AR400 SERIES User Guide Software Release 2.7.
AR400 Series Router User Guide for Software Release 2.7.1 Document Number C613-02021-00 REV F. Copyright © 2004 Allied Telesyn International Corp. 19800 North Creek Parkway, Suite 200, Bothell, WA 98011, USA. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn. Allied Telesyn International Corp. reserves the right to make changes in specifications and other information contained in this document without prior written notice.
Contents CHAPTER 1 Introduction Why Read this User Guide? ............................................................................... 7 Where To Find More Information ...................................................................... 8 The Documentation Set .............................................................................. 8 Technical support .............................................................................................. 9 Features of the Router .........................
The Diagnostics Menu .............................................................................. Changing the Password ............................................................................ Context Sensitive GUI Help ....................................................................... Saving Configuration Entered with the GUI .............................................. Combining GUI and CLI Configuration ..................................................... Configuring Multiple Devices ......
Frame Relay (models with PIC bay) .................................................................. Integrated Services Digital Network (ISDN) (models with PIC bay) .................... BRI Versus PRI ........................................................................................... Configuring the Basic Rate Interface ......................................................... Configuring the Primary Rate Interface ..................................................... Default Setup ................
Chapter 1 Introduction Welcome to the AR400 Series router — the optimal solution for your small or medium sized business. This guide introduces your new router and will guide you through the most common uses and applications. Getting started will not take long—many applications are set up in just a few minutes. If you have any questions about the router, contact your authorised distributor or reseller.
AR400 Series Router User Guide ■ Chapter 3, Getting Started with the Graphical User Interface (GUI) describes how to access and use the graphical user interface. ■ Chapter 4, Operating the router introduces general operation, management and support features, including loading and installing support files and new releases. ■ Chapter 5, Physical and Layer 2 Interfaces describes how to configure Layer 1 and Layer 2 features, including PPP, ISDN and synchronous interfaces.
Introduction 9 • Configuration Examples—a collection of ready-to-use examples of typical network configurations, complete with scripts to download to an AR400 router using AT-TFTP. • AT-TFTP Server for Windows, for downloading software releases, scripts and other files to or from an AR400 router. • Adobe Acrobat Reader for Windows for viewing and printing the online documentation in PDF format. Get instant access to information with full-text searching of PDF documents by keyword or phrase.
AR400 Series Router User Guide You can add additional interfaces to these routers by installing a Port Interface Card (PIC) in the PIC bay. The AR450S base unit supports: ■ five 10/100 Mbps full duplex switched Ethernet LAN ports. ■ two 10/100 Mbps full duplex Ethernet WAN port ■ two asynchronous serial ports ■ one built-in encryption processor The software support for the AR400 Series router and the expansion options provides wirespeed Layer 2 switching, including support for Virtual LANs.
Introduction Software Release 2.7.1 C613-02021-00 REV F 11 ■ TCP/IP routing. ■ Novell® IPX routing. ■ DECnet™ routing (Phase IV+ and area). ■ AppleTalk routing. ■ Generic Routing Encapsulation (GRE) protocols. ■ IP multicast routing support, including Internet Group Management Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP) and Protocol Independent Multicast (PIM) Sparse and Dense Modes.
Special Feature Licences You need a special feature licence and password to activate some special features over and above the standard software release. Typically, these special features are covered by government security regulations. Special feature licences and passwords are quite separate and distinct from the standard software release licences and passwords. The features that are available and that require special feature licences depend on region and router model.
Chapter 2 Getting Started with the Command Line Interface (CLI) This Chapter This chapter describes how to access the router’s CLI, and provides basic information about configuring the router, including how to: ■ Physically connect a terminal or PC to the router (see “Connecting a Terminal or PC” on page 14 and the Quick Install Guide). ■ Set the Terminal Communication parameters to match the router settings (see “Terminal Communication Parameters” on page 14).
AR400 Series Router User Guide Connecting a Terminal or PC The first thing to do after physically installing the router is to start a terminal or terminal emulation session to access the router. Then you can use the command line interface (CLI) to configure the router. If you wish to configure the router using the Graphical User Interface, you must first access the CLI and assign an IP address to at least one interface.
Getting Started with the Command Line Interface (CLI) 15 If a modem is connected, configure the router to make and/or accept calls via the modem. To set the CDCONTROL parameter to “CONNECT” and the FLOW parameter to “HARDWARE”, enter the command: SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE If the terminal or modem is used with communications settings other than the default settings, then configure the asynchronous port to match the terminal or modem settings using the SET ASYN command.
where: ■ ipadd is an unused IP address on your LAN. ■ mask is the subnet mask (for example 255.255.255.0) If IP addresses on your LAN are assigned dynamically by DHCP, you can set the router to request an IP address from the DHCP server, using the commands: ADD IP INTERFACE=vlan1 IPADDRESS=DHCP ENABLE IP REMOTEASSIGN You do not need to set the MASK parameter because the subnet mask received from the DHCP server is used.
Getting Started with the Command Line Interface (CLI) 17 AR410 and Switching on the AR440S, AR441S and AR450S in the Software Reference. For more information about IP addressing and routing, see Chapter 6, Routing in this document, and the Internet Protocol (IP) chapter in the Software Reference. Setting Routes The process of routing packets consists of selectively forwarding data packets from one network to another.
AR400 Series Router User Guide Choosing a Password All users, including managers, should take care in selecting passwords. Tools exist that enable hackers to guess or test many combinations of login names and passwords easily. The User Authentication Facility (UAF) provides some protection against such attacks by allowing the manager to set the number of consecutive login failures allowed and a lockout period when the limit is exceeded.
