AR400 SERIES ROUTER USER GUIDE Software Reference 2.6.
AR400 Series Router User Guide for Software Release 2.6.1 Document Number C613-02021-00 REV D. Copyright © 2003 Allied Telesyn International, Corp. 960 Stewart Drive Suite B, Sunnyvale CA 94086, USA. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn. Allied Telesyn International, Corp. reserves the right to make changes in specifications and other information contained in this document without prior written notice.
Contents CHAPTER 1 Introduction Introducing the AR400 Series Router ................................................................. 7 Why Read this User Guide? ............................................................................... 7 Where To Find More Information ...................................................................... 8 The AR400 Series Router Documentation Set ............................................. 8 Online Technical Support ...............................................
AR400 Series Router User Guide The Monitoring Menu .............................................................................. The Diagnostics Menu .............................................................................. Changing the Password ............................................................................ Context Sensitive GUI Help ....................................................................... Saving Configuration Entered with the GUI ......................................
Frame Relay (AR410 only) ............................................................................... Integrated Services Digital Network (ISDN) (AR410 only) ................................. BRI Versus PRI ........................................................................................... Configuring the Basic Rate Interface ......................................................... Configuring the Primary Rate Interface ..................................................... Default Setup .....
Chapter 1 Introduction Introducing the AR400 Series Router Congratulations on purchasing an AR400 Series router — the optimal solution for your small or medium sized business. This guide introduces the AR400 Series router and will guide you through the most common uses and applications of your new router. Getting started will not take long—many applications are set up in just a few minutes. If you have any questions about the router, contact your authorised distributor or reseller.
AR400 Series Router User Guide This user guide is organised into the following chapters: ■ Chapter 1, Introduction gives an overview of the router features and of the documentation supplied with your router. ■ Chapter 2, Getting Started with the Command Line Interface (CLI) describes how to gain access to the command lineinterface. ■ Chapter 3, Getting Started with the Graphical User Interface (GUI) describes how to access and use the graphical user interface.
Introduction 9 • This User Guide • AR Series Router Hardware Reference • AR400 Series Router Software Reference • Port Interface Card Quick Install Guide (for AR410 and AR410S) • Port Interface Card Hardware Reference (for AR410 and AR410S) The CD-ROM also includes: • Application Notes—a collection of technical and background papers on the application of AR400 router technologies.
AR400 Series Router User Guide You can add additional interfaces to your AR410 or AR410S by installing a Port Interface Card (PIC) in the PIC bay. The AR450S base unit supports: ■ five 10/100 Mbps full duplex switched Ethernet LAN ports.
Introduction Software Release 2.6.1 C613-02021-00 REV D 11 ■ Novell® IPX routing. ■ DECnet™ routing (Phase IV+ and area) (AR410 only). ■ AppleTalk routing. ■ Generic Routing Encapsulation (GRE) protocols. ■ IP multicast routing support, including Internet Group Management Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP) and Protocol Independent Multicast (PIM) Sparse and Dense Modes.
AR400 Series Router User Guide Special Feature Licences You need a special feature licence and password to activate some special features over and above the standard software release. Typically, these special features are covered by government security regulations. Special feature licences and passwords are quite separate and distinct from the standard software release licences and passwords. The features that are available and that require special feature licences depend on region and router model.
Chapter 2 Getting Started with the Command Line Interface (CLI) This Chapter This chapter describes how to access the router’s CLI, and provides basic information about configuring the router, including how to: ■ Physically connect a terminal or PC to the router (see “Connecting a Terminal or PC” on page 14 and the Quick Install Guide). ■ Set the Terminal Communication parameters to match the router’s settings (see “Terminal Communication Parameters” on page 14).
AR400 Series Router User Guide Connecting a Terminal or PC The first thing to do after physically installing the router is to start a terminal or terminal emulation session to access the router. Then you can use the command line interface (CLI) to configure the router. If you wish to configure the router using the Graphical User Interface, you must first access the CLI and assign an IP address to at least one interface.
Getting Started with the Command Line Interface (CLI) 15 If a modem is connected, configure the router to make and/or accept calls via the modem. To set the CDCONTROL parameter to “CONNECT” and the FLOW parameter to “HARDWARE”, enter the command: SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE If the terminal or modem is used with communications settings other than the default settings, then configure the asynchronous port to match the terminal or modem settings using the SET ASYN command.
AR400 Series Router User Guide If IP addresses on your LAN are assigned dynamically by DHCP, you can set the router to request an IP address from the DHCP server, using the commands: ADD IP INTERFACE=vlan1 IPADDRESS=DHCP ENABLE IP REMOTEASSIGN You do not need to set the MASK parameter because the subnet mask received from the DHCP server is used.
Getting Started with the Command Line Interface (CLI) 17 Setting Routes The process of routing packets consists of selectively forwarding data packets from one network to another. Your router makes a decision to send a packet to a particular network on information it learns dynamically from listening to the selected route protocol and on the static information entered as part of the configuration process. In addition, you can configure user-defined filters to restrict the way packets are sent.
AR400 Series Router User Guide Choosing a Password All users, including managers, should take care in selecting passwords. Tools exist that enable hackers to guess or test many combinations of login names and passwords easily. The User Authentication Facility (UAF) provides some protection against such attacks by allowing the manager to set the number of consecutive login failures allowed and a lockout period when the limit is exceeded.
Getting Started with the Command Line Interface (CLI) 19 Table 2: Command line editing functions and keystrokes (Continued).
AR400 Series Router User Guide The help file is easily modified, for example to provide detailed site-specific support information. The mark-up language specification and preprocessor program are available from your authorised distributor or reseller. Also, typing a question mark “?” at the end of a partially completed command displays a list of the parameters that may follow the current command line, with the minimum abbreviations in uppercase letters (see Figure 1 on page 20).
