AR400 SERIES ROUTER USER GUIDE Software Release 2.5.
AR400 Series Router User Guide for Software Release 2.5.2 Document Number C613-02034-00 REV A. Copyright © 2003 Allied Telesyn International, Corp. 960 Stewart Drive Suite B, Sunnyvale CA 94086, USA. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn. Allied Telesyn International, Corp. reserves the right to make changes in specifications and other information contained in this document without prior written notice.
Contents CHAPTER 1 Introduction Introducing the AR400 Series Router ................................................................. 7 Why Read this User Guide? ............................................................................... 7 Where To Find More Information ...................................................................... 8 The AR400 Series Router Documentation Set ............................................. 8 Online Technical Support ...............................................
AR400 Series Router User Guide Firewall .................................................................................................... IP Addresses and DHCP ............................................................................ Traffic Logging and Firewall Alert Messages .............................................. Time and NTP ........................................................................................... Loading Software .......................................................
Configuring ISDN Bandwidth on Demand ................................................. 80 Installing Port Interface Cards (PICs) (AR410 only) ........................................... 81 Connecting to a Leased Line Circuit .......................................................... 81 CHAPTER 6 Routing This Chapter ................................................................................................... 83 Configuring an IP Network .............................................................
Chapter 1 Introduction Introducing the AR400 Series Router Congratulations on purchasing an AR400 Series router — the optimal solution for your small or medium sized business. This guide introduces the AR400 Series router and will guide you through the most common uses and applications of your new router. Getting started will not take long—many applications are set up in just a few minutes. If you have any questions about the router, contact your authorised distributor or reseller.
AR400 Series Router User Guide ■ Chapter 2, Getting Started with the Command Line Interface (CLI) describes how to gain access to the command lineinterface. ■ Chapter 3, Getting Started with the Graphical User Interface (GUI) describes how to access and use the graphical user interface. ■ Chapter 4, Operating the router introduces general operation, management and support features, including loading and installing support files and new releases.
Introduction 9 • AR400 Series Router Software Reference • Port Interface Card Quick Install Guide (for AR410 and AR410S) • Port Interface Card Hardware Reference (for AR410 and AR410S) The CD-ROM also includes: • Application Notes—a collection of technical and background papers on the application of AR400 router technologies. • Configuration Examples—a collection of ready-to-use examples of typical network configurations, complete with scripts to download to an AR400 router using AT-TFTP.
AR400 Series Router User Guide The AR450S base unit supports: ■ five 10/100 Mbps full duplex switched Ethernet LAN ports. ■ two 10/100 Mbps full duplex Ethernet WAN and DMZ ports ■ two asynchronous serial ports ■ one built-in encryption processor The software support for the AR400 Series router and the expansion options provides wirespeed Layer 2 switching, including support for Virtual LANs.
Introduction Software Release 2.5.2 C613-02034-00 REV A 11 ■ DECnet™ routing (Phase IV+ and area) (AR410 only). ■ AppleTalk routing. ■ Generic Routing Encapsulation (GRE) protocols. ■ IP multicast routing support, including Internet Group Management Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP) and Protocol Independent Multicast (PIM) Sparse and Dense Modes. ■ IPv6 routing support, including stateless address autoconfiguration, RIPv6 and ICMPv6.
AR400 Series Router User Guide Special Feature Licences You need a special feature licence and password to activate some special features over and above the standard software release. Typically, these special features are covered by government security regulations. Special feature licences and passwords are quite separate and distinct from the standard software release licences and passwords. The features that are available and that require special feature licences depend on region and router model.
Chapter 2 Getting Started with the Command Line Interface (CLI) This Chapter This chapter describes how to access the router’s CLI, and provides basic information about configuring the router, including how to: ■ Physically connect a terminal or PC to the router (see “Connecting a Terminal or PC” on page 14 and the Quick Install Guide). ■ Set the Terminal Communication parameters to match the router’s settings (see “Terminal Communication Parameters” on page 14).
AR400 Series Router User Guide Connecting a Terminal or PC The first thing to do after physically installing the router is to start a terminal or terminal emulation session to access the router. Then you can use the command line interface (CLI) to configure the router. If you wish to configure the router using the Graphical User Interface, you must first access the CLI and assign an IP address to at least one interface.
Getting Started with the Command Line Interface (CLI) 15 If a modem is connected, configure the router to make and/or accept calls via the modem. To set the CDCONTROL parameter to “CONNECT” and the FLOW parameter to “HARDWARE”, enter the command: SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE If the terminal or modem is used with communications settings other than the default settings, then configure the asynchronous port to match the terminal or modem settings using the SET ASYN command.
AR400 Series Router User Guide If IP addresses on your LAN are assigned dynamically by DHCP, you can set the router to request an IP address from the DHCP server, using the commands: ADD IP INTERFACE=vlan1 IPADDRESS=DHCP ENABLE IP REMOTEASSIGN You do not need to set the MASK parameter because the subnet mask received from the DHCP server is used.
Getting Started with the Command Line Interface (CLI) 17 Setting Routes The process of routing packets consists of selectively forwarding data packets from one network to another. Your router makes a decision to send a packet to a particular network on information it learns dynamically from listening to the selected route protocol and on the static information entered as part of the configuration process. In addition, you can configure user-defined filters to restrict the way packets are sent.