Getting Started with the Command Line Interface (CLI) 19 Table 2: Command line editing functions and keystrokes (Continued) Function VT100 Terminal Dumb terminal Recall previous command ↑ or [Ctrl/B] [Ctrl/B] Recall next command ↓ or [Ctrl/F] [Ctrl/F] Display command history [Ctrl/C] or SHOW PORT HISTORY [Ctrl/C] or SHOW PORT HISTORY Clear command history RESET PORT HISTORY RESET PORT HISTORY Recall matching command [Tab] or [Ctrl/I] [Tab] or [Ctrl/I] The router assumes that the width of
Also, typing a question mark “?” at the end of a partially completed command displays a list of the parameters that may follow the current command line, with the minimum abbreviations in uppercase letters. The current command line is then re-displayed, ready for further input. Enabling Special Feature Licences You must enable the special feature licence you have purchased before you can use the licenced features. You will need the password provided by your authorised distributor or reseller.
Getting Started with the Command Line Interface (CLI) 21 System name, location and contact parameters can help a remote network administrator identify the router. By convention the system name is the full domain name. Set the name of the router, for example: SET SYSTEM NAME=nd1.co.
AR400 Series Router User Guide Software Release 2.7.
Chapter 3 Getting Started with the Graphical User Interface (GUI) This Chapter This chapter describes how to access the router’s HTTP-based Graphical User Interface (GUI), and provides basic information about using the GUI, including: ■ What is the GUI? • ■ ■ an introduction to the Graphical User Interface Accessing the router via the GUI: • browser and PC setup, including interaction with HTTP proxy servers • establishing a connection to your router, including an example of configuring SSL for se
What is the GUI? The GUI (Graphical User Interface) is a web-based device management tool, designed to make it easier to configure and monitor the router. The GUI provides an alternative to the CLI (Command Line Interface). Its purpose is to make complicated tasks simpler and regularly performed tasks quicker. The GUI relies on an HTTP server that runs on the router, and a web browser on the host PC.
Getting Started with the Graphical User Interface (GUI) 25 To enable JavaScript in Netscape 6.2.x: 1. From the Edit menu, select Preference 2. Select the Advanced menu option. 3. Ensure that the “Enable JavaScript for Navigator” checkbox is checked. The minimum screen resolution on the PC is 800x600. Pop-up Windows Pop-up windows must be allowed. If you are using a toolbar or plug-in on your browser to block pop-ups, disable it while using the GUI.
AR400 Series Router User Guide Establishing a Connection to the Router Before you start, consider how the router fits into your network. If you are installing a new router, consider whether you want to configure it before deploying it into the LAN, or want to configure it in situ. If you want to access a router that has already been configured, consider the relative positions of the PC and the router.
Getting Started with the Graphical User Interface (GUI) 27 Option 1: Configuring the Router before Installation Use this procedure if: ■ You want to configure the router before installing it in your LAN. ■ You will be installing the router at a remote office or a customer site and want to configure it first. ■ You want a dedicated management PC permanently connected to the router. 1.
8. Point your web browser at the LAN interface’s IP address 9. At the login prompt, enter the user name and password The default username is manager: User Name: manager Password: friend The System Status page is displayed (Figure 5 on page 33). Select options from the sidebar menu to configure and manage the router. Option 2: Installing the Router into the LAN Use this procedure if: ■ You want to install the router into the LAN before you configure it. 1.
Getting Started with the Graphical User Interface (GUI) 29 Figure 4: Configuring the router from a PC in another subnet. gateway subnet subnet AR400 Series router You can browse to the router through any VLAN or ETH port, as long as you give that interface an IP address (see below). The recommended LAN interface is vlan1, and these instructions assume you will use vlan1 as the LAN interface. The switch ports all belong to vlan1 by default. 3.
AR400 Series Router User Guide 7. If you want to be able to browse to the GUI securely, configure SSL (Secure Sockets Layer) See “Secure Access” on page 31 for more information. 8. Save the configuration and set the router to use it on bootup CREATE CONFIG=filename.cfg SET CONFIG=filename.cfg 9. On the PC, bypass the HTTP proxy server, if necessary See “HTTP Proxy Servers” on page 25 for more information. 10.
Getting Started with the Graphical User Interface (GUI) 31 See “Browser and PC Setup” on page 24 for more information. 3. If necessary, bypass the HTTP proxy server See “HTTP Proxy Servers” on page 25 for more information. 4. Browse to the router For normal access, point your web browser to http://ip-address where ip-address is the interface’s IP address.
AR400 Series Router User Guide RESTART ROUTER 2. Login as a Security Officer To login as the user with Security Officer privilege called “CIPHER”, use the command: LOGIN CIPHER And then enter the password for “CIPHER”, “sbr4y3”. 3. Enable system security To enable system security, use the command: ENABLE SYSTEM SECURITY 4. Create an RSA key pair for this router. To create an RSA key pair, use the command: CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024 5. Set the router’s distinguished name.
Getting Started with the Graphical User Interface (GUI) 33 10. Configure an IP interface to run SSL over To configure an IP interface that SSL will be run over, first enable IP using the command: ENABLE IP To make VLAN1 the IP interface, and 172.30.1.105 the interface’s IP address, use the command: ADD IP INTERFACE=vlan1 IP=172.30.1.105 To add an IP route on this interface with a next hop of 172.30.1.254, use the command: ADD IP ROUTE=0.0.0.0 INTERFACE=vlan1 NEXT=172.30.1.
AR400 Series Router User Guide Using the GUI: Navigation and Features The GUI consists of a large number of pages, which you navigate between using the menu on the left of the browser window. This section describes how to use the GUI, and gives an overview of its functionality. The Quick Start Menu (some models only) The Quick Start options offer one-page configuration of your WAN or LAN connection.
Getting Started with the Graphical User Interface (GUI) 35 Using Configuration Pages Most protocols are configured by creating or adding an entry - an IP route, a PIM interface, and so on. For such protocols, configuration with the GUI is based on sets of three pages: first you see a “summary” page, and from that you access an “add” page and a “modify” page. Complex protocols are subdivided into different tabs, each with their own summary, add and modify pages.
AR400 Series Router User Guide Figure 6: An example of a configuration page with a selection table Tabs Heading row Radio button Add, Modify and Remove buttons Figure 7: An example of a popup “add” page Text field Select list Checkbox Apply and Cancel buttons Software Release 2.7.
