Telecommunications Group 3641-80 / 3648-80 Ethernet Routers Guide and Web Users Manual Section 364-180-N02 Equipment Issue 1 1st Printing, April, 2006 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Contents 1. About This Manual ..................................................................................................................1 1.1. Revision History........................................................................................................................ 1 1.2. Document Organization............................................................................................................. 1 1.3. Glossary of Terms and Acronyms .....................
Section 364-180-N02 DNS Relay ...................................................................................................................63 Security 66 VPN Configuration ......................................................................................................88 SNTP client ................................................................................................................105 Syslog SNMP Port 7. 109 110 115 CLI Configuration Tool ...........................................
Section 364-180-N02 List of Figures Figure 4-1 Router card point to point application.................................................................................... 7 Figure 4-2 Router card frame relay application ....................................................................................... 7 Figure 4-3 Router card VPN application ................................................................................................. 8 Figure 4-4 Router card dual gateway application ........
Section 364-180-N02 Figure 6-24 Web Tool – WAN connection: PPP routed page................................................................. 46 Figure 6-25 Web Tool – WAN connections page................................................................................... 47 Figure 6-26 Web Tool – WAN connection: PPP bridged page............................................................... 50 Figure 6-27 Web Tool – WAN connections page..................................................................
Section 364-180-N02 Figure 6-53 Web Tool – Security: Firewall Add TCP Port Filter page .................................................. 76 Figure 6-54 Web Tool – Security: Firewall Add Raw IP Filter page ..................................................... 77 Figure 6-55 Web Tool – Security: Firewall Add Trigger page............................................................... 81 Figure 6-56 Web Tool – Security: Firewall Configuration Intrusion Detection page............................
Section 364-180-N02 vi ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 List of Tables Table 1-1 Revision history table .............................................................................................................. 1 Table 1-2 Glossary of terms and acronyms.............................................................................................. 1 Table 3-1 Router card specifications........................................................................................................ 5 Table 6-1 Default user name and password ..
Section 364-180-N02 Issue 1.0, April 2006 1. About This Manual 1.1. Revision History Table 1-1 Revision history table Revision Date Description Issue 1.0 April, 2006 Initial release 1.2. Document Organization About This Manual, Chapter 1, introduces you to the document. General Overview, Chapter 2, provides overview and features of the router card. Specification, Chapter 3, provides the technical specifications. Applications, Chapter 4, introduces some application examples.
Section 364-180-N02 Issue 1.0, April 2006 L2TP Layer Two Tunneling Protocol NAT Network Address Translation PAP Password Authentication Procedure PPP Point to Point Protocol PPPoH PPP over High-Level Data Link Control PPTP Point to Point Tunneling Protocol PVC Permanent Virtual Circuit RIP Routing Information Protocol SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol VPN Virtual Private Networking WAN Wide Area Network 2 ©2006 Charles Industries, Ltd.
Section 364-180-N02 Issue 1.0, April 2006 2. General Overview This document supports both the 3641-80 Single Port router and the 3648-80 router which includes an 8 port Ethernet switch. The router cards are Ethernet IP routers, which mounts in a full size card slot. The only difference between the 3641-80 and 3648-80 is that the 3648-80 has an unmanaged Ethernet switch to eliminate the need for an external switch. Therefore the routers will be referred to as ‘the router’.
Section 364-180-N02 Issue 1.0, April 2006 Support DHCP Server / Relay Agent / Client mode Support DNS Client / Relay mode Support Frame Relay WAN layer 2 protocol Support PAP and CHAP Support all three types of VPN --- IPSec, PPTP, and L2TP Simple firmware update via web-based GUI interface NOTE: There are certain features that are only accessible through the Web Configuration Tool: 1. Digital signature certificates of IPSec 2. Remote upgrade firmware (by browser http-upload.tar file) 3.
Section 364-180-N02 Issue 1.0, April 2006 3. Specifications Table 3-1 Router card specifications Parameter Specification Dimension: Height 1.9 cm Width 24.45 cm Depth 23.49 cm Weight 300 g Operating Environment (in service) -40℃ ~ +65℃ Power: Less than 1 amp. < 95﹪RH DC input voltage range of – 42V to 56V Console port Standard DB-9 connector, DCE configured with baud rate 9600, 8 bits of data, no parity, and 1 stop bit Ethernet port RJ-45 connector with IEEE 802.
Section 364-180-N02 Issue 1.0, April 2006 RIP V1 and V2 Meet the requirements of RFC 1058 and RFC 2453. IGMP Meet the requirements of RFC 2236. Supports IGMP Proxy as described in [draft-ietf-idmr-igmp-proxy-03] “IGMP-based Multicast Forwarding (IGMP Proxying)”, W. Fenner, July 2000. Static routing Meet the requirements of RFC 3442 and the current practice defined in RFC 3180/BGP 0053.
Section 364-180-N02 Issue 1.0, April 2006 4. Applications The router card can act as a frame relay router, frame relay bridge, firewall, VPN gateway, or IP sharing. The following figures are application examples. Point-to-Point application Figure 4-1 is for either router or bridge applications.
Section 364-180-N02 Issue 1.0, April 2006 Figure 4-3 Router card VPN application Dual Gateway application Frame Relay 10/100BaseT T1/E1 ICB 360 Secondary T1/E1 LAN ICB 360 10/100BaseT Primary T1/E1 Frame Relay LAN 10/100BaseT T1/E1 ICB 360 Figure 4-4 Router card dual gateway application 8 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 5. Installation 5.1. Preparing Before Installation The major functions of the Router Card are performed by the Ethernet network interface. Your computer must have an Ethernet Network Interface Card (NIC) installed and set up with the TCP/IP protocol before beginning to use the router. The router also provides a serial console port for monitoring and configuring the router via the built-in command line interface.
Section 364-180-N02 Issue 1.0, April 2006 6. Web Configuration Tool 6.1. About the Web Configuration The Web Configuration tool provides a series of web pages that you can use to setup and configure your Router card. There are three main menus. You can select each of the following menus from the left frame of the main window: Status Menu: Information about the current setup and status of the system and system hardware and options..
