring clocking-mode in the DCE the interface link comes up:
ssg20-> get int ser2/0
Interface serial2/0:
  description serial2/0
  number 21, if_info 8568, if_index 0, mode route
  link up, phy-link up
  holdtime: up 0 ms, down 0 ms
  serial-options:
      mode: dte
      signal:
        dtr = normal rts = normal cts = normal
        dcd = normal dsr = normal tm  = normal
      line protocol:X21
      line encoding:nrz
      loopback:none
      clock rate:8.0mhz
      clock mode:loop
      tx clock: non invert
  vsys Root, zone Untrust, vr trust-vr
  admin mtu 0, operating mtu 1500, default mtu 1500


  pmtu-v4 disabled
  ping disabled, telnet disabled, SSH disabled, SNMP disabled
  web disabled, ident-reset disabled, SSL disabled

  OSPF disabled  BGP disabled  RIP disabled  RIPng disabled  mtrace disabled
  PIM: not configured  IGMP not configured
  NHRP disabled
  bandwidth: physical 8000kbps, configured egress [gbw 0kbps mbw 0kbps]
             configured ingress mbw 0kbps, current bw 0kbps
             total allocated gbw 0kbps
Number of SW session: 8063, hw sess err cnt 0



SSG350M-> get int ser4/0
Interface serial4/0:
  description serial4/0
  number 8, if_info 19264, if_index 0, mode route
  link up, phy-link up
  holdtime: up 0 ms, down 0 ms
  serial-options:
      mode: dce
      signal:
        dtr = normal rts = normal cts = normal
        dcd = normal dsr = normal tm  = normal
      line protocol:X21
      line encoding:nrz
      loopback:none
      clock rate:8.0mhz
      clock mode:internal
      tx clock: non invert
  vsys Root, zone Untrust, vr trust-vr
  admin mtu 0, operating mtu 1500, default mtu 1500


  pmtu-v4 disabled
  ping disabled, telnet disabled, SSH disabled, SNMP disabled
  web disabled, ident-reset disabled, SSL disabled

  OSPF disabled  BGP disabled  RIP disabled  RIPng disabled  mtrace disabled
  PIM: not configured  IGMP not configured
  NHRP disabled
  bandwidth: physical 8000kbps, configured egress [gbw 0kbps mbw 0kbps]
             configured ingress mbw 0kbps, current bw 0kbps
             total allocated gbw 0kbps
Number of SW session: 48063, hw sess err cnt 0



2. Frame Relay Encapsulation:

The link is up, now it's necessary to configure the Frame Relay encapsulation:

Commands:
        ssg20-> set interface serial2/0 encap frame-relay

        SSG350M-> set interface serial4/0 encap frame-relay


Because SSG devices act as Frame Relay DTE, it's necessary to disable LMI keepalives:
        Commands:
                   ssg20-> set interface "serial2/0" frame-relay lmi no-keepalive

        SSG350M-> set interface "serial4/0" frame-relay lmi no-keepalive



At this point Frame Relay encapsulation should be up:
ssg20-> get inte ser2/0 frame
--------------------------------------------------------------------------------
phy-interface serial2/0:  total 1 DLCIs
N - new,  D - delete, A - active, I - inactive
--------------------------------------------------------------------------------
dlci status total_downtime last_down_time       sub-interface IP-address
--------------------------------------------------------------------------------


Frame-Relay physical interface serial2/0 LMI values:
--------------------------------------------------------------------------------
  LMI standard / Device type           : ANSI / DTE
  LMI sequence number send/recv        :  199 /   0
  Link status                          : Up
  Event history                        : ................ (e - error,  . - ok)
  LMI Keepalive message                : OFF
  Next keepalive timer expire          : N/A
  t391-DTE (keepalive interval)        :  10 (default 10 sec)
  n391-DTE (full status poll interval) :   6 (default 6)
  n392-DTE (error threshold)           :   3 (default 3)
  n393-DTE (monitored event-count)     :   4 (default 4)

serial2/0 Frame-Relay statistics:
--------------------------------------------------------------------------------
                |   Ingress counter   |   Egress counter
--------------------------------------------------------------------------------
  data     pkt: |                50   |               75
  data    byte: |              6600   |             9900
  FECN     pkt: |                 0   |                0
  BECN     pkt: |                 0   |                0
  DE       pkt: |                 0   |                0
  error    pkt: |                 0   |                1
  drop     pkt: |               195   |                1
  unknown  pkt: |                 0   |                0
--------------------------------------------------------------------------------
  LMI      pkt: |                 0   |              199
  enquire  pkt: |                 0   |              165
  fullenq  pkt: |                 0   |               34
  response pkt: |                 0   |                0
  fullresp pkt: |                 0   |                0
  error    pkt: |                 0   |                0
  losesequence: |                 0   |                0
Last LMI response received: N/A
Last LMI enquiry  send    : 07/07/2002 07:56:51