Getting Started with the Graphical User Interface (GUI) 37 Figure 8: An example of a popup “modify” page Non-editable field Editable Fields GUI pages allow you to enter values or select options through a range of field types. These include: • text fields, to enter character strings or numbers, especially for fields where there are few limits on the entries (such as names).
AR400 Series Router User Guide Close Button A Close button closes a popup page, and conserves any changes that you made to the settings on the page by clicking on buttons like Add, Modify, Remove or Apply. Changes you made to editable fields will not be conserved when you click Close (unless you first clicked Apply).
Getting Started with the Graphical User Interface (GUI) 39 The Diagnostics Menu The GUI’s diagnostics pages enable you to troubleshoot network problems and observe traffic flow, including: • displaying the number of good and bad packets received and transmitted over each switch port • displaying the number of frames related to 802.
AR400 Series Router User Guide To freeze the banner’s display so that the help does not change when you move the mouse, press the [Ctrl] key. To unfreeze, press [Ctrl] again. Note that element information is not available for most entries in tables. To see descriptions of the columns of tables, click Complete Help Page. ■ Click Complete Help Page to see all available information, including the element information, in a separate printable window.
Getting Started with the Graphical User Interface (GUI) 41 Upgrading the GUI You can download the latest GUI resource file from the support site at http://www.alliedtelesyn.co.nz/support/ar400. Before you start, ensure that the router is running the most recent release and patch files. The GUI is not part of the firmware release file, but the most recent resource file will generally only be compatible with the most recent software release.
AR400 Series Router User Guide • server is the IP address of the TFTP server the file is loaded from. When the router has loaded the file into its RAM, it displays the message “File transfer successfully completed”. It then writes the file to FLASH memory, which takes approximately 30 seconds after the message. Once the file has been copied to FLASH, you can enter commands that refer to it. 3.
Getting Started with the Graphical User Interface (GUI) 43 Deleting Temporary Files Browsers store local copies of web pages as temporary files. If you upgrade to a new GUI resource file, or if you encounter problems in browsing to the GUI, you may need to delete these files (clear the cache). To clear the cache in Internet Explorer: 1. From the Tools menu, select Internet Options. 2. On the General tab, click the Delete Files button. 3. The Delete Files dialog box opens. Click the OK button.
Problem The GUI is behaving inconsistently, or you cannot access some pages. Solution ■ Delete your browser’s temporary files (see “Deleting Temporary Files” on page 43) and try again. ■ Check that JavaScript is enabled. ■ If you are using a toolbar or plug-in on your browser to block pop-ups, disable it while using the GUI. The GUI displays detailed configuration options and information in pop-up windows.
Getting Started with the Graphical User Interface (GUI) • ■ 45 Any password and authentication settings must be configured on the neighbour as well as on this router. Check that the router is passing the correct DNS information to hosts on the LAN, if the router is a DHCP server. If the router acting as a DHCP client as well, and therefore is passing on DNS information from another DHCP server, check that this DHCP server is providing the router with the correct information.
AR400 Series Router User Guide ■ Problem Solutions Illegitimate traffic is reaching your LAN or DMZ. ■ ■ Problem Solutions Check the NAT configuration. See “Traffic Flow and Network Address Translation (NAT)” on page 44. The most likely cause of this problem is an incorrect rule. Check that: • “Allow” rules are tight enough that only the intended traffic types are allowed through. • The firewall is processing the rules in the order you expected, and that specific rules (e.g.
Getting Started with the Graphical User Interface (GUI) Problem Solutions 47 A device on your LAN or DMZ can access a service on the Internet even though it should be blocked. ■ ■ The most likely cause of this problem is an incorrect outgoing rule. Check that: • Rules intended to block traffic have an action of “Deny”. • The firewall is processing the rules in the order you expected, and that specific rules (e.g. block IP address x from using FTP) have lower numbers than general rules (e.g.
AR400 Series Router User Guide Traffic Logging and Firewall Alert Messages Problem Firewall Alert messages are not being emailed. Solution ■ Check that Enable Email Firewall Alerts is checked (Configuration > Firewall > Events > Alarms tab) and that the email address is correct. ■ Check that the DNS Server IP is correct (Configuration > Internet Protocol > General). ■ Check that a hostname is correctly specified (Configuration > System > General).
Getting Started with the Graphical User Interface (GUI) 49 Problem The router’s clock does not synchronise with the NTP peer. Solution ■ The router’s clock can only synchronise with the NTP peer if its initial time is similar to the NTP peer’s time (after setting the UTC offset). Manually set the router’s time so that it is approximately correct, and enable NTP again. ■ Check that the UTC offset is correct.
AR400 Series Router User Guide Software Release 2.7.
Chapter 4 Operating the router This Chapter This chapter introduces basic operations on the router, including: ■ “User Accounts and Privileges” on page 51 ■ “Normal Mode and Security Mode” on page 53 ■ “Remote Management” on page 56 ■ “Storing Files in FLASH Memory” on page 56 ■ “Using Scripts” on page 57 ■ “Loading and Uploading Files” on page 59 ■ “Upgrading Router Software” on page 63 ■ “Using the Built-in Editor” on page 67 ■ “SNMP and MIBs” on page 68 User Accounts and Privileges Th
AR400 Series Router User Guide In normal mode, a user with manager privilege can create and delete accounts for users with any of these privilege levels. Users and passwords are managed by the User Authentication Facility. Users and passwords are authenticated using an internal database called the User Authentication Database, or by interrogation of external RADIUS (Remote Authentication Dial In User Service) or TACACS (Terminal Access Controller Access System) servers.
Operating the router 53 See the Operations chapter in the Software Reference for: ■ More information about managing and using accounts with user, manager and security officer privileges ■ A full list of commands that require security officer privilege when the router is in secure mode ■ Information about enabling a remote security officer. Normal Mode and Security Mode The router operates in one of two modes, either normal mode or security mode. By default, the router is in normal mode.