Section 364-180-N02 Issue 1.0, April 2006 6.3. TCP/IP Configuration In order to access the router’s Web GUI to begin your configuration, you must have the TCP/IP protocol installed and configured properly in your computer’s network interface card. Your computer’s TCP/IP settings must allow your computer to obtain an IP address automatically. To connect to the Internet or configure the router via Ethernet, the TCP/IP protocol must be installed and configured correctly.
Section 364-180-N02 Issue 1.0, April 2006 • If TCP/IP has been installed for your NIC, continue with Step 3 - Setup TCP/IP section. 13 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Step 2 - Install TCP/IP, if necessary Install TCP/IP now if it is not previously installed. You may need the Windows Installation CD-ROM. 1. Still in the “Network” window, click the Add button. The “Select Network Component Type” window will appear. Select Protocol by clicking on it once. Then click Add. 3. Confirm that the TCP/IP protocol has been correctly set up with your Ethernet. Click OK. 2. The “Select Network Protocol” window will appear.
Section 364-180-N02 Issue 1.0, April 2006 Step 3 - Setup TCP/IP 1. In the “Network” window, choose the 2. In the “TCP/IP Properties” window, Configuration tab. Then double-click the click the Gateway tab. Remove any TCP/IP component for your Ethernet installed Gateways by selecting them and NIC (for example, TCP/IP->Intel 21140 clicking the Remove button. based 10/100mbps Ethernet Controller). 15 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America.
Section 364-180-N02 Issue 1.0, April 2006 3. Click the DNS Configuration tab, and then click the Disable DNS button. NOTE: If you disable the routers DHCP functions, you will be unable to access the router with the setting shown in step 4. You will need to choose the Specify an IP address option in step 4 and then manually enter an IP address which is on the same subnet as the router and the Subnet Mask. For instance, assuming the router’s default IP address is 192.168.0.
Section 364-180-N02 Issue 1.0, April 2006 6.4. Login to Web Configuration Tool 1. Be sure you have configured your computer’s TCP/IP settings as described in the section 6.3. 2. Launch a compatible Internet Browser. In your Browser window, type the default IP address of the router, 192.168.0.1 into the URL bar and click GO or hit the Enter key. 3. You will be prompted to enter a User Name and Password. The default User Name and Password are: User Name: admin Password: Figure 6-1 1.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-2 Web Tool - Welcome page 18 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 6.5. Status Menu Login the Web Configuration GUI as described in the previous section. Click the Status link from the left frame, then a “Status” page will appear as below. 19 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-3 Web Tool – Status page 20 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 The Status Menu contains information about the current configuration of your router. It contains two sections: Status and Advanced Diagnostics. The Status section displays: • WAN IP Address: Current WAN IP address of your router card. • Local IP Address: Current local IP address of your router card. The Advanced Diagnostics section displays: • Port Connection Status: This section displays the type and connection status of ports.
Section 364-180-N02 Issue 1.0, April 2006 6.6. System Menu The System menu contains options that describe the system and allow low-level changes to be made. Login the web configuration GUI (refer to the section 6.1). Click the System link from the left frame, and then the following sub-headings will be shown on the left frame. • Error Log: • Upgrade: WARNING: This page display information about recent configuration errors. This page allows you to upgrade your firmware to your router.
Section 364-180-N02 Issue 1.0, April 2006 Upgrade The remote upgrade firmware can only be accessible through the Web Configuration Tool. The “Firmware Upgrade” page allows you to upgrade the firmware version of your router. You will need to download the new firmware file (the file name is http-upload.tar and you don’t have to uncompress the file) to your computer in order to upgrade successfully.
Section 364-180-N02 Issue 1.0, April 2006 3. Once the firmware upgrade is complete, the “Firmware Upgrade” page will refresh and indicate a successful upgrade. You will need to restart in order for the upgrade to take effect. Click the Restart button. Figure 6-6 4.
Section 364-180-N02 Issue 1.0, April 2006 Restart This page allows you to restart your router. Be sure that you have saved your configuration before restarting to preserve your modifications. Restarting the router will restore the last configuration ‘saved’. 1. Log in to your router. From the left frame, click System and then Restart. The “Restart Router” page will appear. In the “Restart” section, click the Restart button.
Section 364-180-N02 Issue 1.0, April 2006 6.7. Configuration Menu The Configuration menu contains options for configuring features on the router including basic LAN and WAN connections, DHCP and DNS settings, and VPN settings. There are sixteen sub-headings on the left frame in the configuration menu. • Save config: Allows you to save your current configuration to Flash memory. • Authentication: Allows you to create, edit and delete user accounts for the web configuration tool.
Section 364-180-N02 Issue 1.0, April 2006 Save config After configuring or modifying the configuration of your router, and before powering it off or rebooting it, you must save your configuration to the internal flash memory. Should you power off or reboot the router without saving, you will lose the settings previously configured. Be sure to save after making any change to your configuration. 1.
Section 364-180-N02 Issue 1.0, April 2006 2. The “Save configuration” page will reload stating that it has saved the configuration. Figure 6-9 Web Tool – Save configuration completed page Warning: Users must be patient to wait the result screen appear when they are doing the firmware upgrade and save configuration. If users interrupt the process arbitrarily, system will not run normally. 28 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America.
Section 364-180-N02 Issue 1.0, April 2006 Authentication The User Management section allows you to control the access levels of your defined users. The default user name and password for the router is: Table 6-1 Default user name and password User name Password admin admin firewall firewall user user To Edit a User, Change the Password, or Delete a User 1. Login to your router. From the left frame, click Configuration and then Authentication from the submenu.
Section 364-180-N02 Issue 1.0, April 2006 2. The “Authentication: Edit User ‘username’ ” page will appear. To delete this user, simply click the Delete this user button near the bottom of the screen. Or you may edit the settings of your choice for the user. You may enter a new password in the password field, which is recommended for the admin user. Then enter the description about the user, and select the access level using the “Access Level” menu.
Section 364-180-N02 Issue 1.0, April 2006 the functions users can edit based on their access levels: Table 6-2 User access levels Access Level Functions superuser All configurations engineer All configurations, except firmware upgrade, and user management default View status, view error log, system restart Finally, click the Apply button to apply your new settings. 3. You will be returned to the “Authentication” page. You may now edit another user, or create a new one, if needed.