Setting System Parameters You can set some general system parameters to ensure the router’s compatibility with the public network, and to aid network administration. Some services, for instance ISDN, use slightly different versions in different countries. To make sure that the router uses protocols consistent with the services it is connected to, set the system territory to the country or region in which your router operates.
Chapter 3 Getting Started with the Graphical User Interface (GUI) This Chapter This chapter describes how to access the router’s HTTP-based Graphical User Interface (GUI), and provides basic information about using the GUI, including: ■ What is the GUI? • ■ ■ an introduction to the Graphical User Interface Accessing the router via the GUI: • browser and PC setup, including interaction with HTTP proxy servers • establishing a connection to your router, including an example of configuring SSL for se
AR400 Series Router User Guide What is the GUI? The GUI (Graphical User Interface) is a web-based device management tool, designed to make it easier to configure and monitor the router. The GUI provides an alternative to the CLI (Command Line Interface). Its purpose is to make complicated tasks simpler and regularly performed tasks quicker. The GUI relies on an HTTP server that runs on the router, and a web browser on the host PC.
Getting Started with the Graphical User Interface (GUI) 25 JavaScript must be enabled. To enable JavaScript in Internet Explorer: 1. From the Tools menu, select Internet Options 2. Select the Security tab 3. Click on the Custom Level button 4. Under the Scripting section, ensure that “Active scripting” is enabled. To enable JavaScript in Netscape 6.2.x: 1. From the Edit menu, select Preference 2. Select the Advanced menu option. 3.
AR400 Series Router User Guide Establishing a Connection to the Router Before you start, consider how the router fits into your network. If you are installing a new router, consider whether you want to configure it before deploying it into the LAN, or want to configure it in situ. If you want to access a router that has already been configured, consider the relative positions of the PC and the router.
Getting Started with the Graphical User Interface (GUI) 27 Option 1: Configuring the Router before Installation Use this procedure if: ■ You want to configure the router before installing it in your LAN. ■ You will be installing the router at a remote office or a customer site and want to configure it first. ■ You want a dedicated management PC permanently connected to the router. 1.
AR400 Series Router User Guide 8. Point your web browser at the LAN interface’s IP address 9. At the login prompt, enter the user name and password The default username is manager: User Name: manager Password: friend The System Status or System Hardware Details page is displayed (Figure 6 on page 34, Figure 7 on page 34). Select options from the sidebar menu to configure and manage the router.
Getting Started with the Graphical User Interface (GUI) 29 Figure 5: Configuring the router from a PC in another subnet. gateway subnet subnet AR400 Series router You can browse to the router through any VLAN or ETH port, as long as you give that interface an IP address (see below). The recommended LAN interface is vlan1, and these instructions assume you will use vlan1 as the LAN interface. The switch ports all belong to vlan1 by default. 3.
AR400 Series Router User Guide 7. If you want to be able to browse to the GUI securely, configure SSL (Secure Sockets Layer) See “Secure Access” on page 31 for more information. 8. Save the configuration and set the router to use it on bootup CREATE CONFIG=filename.cfg SET CONFIG=filename.cfg 9. On the PC, bypass the HTTP proxy server, if necessary See “HTTP Proxy Servers” on page 25 for more information. 10.
Getting Started with the Graphical User Interface (GUI) 2. 31 Select a PC You can browse to the GUI from any PC that: • has an IP address in the same subnet as the router, or that the router has a route to • is running a supported operating system • has a supported browser installed, with JavaScript enabled See “Browser and PC Setup” on page 24 for more information. 3. If necessary, bypass the HTTP proxy server See “HTTP Proxy Servers” on page 25 for more information. 4.
AR400 Series Router User Guide To secure your router’s HTTP Server with SSL for secure router management via the GUI. 1. Create a Security Officer user account Only a user with Security Officer privilege can enable system security and SSL. To add a user with the login name “CIPHER”, password “sbr4y3”, login=yes, and SECURITY OFFICER privilege, use the command: ADD USER="CIPHER" PASSWORD="sbr4y3" PRIVILEGE=SECURITYOFFICER Login=yes CREATE CONFIG=ssl.cfg RESTART ROUTER 2.
Getting Started with the Graphical User Interface (GUI) 33 with the Load Balancer. For details, see the Public Key Infrastructure (PKI) chapter of your Software Reference. 8. Load self-signed router certificate To load the signed router certificate onto the router, use the command: ADD PKI CERTIFICATE=cer_name LOCATION=cer_name.cer TRUST=YES 9.
AR400 Series Router User Guide System Status and System Hardware Details The GUI opens to display the system status on the AR450S router, and system hardware details for AR410 Series routers. Figure 6 and Figure 7 point out key information contained on these pages.
Getting Started with the Graphical User Interface (GUI) 35 Using the GUI: Navigation and Features The GUI consists of a large number of pages, which you navigate between using the menu on the left of the browser window. This section describes how to use the GUI, and gives an overview of its functionality. The Quick Start Menu (AR450S only) The Quick Start options offer one-page configuration of your WAN or LAN connection.
AR400 Series Router User Guide Using Configuration Pages Most protocols are configured by creating or adding an entry - an IP route, a PIM interface, and so on. For such protocols, configuration with the GUI is based on sets of three pages: first you see a “summary” page, and from that you access an “add” page and a “modify” page. Complex protocols are subdivided into different tabs, each with their own summary, add and modify pages.
Getting Started with the Graphical User Interface (GUI) Figure 8: An example of a configuration page with a selection table Tabs Heading row Radio button Add, Modify and Remove buttons Figure 9: An example of a popup “add” page Text field Select list Checkbox Apply and Cancel buttons Software Release 2.6.