AR400 Series Router User Guide router is in security mode. A complete list of commands limited by security mode are listed in the Operation chapter in the Software Reference. Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode .
Operating the router 55 Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued).
AR400 Series Router User Guide Table 5: Commands requiring SECURITY OFFICER privilege when the router is operating in security mode (Continued). Command Specific Parameters SET SSH SET STAR SET USER SHOW CONFIG SHOW ENCO KEY SHOW FEATURE SHOW FILE SHOW PPP CONFIG SHOW STAR [=id], MKTTRANSFER, NETKEY UPLOAD Remote Management You can manage remote routers as easily as you manage the local router a terminal is connected to.
Operating the router 57 FLASH memory is like a flat file system, with no subdirectories. File names of up to 16 characters long, with extensions of 3 characters (DOS 16.3 format), are supported on the router. However, files on the router are stored in FLASH using the DOS 8.3 format of 8 characters long, with extensions of 3 characters. For example, the file extralongfilenam.cfg may be saved as extral~1.cfg in the FLASH File System.
AR400 Series Router User Guide The commands you enter into the router from the command line affect only the dynamic configuration in RAM, which is not retained over a power cycle. The router does not automatically store these changes in FLASH memory. When the router is restarted, it loads the configuration defined by the boot script, or if the router was restarted using the RESTART command, any script file specified in the RESTART command.
Operating the router 59 Storing Multiple Scripts You can store multiple configuration scripts on the router. This allows you to test new configuration scripts once, before setting them as the default configuration. For example, to test the new configuration script test.cfg, enter the command: RESTART SWITCH CONFIG=test.cfg Storing multiple scripts also allows you to keep a backup router with configuration scripts stored on it for every router in the network to speed up network recovery time.
AR400 Series Router User Guide Table 6: File extensions and file types (Continued). Extension File type/function INS Stores install information created by using the SET INSTALL command. JPG (Joint Photographic Experts Group) graphic image file. KEY Public portion of an RSA key. LIC Licence information. LOG Log file. MDS Modem script. PAT Patch. PAZ Compressed patch. REL Software release. REZ Compressed release. SCP Script.
Operating the router 61 To load a file onto the router using the HTTP protocol, enter the command: LOAD [METHOD={HTTP|WEB|WWW}] [DELAY=delay] [DESTFILE=destfilename] [DESTINATION=BOOTBLOCK|FLASH}] [HTTPPROXY={hostname|ipadd} [PASSWORD=password] [PROXYPORT=1..65535]] [SERVER={hostname|ipadd}] [SERVPORT={1..65535|DEFAULT}] [SRCFILE|FILE=filename] [USERNAME=username] The router can only load one file at a time. Wait for the current transfer to complete before initiating another transfer.
AR400 Series Router User Guide To load a patch file 1. Configure the LOADER. Set the LOADER module with defaults to make the process of downloading files in future simpler. SET LOADER METHOD=HTTP SERVER=192.168.1.1 DESTINATION=FLASH 2. Download the patch file. Download the patch file onto the router, using the defaults set above. LOAD FILE=52261-01.paz When the download has completed, check that the file is in FLASH. SHOW FILE This shows the file 52261-01.paz is present.
Operating the router 63 2. Upload the configuration file. Upload the configuration file from the router into the TFTP directory of the TFTP server on the network, using the defaults set above. UPLOAD FILE=filename.cfg Monitor the load progress. SHOW LOAD When the upload is complete, check that the file is in the TFTP directory on the network host.
AR400 Series Router User Guide • Secondly, if no temporary install is defined, or the install information is invalid, the router checks the preferred install. If present, this install is loaded. The router never deletes the preferred install information. • Thirdly, if neither a temporary install nor a preferred install is specified, the router loads the default install. The default install is always present in the router because if, for some reason, it is not, the INSTALL module will restore it.
Operating the router 65 2. Load the new release file onto the router. Make sure there is space in FLASH for the new release file. Load the new file onto your router. Make sure the release file matches your router model (see “Upgrading Router Software” on page 63). Load any patch files required, and the help file for the release (see “Loading and Uploading Files” on page 59). To load the release file using your LOADER default settings, enter the command: Wait for the release to load.
AR400 Series Router User Guide Example: Upgrade to a new patch file Use this procedure to upgrade the software release currently running on the router with a new patch. This example assumes that the Software Release 2.6.1 is set as the preferred release, on an AR410 router. The patch name is this example is 52261-01.paz. To upgrade to a new patch file: 1. Load the new patch file onto the router. Load the new file onto your router. See “Loading and Uploading Files” on page 59. LOAD FILE=52261-01.
Operating the router 67 Using the Built-in Editor The router has a built-in full-screen text editor for editing script files stored on the router file subsystem. Using the text editor you can run script files manually, or set script files to run automatically at router restart, or on trigger events. Figure 10 on page 67 shows a example screen shot of the text editor. To start the editor with a new file or an existing file, enter the command: EDIT [filename] Figure 10: The editor screen layout.
SNMP and MIBs You can remotely monitor some features of the router using Simple Network Management Protocol (SNMP). For information about the MIBs supported by the router, see Appendix C: SNMP MIBs in the Software Reference. The SNMP agent is disabled by default.
Operating the router 69 ■ How to use Router Startup Operations ■ How to use FLASH compaction to regain storage space on the router. Read “Warning about FLASH memory” on page 12 before you attempt to do this. ■ How to set aliases to represent common command strings. ■ How to define a remote security officer, so you can manage the security features remotely via Telnet. See other chapters in the Software Reference for more information on how to: Software Release 2.7.
AR400 Series Router User Guide Software Release 2.7.
Chapter 5 Physical and Layer 2 Interfaces This Chapter This chapter introduces the physical and logical interfaces available on the base unit router and the optional interfaces available as expansion options for the PIC bay.
AR400 Series Router User Guide Figure 11: Network overview. Data link protocols Physical interfaces SYN Network routing protocols PPP IP FR IPX X.25T X.25 LAPB MIOX AppleTalk X.25C BRI Q.931 ISDN CALL over BRI channel PRI Q.