Section 364-180-N02 Issue 1.0, April 2006 2. In the “Authentication: create user” page, the details for a new user includes the following items: • Username: Enter the new username you want to create • Password: Enter the password of the new user • GUI user?: • Dial-in user?: • pppLogin: • Access Level: Enable or disable GUI users access the router. Enable or disable ppp dial-in users access the router. Set the ppp authentication protocol. The options are none, chap, or pap.
Section 364-180-N02 Issue 1.0, April 2006 LAN Connections The LAN Connections page allows you to change the default and secondary IP address for the LAN port and lets you modify the RIP options. 1. Login to your router. From the left frame, click Configuration and then click LAN connection. The “LAN connection” page will appear. Figure 6-14 Web Tool – LAN connection page RIP Options: • Accept V1: Set to true if you would like to receive version 1 routing information packets.
Section 364-180-N02 Issue 1.0, April 2006 packets. • Send V2: Set to true if you would like to send version 2 routing information packets. • Send Multicast: Set to true if you need to send multicast packets (often used when you obtain your LAN port IP address dynamically). This item is useful only when Send V2 is set to true. • Enable Password: You may set this to true to require incoming packets to have the proper password to be recognized.
Section 364-180-N02 Issue 1.0, April 2006 is a point-to-point interface, specifying a subnet mask is optional. For the same behavior as described for Ethernet interfaces above, the subnet mask should be specified. If the subnet mask is not specified, the IP address will not be associated with any subnet, but will still be recognized as one of the IP stack’s own addresses for local traffic. • DHCP Client: Set to true if you would like to configure the router as a DHCP client.
Section 364-180-N02 Issue 1.0, April 2006 WAN Connections The WAN Connections page allows you to create different kinds of WAN services. Creating or Editing a WAN service: 1. From the left frame, click the Configuration link, then click WAN connections link. The “WAN connections” page will appear as below. The page lists all the currently defined connections (services). You can edit or delete the connections, or you can create a new service but only one WAN service can exist at a time).
Section 364-180-N02 Issue 1.0, April 2006 Select the type of service you want to create, and then click the Configure button. 37 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Frame Relay routed 1. If you select Frame Relay routed in the “WAN connection: create service” page, the following page will appear. The option fields include: Description: DLCI: Enter a brief description for the service. DLCI (data link connection identifier) sets the identifier for the Frame Relay data link channel that you are using. The range of the DLCI is 16 to 1007. Encapsulation method: sets the RFC1490 encapsulation method used by Frame Relay.
Section 364-180-N02 Issue 1.0, April 2006 2. To edit a currently defined frame relay routed service, click “Edit” link for that connection as in Figure 6-15, then the page will appear as follows. Figure 6-18 Web Tool – WAN connection: frame relay routed: Edit Service page To edit the service, click on the links at the top of the edit page. The links include: Edit ‘Service’, Edit ‘Frame Relay’, Edit ‘Frame Relay Channel’, Edit ‘IP Interface’, Edit ‘Rip Versions’, and Edit ‘Tcp Mss Clamp’.
Section 364-180-N02 Issue 1.0, April 2006 value is 0. If you set this to any number other than 0, DLCI level FRF.12 segmentation is enabled. The range of the segment size recommended is 200 to 1500. For more information on FRF.12, see http://www.frforum.com. Port: sets the port that an existing Frame Relay transport uses to transport data. (The port is always fr for frame relay routed.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-20 Web Tool – WAN connection: Edit IP Interface page In “Edit Rip Versions” page, you can refer to section 0 for the setting rule of RIP options. 41 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-21 Web Tool – WAN connection: Edit Rip Versions page In “Edit Tcp Mss Clamp” page, you can set the Tcp Mss Clamp to true or false. The TCP Maximum Segment Size (MSS) Clamp intercepts TCP synchronization (SYN) packets as the router forwards them. These packets advertise the MSS that the host is prepared to accept. The clamp modifies the MSS of outgoing packets according to the MTU of the interface on which the packet is transmitted.
Section 364-180-N02 Issue 1.0, April 2006 Frame Relay bridged 1. If you select Frame Relay bridged in the “WAN connection: create service” page, the following page will appear. The option fields include: Description: DLCI: Enter a brief description for the service. DLCI (data link connection identifier) sets the identifier for the Frame Relay data link channel that you are using. The range of the DLCI is 16 to 1007. Encapsulation method: sets encapsulation method used by Frame Relay bridged.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-23 Web Tool – WAN connections page To edit the service, click on the links at the top of the edit page. The links include: Edit ‘Service’, Edit ‘Frame Relay’, Edit ‘Frame Relay Channel’, Edit ‘Bridge Interface’, and Edit ‘Spanning Bridge Interface’. In “Edit Bridge Interface” page, the option fields include: Ether Filter Type: Enabled: The value can be All, Ip, or Pppoe. true or false.
Section 364-180-N02 Issue 1.0, April 2006 45 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 PPP routed 1. If you select PPP routed in the “WAN connection: create service” page, the following page will appear. The option fields include: Description: enter a brief description for the service. WAN IP address: enter the WAN IP address of the router card. WAN IP netmask: Listening or not: enter the WAN IP netmask of the router card. determines whether the router can accept incoming connections from a remote PPP server. Set to on to accept.
Section 364-180-N02 Issue 1.0, April 2006 2. To edit the currently defined PPP routed service, click “Edit” link for the connection as in the figure below. Then the edit page will appear. Figure 6-25 Web Tool – WAN connections page To edit the service, click on the links at the top of the edit page. The links include: Edit ‘Service’, Edit ‘PPP’, Edit ‘Hdlc Channel’, Edit ‘Ip Interface’, Edit ‘Rip Versions’, and Edit ‘Tcp Mss Clamp’.
Section 364-180-N02 Issue 1.0, April 2006 Lcp Max Terminate: sets the Link Control Protocol (LCP) maximum terminate parameter for an existing PPPoH transport. Dialin Auth: sets the authentication method that remote PPP clients must use to dialin to the server. The choices are: none, chap, and pap. Dialout Username: sets the dial-out user name. Dialout Password: sets the dial-out password. Confirmation Password: Dialout Auth: sets the confirmation password.
Section 364-180-N02 Issue 1.0, April 2006 to a remote PPP peer when the peer requests a secondary DNS server IP address using IPCP. Lcp Echo Every: tells a specified PPP transport to send an LCP echo request frame at specified intervals (in seconds). If no reply to the request is received, the PPP connection is torn down. Auto Connect: Idle Timeout: Enabled: sets to true or false. sets the idle time out (in minutes). enables/disables a PPPoH transport.