AR400 Series Router User Guide Choosing a Password All users, including managers, should take care in selecting passwords. Tools exist that enable hackers to guess or test many combinations of login names and passwords easily. The User Authentication Facility (UAF) provides some protection against such attacks by allowing the manager to set the number of consecutive login failures allowed and a lockout period when the limit is exceeded.
Getting Started with the Command Line Interface (CLI) 19 Table 2: Command line editing functions and keystrokes (Continued).
AR400 Series Router User Guide The help file is easily modified, for example to provide detailed site-specific support information. The mark-up language specification and preprocessor program are available from your authorised distributor or reseller. Also, typing a question mark “?” at the end of a partially completed command displays a list of the parameters that may follow the current command line, with the minimum abbreviations in uppercase letters (see Figure 1 on page 20).
Getting Started with the Command Line Interface (CLI) 21 Setting System Parameters You can set some general system parameters to ensure the router’s compatibility with the public network, and to aid network administration. Some services, for instance ISDN, use slightly different versions in different countries. To make sure that the router uses protocols consistent with the services it is connected to, set the system territory to the country or region in which your router operates.
Chapter 3 Getting Started with the Graphical User Interface (GUI) This Chapter This chapter describes how to access the router’s HTTP-based Graphical User Interface (GUI), and provides basic information about using the GUI, including: ■ About the GUI, what you can use the GUI to do, and how to navigate within it ■ Supported browsers, and what you may need to configure on your browser ■ How to connect the router to a PC and configure the router so you can access the GUI, for the following scenarios: •
AR400 Series Router User Guide Only one person can configure a particular router with the GUI at a time, to avoid clashes between configurations. Monitoring and diagnostics pages can be viewed by more than one user at a time. The following software features can be configured through the GUI. The position of each set of features in the GUI’s sidebar menu is also given.
Getting Started with the Graphical User Interface (GUI) ■ IP route table (Monitoring > IP Routes) ■ PPPoE limits (Monitoring > PPPoE Limits). Limits can also be reset from this page.
AR400 Series Router User Guide HTTP Proxy Servers An HTTP proxy server is a server which provides a security barrier between a private network’s PCs and the Internet. The PCs send HTTP requests (and other web traffic) to the server, which then forwards the requests to the appropriate next device. Similarly, the server receives incoming HTTP traffic which is addressed to a PC on the private network, and forwards it to the appropriate PC.
Getting Started with the Graphical User Interface (GUI) 27 Figure 2: Connecting a PC directly to the router. 2. Enable IP, using the command: ENABLE IP 3. Assign the vlan1 interface an IP address in the same subnet as the PC, using the command: ADD IP INTERFACE=vlan1 IP=ipaddress MASK=mask To access the GUI from a PC in your LAN, in the same subnet as the router (Figure 3 on page 27): 1. Plug the router in and access its command line interface.
AR400 Series Router User Guide 3. Assign the vlan1 interface an IP address in the same subnet as the PC, using the command: ADD IP INTERFACE=vlan1 IP=ipaddress MASK=mask If you use DHCP to assign IP addresses to devices on your LAN, and you want to manage the router within this DHCP regime, it is recommended that you set your DHCP server to always assign the same IP address to the router.
Getting Started with the Graphical User Interface (GUI) 29 4. Give the router a route to the PC you wish to browse from, using the command: ADD IP ROUTE=PC-subnet INTERFACE=vlan1 NEXTHOP=gateway-ipaddress where: • PC-subnet is the IP subnet address of the PC. For example, if the PC has an IP address of 192.168.6.1 and a mask of 255.255.255.0, its subnet address is 192.168.6.0.
AR400 Series Router User Guide Context sensitive GUI help The GUI’s context-sensitive help system is displayed in a banner which covers the title of the GUI page. You can move the banner to any part of your screen and/or resize it. To display the help, click on the Help button above the sidebar menu or on the page for which you require assistance. Three types of help are available: ■ Click General Page Info to see brief background and process flow information.
Getting Started with the Graphical User Interface (GUI) 31 Load the GUI resource file from your TFTP server to the router, using the command: LOAD FILE=filename.rsc SERVER=server where: • filename is the name of the GUI resource file, as shown on the support site for your router. Do not rename the file. • server is the IP address of the TFTP server the file is loaded from. When the router has loaded the file into its RAM, it displays the message “File transfer successfully completed”.
AR400 Series Router User Guide Troubleshooting The GUI resource file has an 8-digit name, with the file extension rsc (for example, d450se01.rsc).
Getting Started with the Graphical User Interface (GUI) 33 Problem The GUI is behaving inconsistently, or you cannot access some pages. Solution ■ Check that you are trying to access the GUI from a supported browser. Internet Explorer 5.0 or later, and Netscape 6.2.2 and 6.2.3 are supported. ■ Check that Javascript is enabled. Problem The GUI does not seem to configure the router correctly.
AR400 Series Router User Guide Problem Incoming traffic is sent to the wrong host. Solution If you are using a static Standard NAT, this problem may indicate that NAT is mapping to a valid IP address, but which belongs to the wrong host. To correct the IP address, select Configuration > Firewall > NAT. Problem Only one device on the LAN or DMZ can access the Internet. Solution ■ If you are using a static Standard NAT, only one device from the LAN will be able to access the Internet.