Physical and Layer 2 Interfaces 73 Interfaces The physical interfaces on the base unit or expansion option, sometimes called ports, connect the router to the physical network. All data enters and leaves the router via an interface. The interface on the router and the device at the other end of the link must use the same encapsulations for the Layer 2 protocol.
AR400 Series Router User Guide Table 7: Interface type names. Type Description BRI Basic Rate ISDN interface ETH Ethernet interface (excluding switch ports) PRI Primary Rate ISDN interface SYN Synchronous interface Logical interfaces VLAN Virtual LAN interface over switch ports, numbered from 1 FR Frame Relay interface LAPB X.25 LAPB interface PPP Point-to-Point Protocol interface X25C X.25 DCE interface X25T X.
Physical and Layer 2 Interfaces 75 Asynchronous Port Asynchronous ports are normally used to connect a terminal to the router for configuration purposes. The default values for configurable parameters are modified by entering the command: SET ASYN=port-number option The factory default settings for asynchronous ports are shown in Table 8 on page 75. Table 8: Factory defaults for configurable parameters for asynchronous ports.
AR400 Series Router User Guide Asynchronous Call Control (ACC) You can configure the ACC module to answer calls made to a modem connected to an asynchronous port, to validate the user making the call and to configure the port to the mode appropriate for the desired service. Also, you can configure ACC to originate calls by controlling a modem attached to an asynchronous port and to switch the port to the appropriate mode once a connection to the remote device is established.
Physical and Layer 2 Interfaces 77 Synchronous Ports (models with PIC bay) You can use the asynchronous console port on the base unit to configure the router. Additional asynchronous ports can also connect terminals, printers and terminal ports on host computers. Your router supports synchronous interfaces with speeds of up to 2.048 Mbps, also known as E1.
AR400 Series Router User Guide Except on AR410 and AR410S models, Auto MDI/MDI-X is disabled when a switch port is set to a specific speed and duplex mode. On routers other than the AR410 or AR410S, it is also possible to require a switch port to operate at a single speed without disabling autonegotiation by allowing the port to autonegotiate, but constrain the speed/duplex options to the desired combination.
Physical and Layer 2 Interfaces 79 Once the system resource becomes available the switch transmission by the link partner of the port can resume. You can set the global retransmission time delay for all switch ports operating in half duplex mode. When the port attempts to transmit a packet and encounters a collision, the switch stops transmission and starts a short delay (backoff) before attempting re-transmission. If AGGRESSIVE is specified, the time delay is shorter.
AR400 Series Router User Guide To display the packet storm protection settings, use the command: SHOW SWITCH PORT[={port-list|ALL}] For more information about limiting switch traffic, see the SET SWITCH PORT command in the Switching on the AR440S, AR441S and AR450S chapter in the Software Reference. Virtual LANs A Virtual LAN (VLAN) is a software-defined broadcast domain. The router’s VLAN feature allows you to segment a network by software management to improve network performance.
Physical and Layer 2 Interfaces 81 Point to Point Protocol (PPP) The Point-to-Point Protocol (PPP) establishes a connection between the router and a service provider, on demand. PPP provides mechanisms for transmitting data over synchronous connections, ISDN, ACC and L2TP calls, groups of TDM slots, and Ethernet. Each protocol carried over PPP has an associated Network Control Protocol (NCP) that negotiates options for the protocol and brings up the link for that protocol.
AR400 Series Router User Guide PPPoE PPP over Ethernet (PPPoE) is defined in RFC 2516 “A Method of Transmitting PPP Over Ethernet”. PPPoE is used to run PPP over the Ethernet. The same authentication, billing and transfer systems as for PPP are then available in Ethernet networks. PPP over Ethernet enables multiple hosts at a remote site to share the same access device, while providing the access control and billing functionality of dial-up PPP connections.
Physical and Layer 2 Interfaces 83 Parameters for setting the interface defaults for encryption and compression are also set with the CREATE command. These values are used by all DLCs on the interface unless specifically overridden for a particular DLC. After the Frame Relay interface is created, to change the LMI parameters, enter the command: SET FRAMERELAY You may modify any or all of the parameters on a single command line.
AR400 Series Router User Guide 3. Add logical interfaces if required Frame Relay logical interfaces (FRLI) provide a mechanism for organising DLCs into groups. Each FRLI, or group of DLCs, are assigned its own IP address to split the Frame Relay network into subnets. A default FRLI 0 is always created when a Frame Relay interface is created. To create additional FRLI’s, enter the command: ADD FRAMERELAY=fr-interface LI=logical-interface By default, all DLCs are associated with the default FRLI 0.
Physical and Layer 2 Interfaces 85 Integrated Services Digital Network (ISDN) (models with PIC bay) To use ISDN connections you need to install the appropriate Port Interface Card (PIC) in the router’s PIC bay. Either install an ISDN Basic Rate ISDN (BRI) or Primary Rate ISDN (PRI) PIC.
AR400 Series Router User Guide Default Setup The standard LAPD configurations are shown in Table 9 on page 86 (Basic Rate Interfaces) and Table 10 on page 86 (Primary Rate Interfaces). These settings suit many situations. However, you can modify these settings as required to suit other network situations (see the Integrated Services Digital Network (ISDN) chapter in the Software Reference). Table 9: Standard LAPD configuration for an ISDN Basic Rate Interface.
Physical and Layer 2 Interfaces 87 Configuring ISDN (models with PIC bay) This section describes how to configure ISDN on an ISDN expansion option on your router using the command line interface. If you want to use ISDN, your router must have a PIC bay with the appropriate ISDN Port Interface Card installed. Simple ISDN configurations for Basic Rate ISDN, Primary Rate ISDN, ISDN Dial on Demand and ISDN Bandwidth on Demand are described.
AR400 Series Router User Guide 2. Select country or territory. To select the country in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA|EUROPE|JAPAN|KOREA| NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for the United States, enter the command: SET SYSTEM TERRITORY=USA If you are not sure which territory to use, contact your authorised distributor or reseller.