SSG350M-> get interface serial4/0 frame-relay  
--------------------------------------------------------------------------------
phy-interface serial4/0:  total 1 DLCIs
N - new,  D - delete, A - active, I - inactive
--------------------------------------------------------------------------------
dlci status total_downtime last_down_time       sub-interface IP-address
--------------------------------------------------------------------------------


Frame-Relay physical interface serial4/0 LMI values:
--------------------------------------------------------------------------------
  LMI standard / Device type           : ANSI / DTE
  LMI sequence number send/recv        :  195 /   0
  Link status                          : Up
  Event history                        : ................ (e - error,  . - ok)

  LMI Keepalive message                : OFF
  Next keepalive timer expire          : N/A
  t391-DTE (keepalive interval)        :  10 (default 10 sec)
  n391-DTE (full status poll interval) :   6 (default 6)
  n392-DTE (error threshold)           :   3 (default 3)
  n393-DTE (monitored event-count)     :   4 (default 4)

serial4/0 Frame-Relay statistics:
--------------------------------------------------------------------------------
                |   Ingress counter   |   Egress counter
--------------------------------------------------------------------------------
  data     pkt: |                75   |               50
  data    byte: |              9900   |             6600
  FECN     pkt: |                 0   |                0
  BECN     pkt: |                 0   |                0
  DE       pkt: |                 0   |                0
  error    pkt: |                 0   |                1
  drop     pkt: |               194   |                1
  unknown  pkt: |                 0   |                0
--------------------------------------------------------------------------------
  LMI      pkt: |                 0   |              195
  enquire  pkt: |                 0   |              162
  fullenq  pkt: |                 0   |               33
  response pkt: |                 0   |                0
  fullresp pkt: |                 0   |                0
  error    pkt: |                 3   |                0
  losesequence: |                 0   |                0
Last LMI response received: N/A
Last LMI enquiry  send    : 03/27/2008 06:02:30

 

3. Frame Relay PVC, interface and IP address:

Now the link is up, Frame Relay is up and it's necessary to configure the PVC. But before creating the PVC it's necessary to configure a sub-interface and assign it to a zone.

Commands:

             ssg20-> set interface "serial2/0.1" zone "Untrust"
        ssg20-> set interface "serial2/0.1" frame-relay dlci 100

        SSG350M-> set interface "serial4/0.1" zone "Untrust"
        SSG350M-> set interface "serial4/0.1" frame-relay dlci 100


NOTE: DLCI value has to match so that it identifies the same PVC.

After creating the PVC an IP address is assigned to the interface and management is enabled:
Commands:
                    ssg20-> set interface serial2/0.1 ip 10.0.0.1/24
        ssg20-> set interface serial2/0.1 manage

        SSG350M-> set interface serial4/0.1 ip 10.0.0.2/24
        SSG350M-> set interface serial4/0.1 manage



4. Verifying Configuration:

Configuration is complete, a PING test can be executed to confirm connectivity:
ssg20-> ping 10.0.0.2
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/3 ms


SSG350M-> ping 10.0.0.1
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/3 ms



Below is the configuration summary for reference purposes:

SSG20:
set interface serial2/0 encap frame-relay
set interface "serial2/0" frame-relay lmi no-keepalive
set interface "serial2/0.1" zone "Untrust"
set interface "serial2/0.1" frame-relay dlci 100
set interface serial2/0.1 ip 10.0.0.1/24
set interface serial2/0.1 manage


SSG350M:
set interface serial4/0 serial-options clocking-mode internal
set interface serial4/0 encap frame-relay
set interface "serial4/0" frame-relay lmi no-keepalive
set interface "serial4/0.1" zone "Untrust"
set interface "serial4/0.1" frame-relay dlci 100
set interface serial4/0.1 ip 10.0.0.2/24
set interface serial4/0.1 manage



Important:
1. If another interface is used other than X.21 it's necessary to configure the interface serial options such as clocking mode, encoding and dte-options/dce-options.

2. In this example there are two Frame Relay DTE's connecting to each other, but in case the SSG's have to connect to a Frame Relay DCE (e.g. Frame Relay switching network) then it's not necessary to disable LMI keepalives and the correct LMI type has to be set with the command below. "ansi" is the default option and "itu" can also be set.
SSG350M-> set interface serial4/0 frame-relay lmi type ?
ansi                 LMI use ANSI standard(default)
itu                  LMI use ITU standard


More information about WAN interface configuration can be obtained in KB9398.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search