Getting Started with the Graphical User Interface (GUI) ■ Problem Solutions Problem Solutions Software Release 2.5.2 C613-02034-00 REV A 35 • Rules intended to block traffic have an action of “Deny”. • The ports, services and protocols are correct. • The IP addresses the rules apply to are entered correctly, and actually belong to the specified devices. • The rules apply to the correct days and time. Some traffic is allowed through the firewall, to enable the protocols to work correctly.
AR400 Series Router User Guide ■ • The IP addresses the rules apply to are entered correctly, and actually belong to the specified devices. • The rules apply to the correct days and time. If an IP address-based rule exists to block traffic from this particular device, check that the device has a permanently-assigned IP address.If the router is assigning IP addresses as a DHCP server, you can give the required device a permanent IP address by making it a static entry (Configuration > DHCP Server).
Getting Started with the Graphical User Interface (GUI) 37 Traffic Logging and Firewall Alert Messages Problem Firewall Alert messages are not being emailed. Solution ■ Check that Enable Email Firewall Alerts is checked (Configuration > Firewall > Events > Alarms tab) and that the email address is correct. ■ Check that the DNS Server IP is correct (Configuration > Internet Protocol > General). ■ Check that a hostname is correctly specified (Configuration > System > General).
AR400 Series Router User Guide ■ Check that the NTP peer can reach the router, by pinging the router from the NTP peer. Note that you will not get a response if Respond to ping is unchecked on the Firewall Policy Options page (Configuration > Firewall > Interfaces > Policy options tab). This option is checked by default. ■ Check that the router’s link to the LAN is functioning. See “Traffic Flow and Network Address Translation (NAT)” on page 33.
Chapter 4 Operating the Router This Chapter This chapter introduces basic operations on the router, including: ■ “User Accounts and Privileges” on page 39 ■ “Normal Mode and Security Mode” on page 41 ■ “Remote Management” on page 44 ■ “Storing Files in FLASH Memory” on page 45 ■ “Using Scripts” on page 46 ■ “Loading and Uploading Files” on page 47 ■ “Upgrading Router Software” on page 51 ■ “Using the Built-in Editor” on page 55 ■ “SNMP and MIBs” on page 56 User Accounts and Privileges Th
AR400 Series Router User Guide In normal mode, a user with manager privilege can create and delete accounts for users with any of these privilege levels. Users and passwords are managed by the User Authentication Facility. Users and passwords are authenticated using an internal database called the User Authentication Database, or by interrogation of external RADIUS (Remote Authentication Dial In User Service) or TACACS (Terminal Access Controller Access System) servers.
Operating the router 41 See the Operations chapter in the AR400 Series Router Software Reference for: ■ More information about managing and using accounts with user, manager and security officer privileges ■ A full list of commands that require security officer privilege when the router is in secure mode ■ Information about enabling a remote security officer. Normal Mode and Security Mode The router operates in one of two modes, either normal mode or security mode.
AR400 Series Router User Guide on page 42 lists commands that only a security officer can execute when the router is in security mode. A complete list of commands limited by security mode are listed in the Operation chapter in the AR400 Series Router Software Reference. Table 4: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode .
Operating the router 43 Table 4: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued).
AR400 Series Router User Guide Table 4: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued). Command Specific Parameters SET SNMP COMMUNITY SET SSH SET STAR SET USER SHOW CONFIG SHOW ENCO KEY SHOW FEATURE SHOW FILE SHOW PPP CONFIG SHOW STAR [=id], MKTTRANSFER, NETKEY UPLOAD Remote Management You can manage remote routers as easily as you manage the local router a terminal is connected to.
Operating the router 45 Storing Files in FLASH Memory When you purchase the router, the router software release, the online help files, and a default configuration file are stored in FLASH memory, where they are saved even if the router is powered down. You will use the FLASH memory to store updated software releases or patches, and files that record the router’s configuration. FLASH memory is like a flat file system, with no subdirectories. The router also has Random Access Memory (RAM).
AR400 Series Router User Guide Using Scripts When you start or restart the router, or when it automatically restarts, it executes the configuration commands in the boot script. A boot script is a text file containing a sequence of standard commands that the router executes at startup. The default boot script is called boot.cfg. Commands run from a boot script are limited to 128 characters.
Operating the router 47 Storing Multiple Scripts You can store multiple configuration scripts on the router. This allows you to test new configuration scripts once, before setting them as the default configuration. For example, to test the new configuration script test.cfg, enter the command: RESTART ROUTER CONFIG=test.cfg Storing multiple scripts also allows you to keep a backup router with configuration scripts stored on it for every router in the network to speed up network recovery time.
AR400 Series Router User Guide Table 5: File extensions and file types (Continued). Extension File type/function INS Stores install information created by using the SET INSTALL command. JPG (Joint Photographic Experts Group) graphic image file. KEY Public portion of an RSA key. LIC Licence information. LOG Log file. MDS Modem script. PAT Patch. PAZ Compressed patch. REL Software release. REZ Compressed release. SCP Script.