Physical and Layer 2 Interfaces 89 Enter directory numbers and subaddresses with the command: SET Q931=0 NUM1=number NUM2=number SUB1=subaddress SUB2=subaddress The ISDN service provider must supply the directory numbers and subaddresses. If the directory number is a full 10 digit number (3 digit area code plus 7 digit number), the router will append the digits “0101” to the number and attempt SPID initialisation with the result. This is known as the Generic SPID procedure.
AR400 Series Router User Guide 6. Create PPP interfaces. Create PPP interfaces to use the ISDN calls. PPP provides the link layer protocol and enables multiple network and transport layer protocols such as IP and Novell® IPX to be carried over the same ISDN link.
Physical and Layer 2 Interfaces 2. 91 Select the territory. To select the country or region in which the router is operated, enter the command: SET SYSTEM TERRITORY={AUSTRALIA|CHINA| EUROPE|JAPAN|KOREA|NEWZEALAND|USA} The territory determines which Q.931 profile is used on the ISDN interface. For example, to select the Q.931 profile for New Zealand, enter the command: SET SYSTEM TERRITORY=NEWZEALAND If you are not sure which territory to use, contact your authorised distributor or reseller.
AR400 Series Router User Guide set precedence to IN at one end of the call and OUT at the other end of the call. The ISDN number is the exact sequence required to reach the remote router from the local router, including STD access codes and area codes. The number may contain only decimal digits. Hyphens and other characters will result in an error. Check that the ISDN calls are successfully added with the command: SHOW ISDN CALL 5. Create PPP interfaces. Create PPP interfaces to use the ISDN calls.
Physical and Layer 2 Interfaces 2. 93 Create PPP interfaces. Create PPP interfaces to use the ISDN calls and enable the IDLE timer.
AR400 Series Router User Guide PPP interface 0 is now configured for bandwidth on demand operation and any routing protocols such as IP and IPX that are configured to use PPP interface 0 will automatically inherit the bandwidth on demand functionality. For more information about ISDN, including LAPD, Q.931, Call control, Call Logging, DNS, AODI, X.25 and Data over voice, see the Integrated Services Digital Network (ISDN) chapter in the Software Reference.
Physical and Layer 2 Interfaces 95 4. Configure a data link layer module, such as PPP (Point-to-Point Protocol), Frame Relay or X.25 LAPB, to use the synchronous interface. To create a PPP interface 0 to use synchronous port 0, enter the command: CREATE PPP=0 OVER=SYN0 5. To check the configuration, enter the commands: SHOW SYN=0 SHOW PPP=0 The output of the SHOW SYN command should show “Active” set to “yes” and “Module” set to “ppp”.
AR400 Series Router User Guide Figure 13: Example output from the SHOW IPX SERVICES command for a basic Novell IPX network IPX services Name Age Address Server type Circuit Hops Defined -------------------------------------------------------------------------------ACCOUNTS 0 00007500:000000000001:0451 0004:Fileserver 1 (eth0) 1 SAP ACCOUNTS 0 00007500:000000000001:8104 0107:RCconsole 1 (eth1) 1 SAP TYPISTS 0 00000012:0080488018d8:0451 0004:FileServer 1 (ppp0) 2 SAP -------------------------------------
Physical and Layer 2 Interfaces 97 To halt a trace route that is in progress, enter the command: STOP TRACE For more information about trace route, see the Internet Protocol (IP) chapter in the Software Reference. Software Release 2.7.
AR400 Series Router User Guide Software Release 2.7.
Chapter 6 Routing This Chapter This chapter introduces some routing protocols supported by the router, including: ■ Internet Protocol (IP) (see “Configuring an IP Network” on page 99). ■ IP Multicasting (see “Configuring IP Multicasting” on page 103). ■ Configuring Dynamic Host Configuration Protocol (see “Configuring Dynamic Host Configuration Protocol (DHCP)” on page 109.) ■ Novell IPX (see “Configuring a Novell IPX Network” on page 111).
AR400 Series Router User Guide Before You Start 1. Ensure that the routers you want to configure are connected as described in the Quick Install Guide. 2. Connect a terminal to the console port (port 0) on each router as described in the Quick Install Guide. Alternatively, you can connect a PC to the console port and use a terminal emulation program like Windows™ Terminal. 3. Login to the MANAGER account on each router (see “Logging In” on page 15).
Routing 101 To configure IP follow these steps The following steps are required: 1. Configure the PPP Link. 2. Create a VLAN and add untagged ports. 3. Configure the IP routing module on both routers. 4. Test the configuration. 5. Save the configuration. 1. Configure the PPP Link Refer to other sections of this guide on how to configure PPP interface 0 on each router to use the wide area link. 2.
AR400 Series Router User Guide 3. Configure IP Routing To clear any pre-existing IP configuration and turn on the IP routing software on each router, enter the commands: PURGE IP ENABLE IP On the Head Office router define two IP interfaces, one for the VLAN and one for the wide area link: ADD IP INT=VLAN2 IP=172.16.8.33 MASK=255.255.255.0 ADD IP INT=PPP0 IP=172.16.254.1 MASK=255.255.255.
Routing 103 You will see the login screen for the Remote Office router. To connect from the Remote Office router to the Head Office router, on the Remote Office router, enter the command: TELNET 172.16.8.33 5. Save the configuration To save the new dynamic configuration as a script, enter the command: CREATE CONFIG=IPCONF.SCP Configuring IP Multicasting IP multicasting is used to transmit packets to a group of hosts simultaneously on a TCP/IP network or sub-network.
AR400 Series Router User Guide Configuring IGMP By default, IGMP is disabled on the router and on all interfaces. To enable IGMP on the router, enter the command: ENABLE IP IGMP You must enable IGMP on an interface before the interface can send or receive IGMP messages. If DVMRP is used for multicast routing, you must also enable IGMP on any interfaces used by DVMRP.