Section 364-180-N02 Issue 1.0, April 2006 PPP bridged 1. If you select PPP bridged in the “WAN connection: create service” page, the following page will appear. The option fields include: Description: Enter a brief description for the service. WAN IP address: Listening or not: enter the WAN IP address of the router card. determines whether the router can accept incoming connections from a remote PPP server. Set to on to accept.
Section 364-180-N02 Issue 1.0, April 2006 2. To edit the currently defined PPP bridged service, click “Edit” link for the connection as in the figure below. Then the edit page will appear. Figure 6-27 Web Tool – WAN connections page To edit the service, click on the links at the top of the edit page. The links include: Edit ‘Service’, Edit ‘PPP’, Edit ‘Hdlc Channel’, Edit ‘Bridge Interface’, and Edit ‘Spanning Bridge Interface’.
Section 364-180-N02 Issue 1.0, April 2006 Deleting a WAN service: If you want to delete a currently defined service, click “Delete” link for that service in “WAN connections” page. The following example is to delete a frame relay routed connection ‘frme-0’. After clicking the “Delete” link, a confirm page will appear as follows. Click the Delete this connection button to delete the connection.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-29 Web Tool – IP routes: Create Ip V4Route page 2. Enter the destination, gateway and netmask for your route. You can also specify the cost and the interface to apply it to. Use the name of your WAN or LAN interface. Click OK, then the “Edit Routes” page will appear and show the configured route. There is a Valid indicator showing the status of each route.
Section 364-180-N02 Issue 1.0, April 2006 DHCP Server DHCP is a client-server protocol that replies to requests from a DHCP server and provides configuration information to devices on an IP network (the DHCP clients). The DHCP server provides network addresses from a central pool on an as-needed basis. DHCP is very useful for providing IP addresses to devices connected to the network temporarily or for sharing a limited pool of IP addresses among a group of hosts that do not need permanent IP addresses.
Section 364-180-N02 Issue 1.0, April 2006 55 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 DHCP Server mode 1. If you choose DHCP server in the DHCP Server Mode section, this will provide IP addresses to computers connected to the router from within the default IP address pool. You can edit your DHCP settings for a custom configuration by clicking the Configure button. The “DHCP: enable server” page will appear then. Make any changes to the configuration that are needed and then click the Apply button. The fields are defined below.
Section 364-180-N02 Issue 1.0, April 2006 and the Ending IP Address, defined in the next field. ‧Ending IP Address: This field allows you to define the last address in the range of numbers in your custom address pool. Note: The maximum number of DHCP IP addresses supported by the system is 128. Lease Times: ‧Default Lease Time: You may specify the default time, in seconds, of a typical DHCP-assigned address.
Section 364-180-N02 Issue 1.0, April 2006 Note: WINS server configuration cannot be made by web browser. Users can only configure the WINS server by using CLI commands. See the following example: -->dhcpserver subnet 1 add option netbios-node-type 8 -->dhcpserver subnet 1 add option netbios-name-servers 10.10.10.10 -->dhcpserver update -->dhcpserver subnet 1 list option options for subnet: LAN ID | Identifier | Value -----|-----------------------|-----------------------1 | netbios-name-servers | 10.
Section 364-180-N02 Issue 1.0, April 2006 DHCP Relay Agent Mode If your ISP, or a different server, performs the DCHP server function for your network, then you should configure the router as a DHCP relay agent. When the router receives a request from a computer on your network, it contacts your ISP or the assigned server for the necessary IP information, and then relays the assigned information back to the computer. 1.
Section 364-180-N02 Issue 1.0, April 2006 2. The “DHCP Server” page will appear showing the IP Address that DHCP will be relayed to. If you should need to RE-CONFIGURE the DHCP server, you may click the Configure the DHCP Server button below the message. Figure 6-34 Web Tool – DHCP server: DHCP relay enabled page 60 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 DNS Client The DNS Client configuration allows you to specify the Domain Name Server that the router will use for Domain Name resolution. 1. Log-in to your router. From the left frame, click Configuration and then DNS Client. The “DNS Client” page will appear. Enter your DNS server address into the box in the DNS Servers section and click the Add button. Figure 6-35 2.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-36 3. Web Tool – DNS Client page Domain search order: Enter your search order into the box in the Domain search order section and click the Add button. The ‘DSN Client’ page will refresh and show the newly assigned Domain search order. You may make multiple entries in the list by repeating this procedure. You may delete the assigned search order by clicking the Delete button to the right of the assigned name.
Section 364-180-N02 Issue 1.0, April 2006 DNS Relay DNS Relay forwards packets to request the DNS information from a specified DNS server. It is possible to enter both a primary and secondary DNS server to contact, which is commonly configured. Replies from the DNS are then forwarded back to the originator of the packets that were made for the original request. UDP and TCP traffic are both supported. NOTE: When using Routed PPP mode, you do not need to configure DNS Relay.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-38 Web Tool – DNS: enable relay page 64 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 3. The “DNS Relay” page will appear again stating that the relay has been enabled and will show the address the relay is pointing to. If you should need to RE-CONFIGURE the DNS relay, you may click the Configure the DNS relay button below the message. Figure 6-39 Web Tool – DNS relay enabled page 65 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America.
Section 364-180-N02 Issue 1.0, April 2006 Security The “Security Interface Configuration” page allows you to set the Firewall Security Level, the NAT configuration, Policies, Triggers and Intrusion Detection. Click Configuration from the left frame and then click Security link. The following page will be displayed: Figure 6-40 Web Tool – Security page Enabling Security You must enable Security before you can enable Firewall and/or Intrusion Detection.
Section 364-180-N02 Issue 1.0, April 2006 Enabling Firewall and/or Intrusion Detection * Intrusion Detection is for future feature. You must create a security interface before you can enable Firewall and/or Intrusion Detection. Security interfaces are based on existing LAN services. You must create a LAN service for every security interface that you want to configure (From the “Security Interfaces” section, click on “Add Interface”).