Operating the router 49 To load a file onto the router using the HTTP protocol, enter the command: LOAD [METHOD={HTTP|WEB|WWW}] [DELAY=delay] [DESTFILE=destfilename] [DESTINATION=BOOTBLOCK|FLASH}] [HTTPPROXY={hostname|ipadd} [PASSWORD=password] [PROXYPORT=1..65535]] [SERVER={hostname|ipadd}] [SERVPORT={1..65535|DEFAULT}] [SRCFILE|FILE=filename] [USERNAME=username] The router can only load one file at a time. Wait for the current transfer to complete before initiating another transfer.
AR400 Series Router User Guide To load a patch file 1. Configure the LOADER. Set the LOADER module with defaults to make the process of downloading files in future simpler. SET LOADER METHOD=HTTP SERVER=192.168.1.1 DESTINATION=FLASH 2. Download the patch file. Download the patch file onto the router, using the defaults set above. LOAD FILE=52232-01.paz When the download has completed, check that the file is in FLASH. SHOW FILE This shows the file 52232-01.paz is present.
Operating the router 51 2. Upload the configuration file. Upload the log file from the router into the TFTP directory of the TFTP server on the network, using the defaults set above. UPLOAD FILE=filename.log Monitor the load progress. SHOW LOAD When the upload is complete, check that the file is in the TFTP directory on the network host.
AR400 Series Router User Guide temporary install fails the router will automatically run the preferred install if there is one, or otherwise the default install, the next time the router reboots. When the router reboots, it checks the install information in a strict order: • Firstly, the router checks the temporary install. If a temporary install is specified, the router loads it into RAM and runs it. At the same time, it deletes the temporary install information so it will not load a second time.
Operating the router 53 Example: Upgrade to a New Software Release Using TFTP This example assumes the router is correctly configured to allow TFTP to function. This means that IP is configured and the router is able to communicate with the designated TFTP server. The TFTP server is assumed to function correctly and the release and patch files are assumed present in the server’s TFTP directory. The router has no release or patch files, and is running the EPROM Software Release 2.3.2.
AR400 Series Router User Guide compatible, so your current configuration should run with little or no modifications on the later release. CREATE CONFIG=myconfig.cfg SET CONFIG=myconfig.cfg The SET CONFIG information survives the release update. Reboot the router. RESTART REBOOT The router reboots, loading the new release file and the specified configuration. Display the install history, and check that the temporary release was loaded. SHOW INSTALL 5. Make the release the default (permanent) release.
Operating the router 55 3. Make the patch part of the default (permanent) release. If the router operates correctly with the new patch, make the release permanent. SET INSTALL=PREFERRED RELEASE=52-232.rez PATCH=52232-02.paz Every time the router reboots from now on, it loads the new release and patch from FLASH. Do not set an untested patch as part of the preferred install.
AR400 Series Router User Guide SNMP and MIBs You can remotely monitor some features of the router using Simple Network Management Protocol (SNMP). The following MIBs are supported: ■ MIB II (RFC 1213) ■ Ethernet MIB (RFC 1643) ■ AR400 router portion of the ATI/ATKK Enterprise MIB ■ Frame Relay DTE MIB (RFC 1325) ■ Bridge MIB (RFC 1493) ■ Host Resources MIB (RFC 1514) ■ DS1, E1, DS2, and E2 Interface Types MIB (RFC 2495) The SNMP agent is disabled by default.
Operating the router 57 For More About Operations and Facilities For more detail about operating the router, and for full command syntax definitions, see the Operation chapter in the AR400 Series Router Software Reference, including: ■ How to use the User Authentication Facility, RADIUS or TACACs for authenticating users who log on to the router, and ensuring that only authorised login accounts are used.
Physical and Layer 2 Interfaces 59 Chapter 5 Physical and Layer 2 Interfaces This Chapter This chapter introduces the physical and logical interfaces available on the base unit router and the optional interfaces available as expansion options for the PIC bay.
AR400 Series Router User Guide Figure 7: Network overview. Data link protocols Physical interfaces SYN Network routing protocols PPP IP FR IPX X.25 LAPB X.25T MIOX X.25C BRI Q.931 ISDN CALL over BRI channel PRI Q.931 ISDN CALL over PRI channel ASYN ACC PPP ETH PPPoE PORT VLAN AppleTalk DECnet PPP (ACC/L2TP) PPP (ACC/L2TP) UGFIG1 Interfaces The physical interfaces on the base unit or expansion option, sometimes called ports, connect the router to the physical network.
Physical and Layer 2 Interfaces 61 Two of the encapsulations supported for synchronous ports (AR410 only)— Frame Relay and Point-to-Point Protocol—are described in detail in the Pointto-Point Protocol (PPP) and Frame Relay chapters in the AR400 Series Router Software Reference. The Basic Rate and Primary Rate ISDN interfaces (AR410 only) are described in the Integrated Services Digital Network (ISDN) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide Ethernet Ports An Ethernet interface on the router is automatically configured by the software modules when the router starts up. No user configuration of the Ethernet interfaces is required, except to enable other software modules to use the interface. This is achieved by adding a software module interface and using the clause INTERFACE=ethn, where n is the number of the Ethernet interface being configured.
Physical and Layer 2 Interfaces 63 Table 7: Factory defaults for configurable parameters for asynchronous ports. Option Default setting PARITY NONE PROMPT DEFAULT (CMD>) SECURE ON SERVICE NONE SPEED AUTO STOPBITS 1 TYPE VT100 For more information about asynchronous ports, see the AR Series Router Hardware Reference or the Interfaces chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide Synchronous Ports (AR410 only) You can use the asynchronous console port on the base unit to configure the router. Additional asynchronous ports can also connect terminals, printers and terminal ports on host computers. Your router supports synchronous interfaces with speeds of up to 2.048 Mbps, also known as E1.