AR400 Series Router User Guide Figure 10: An example of a popup “modify” page Non-editable field Editable Fields GUI pages allow you to enter values or select options through a range of field types. These include: • text fields, to enter character strings or numbers, especially for fields where there are few limits on the entries (such as names). See the online help for valid characters and field length • select lists, to select one option from a small number of possibilities.
Getting Started with the Graphical User Interface (GUI) 39 Cancel Button A Cancel button closes a popup page without making any changes to the configuration. Close Button A Close button closes a popup page, and conserves any changes that you made to the settings on the page by clicking on buttons like Add, Modify, Remove or Apply. Changes you made to editable fields will not be conserved when you click Close (unless you first clicked Apply).
AR400 Series Router User Guide The Diagnostics Menu The GUI’s diagnostics pages enable you to troubleshoot network problems and observe traffic flow, including: • displaying the number of good and bad packets received and transmitted over each switch port • displaying the number of frames related to 802.
Getting Started with the Graphical User Interface (GUI) 41 To freeze the banner’s display so that the help does not change when you move the mouse, press the [Ctrl] key. To unfreeze, press [Ctrl] again. Note that element information is not available for entries in tables. To see descriptions of the columns of tables, click Complete Help Page. ■ Click Complete Help Page to see all available information, including the element information, in a separate printable window.
AR400 Series Router User Guide Upgrading the GUI You can download the latest GUI resource file from the support site at http://www.alliedtelesyn.co.nz. Before you start, ensure that the router is running the most recent release and patch files. The GUI is not part of the firmware release file, but the most recent resource file will generally only be compatible with the most recent software release.
Getting Started with the Graphical User Interface (GUI) 43 When the router has loaded the file into its RAM, it displays the message “File transfer successfully completed”. It then writes the file to FLASH memory, which takes approximately 30 seconds after the message. Once the file has been copied to FLASH, you can enter commands that refer to it. 3.
AR400 Series Router User Guide Deleting Temporary Files Browsers store local copies of web pages as temporary files. If you upgrade to a new GUI resource file, or if you encounter problems in browsing to the GUI, you may need to delete these files (clear the cache). To clear the cache in Internet Explorer: 1. From the Tools menu, select Internet Options. 2. On the General tab, click the Delete Files button. 3. The Delete Files dialog box opens. Click the OK button.
Getting Started with the Graphical User Interface (GUI) 45 Problem The GUI is behaving inconsistently, or you cannot access some pages. Solution ■ Delete your browser’s temporary files (see “Deleting Temporary Files” on page 44) and try again. ■ Check that you are trying to access the GUI from a supported operating system and browser combination. See “Browser and PC Setup” on page 24 for more information. ■ Check that JavaScript is enabled.
AR400 Series Router User Guide Problem Incoming traffic is sent to the wrong host. Solution If you are using a static Standard NAT, this problem may indicate that NAT is mapping to a valid IP address, but which belongs to the wrong host. To correct the IP address, select Configuration > Firewall > NAT. Problem Only one device on the LAN or DMZ can access the Internet. Solution ■ If you are using a static Standard NAT, only one device from the LAN will be able to access the Internet.
Getting Started with the Graphical User Interface (GUI) ■ Problem Solutions Problem Solutions • The IP addresses the rules apply to are entered correctly, and actually belong to the specified devices. • The rules apply to the correct days and time. Some traffic is allowed through the firewall, to enable the protocols to work correctly. You can specify which ICMP traffic is allowed through on the Firewall Policy Options page (Configuration > Firewall > Interfaces > Policy options tab).
AR400 Series Router User Guide IP Addresses and DHCP Problem You have selected Quick Start > WAN > DHCP, but the router hasn’t been given an IP address. Solution ■ Check that the router’s domain and host name are correct (Configuration > System > General). ■ Check that the DHCP server can reach the router, by pinging the router from the DHCP server.
Getting Started with the Graphical User Interface (GUI) 49 Problem You are receiving email notifications for “attacks” that actually are not attacks. Solution Your alarm thresholds may be set too low (Configuration > Firewall > Events > Alarms tab). Be careful when increasing the thresholds, because if the threshold is too high, you may not be warned about actual attack attempts. Problem The time in log packets is incorrect. Solution See “Time and NTP” on page 49.
Loading Software Problem You have attempted to load a new release file onto the router, but the load has failed and you cannot access the router through the GUI. Solution 1. Access the router’s CLI (see “Connecting a Terminal or PC” on page 14). If the router has been switched off or has rebooted since you attempted to load the release file, it will boot up with the default installation. This contains the commands you require to load a file. Log into the router using the manager account and password.
Chapter 4 Operating the router This Chapter This chapter introduces basic operations on the router, including: ■ “User Accounts and Privileges” on page 51 ■ “Normal Mode and Security Mode” on page 53 ■ “Remote Management” on page 56 ■ “Storing Files in FLASH Memory” on page 57 ■ “Using Scripts” on page 58 ■ “Loading and Uploading Files” on page 59 ■ “Upgrading Router Software” on page 63 ■ “Using the Built-in Editor” on page 67 ■ “SNMP and MIBs” on page 68 User Accounts and Privileges Th
AR400 Series Router User Guide In normal mode, a user with manager privilege can create and delete accounts for users with any of these privilege levels. Users and passwords are managed by the User Authentication Facility. Users and passwords are authenticated using an internal database called the User Authentication Database, or by interrogation of external RADIUS (Remote Authentication Dial In User Service) or TACACS (Terminal Access Controller Access System) servers.
Operating the router 53 See the Operations chapter in the AR400 Series Router Software Reference for: ■ More information about managing and using accounts with user, manager and security officer privileges ■ A full list of commands that require security officer privilege when the router is in secure mode ■ Information about enabling a remote security officer. Normal Mode and Security Mode The router operates in one of two modes, either normal mode or security mode.