Routing 105 Figure 15: Multicast configuration example using IGMP and DVMRP. Router A eth0 203.45.90.2 ppp1 Router C 203.45.90.3 ppp0 ISDN 172.73.1.2 172.73.1.1 .3 .2 ppp0 189.124.7.9 4 .7 2 17 0 fr0 202.96.152.12 eth Frame Relay IP host A 189.124.7.8 ppp0 172.74.1.2 17 2 2. 4. 7 2. fr0 202.96.152.4 1 eth eth0 172.70.1.2 172.70.1.1 172.74.1.
AR400 Series Router User Guide 4. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.9 MASK=255.255.0.0 ADD IP INTERFACE=PPP1 IPADDRESS=203.45.90.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.73.1.2 MASK=255.255.255.0 5. Configure IGMP.
Routing 107 3. Configure IP. To enable IP on the router, and assign IP addresses to the interfaces used by DVMRP for multicast routing, enter the commands: ENABLE IP ADD IP INTERFACE=PPP0 IPADDRESS=189.124.7.8 MASK=255.255.0.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.1.2 MASK=255.255.255.0 ADD IP INTERFACE=ETH1 IPADDRESS=172.74.2.2 MASK=255.255.255.0 4. Configure IGMP.
AR400 Series Router User Guide 4. Configure PPP. To configure a PPP interface over the ISDN interface, enter the command: CREATE PPP=0 OVER=ISDN-DVMRP IDLE=ON 5. Configure IP. To enable the IP module, and assign IP addresses to the interfaces, enter the commands: ENABLE IP ADD IP INTERFACE=FR0 IPADDRESS=202.96.152.12 MASK=255.255.255.0 ADD IP INTERFACE=PPP0 IPADDRESS=203.45.90.3 MASK=255.255.255.0 ADD IP INTERFACE=ETH0 IPADDRESS=172.74.2.3 MASK=255.255.255.0 6. Configure IGMP.
Routing 109 4. Configure IGMP. To enable IGMP on the router, and on the interfaces over which group membership will be managed, enter the commands: ENABLE IP IGMP ENABLE IP IGMP INTERFACE=ETH0 ENABLE IP IGMP INTERFACE=FR0 5. Configure DVMRP. To enable DVMRP on the router, and on the interfaces over which DVMRP will perform multicast routing, enter the commands: ENABLE DVMRP ADD DVMRP INTERFACE=ETH0 METRIC=1 ADD DVMRP INTERFACE=FR0 DLC=20 METRIC=6 Confirm multicasting.
AR400 Series Router User Guide On the router, DHCP is based on DHCP policies. Policies are predefined sets of configuration information items. Each policy defines IP configuration information for the clients that are attached to a single IP interface. Each policy has at least one IP address range attached to it. A range is a list of consecutively numbered IP addresses.
Routing 111 Configuring a Novell IPX Network The router’s implementation of the Novell IPX protocol uses the term circuit to refer to a logical connection over an interface, similar to an X.25 permanent virtual circuit (PVC) or a Frame Relay Data Link Connection (DLC). The term interface refers to the underlying physical interface, such as VLAN, Ethernet, Point-to-Point (PPP) and Frame Relay. Before You Start 1. Collect the information that you will need to configure IPX.
AR400 Series Router User Guide Configuring IPX This example (Figure 16 on page 112) illustrates the steps required to configure a pair of AR410 routers to create a Novell® IPX internetwork, using the router’s command line interface. In this scenario, PCs at a remote office need access to a Novell file server at the Head Office site. The two sites are connected by a PPP link over a wide area link—either a dedicated leased line or an ISDN call. Figure 16: Example configuration for an IPX network.
Routing 113 To configure IPX follow these steps The following steps are required: 1. Configure the PPP link. 2. Configure the routers for IPX. 3. Test the configuration. 4. Save the configuration. 1. Configure the PPP Link Refer to other sections of this guide on how to configure PPP interface 0 on each router to use the wide area link. 2. • See “Point to Point Protocol (PPP)” on page 81 for information about configuring PPP to use a synchronous link.
AR400 Series Router User Guide local (i.e. via eth0) on one router, should also be visible on the other router, via the PPP link. Test that a workstation on the Remote Office LAN can login to the file server on the Head Office LAN. 4. Save the Configuration Save the new dynamic configuration as a script, by entering the command: CREATE CONFIG=IPXCONF.SCP To add an IPX circuit over a VLAN 1.
Routing 115 Figure 17: Example output from the SHOW IPX CIRCUIT command. IPX CIRCUIT information Name ......................... Status ....................... Interface .................... Network number ............... Station number ............... Link state ................... Cost in Novell ticks ......... Type20 packets allowed ....... On demand .................... Circuit 1 enabled vlan11 (802.3) c0e7230f 0000cd000d26 up 1 no no Spoofing information Keep alive spoofing ..........
AR400 Series Router User Guide Figure 18: Example configuration for an IPX dial-on-demand network. Head Office Router Remote Office Router Network = 129 PPP Data Link Network = 12 Network = 401 Remote PC Netware File Server UGIPX2_R Table 14: Example configuration parameters for IPX dial-on-demand. Parameter Head Office Router Remote Office Router Ethernet interface eth0 eth0 Ethernet encapsulation 802.3 802.
Routing 117 3. Define IPX circuits On the Head Office router define two IPX circuits, one for the Ethernet interface and one for the wide area link. To configure the wide area link as a demand link and enable RIP and SAP change broadcasts, enter the commands: ADD IPX CIRC=1 INT=ETH0 NETW=401 ENCAP=802.
AR400 Series Router User Guide 4. Save configuration To save the new dynamic configuration as a script, enter the command: CREATE CONFIG=IPXFILT.SCP AppleTalk The AppleTalk network architecture provides internetworking of Macintosh computers and other peripheral devices using LocalTalk media. AppleTalk allows seamless access to network services such as file servers and printers from the Macintosh desktop environment.
Routing 119 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) is a distance vector protocol that is part of the TCP/IP protocol suite used to exchange routing information between routers. RIP determines a route based on the smallest hop count between source and destination. Routing protocols such as RIPv1 and RIPv2 can be enabled on a VLAN.