Physical and Layer 2 Interfaces 65 On the AR450 only, Auto MDI/MDI-X is disabled when a switch port is set to a specific speed and duplex mode. On the AR450 only, it is also possible to require a switch port to operate at a single speed without disabling autonegotiation by allowing the port to autonegotiate, but constrain the speed/duplex options to the desired combination.
AR400 Series Router User Guide You can set the global retransmission time delay for all switch ports operating in half duplex mode. When the port attempts to transmit a packet and encounters a collision, the switch stops transmission and starts a short delay (backoff) before attempting re-transmission. If AGGRESSIVE is specified, the time delay is shorter. If NORMAL is specified, the time delay is standard. The default is NORMAL.
Physical and Layer 2 Interfaces 67 For more information about limiting switch traffic, see the SET SWITCH PORT command in the Switching on the AR450 chapter in the AR400 Series Router Software Reference. Virtual LANs A Virtual LAN (VLAN) is a software-defined broadcast domain. The router’s VLAN feature allows you to segment a network by software management to improve network performance.
AR400 Series Router User Guide Point to Point Protocol (PPP) The Point-to-Point Protocol (PPP) establishes a connection between the router and a service provider, on demand. PPP provides mechanisms for transmitting data over synchronous connections, ISDN, ACC and L2TP calls, groups of TDM slots, and Ethernet. Each protocol carried over PPP has an associated Network Control Protocol (NCP) that negotiates options for the protocol and brings up the link for that protocol.
Physical and Layer 2 Interfaces 69 PPPoE PPP over Ethernet (PPPoE) is defined in RFC 2516 “A Method of Transmitting PPP Over Ethernet”. PPPoE is used to run PPP over the Ethernet. The same authentication, billing and transfer systems as for PPP are then available in Ethernet networks. PPP over Ethernet enables multiple hosts at a remote site to share the same access device, while providing the access control and billing functionality of dial-up PPP connections.
AR400 Series Router User Guide Parameters for setting the interface defaults for encryption and compression are also set with the CREATE command. These values are used by all DLCs on the interface unless specifically overridden for a particular DLC. After the Frame Relay interface is created, to change the LMI parameters, enter the command: SET FRAMERELAY You may modify any or all of the parameters on a single command line.
Physical and Layer 2 Interfaces 3. 71 Add logical interfaces if required Frame Relay logical interfaces (FRLI) provide a mechanism for organising DLCs into groups. Each FRLI, or group of DLCs, are assigned its own IP address to split the Frame Relay network into subnets. A default FRLI 0 is always created when a Frame Relay interface is created. To create additional FRLI’s, enter the command: ADD FRAMERELAY=fr-interface LI=logical-interface By default, all DLCs are associated with the default FRLI 0.
AR400 Series Router User Guide Integrated Services Digital Network (ISDN) (AR410 only) To use ISDN connections with an AR400 Series router you need to install the appropriate Port Interface Card (PIC) in the router’s PIC bay. Either install an ISDN Basic Rate ISDN (BRI) or Primary Rate ISDN (PRI) PIC.
Physical and Layer 2 Interfaces 73 Default Setup The standard LAPD configurations are shown in Table 8 on page 73 (Basic Rate Interfaces) and Table 9 on page 73 (Primary Rate Interfaces). These settings suit many situations. However, you can modify these settings as required to suit other network situations (see the Integrated Services Digital Network (ISDN) chapter, AR400 Series Router Software Reference). Table 8: Standard LAPD configuration for an ISDN Basic Rate Interface.
AR400 Series Router User Guide Configuring ISDN (AR410 only) This section describes how to configure ISDN on an ISDN expansion option on your router using the command line interface. If you want to use ISDN, your router must have a PIC bay with the appropriate ISDN Port Interface Card installed. Simple ISDN configurations for Basic Rate ISDN, Primary Rate ISDN, ISDN Dial on Demand and ISDN Bandwidth on Demand are described.
Physical and Layer 2 Interfaces 2. 75 Select country or territory. To select the country in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA|EUROPE|JAPAN|KOREA| NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for the United States, enter the command: SET SYSTEM TERRITORY=USA If you are not sure which territory to use, contact your authorised distributor or reseller.
AR400 Series Router User Guide If the Auto SPID procedures fail, manually enter the SPIDs with the command: SET Q931=0 SPID1=spid SPID2=spid Enter directory numbers and subaddresses with the command: SET Q931=0 NUM1=number NUM2=number SUB1=subaddress SUB2=subaddress The ISDN service provider must supply the directory numbers and subaddresses.
Physical and Layer 2 Interfaces 6. 77 Create PPP interfaces. Create PPP interfaces to use the ISDN calls. PPP provides the link layer protocol and enables multiple network and transport layer protocols such as IP and Novell® IPX to be carried over the same ISDN link.
AR400 Series Router User Guide 2. Select the territory. To select the country or region in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA| EUROPE|JAPAN|KOREA|NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for New Zealand, enter the command: SET SYSTEM TERRITORY=NEWZEALAND If you are not sure which territory to use, contact your authorised distributor or reseller.