AR400 Series Router User Guide on page 54 lists commands that only a security officer can execute when the router is in security mode. A complete list of commands limited by security mode are listed in the Operation chapter in the AR400 Series Router Software Reference. Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode .
Operating the router 55 Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued).
AR400 Series Router User Guide Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued). Command Specific Parameters SET SNMP COMMUNITY SET SSH SET STAR SET USER SHOW CONFIG SHOW ENCO KEY SHOW FEATURE SHOW FILE SHOW PPP CONFIG SHOW STAR [=id], MKTTRANSFER, NETKEY UPLOAD Remote Management You can manage remote routers as easily as you manage the local router a terminal is connected to.
Operating the router 57 Storing Files in FLASH Memory When you purchase the router, the router software release, the online help files, and a default configuration file are stored in FLASH memory, where they are saved even if the router is powered down. You will use the FLASH memory to store updated software releases or patches, and files that record the router’s configuration. FLASH memory is like a flat file system, with no subdirectories. The router also has Random Access Memory (RAM).
AR400 Series Router User Guide Using Scripts When you start or restart the router, or when it automatically restarts, it executes the configuration commands in the boot script. A boot script is a text file containing a sequence of standard commands that the router executes at startup. The default boot script is called boot.cfg. Commands run from a boot script are limited to 128 characters.
Operating the router 59 Storing Multiple Scripts You can store multiple configuration scripts on the router. This allows you to test new configuration scripts once, before setting them as the default configuration. For example, to test the new configuration script test.cfg, enter the command: RESTART ROUTER CONFIG=test.cfg Storing multiple scripts also allows you to keep a backup router with configuration scripts stored on it for every router in the network to speed up network recovery time.
AR400 Series Router User Guide Table 6: File extensions and file types (Continued). Extension File type/function INS Stores install information created by using the SET INSTALL command. JPG (Joint Photographic Experts Group) graphic image file. KEY Public portion of an RSA key. LIC Licence information. LOG Log file. MDS Modem script. PAT Patch. PAZ Compressed patch. REL Software release. REZ Compressed release. SCP Script.
Operating the router 61 To load a file onto the router using the HTTP protocol, enter the command: LOAD [METHOD={HTTP|WEB|WWW}] [DELAY=delay] [DESTFILE=destfilename] [DESTINATION=BOOTBLOCK|FLASH}] [HTTPPROXY={hostname|ipadd} [PASSWORD=password] [PROXYPORT=1..65535]] [SERVER={hostname|ipadd}] [SERVPORT={1..65535|DEFAULT}] [SRCFILE|FILE=filename] [USERNAME=username] The router can only load one file at a time. Wait for the current transfer to complete before initiating another transfer.
AR400 Series Router User Guide To load a patch file 1. Configure the LOADER. Set the LOADER module with defaults to make the process of downloading files in future simpler. SET LOADER METHOD=HTTP SERVER=192.168.1.1 DESTINATION=FLASH 2. Download the patch file. Download the patch file onto the router, using the defaults set above. LOAD FILE=52232-01.paz When the download has completed, check that the file is in FLASH. SHOW FILE This shows the file 52232-01.paz is present.
Operating the router 63 2. Upload the configuration file. Upload the configuration file from the router into the TFTP directory of the TFTP server on the network, using the defaults set above. UPLOAD FILE=filename.cfg Monitor the load progress. SHOW LOAD When the upload is complete, check that the file is in the TFTP directory on the network host.
AR400 Series Router User Guide temporary install fails the router will automatically run the preferred install if there is one, or otherwise the default install, the next time the router reboots. When the router reboots, it checks the install information in a strict order: • Firstly, the router checks the temporary install. If a temporary install is specified, the router loads it into RAM and runs it. At the same time, it deletes the temporary install information so it will not load a second time.
Operating the router 65 Example: Upgrade to a New Software Release Using TFTP This example assumes the router is correctly configured to allow TFTP to function. This means that IP is configured and the router is able to communicate with the designated TFTP server. The TFTP server is assumed to function correctly and the release and patch files are assumed present in the server’s TFTP directory. The router has no release or patch files, and is running the EPROM Software Release 2.3.2.
AR400 Series Router User Guide compatible, so your current configuration should run with little or no modifications on the later release. CREATE CONFIG=myconfig.cfg SET CONFIG=myconfig.cfg The SET CONFIG information survives the release update. Reboot the router. RESTART REBOOT The router reboots, loading the new release file and the specified configuration. Display the install history, and check that the temporary release was loaded. SHOW INSTALL 5. Make the release the default (permanent) release.
Operating the router 67 The router reboots, loading the new patch file and the specified configuration. Check that the router operates correctly with the new patch file. 3. Make the patch part of the default (permanent) release. If the router operates correctly with the new patch, make the release permanent. SET INSTALL=PREFERRED RELEASE=52-261.rez PATCH=52261-01.paz Every time the router reboots from now on, it loads the new release and patch from FLASH.
AR400 Series Router User Guide SNMP and MIBs You can remotely monitor some features of the router using Simple Network Management Protocol (SNMP). For information about the MIBs supported by the router, see Appendix C: SNMP MIBs in the AR400 Series Router Software Reference. The SNMP agent is disabled by default.
Operating the router 69 ■ How to use LDAP to load PKI certificates and CRLs onto your router. ■ How to use Router Startup Operations ■ How to use FLASH compaction to regain storage space on the router. Read “Warning about FLASH memory” on page 12 before you attempt to do this. ■ How to set aliases to represent common command strings. ■ How to define a remote security officer, so you can manage the security features remotely via Telnet.