AR400 Series Router User Guide Figure 21: Example output from the SHOW RSVP INTERFACE command. RSVP Interfaces Maximum Reserved No.
Routing 121 Configuring a Basic OSPF Network This example (Figure 22 on page 121) is a simple network of two routers connected together, each with its own local area network. The routers all belong to a single class B network 172.31.0.0, which has further been subnetted using the subnet mask 255.255.255.0. Figure 22: .A basic OSPF network with an addressless PPP link. Router 2 Router 1 172.31.2.2 172.31.2.1 Point-to-Point link 172.31.1.1 172.31.108.
AR400 Series Router User Guide ADD IP INTERFACE=ETH0 IP=172.31.108.10 MASK=255.255.255.0 OSPFMETRIC=1 4. Configure router 2 as an OSPF router. To create an OSPF area, assign the IP interfaces to the area, and configure OSPF routing parameters, enter the command: ENABLE OSPF ADD OSPF AREA=0.0.0.1 AUTHENTICATION=PASSWORD ADD OSPF RANGE=172.31.0.0 AREA=0.0.0.1 MASK=255.255.0.0 ADD OSPF INTERFACE=ETH0 AREA=0.0.0.1 PASSWORD=csecret ADD OSPF INTERFACE=PPP0 AREA=0.0.0.
Chapter 7 Maintenance and Troubleshooting This Chapter If you are familiar with networking and router operations, you may be able to diagnose and solve some problems yourself. This chapter gives tips on how to: ■ start your router (see “How the Router Starts Up” on page 124). ■ avoid problems (see “How to Avoid Problems” on page 125). ■ reconfigure your router if you accidentally clear the FLASH memory (see “What to Do if You Clear FLASH Memory Completely” on page 127).
AR400 Series Router User Guide How the Router Starts Up The sequence of operations that the router performs when it boots are: When the router boots, the following sequence of operations is performed: 1. Perform startup self tests. 2. Perform the install override option. 3. Load the FLASH boot release as the INSTALL boot. 4. Inspect and check INSTALL information. 5. Load the required release as the main boot. 6. Start the router. 7. Execute the boot script, if one has been configured.
Maintenance and Troubleshooting 125 When you start the router the FLASH boot release is always loaded first. The FLASH boot release contains all the code required to obtain and check the INSTALL information. This first boot is known as the INSTALL boot. The INSTALL information is inspected and the router is setup to perform another load. Even if the actual release required is the FLASH boot release, another load is always performed. At this point, if a patch load is required, it is also performed.
AR400 Series Router User Guide Configure logging The logging facility stores log messages for events with a specified severity in a log file. You can change the size of the log file, and the kind of messages recorded. You can configure the router to output log messages in several ways, including to a remote router with a specified IP address, or as an email to a particular email address. The router can also receive log messages from another router.
Maintenance and Troubleshooting 127 What to Do if You Clear FLASH Memory Completely DO NOT clear the FLASH memory completely. The software release files are stored in FLASH, and clearing it would leave no software to run the router. If you accidentally do this, you will need to: 1. Boot with default configuration. Reboot the router from a terminal connected to the asynchronous terminal port (not Telnet).
AR400 Series Router User Guide What to Do if the PPP Link Disconnects Regularly If the device at the other end of the PPP link is not an ATR router or switch but is supplied by another vendor turn LQR (Link Quality Reporting) off on PPP links (LQR=OFF) and instead use LCP Echo Request and Echo Reply messages to determine link quality (ECHO=ON).
Maintenance and Troubleshooting ■ 129 To get debugging output, enter the command: SHOW DEBUG ■ Depending on the problem, the support personnel may also ask you for the output from the following commands (see the Monitoring and Fault Diagnosis section in the Operations chapter of the Software Reference): SHOW EXCEPTION SHOW STARTUP SHOW LOG SHOW CPU SHOW BUFFER Resetting Router Defaults To restart the router at any time with no configuration, enter the command: RESTART ROUTER CONFIG=NONE If boot.
AR400 Series Router User Guide To set PING defaults, enter the command: SET PING [{[IPADDRESS=]ipadd|[IPXADDRESS=]network:station| [APPLEADDRESS=]network.node}] [LENGTH=number] [NUMBER={number|CONTINUOUS}] [PATTERN=hexnum] [{SIPADDRESS=ipadd|SIPXADDRESS=network:station|SAPPLEADDR ESS=network.
Maintenance and Troubleshooting 131 Figure 24: Example output from the SHOW PPP command for a basic TCP/IP network. Name Enabled ifIndex Over CP State ---------------------------------------------------------------------------ppp0 YES 04 IPCP OPENED isdn-roho LCP OPENED ------------------------------------------------------------------------------ To interpret output from the SHOW PPP command see the Point-to Point (PPP) chapter in the Software Reference. 4.
AR400 Series Router User Guide Troubleshooting DHCP IP Addresses Your router is acting as a DHCP client If your router is acting as a DHCP client the router should receive its IP address dynamically. If your router is not receiving an IP address, check that the domain name and host name are correct. Your router is acting as a DHCP server If your router is not assigning IP addresses to a host, or hosts, on the subnet perform this procedure: 1.
Maintenance and Troubleshooting 2. 133 Check IPX circuit configuration To check that the IPX circuits are correctly configured on each router repeat steps 1 through 3 above, or enter the command: SHOW IPX CIRCUIT Check that there are two circuits, and for each circuit check that the circuit is enabled, uses the correct interface and encapsulation (for Ethernet interfaces), the network number is correct and “On demand” is set to “no”. If not, then repeat steps 1 through 3. 3.
AR400 Series Router User Guide 4. Check route tables To check the route tables on both routers, enter the command: SHOW IPX ROUTE Check for the presence of networks on the remote side of the wide area network. If the remote network is missing from the route table on either router, enter the command: RESET IPX which resets the IPX routing software and forces the routers to broadcast their routing and service tables.