Physical and Layer 2 Interfaces 79 and other call is cleared. The direction of precedence is not important, but set precedence to IN at one end of the call and OUT at the other end of the call. The ISDN number is the exact sequence required to reach the remote router from the local router, including STD access codes and area codes. The number may contain only decimal digits. Hyphens and other characters will result in an error.
AR400 Series Router User Guide 2. Create PPP interfaces. Create PPP interfaces to use the ISDN calls and enable the IDLE timer.
Physical and Layer 2 Interfaces 81 PPP interface 0 is now configured for bandwidth on demand operation and any routing protocols such as IP and IPX that are configured to use PPP interface 0 will automatically inherit the bandwidth on demand functionality. For more information about ISDN, including LAPD, Q.931, Call control, Call Logging, DNS, AODI, X.25 and Data over voice, see the Integrated Services Digital Network (ISDN) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide 5. To check the configuration, enter the commands: SHOW SYN=0 SHOW PPP=0 The output of the SHOW SYN command should show “Active” set to “yes” and “Module” set to “ppp”. The output of the SHOW PPP command should show interface ppp0 over syn0 with “LCP” as the control protocol. The Tx and Rx LEDs are lit as data is sent and received on the interface. Software Release 2.5.
Chapter 6 Routing This Chapter This chapter introduces and some protocols supported by the router, including: ■ Internet Protocol (IP) (see “Configuring an IP Network” on page 83). ■ IP Multicasting (see “Configuring IP Multicasting” on page 87). ■ Configuring Dynamic Host Configuration Protocol (see “Configuring Dynamic Host Configuration Protocol (DHCP)” on page 93.) ■ Novell IPX (see “Configuring a Novell IPX Network” on page 95).
AR400 Series Router User Guide Before You Start 1. Ensure that the routers you want to configure are connected as described in the Quick Install Guide. 2. Connect a terminal to the console port (port 0) on each router as described in the in the Quick Install Guide. Alternatively, you can connect a PC to the console port and use a terminal emulation program like Windows™ Terminal. 3. Login to the MANAGER account on each router (see “Logging In” on page 15).
Routing 85 To configure IP follow these steps The following steps are required: 1. Configure the PPP Link. 2. Create a VLAN and add untagged ports. 3. Configure the IP routing module on both routers. 4. Test the configuration. 5. Save the configuration. 1. Configure the PPP Link Refer to other sections of this guide on how to configure PPP interface 0 on each router to use the wide area link. 2.
AR400 Series Router User Guide 3. Configure IP Routing To clear any pre-existing IP configuration and turn on the IP routing software on each router, enter the commands: PURGE IP ENABLE IP On the Head Office router define two IP interfaces, one for the VLAN and one for the wide area link: ADD IP INT=VLAN2 IP=172.16.8.33 MASK=255.255.255.0 ADD IP INT=PPP0 IP=172.16.254.1 MASK=255.255.255.
Routing 87 You will see the login screen for the Remote Office router. To connect from the Remote Office router to the Head Office router, on the Remote Office router, enter the command: TELNET 172.16.8.33 5. Save the configuration To save the new dynamic configuration as a script, enter the command: CREATE CONFIG=IPCONF.SCP Configuring IP Multicasting IP multicasting is used to transmit packets to a group of hosts simultaneously on a TCP/IP network or sub-network.
AR400 Series Router User Guide While you can configure different multicasting protocols on different interfaces on the same router, multicasting information is not translated between the different multicast protocols. Configuring IGMP By default, IGMP is disabled on the router and on all interfaces. To enable IGMP on the router, enter the command: ENABLE IP IGMP You must enable IGMP on an interface before the interface can send or receive IGMP messages.
Routing 89 Figure 9: Multicast configuration example using IGMP and DVMRP. Router A eth0 203.45.90.2 ppp1 Router C 203.45.90.3 ppp0 ISDN 172.73.1.2 172.73.1.1 17 3 2. 4. 7 2. ppp0 189.124.7.9 0 fr0 202.96.152.12 eth Frame Relay IP host A 189.124.7.8 ppp0 172.74.1.2 .2 .2 4 .7 2 17 fr0 202.96.152.4 1 eth eth0 172.70.1.2 172.70.1.1 172.74.1.
AR400 Series Router User Guide 3. Configure PPP. To create PPP interfaces over a synchronous port and the ISDN call, enter the commands: CREATE PPP=0 OVER=SYN0 CREATE PPP=1 OVER=ISDN-DVMRP IDLE=ON 4. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.9 MASK=255.255.0.0 ADD IP INTERFACE=PPP1 IPADDRESS=203.45.90.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.73.1.2 MASK=255.255.255.0 5.
Routing 91 3. Configure IP. To enable IP on the router, and assign IP addresses to the interfaces used by DVMRP for multicast routing, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.8 MASK=255.255.0.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.1.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH1 IPADDRESS=172.74.2.2 MASK=255.255.255.0 4. Configure IGMP.
AR400 Series Router User Guide 4. Configure PPP. To configure a PPP interface over the ISDN interface, enter the command: CREATE PPP=0 OVER=ISDN-DVMRP IDLE=ON 5. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=FR0 IPADDRESS=202.96.152.12 MASK=255.255.255.0 ADD IP INTERFACE=PPP0 IPADDRESS=203.45.90.3 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.2.3 MASK=255.255.255.0 6. Configure IGMP.