Chapter 5 Physical and Layer 2 Interfaces This Chapter This chapter introduces the physical and logical interfaces available on the base unit router and the optional interfaces available as expansion options for the PIC bay.
AR400 Series Router User Guide Figure 13: Network overview. Data link protocols Physical interfaces SYN Network routing protocols PPP IP FR IPX X.25 LAPB X.25T MIOX X.25C BRI Q.931 ISDN CALL over BRI channel PRI Q.931 ISDN CALL over PRI channel ASYN ACC PPP ETH PPPoE PORT VLAN AppleTalk DECnet PPP (ACC/L2TP) PPP (ACC/L2TP) UGFIG1 Interfaces The physical interfaces on the base unit or expansion option, sometimes called ports, connect the router to the physical network.
Physical and Layer 2 Interfaces 73 Two of the encapsulations supported for synchronous ports (AR410 only)— Frame Relay and Point-to-Point Protocol—are described in detail in the Pointto-Point Protocol (PPP) and Frame Relay chapters in the AR400 Series Router Software Reference. The Basic Rate and Primary Rate ISDN interfaces (AR410 only) are described in the Integrated Services Digital Network (ISDN) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide Ethernet Ports An Ethernet interface on the router is automatically configured by the software modules when the router starts up. No user configuration of the Ethernet interfaces is required, except to enable other software modules to use the interface. This is achieved by adding a software module interface and using the clause INTERFACE=ethn, where n is the number of the Ethernet interface being configured.
Physical and Layer 2 Interfaces 75 Table 8: Factory defaults for configurable parameters for asynchronous ports. Option Default setting PARITY NONE PROMPT DEFAULT (CMD>) SECURE ON SERVICE NONE SPEED AUTO STOPBITS 1 TYPE VT100 For more information about asynchronous ports, see the AR Series Router Hardware Reference or the Interfaces chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide Synchronous Ports (AR410 only) You can use the asynchronous console port on the base unit to configure the router. Additional asynchronous ports can also connect terminals, printers and terminal ports on host computers. Your router supports synchronous interfaces with speeds of up to 2.048 Mbps, also known as E1.
Physical and Layer 2 Interfaces 77 On the AR450 only, Auto MDI/MDI-X is disabled when a switch port is set to a specific speed and duplex mode. On the AR450 only, it is also possible to require a switch port to operate at a single speed without disabling autonegotiation by allowing the port to autonegotiate, but constrain the speed/duplex options to the desired combination.
AR400 Series Router User Guide Once the system resource becomes available the switch transmission by the link partner of the port can resume. You can set the global retransmission time delay for all switch ports operating in half duplex mode. When the port attempts to transmit a packet and encounters a collision, the switch stops transmission and starts a short delay (backoff) before attempting re-transmission. If AGGRESSIVE is specified, the time delay is shorter.
Physical and Layer 2 Interfaces 79 For more information about limiting switch traffic, see the SET SWITCH PORT command in the Switching on the AR450 chapter in the AR400 Series Router Software Reference. Virtual LANs A Virtual LAN (VLAN) is a software-defined broadcast domain. The router’s VLAN feature allows you to segment a network by software management to improve network performance.
AR400 Series Router User Guide Point to Point Protocol (PPP) The Point-to-Point Protocol (PPP) establishes a connection between the router and a service provider, on demand. PPP provides mechanisms for transmitting data over synchronous connections, ISDN, ACC and L2TP calls, groups of TDM slots, and Ethernet. Each protocol carried over PPP has an associated Network Control Protocol (NCP) that negotiates options for the protocol and brings up the link for that protocol.
Physical and Layer 2 Interfaces 81 PPPoE PPP over Ethernet (PPPoE) is defined in RFC 2516 “A Method of Transmitting PPP Over Ethernet”. PPPoE is used to run PPP over the Ethernet. The same authentication, billing and transfer systems as for PPP are then available in Ethernet networks. PPP over Ethernet enables multiple hosts at a remote site to share the same access device, while providing the access control and billing functionality of dial-up PPP connections.
AR400 Series Router User Guide Parameters for setting the interface defaults for encryption and compression are also set with the CREATE command. These values are used by all DLCs on the interface unless specifically overridden for a particular DLC. After the Frame Relay interface is created, to change the LMI parameters, enter the command: SET FRAMERELAY You may modify any or all of the parameters on a single command line.
Physical and Layer 2 Interfaces 3. 83 Add logical interfaces if required Frame Relay logical interfaces (FRLI) provide a mechanism for organising DLCs into groups. Each FRLI, or group of DLCs, are assigned its own IP address to split the Frame Relay network into subnets. A default FRLI 0 is always created when a Frame Relay interface is created. To create additional FRLI’s, enter the command: ADD FRAMERELAY=fr-interface LI=logical-interface By default, all DLCs are associated with the default FRLI 0.
AR400 Series Router User Guide Integrated Services Digital Network (ISDN) (AR410 only) To use ISDN connections with an AR400 Series router you need to install the appropriate Port Interface Card (PIC) in the router’s PIC bay. Either install an ISDN Basic Rate ISDN (BRI) or Primary Rate ISDN (PRI) PIC.
Physical and Layer 2 Interfaces 85 Default Setup The standard LAPD configurations are shown in Table 9 on page 85 (Basic Rate Interfaces) and Table 10 on page 85 (Primary Rate Interfaces). These settings suit many situations. However, you can modify these settings as required to suit other network situations (see the Integrated Services Digital Network (ISDN) chapter, AR400 Series Router Software Reference). Table 9: Standard LAPD configuration for an ISDN Basic Rate Interface.