Section 364-180-N02 Issue 1.0, April 2006 Global Address Pools A Global Address Pool is a pool of addresses seen from the outside network. By default, each outside interface creates a Global Address Pool with a single address – the address assigned to that interface. For outbound sessions, an address is picked from a pool by hashing the source IP address for a pool index and then hashing again for an address index. For inbound sessions, it is necessary to create a reserved mapping.
Section 364-180-N02 Issue 1.0, April 2006 2. The “Advanced NAT Configuration” page will appear. In the “Global Address Pools” section, click the Add Global Address Pool link. Figure 6-43 Web Tool – Security: Advanced NAT Configuration page 3. The “Firewall Add Global Address Pool” page will appear. This page allows you to create a pool of network IP addresses that are visible outside your network. Add values for each of the fields. See the table below for a summary of each field.
Section 364-180-N02 Issue 1.0, April 2006 GLOBAL ADDRESS POOL FIELDS DEFINED: Interface type: The internal address type that you want to map your external global IP addresses to. Click on the drop-down list and select an interface type. Use Subnet Configuration: There are two ways to specify a range of IP addresses. You can either Use Subnet Mask (specify the subnet mask address of the IP address) or Use IP Address Range (specify the first and last IP address in the range).
Section 364-180-N02 Issue 1.0, April 2006 6. The “Firewall Delete Global Address Pool” page will appear confirming your deletion. Click the Delete Global Address Pool button. Figure 6-46 Web Tool – Security: Firewall Delete Global Address Pool page NAT Reserved Mapping Reserved mapping is used so that NAT knows where to route packets on inbound sessions. The reserved mapping will map a specific global address and port to an inside address and port.
Section 364-180-N02 Issue 1.0, April 2006 1. Login to your router. Click Configuration and then click Security from the left frame. The “Security Configuration” page will appear. In the “Security Interfaces” section, click the Advanced NAT Configuration link. Figure 6-47 2. Web Tool – Security: Security Interfaces page The “Advanced NAT Configuration” page will appear. Click the Add Reserved Mapping link. Figure 6-48 3.
Section 364-180-N02 Issue 1.0, April 2006 configuration. Figure 6-49 NOTE: Web Tool – Security: Firewall Add Reserved Mapping page Setting the port number to 65535 for TCP or UDP protocols means that the mapping will apply to all port numbers for that protocol. RESERVED MAPPING FIELDS DEFINED: Global IP Address: If you are mapping from a global IP address, type the address here. If you are mapping from a security interface, type 0.0.0.0.
Section 364-180-N02 Issue 1.0, April 2006 4. The “Advanced NAT Configuration” page will appear showing your newly added reserved mapping. You may click the Add Reserved Mapping link to add another mapping if needed. Figure 6-50 Web Tool - Security: Reserved Mappings page 5. To delete a Reserved Mappings, click on the Delete link on the right side of the Reserved Mappings you want to delete (see Figure 6-50). 6. The “Firewall Delete Reserved Mapping” page will appear confirming your deletion.
Section 364-180-N02 Issue 1.0, April 2006 Configuring Firewall Policy A policy is the collective term for the rules that apply to incoming and outgoing traffic between two interface types. Before you can create a Firewall policy, you need to enable Firewall. 1. Go to the Polices, Triggers and Intrusion Detection section of the “Security Interface Configuration” page. Click on the “Firewall Policy Configuration” link, The Firewall Policy Configuration page is displayed.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-53 Web Tool – Security: Firewall Add TCP Port Filter page Specify the start and end of the port range for the TCP protocol that you want to filter. Then use the Direction drop-down lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply. The Firewall Port Filters page is displayed, containing details of the TCP portfilter that you have just added. For a UDP portfilter, click on Add UDP Filter.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-54 Web Tool – Security: Firewall Add Raw IP Filter page Specify the protocol number in the Transport Type text box, for example, for IGMP, enter protocol number 2. For more information on protocol numbers, see http://www.ietf.org/rfc/rfc1700.txt. Then use the Direction drop-down lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.0, April 2006 15 | ei_isakmp | 17 | 500 - 500 -0 |true |true |false |false |true 16 | ei_gre | 47 |0 17 | ei_pptp |6 | 1723 - 1723 |true |true |false |true |false 18 | ei_l2tp | 17 | 1701 - 1701 |true |true |false |false |true 19 | ei_sntp | 17 | 123 - 123 |true |true |true |false |false |false |true |false |false |true ---------------------------------------------------------------------------- 80 ©2006 Charles Industries, Ltd. All rights reserved.
Section 364-180-N02 Issue 1.0, April 2006 Configuring triggers A trigger allows an application to open a secondary port in order to transport packets. The most common applications that require secondary ports are FTP and NetMeeting. This section assumes that you have followed the instructions in Enabling Security. To configure a trigger: 1. Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration. Click on Firewall Trigger Configuration.
Section 364-180-N02 Issue 1.0, April 2006 multi-level UDP and TCP session chaining. You must set Enable Session Chaining to Allow if you want this to work. Binary Address Replacement; select Allow or Block depending on whether you want to use binary address replacement on an existing trigger. Address Translation Type; specify what type of address replacement is set on a trigger. You must set Binary Address Replacement to Allow if you want this to work. 3.
Section 364-180-N02 Issue 1.0, April 2006 5. Default firewall triggers 83 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Configuring Intrusion Detection Settings Intrusion Detection settings allow you to protect your network from intrusions such as denial of service (DOS) attacks, port scanning and web spoofing. This section assumes that you have followed the instructions in Enabling Security and Enabling Firewall and/or Intrusion Detection. To configure Intrusion Detection settings: 1.
Section 364-180-N02 Issue 1.0, April 2006 Victim Protection Block Duration; type the length of time (in seconds) that the Firewall blocks packets destined for the victim of a spoofing style attack. Maximum TCP Open Handshaking Count; type in the maximum number of unfinished TCP handshaking sessions (per second) that are allowed by Firewall before a SYN Flood is detected.
Section 364-180-N02 Issue 1.0, April 2006 Configuring Alerting Alerting configuration for Intrusion allows you to send email or paging when there’s intrusion upon your network. The alerting settings will take effect only when intrusion detection is enabled. 1. Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration page. Click on Configure Alerting.