Routing 93 4. Configure IGMP. To enable IGMP on the router, and on the interfaces over which group membership will be managed, enter the commands: ENABLE IP IGMP ENABLE IP IGMP INTERFACE=ETH0 ENABLE IP IGMP INTERFACE=FR0 5. Configure DVMRP. To enable DVMRP on the router, and on the interfaces over which DVMRP will perform multicast routing, enter the commands: ENABLE DVMRP ADD DVMRP INTERFACE=ETH0 METRIC=1 ADD DVMRP INTERFACE=FR0 DLC=20 METRIC=6 Confirm multicasting.
AR400 Series Router User Guide ■ the manual allocation mechanism, where a host’s IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the host. A particular network will use one or more of these mechanisms, depending on the policies of the network administrator. DHCP is based on its predecessor, Bootstrap Protocol (BOOTP), but adds automatic allocation of reusable network addresses and additional configuration options.
Routing 95 4. Test the configuration. To check that DHCP functions correctly, enter the commands: SHOW SHOW SHOW SHOW 5. DHCP DHCP POLICY DHCP RANGE DHCP CLIENT Configure a printer. To configure a printer with the MAC address of 00-00-0c-00-28-73 that only talks BOOTP, enter the commands: ENABLE DHCP BOOTP CREATE DHCP POLICY=prnt LEASE=INFINITY INHERIT=base ADD DHCP RANGE=office POLICY=prnt IP=192.168.1.
AR400 Series Router User Guide supervisor. For more details, contact your local Novell network administrator or refer to the Novell documentation. Table 11: Frame type and equivalent router encapsulation. Novell Frame Type Router Encapsulation Ethernet_802.3 802.3 Ethernet_802.2 802.2 Ethernet_II EthII Ethernet_SNAP SNAP 2. Ensure that the routers you want to configure are connected as described in the Quick Install Guide. 3.
Routing 97 Table 12: Example configuration parameters for an IPX network (Continued). Configuration Parameter Head Office Router Remote Office Router Ethernet encapsulation 802.3 802.3 Novell network number for Ethernet 401 12 IPX circuit over Ethernet 1 1 PPP interface ppp0 ppp0 Novell network number for PPP 129 129 IPX circuit over PPP 2 2 To configure IPX follow these steps The following steps are required: 1. Configure the PPP link. 2. Configure the routers for IPX. 3.
AR400 Series Router User Guide 3. Test the Configuration To examine the route table and service table on each router, enter the commands: SHOW IPX ROUTE SHOW IPX SERVICE The route table will contain paths from each Novell device which advertises routes, for example file servers and routers. The service table lists all the services, such as file services and print services, that devices are advertising.
Routing 99 Figure 11: Example output from the SHOW IPX CIRCUIT command. IPX CIRCUIT information Name ......................... Status ....................... Interface .................... Network number ............... Station number ............... Link state ................... Cost in Novell ticks ......... Type20 packets allowed ....... On demand .................... Circuit 1 enabled vlan11 (802.3) c0e7230f 0000cd000d26 up 1 no no Spoofing information Keep alive spoofing ..........
AR400 Series Router User Guide Figure 12: Example configuration for an IPX dial-on-demand network. Head Office Router Remote Office Router Network = 129 PPP Data Link Network = 12 Network = 401 Remote PC Netware File Server UGIPX2_R Table 13: Example configuration parameters for IPX dial-on-demand. Parameter Head Office Router Remote Office Router Ethernet interface eth0 eth0 Ethernet encapsulation 802.3 802.
Routing 101 3. Define IPX circuits On the Head Office router define two IPX circuits, one for the Ethernet interface and one for the wide area link. To configure the wide area link as a demand link and enable RIP and SAP change broadcasts, enter the commands: ADD IPX CIRC=1 INT=ETH0 NETW=401 ENCAP=802.
AR400 Series Router User Guide 4. Save configuration To save the new dynamic configuration as a script, enter the command: CREATE CONFIG=IPXFILT.SCP AppleTalk The AppleTalk network architecture provides internetworking of Macintosh computers and other peripheral devices using LocalTalk media. AppleTalk allows seamless access to network services such as file servers and printers from the Macintosh desktop environment.
Routing 103 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) is a distance vector protocol that is part of the TCP/IP protocol suite used to exchange routing information between routers. RIP determines a route based on the smallest hop count between source and destination. Routing protocols such as RIPv1 and RIPv2 can be enabled on a VLAN.
AR400 Series Router User Guide Figure 15: Example output from the SHOW RSVP INTERFACE command. RSVP Interfaces Maximum Reserved No.
Routing 105 Figure 16: .A basic OSPF network with an addressless PPP link. Router 2 Router 1 172.31.2.2 172.31.2.1 Point-to-Point link 172.31.1.1 172.31.108.10 LAN LAN Area 1 UGOSPF1_R To configure a basic OSPF network follow these steps The following steps are required: 1. Configure the PPP and Ethernet interfaces on router 1. 2. Configure router 1 as an OSPF router. 3. Configure the PPP and Ethernet interfaces on router 2. 4. Configure router 2 as an OSPF router. 1.