AR400 Series Router User Guide Configuring ISDN (AR410 only) This section describes how to configure ISDN on an ISDN expansion option on your router using the command line interface. If you want to use ISDN, your router must have a PIC bay with the appropriate ISDN Port Interface Card installed. Simple ISDN configurations for Basic Rate ISDN, Primary Rate ISDN, ISDN Dial on Demand and ISDN Bandwidth on Demand are described.
Physical and Layer 2 Interfaces 2. 87 Select country or territory. To select the country in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA|EUROPE|JAPAN|KOREA| NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for the United States, enter the command: SET SYSTEM TERRITORY=USA If you are not sure which territory to use, contact your authorised distributor or reseller.
AR400 Series Router User Guide If the Auto SPID procedures fail, manually enter the SPIDs with the command: SET Q931=0 SPID1=spid SPID2=spid Enter directory numbers and subaddresses with the command: SET Q931=0 NUM1=number NUM2=number SUB1=subaddress SUB2=subaddress The ISDN service provider must supply the directory numbers and subaddresses.
Physical and Layer 2 Interfaces 6. 89 Create PPP interfaces. Create PPP interfaces to use the ISDN calls. PPP provides the link layer protocol and enables multiple network and transport layer protocols such as IP and Novell® IPX to be carried over the same ISDN link.
AR400 Series Router User Guide 2. Select the territory. To select the country or region in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA| EUROPE|JAPAN|KOREA|NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for New Zealand, enter the command: SET SYSTEM TERRITORY=NEWZEALAND If you are not sure which territory to use, contact your authorised distributor or reseller.
Physical and Layer 2 Interfaces 91 and other call is cleared. The direction of precedence is not important, but set precedence to IN at one end of the call and OUT at the other end of the call. The ISDN number is the exact sequence required to reach the remote router from the local router, including STD access codes and area codes. The number may contain only decimal digits. Hyphens and other characters will result in an error.
AR400 Series Router User Guide 2. Create PPP interfaces. Create PPP interfaces to use the ISDN calls and enable the IDLE timer.
Physical and Layer 2 Interfaces 93 PPP interface 0 is now configured for bandwidth on demand operation and any routing protocols such as IP and IPX that are configured to use PPP interface 0 will automatically inherit the bandwidth on demand functionality. For more information about ISDN, including LAPD, Q.931, Call control, Call Logging, DNS, AODI, X.25 and Data over voice, see the Integrated Services Digital Network (ISDN) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide 5. To check the configuration, enter the commands: SHOW SYN=0 SHOW PPP=0 The output of the SHOW SYN command should show “Active” set to “yes” and “Module” set to “ppp”. The output of the SHOW PPP command should show interface ppp0 over syn0 with “LCP” as the control protocol. The Tx and Rx LEDs are lit as data is sent and received on the interface. Software Release 2.6.
Chapter 6 Routing This Chapter This chapter introduces and some protocols supported by the router, including: ■ Internet Protocol (IP) (see “Configuring an IP Network” on page 95). ■ IP Multicasting (see “Configuring IP Multicasting” on page 99). ■ Configuring Dynamic Host Configuration Protocol (see “Configuring Dynamic Host Configuration Protocol (DHCP)” on page 105.) ■ Novell IPX (see “Configuring a Novell IPX Network” on page 107).
AR400 Series Router User Guide Before You Start 1. Ensure that the routers you want to configure are connected as described in the Quick Install Guide. 2. Connect a terminal to the console port (port 0) on each router as described in the in the Quick Install Guide. Alternatively, you can connect a PC to the console port and use a terminal emulation program like Windows™ Terminal. 3. Login to the MANAGER account on each router (see “Logging In” on page 15).
Routing 97 To configure IP follow these steps The following steps are required: 1. Configure the PPP Link. 2. Create a VLAN and add untagged ports. 3. Configure the IP routing module on both routers. 4. Test the configuration. 5. Save the configuration. 1. Configure the PPP Link Refer to other sections of this guide on how to configure PPP interface 0 on each router to use the wide area link. 2.
AR400 Series Router User Guide 3. Configure IP Routing To clear any pre-existing IP configuration and turn on the IP routing software on each router, enter the commands: PURGE IP ENABLE IP On the Head Office router define two IP interfaces, one for the VLAN and one for the wide area link: ADD IP INT=VLAN2 IP=172.16.8.33 MASK=255.255.255.0 ADD IP INT=PPP0 IP=172.16.254.1 MASK=255.255.255.
Routing 99 You will see the login screen for the Remote Office router. To connect from the Remote Office router to the Head Office router, on the Remote Office router, enter the command: TELNET 172.16.8.33 5. Save the configuration To save the new dynamic configuration as a script, enter the command: CREATE CONFIG=IPCONF.SCP Configuring IP Multicasting IP multicasting is used to transmit packets to a group of hosts simultaneously on a TCP/IP network or sub-network.
AR400 Series Router User Guide While you can configure different multicasting protocols on different interfaces on the same router, multicasting information is not translated between the different multicast protocols. Configuring IGMP By default, IGMP is disabled on the router and on all interfaces. To enable IGMP on the router, enter the command: ENABLE IP IGMP You must enable IGMP on an interface before the interface can send or receive IGMP messages.
Routing 101 Figure 15: Multicast configuration example using IGMP and DVMRP. Router A eth0 203.45.90.2 ppp1 Router C 203.45.90.3 ppp0 ISDN 172.73.1.2 172.73.1.1 17 3 2. 4. 7 2. ppp0 189.124.7.9 0 fr0 202.96.152.12 eth Frame Relay IP host A 189.124.7.8 ppp0 172.74.1.2 .2 .2 4 .7 2 17 fr0 202.96.152.4 1 eth eth0 172.70.1.2 172.70.1.1 172.74.1.