Section 364-180-N02 Issue 1.0, April 2006 addresses or send paging to two recipients at the same time. 87 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 VPN Configuration Pre-Shared Key IPSec is defined by the IETF as a standard approach for establishing a secure connection across an IP network. IPSec Settings Overview (Example): LAN/WAN Settings for Branch Office LAN/WAN Settings for Main Office Negotiation ID: remote@ABCD.com Negotiation ID: main@ABCD.com Intranet address: 192.168.1.0 Intranet address: 192.168.2.0 Intranet subnet mask: 255.255.255.0 Intranet subnet mask: 255.255.255.
Section 364-180-N02 Issue 1.0, April 2006 Site to Site VPNs Traditionally, connecting two branch offices of the same company required leasing a dedicated private circuit or a frame relay permanent virtual circuit (PVC) between two locations. By using virtual private networking (VPN) to link two offices together, as show above, can offer considerable savings, while offering a competitive alternative to leased lines or PVCs.
Section 364-180-N02 Issue 1.0, April 2006 • Time to live: The time to live (TTL) indicates the maximum amount of time this IP packet is allowed to remain in the network. Each router is required to decrement this value as it routes the packet. The packet is dropped if this value reaches 0. • Digital Signatures: Is the electronic analogy to a handwritten signature, and in many ways it is an even stronger device. The key is shared by at least one other party.
Section 364-180-N02 Issue 1.0, April 2006 payload they are carrying. • IPSec: IPSec is a protocol suite defined by the IETF to secure communication at layer 3-the network layer between communicating peers. • ESP: ESP (Encapsulating Security Payload) protocol [RFC2406] can provide confidentiality with authenticity and integrity, or confidentiality only services. • Data Encryption Standard (DES): DES function can be used for both encryption and decryption.
Section 364-180-N02 Issue 1.0, April 2006 quickly: thus, it is referred to as quick mode. The identity of the IKE peers has already been verified in phase 1, and the ISAKMP SA already protects exchanges between the IKE peers. Therefore, the identities passed in quick mode are not the identities of the IKE peers but rather the identities of the selectors to be used in the IPSec security policy database. A phase 1 ISAKMP SA is required when negotiating a phase 2 SA.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-58 2. Web Tool – IPSec Configuration page Next enter the Intranet address. The Intranet address will tell the remote gateway the IP address of the network the local gateway is protecting. 3. Now enter the Intranet subnet mask. The Intranet subnet mask will specify the size of the network it is protecting. A setting of 255.255.255.0 will indicate a Class C network. In our example, we use the Intranet address 192.168.1.0 and a subnet mask of 255.255.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-59 Web Tool – IPSec: Create New IPSec Endpoint page • Endpoint ID: This must correspond with the remote gateway’s Negotiation ID. For instance, the Branch office, with a Negotiation ID of remote@ABCD.com, will use a Endpoint ID of main@ABCD.com (which is the Negotiation ID of the Main office). Or, in Main Mode, the Endpoint ID will be the WAN IP address of the Main Office VPN Router (in our example, 66.122.47.30).
Section 364-180-N02 Issue 1.0, April 2006 null. AH transform The options include: md5, shal, des-mac, null. IPCOMP transform The options include: lzs, null. tunnel type The options include: public, private. Public uses the ESP protocol only. Private provides UDP encapsulation for NAT traversal. We are using ports 2787 (ESP), 2788 (AH), and 2845 (IPCOMP). Public should be used for initial testing.
Section 364-180-N02 Issue 1.0, April 2006 96 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Digital Signature VPN Configuration IPSec is defined by the IETF as a standard approach for establishing a secure connection across an IP network. Your router supports all three types of IPSec protocols: AH, ESP, and IPCOMP. PKCS10 is a Certificate Request Syntax Standard that uses a Digital Signature. IPSec PKCS10 Settings Overview (Example): LAN/WAN Settings for Branch Office LAN/WAN Settings for Main Office Negotiation ID: remote@ABCD.
Section 364-180-N02 Issue 1.0, April 2006 1. Log in to your Web Configuration tool. From the left frame, click Configuration and then click the IPSec link. The “IPSec Configuration” page will appear. In the “User Certificates” section, click Generate New User Certificate link. Figure 6-60 2. Web Tool – IPSec: User Certificates page The page will appear as follows. Fill in the “Common Name” field with any name you would like (in the example, we use “atmosgw”).
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-61 3. Web Tool – IPSec: Generate Certificate Request page From the “Key Type” drop-down menu, choose RSA and then from the “Key Length” drop-down menu, select the key length. 4. All remaining fields are optional except for the Subject Alternative Name. Enter the Subject Alternative Name with both an email address and your router’s WAN port IP address.
Section 364-180-N02 Issue 1.0, April 2006 Replace button. The “Import Certificate” window will pop up. Enter the Common Name, as you entered it in step 2 (it was “atmosgw” in the example). Then paste the text of the final certificate (from step 6) into the text box and click OK. 8. Back in your browser window that you used to go to the CA server in step 6, enter http://isakmptest.ssh.fi/certs/ca1.pem in the address bar and hit enter. This will give you the Root CA in pem format.
Section 364-180-N02 Issue 1.0, April 2006 NOTE: If you have HyperTerminal running to confirm your changes, switch to HyperTerminal to verify the save to flashfs. 10. Now, on the top of the “IPSec Configuration” page, enter your Negotiation ID (You must enter what you entered as Subject Alternative Name in Step 4). Also enter your Intranet address and Intranet subnet mask. 11. Next, click the “Add Endpoint” link in the “Endpoint Configuration” section. A page will appear.
Section 364-180-N02 Issue 1.0, April 2006 PPTP and L2TP Configuration 1. Log in to your router. From the left frame, click Configuration and then click the PPTP or L2TP link, depending on your needs. In the PPTP or L2TP Configuration page, set the starting and ending IP address of the pptp/l2tp ip pool in the IP Pool section. Figure 6-63 2. Web Tool – PPTP Configuration page From the User Authentication section, click the Set up users link. The “Authentication” page will appear.
Section 364-180-N02 Issue 1.0, April 2006 3. Enter a new user name and password. Select true for the “Dial-in user?” field and then select your access level. The access level determines what a user can do in the configuration (please refer to Table 6-2). 4. Click the Create button and then from the left frame, in the Configuration menu, click Save config to save the configuration.