AR400 Series Router User Guide 4. Configure router 2 as an OSPF router. To create an OSPF area, assign the IP interfaces to the area, and configure OSPF routing parameters, enter the command: ENABLE OSPF ADD OSPF AREA=0.0.0.1 AUTHENTICATION=PASSWORD ADD OSPF RANGE=172.31.0.0 AREA=0.0.0.1 MASK=255.255.0.0 ADD OSPF INTERFACE=ETH0 AREA=0.0.0.1 PASSWORD=csecret ADD OSPF INTERFACE=PPP0 AREA=0.0.0.
Chapter 7 Maintenance and Troubleshooting This Chapter If you are familiar with networking and router operations, you may be able to diagnose and solve some problems yourself. This chapter gives tips on how to: ■ start your router (see “How the Router Starts Up” on page 108). ■ avoid problems (see “How to Avoid Problems” on page 109). ■ reconfigure your router if you accidentally clear the FLASH memory (see “What to do if you clear FLASH memory completely” on page 111).
AR400 Series Router User Guide How the Router Starts Up The sequence of operations that the router performs when it boots are: 1. Perform startup self tests. 2. Perform the install override option. 3. Load the EPROM release as the INSTALL boot. 4. Inspect and check INSTALL information. 5. Load the required EPROM or FLASH release as the main boot. 6. Start the router. 7. Execute the boot script, if one has been configured.
Maintenance and Troubleshooting 109 When you start the router the EPROM release is always loaded first. The EPROM release contains all the code required to obtain and check the INSTALL information. This first boot is known as the INSTALL boot. The INSTALL information is inspected and the router is setup to perform another load. Even if the actual release required is the EPROM release, another load is always performed. At this point, if a patch load is required, it is also performed.
AR400 Series Router User Guide Configure logging The logging facility stores log messages for events with a specified severity in a log file. You can change the size of the log file, and the kind of messages recorded. You can configure the router to output log messages in several ways, including to a remote router with a specified IP address, or as an email to a particular email address. The router can also receive log messages from another router.
Maintenance and Troubleshooting 111 What to do if you clear FLASH memory completely DO NOT clear the FLASH memory completely. The software release files are stored in FLASH, and clearing it would leave no software to run the router. If you accidentally do this, you will need to: 1. Boot with default configuration. Reboot the router from a terminal connected the asynchronous terminal port (not Telnet). Use the install override to run the default configuration (see “How the Router Starts Up” on page 108).
AR400 Series Router User Guide What to do if ISDN Fails to Connect Make sure the system territory is set to the country or region in which your router is located. This is important because different countries use variations on the ISDN protocols, and the system territory setting on the router ensures that the router behaviour is compatible with the ISDN network.
Maintenance and Troubleshooting 113 What to do if Passwords are Lost If a user forgets their password, to reset the password from an account with MANAGER privilege, enter the command: SET USER=login-name PASSWORD=password You can reset passwords for accounts with MANAGER privilege with the same command, provided the manager can login to at least one account with MANAGER privilege. If you require further assistance contact your authorised distributor or reseller.
AR400 Series Router User Guide Resetting Router Defaults To restart the router at any time with no configuration, enter the command: RESTART ROUTER CONFIG=NONE If boot.cfg has changed, to set it back to the default configuration by saving the default dynamic configuration to the boot.cfg file, enter the command: CREATE CONFIG=boot.cfg To set the router to restart with the boot configuration file, enter the command: SET CONFIG=boot.cfg DO NOT clear the FLASH memory completely.
Maintenance and Troubleshooting 115 If PING to the end destination fails, PING intermediate network addresses. If you can successfully PING some network addresses, and not others, you can deduce which link in the network is down. Note that if Network Address Translation (NAT) is configured on the remote router, PINGing devices connected to it may give misleading information. For more information about using PING, see the Internet Protocol (IP) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide 5. Contact your authorised distributor or reseller for assistance If the route still does not appear, contact your authorised distributor or reseller for assistance. Telnet Fails 1. If Telnet to router fails Check that the IP address you used matches the one assigned to the router. To check that RIP is configured correctly, enter the command: SHOW IP RIP To check that the IP Telnet server is enabled on each router, enter the command.
Maintenance and Troubleshooting 117 In Microsoft® Windows™ 2000, click Settings → Control Panel → Network and Dial-up Connections → Local Area Connection → Properties. Select Internet connection (TCP/IP) and click Properties. Click Obtain an IP address automatically. 3. Check that the DHCP server has a large enough range of addresses. To assign a range, enter the command: CREATE DHCP RANGE Troubleshooting IPX Configurations No Routes are Visible to the Remote Router 1.
AR400 Series Router User Guide Local Workstations Can Not Access Remote Servers A number of different events can cause this problem. The following list of events gives the most common: 1. Move workstation to server LAN Check that when the workstation is moved to the same LAN as the file server, it is able to access the server. If not, the fault lies with the configuration of the workstation or file server. Check with your Novell network administrator. 2. Check NET.
Maintenance and Troubleshooting 119 Using Trace Route for IP Traffic You can use trace route to discover the route that packets pass between two systems running the IP protocol. Trace route sends an initial UDP packets with the Time To Live (TTL) field in the IP header set starting at 1. The TTL field is increased by one for every subsequent packet sent until the destination is reached. Each hop along the path between two systems responds with a TTL exceeded packet and from this the path is determined.