AR400 Series Router User Guide 3. Configure PPP. To create PPP interfaces over a synchronous port and the ISDN call, enter the commands: CREATE PPP=0 OVER=SYN0 CREATE PPP=1 OVER=ISDN-DVMRP IDLE=ON 4. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.9 MASK=255.255.0.0 ADD IP INTERFACE=PPP1 IPADDRESS=203.45.90.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.73.1.2 MASK=255.255.255.0 5.
Routing 103 3. Configure IP. To enable IP on the router, and assign IP addresses to the interfaces used by DVMRP for multicast routing, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.8 MASK=255.255.0.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.1.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH1 IPADDRESS=172.74.2.2 MASK=255.255.255.0 4. Configure IGMP.
AR400 Series Router User Guide 4. Configure PPP. To configure a PPP interface over the ISDN interface, enter the command: CREATE PPP=0 OVER=ISDN-DVMRP IDLE=ON 5. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=FR0 IPADDRESS=202.96.152.12 MASK=255.255.255.0 ADD IP INTERFACE=PPP0 IPADDRESS=203.45.90.3 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.2.3 MASK=255.255.255.0 6. Configure IGMP.
Routing 105 4. Configure IGMP. To enable IGMP on the router, and on the interfaces over which group membership will be managed, enter the commands: ENABLE IP IGMP ENABLE IP IGMP INTERFACE=ETH0 ENABLE IP IGMP INTERFACE=FR0 5. Configure DVMRP. To enable DVMRP on the router, and on the interfaces over which DVMRP will perform multicast routing, enter the commands: ENABLE DVMRP ADD DVMRP INTERFACE=ETH0 METRIC=1 ADD DVMRP INTERFACE=FR0 DLC=20 METRIC=6 Confirm multicasting.
AR400 Series Router User Guide On the router, DHCP is based on DHCP policies. Policies are predefined sets of configuration information items. Each policy defines IP configuration information for the clients that are attached to a single IP interface. Each policy has at least one IP address range attached to it. A range is a list of consecutively numbered IP addresses.
Routing 107 Configuring a Novell IPX Network The router’s implementation of the Novell IPX protocol uses the term circuit to refer to a logical connection over an interface, similar to an X.25 permanent virtual circuit (PVC) or a Frame Relay Data Link Connection (DLC). The term interface refers to the underlying physical interface, such as VLAN, Ethernet, Point-to-Point (PPP) and Frame Relay. Before You Start 1. Collect the information that you will need to configure IPX.
AR400 Series Router User Guide Configuring IPX This example (Figure 16 on page 108) illustrates the steps required to configure a pair of AR410 routers to create a Novell® IPX internetwork, using the router’s command line interface. In this scenario, PCs at a remote office need access to a Novell file server at the Head Office site. The two sites are connected by a PPP link over a wide area link—either a dedicated leased line or an ISDN call. Figure 16: Example configuration for an IPX network.
Routing 109 To configure IPX follow these steps The following steps are required: 1. Configure the PPP link. 2. Configure the routers for IPX. 3. Test the configuration. 4. Save the configuration. 1. Configure the PPP Link Refer to other sections of this guide on how to configure PPP interface 0 on each router to use the wide area link. 2. • See “Point to Point Protocol (PPP)” on page 80 for information about configuring PPP to use a synchronous link.
AR400 Series Router User Guide local (i.e. via eth0) on one router, should also be visible on the other router, via the PPP link. Test that a workstation on the Remote Office LAN can login to the file server on the Head Office LAN. 4. Save the Configuration Save the new dynamic configuration as a script, by entering the command: CREATE CONFIG=IPXCONF.SCP To add an IPX circuit over a VLAN 1.
Routing 111 Configuring IPX Dial-on-Demand This example (Figure 18 on page 111) illustrates how to set up the router to provide a wide area internet based on Novell’s IPX routing protocol with dialon-demand access. In this scenario, a PC at a remote site periodically accesses the Novell file server at a central site to read Email, transfer files or print documents on a laser printer. The two sites are connected by a PPP link over a wide area link—either a dedicated leased line or an ISDN call.
AR400 Series Router User Guide 1. Clear previous IPX configuration To purge the IPX static database to clear an preexisting IPX configuration enter the command: PURGE IPX 2. Enable IPX To enable the IPX routing software on each router, enter the command: ENABLE IPX 3. Define IPX circuits On the Head Office router define two IPX circuits, one for the Ethernet interface and one for the wide area link.
Routing 113 2. Create SAP filter To create a SAP filter that only allows information about the file services provided by the file server (named ACCOUNTS) to be included in SAP broadcasts, enter the command: ADD IPX SAP=0 SERVICE=ACCOUNTS TYPE=FILE ACTION=INCLUDE 3. Associate RIP and SAP filters with IPX circuit To associate the RIP and SAP filters with the IPX circuit over the PPP link, enter the command: SET IPX CIRC=2 RIPCHANGE=YES SAPCHANGE=YES OUTRIP=0 OUTSAP=0 4.
AR400 Series Router User Guide To interpret output from the SHOW APPLE PORT command see the AppleTalk chapter in the AR400 Series Router Software Reference. Routing Information Protocol (RIP) The Routing Information Protocol (RIP) is a distance vector protocol that is part of the TCP/IP protocol suite used to exchange routing information between routers. RIP determines a route based on the smallest hop count between source and destination.
Routing 115 Figure 21: Example output from the SHOW RSVP INTERFACE command. RSVP Interfaces Maximum Reserved No.
AR400 Series Router User Guide Configuring a Basic OSPF Network This example (Figure 22 on page 116) is a simple network of two routers connected together, each with its own local area network. The routers all belong to a single class B network 172.31.0.0, which has further been subnetted using the subnet mask 255.255.255.0. Figure 22: .A basic OSPF network with an addressless PPP link. Router 2 Router 1 172.31.2.2 172.31.2.1 Point-to-Point link 172.31.1.1 172.31.108.