Section 364-180-N02 Issue 1.0, April 2006 10. You will be back at the “Connect Virtual Private Connection” window. Click Connect to make your connection. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. It is not guaranteed that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Section 364-180-N02 Issue 1.0, April 2006 SNTP client This section describes the SNTP (Simple Network Time Protocol) client configuration. 1. Login to your router. Click Configuration from the left frame, and then click the SNTP client link. The “SNTP client” page will appear. Figure 6-65 Web Tool – SNTP client page 2. In the ‘SNTP Client Mode Configuration Parameters’ section, set the SNTP Synchronization mode. Enable the mode you want and click the Set Mode button to set.
Section 364-180-N02 Issue 1.0, April 2006 There are three modes to choose from, and each mode has enable and disable options: • Unicast mode • Enable - the mode uses a unicast server and the IP address or hostname in the SNTP server association list is used to synchronize the client time with the server. The SNTP client attempts to contact the specific server in the association in order to receive a timestamp when the sntpclient sync command is issued.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-67 Web Tool – SNTP client: Enter Unicast Server IP Address page 107 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 3. In the ‘SNTP Client General Configuration Parameters’ section, set the Timezone. Sixty-four of the world’s most prominent time zones are represented (including those using standard time and summer/daylight savings time). Figure 6-68 Web Tool – SNTP client: SNTP Client General Configuration Parameters page 4.
Section 364-180-N02 Issue 1.0, April 2006 5. In the ‘ISOS Clock Setting’ section, sets the router card system clock to a specific time and date. This command can be used as an alternative to synchronizing the local system clock via internal or external timeservers. Figure 6-69 Web Tool – SNTP client: ISOS Clock Setting page Syslog 1. Login to your router. Click Configuration from the left frame, and then click the Syslog link. The “Syslog Client Configuration” page will appear.
Section 364-180-N02 Issue 1.0, April 2006 corresponding severity to the syslog server. There are 7 levels of severity. Any messages equal to or of a higher level of severity than what you have selected will be sent to the syslog server. Below is a brief description of each severity level.
Section 364-180-N02 Issue 1.0, April 2006 Figure 6-71 Web Tool – Snmp page 111 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 2. In the Select Command field, you can select Snmp Host, Snmp Community, or Snmp Trap to configure. Under each command, you can select “Show”, “Add”, and “Delete” three different actions as the following figure shows. Figure 6-72 Web Tool – Snmp: select Action page 3. Show current SNMP Community by selecting Snmp Community in Select Command and Snmp Show Community in Action.
Section 364-180-N02 Issue 1.0, April 2006 If you want to add a new SNMP Community, select Snmp Add Community in Action. Or if you want to delete a Community, select Snmp Del Community in Action. Figure 6-74 4. Web Tool – Snmp: Snmp Add Community page To add a SNMP host, just select Snmp Host in Select Command and Snmp Add Host in Action. Enter an already existing SNMP community in the Community field. Figure 6-75 Web Tool – Snmp: Snmp Add Host page 113 ©2006 Charles Industries, Ltd.
Section 364-180-N02 Issue 1.0, April 2006 5. You can now set the Trap. To add a SNMP Trap, select Snmp Trap in Select Command and Snmp Add Trap in Action. Enter the Host Name you want the trap to be sent to. The host name must already exist in the host table. Figure 6-76 6. Web Tool – Snmp: Snmp Add Trap page You can select Snmp Show Host or Snmp Show Trap in Action to check the configuration.
Section 364-180-N02 Issue 1.0, April 2006 Port After fully configuring your router card, be sure the proper mode of the Ethernet port, Fr port, Fb port, or Hdlc port has been selected. To check, please follow the steps below. 1. From the GUI left frame, click on Configuration and then click on Ports. Click on Ethernet, FB, FR, or Hdlc and then the chosen “Port Configuration” page will appear (3641-80 only).
Section 364-180-N02 Issue 1.0, April 2006 2. Click on the “View advanced attributes” link to view advanced port attributes (3641-80 only) Note – For 3648-80 router, this screen will not display any information. Figure 6-80 Web Tool – Ports: Advanced Ethernet Port Configuration page 116 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 7. CLI Configuration Tool The router router card provides provisioning not only via the web browser but also the craft serial port using Command Line Interface (CLI). Login to CLI of the router via the serial console port of the router card or any terminal emulation program to connect to the router card over the Ethernet. The default user names and passwords are the same as those previously described in the Web configuration chapter (see Table 6-1).
Section 364-180-N02 Issue 1.0, April 2006 since the Console commands are mainly for customer support debug. You can also see usage of some of the console commands in the following sections. NOTE: There are certain features that are only accessible through the CLI Configuration Tool: 1. Webserver configuration 2. DHCP client parameters configuration (such as reboot time, retry time, backoff time, etc.) 3. Upload/download the configuration file to/from system/PC 4.
Section 364-180-N02 Issue 1.0, April 2006 7.2. Download/Upload Configuration File The download/upload configuration file can only be accessible through the CLI and console commands. This cannot be done via the web configuration tool. The configuration file of the router, im.conf, is located in the //flashfs/ directory of the router. Once you want to download/upload the configuration file, you can do this either by FTP or TFTP.
Section 364-180-N02 Issue 1.0, April 2006 2. Router Card configurations get from PC the CLI commands bellow: tftpc connect 172.16.100.88 Successfully connest to 172.16.100.88 tftpc get im.conf //flashfs/im.conf (PC IP address: 172.16.100.88) (Router Card connect with PC successfully) (Get Router Card configuration from PC. The file name is “im.conf) GET 13029 bytes from im.conf to //flashfs/im.
Section 364-180-N02 Issue 1.0, April 2006 About FlashFS and ISFS Flash memory is used on the System to store a permanent copy of an image and any configuration data. This data is stored in a non-volatile partitioned filing system known as FlashFS. SDRAM is used on the System to store a temporary copy of some of the files that are stored in FlashFS. This data is stored in a volatile filing system known as ISFS.
Section 364-180-N02 Issue 1.0, April 2006 7.3. Using the source CLI commands The source command allows you to run a list of predefined commands stored in an existing file. This saves you having to retype lengthy configurations that you will want to use again. Before you can use this command, you need to create a plain text file containing the command list and save it in your ISFS directory (you can do this by the FTP/TFTP method; please refer to the section 7.2).