Routing 117 3. Configure the PPP and Ethernet interfaces on router 2. To create IP interfaces to use the PPP and Ethernet interfaces, and assign an OSPF metric to each IP interface, enter the command: CREATE PPP=0 OVER=SYN0 ENABLE IP ADD IP INTERFACE=PPP0 IP=172.31.2.2 MASK=255.255.255.0 OSPFMETRIC=1 ADD IP INTERFACE=ETH0 IP=172.31.108.10 MASK=255.255.255.0 OSPFMETRIC=1 4. Configure router 2 as an OSPF router.
Chapter 7 Maintenance and Troubleshooting This Chapter If you are familiar with networking and router operations, you may be able to diagnose and solve some problems yourself. This chapter gives tips on how to: ■ start your router (see “How the Router Starts Up” on page 120). ■ avoid problems (see “How to Avoid Problems” on page 121). ■ reconfigure your router if you accidentally clear the FLASH memory (see “What To Do if You Clear FLASH Memory Completely” on page 123).
AR400 Series Router User Guide How the Router Starts Up The sequence of operations that the router performs when it boots are: When the router boots, the following sequence of operations is performed: 1. Perform startup self tests. 2. Perform the install override option. 3. Load the FLASH boot release as the INSTALL boot. 4. Inspect and check INSTALL information. 5. Load the required release as the main boot. 6. Start the router. 7. Execute the boot script, if one has been configured.
Maintenance and Troubleshooting 121 When you start the router the FLASH boot release is always loaded first. The FLASH boot release contains all the code required to obtain and check the INSTALL information. This first boot is known as the INSTALL boot. The INSTALL information is inspected and the router is setup to perform another load. Even if the actual release required is the FLASH boot release, another load is always performed. At this point, if a patch load is required, it is also performed.
AR400 Series Router User Guide Configure logging The logging facility stores log messages for events with a specified severity in a log file. You can change the size of the log file, and the kind of messages recorded. You can configure the router to output log messages in several ways, including to a remote router with a specified IP address, or as an email to a particular email address. The router can also receive log messages from another router.
Maintenance and Troubleshooting 123 What To Do if You Clear FLASH Memory Completely DO NOT clear the FLASH memory completely. The software release files are stored in FLASH, and clearing it would leave no software to run the router. If you accidentally do this, you will need to: 1. Boot with default configuration. Reboot the router from a terminal connected the asynchronous terminal port (not Telnet). Use the install override to run the default configuration (see “How the Router Starts Up” on page 120).
AR400 Series Router User Guide What To Do if ISDN Fails to Connect Make sure the system territory is set to the country or region in which your router is located. This is important because different countries use variations on the ISDN protocols, and the system territory setting on the router ensures that the router behaviour is compatible with the ISDN network.
Maintenance and Troubleshooting 125 What To Do if Passwords are Lost If a user forgets their password, to reset the password from an account with MANAGER privilege, enter the command: SET USER=login-name PASSWORD=password You can reset passwords for accounts with MANAGER privilege with the same command, provided the manager can login to at least one account with MANAGER privilege. If you require further assistance contact your authorised distributor or reseller.
AR400 Series Router User Guide Resetting Router Defaults To restart the router at any time with no configuration, enter the command: RESTART ROUTER CONFIG=NONE If boot.cfg has changed, to set it back to the default configuration by saving the default dynamic configuration to the boot.cfg file, enter the command: CREATE CONFIG=boot.cfg To set the router to restart with the boot configuration file, enter the command: SET CONFIG=boot.cfg DO NOT clear the FLASH memory completely.
Maintenance and Troubleshooting 127 If PING to the end destination fails, PING intermediate network addresses. If you can successfully PING some network addresses, and not others, you can deduce which link in the network is down. Note that if Network Address Translation (NAT) is configured on the remote router, PINGing devices connected to it may give misleading information. For more information about using PING, see the Internet Protocol (IP) chapter in the AR400 Series Router Software Reference.
AR400 Series Router User Guide 5. Contact your authorised distributor or reseller for assistance If the route still does not appear, contact your authorised distributor or reseller for assistance. Telnet Fails 1. If Telnet to router fails Check that the IP address you used matches the one assigned to the router. To check that RIP is configured correctly, enter the command: SHOW IP RIP To check that the IP Telnet server is enabled on each router, enter the command.
Maintenance and Troubleshooting 129 In Microsoft® Windows™ 2000, click Settings → Control Panel → Network and Dial-up Connections → Local Area Connection → Properties. Select Internet connection (TCP/IP) and click Properties. Click Obtain an IP address automatically. 3. Check that the DHCP server has a large enough range of addresses. To assign a range, enter the command: CREATE DHCP RANGE Troubleshooting IPX Configurations No Routes are Visible to the Remote Router 1.
AR400 Series Router User Guide Local Workstations Can Not Access Remote Servers A number of different events can cause this problem. The following list of events gives the most common: 1. Move workstation to server LAN Check that when the workstation is moved to the same LAN as the file server, it is able to access the server. If not, the fault lies with the configuration of the workstation or file server. Check with your Novell network administrator. 2. Check NET.
Maintenance and Troubleshooting 131 Using Trace Route for IP Traffic You can use trace route to discover the route that packets pass between two systems running the IP protocol. Trace route sends an initial UDP packets with the Time To Live (TTL) field in the IP header set starting at 1. The TTL field is increased by one for every subsequent packet sent until the destination is reached. Each hop along the path between two systems responds with a TTL exceeded packet and from this the path is determined.