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.0, April 2006 7.4. CLI Application Examples Before the application examples, you need to understand the following CLI terms. Transports: A transport is a layer 2 session and everything below it. You can create a transport and attach it to a bridge or router so that data can be bridged or routed via the attached transport. Interface: bridges and routers both have interfaces. A single transport is attached to a bridge or router via an interface.
Section 364-180-N02 Issue 1.0, April 2006 Frame Relay - bridged In this example, the router card bridges between Ethernet and Frame Relay. Frame Relay runs between the two routers over an HDLC link. PC A Router A Router B FB Port 192.168.0.2 PC B FB Port 192.168.0.3 192.168.0.1 192.168.0.4 Configure PC A and PC B 1. Configure PC A as follows: • IP address: 192.168.0.2 • Subnet mask: 255.255.255.0 • Gateway: None 2. Configure PC B as follows: • IP address: 192.168.0.4 • Subnet mask: 255.255.255.
Section 364-180-N02 Issue 1.0, April 2006 ethernet add transport eth0 ethernet ip add interface eth0 192.168.0.1 255.255.255.0 bridge add interface bridge1 bridge attach bridge1 eth0 3. Add a Frame Relay device to the Bridge, with Frame Relay configured to run on port fr using DLCI 100.
Section 364-180-N02 Issue 1.0, April 2006 Frame Relay - routed In this example, the router card routes between Ethernet and Frame Relay. Frame Relay runs between the two routers over an HDLC link. PC A 192.168.0.2 Router A Router B 10.10.10.1 10.10.10.2 192.168.0.1 192.168.1.3 PC B 192.168.1.4 Configure PC A and PC B 1. Configure PC A as follows: • IP address: 192.168.0.2 • Subnet mask: 255.255.255.0 • Gateway: 192.168.0.1 2. Configure PC B as follows: • IP address: 192.168.1.
Section 364-180-N02 Issue 1.0, April 2006 transport, and ethernet is the port name. ethernet add transport eth0 ethernet ip add interface eth1 192.168.0.1 255.255.255.0 ip attach eth1 eth0 3. Add a Frame Relay device to the router, with Frame Relay configured to run on port fr using DLCI 100.
Section 364-180-N02 Issue 1.0, April 2006 PPP - bridged In this example, the router card bridges between Ethernet and PPP over HDLC. Router A will be the dial-out (i.e., client) end of the PPP link, and Router B will be the dial-in (i.e., server) end of the link. PC A 192.168.0.2 Router A Router B HDLC Port HDLC Port 192.168.0.1 192.168.0.3 PC B 192.168.0.4 Configure PC A and PC B 1. Configure PC A as follows: • IP address: 192.168.0.2 • Subnet mask: 255.255.255.0 • Gateway: None 2.
Section 364-180-N02 Issue 1.0, April 2006 dhcpclient update 2. Add an Ethernet device to the Bridge. In the following commands, eth1 is the transport name, ethernet is the port name and bridge1 is the Bridge interface name: ethernet add transport eth1 ethernet ip add interface eth1 192.168.0.1 255.255.255.0 bridge add interface bridge1 bridge attach bridge1 eth1 ip attachbridge eth1 ip list int 3. Create the PPP transport.
Section 364-180-N02 Issue 1.0, April 2006 port fb set AutoStart false pppoh clear transports dhcpclient update bridge clear interfaces ethernet add transport eth1 ethernet ip add interface eth1 192.168.0.3 255.255.255.0 bridge add interface bridge1 bridge attach bridge1 et1 pppoh add transport ppp1 dialin 1 hdlc pppoh set transport ppp1 theylogin none pppoh set transport ppp1 subnetmask 255.255.255.
Section 364-180-N02 Issue 1.0, April 2006 PPP - routed In this example, each router card routes data between Ethernet and PPP over HDLC. Router A will be the dial-out (i.e., client) end of the PPP link, and Router B will be the dial-in (i.e., server) end of the link. PC A 192.168.0.2 Router A Router B 10.10.10.1 10.10.10.2 192.168.0.1 192.168.1.3 PC B 192.168.1.4 Configure PC A and PC B 1. Configure PC A as follows: • IP address: 192.168.0.2 • Subnet mask: 255.255.255.0 • Gateway: 192.168.0.1 2.
Section 364-180-N02 Issue 1.0, April 2006 2. Add the Ethernet device to the router. In the following command, eth0 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface ip1 192.168.0.1 255.255.255.0 ip attach ip1 eth1 3. Create the PPP transport. The following commands configure PPP device 1 for dial-out (client) on HDLC port, ppp1 is the transport name and 1 is the interface id: pppoh add transport ppp1 dialout 1 hdlc 4.
Section 364-180-N02 Issue 1.0, April 2006 ip clear routes ip clear rip ip clear interfaces transports clear port fr set AutoStart false port fb set AutoStart false dhcpclient update 2. Add the Ethernet device to the router. In the following command, eth0 is the name of the transport, and ethernet is the port name. ethernet add transport eth1 ethernet ip add interface ip1 192.168.1.3 255.255.255.0 ip attach ip1 eth1 3. Create the PPP transport.
Section 364-180-N02 Issue 1.0, April 2006 7.5.
Section 364-180-N02 Issue 1.0, April 2006 7.6. List of CLI Commands The notation conventions for the parameter in the CLI commands list are as follows: Parameter values enclosed in < > must be specified. Parameters enclosed in [ ] are optional. Parameter values are separated by a vertical bar “|” only when one of the specified values can be used. Parameter values are enclosed in { } when you must use one of the values specified.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.
Section 364-180-N02 Issue 1.0, April 2006 change Web Server webserver clear stats {enable | disable} set show interface managementip {ip-address} managementipmask {netmask} port upnpport info stats Other help Commands source 151 ©2006 Charles Industries, Ltd. All rights reserved. Printed in United States of America. The availability of features and technical specifications herein subject to change without notice.
Section 364-180-N02 Issue 1.0, April 2006 Appendix: System Limit Frame Relay: 1. The maximum number of Frame Relay DLCI channels is 14. Routing Table: 1. The maximum number of dynamic learning routing entries is 256. 2. The maximum number of static route entries is 128. Bridge: 1. The maximum number of addresses in the MAC address table is 4095. 2. The maximum size of an Ethernet frame allowed is 1536 bytes. VPN: 1. The maximum number of IPsec VPN tunnels is 4. 2.
