Black Box LR1102A-T1/E1 User Manual Download Page 31 | Manualshive

Page: 31 / 142

background image

Example 3: Multiple IPSec Pro-

33

Step 11: After transit traffic is passed through the tunnel, display the IKE and IPSec SA tables.
Use the

show crypto ike sa all

and

show crypto ipsec sa all

commands.

4.4 Example 3: Multiple IPSec Proposals: Tunnel Mode

Between Two Black Box Security Gateways

The following example demonstrates how a security gateway can use multiple ipsec (phase2) proposals to form an IP security tunnel
to join two private networks: 10.0.1.0/24 and 10.0.2.0/24.

IKE Proposal offered by both Black Box1 and Black Box2:

Phase 1: 3DES and SHA1

IPSec Proposals offered by Black Box1:

Phase 2: Proposal1: IPSec ESP with DES and HMAC-SHA1

Phase 2: Proposal2: IPSec ESP with AES (256-bit) and HMAC-SHA1

IPSec Proposal offered by Black Box2:

Phase 2: Proposal1: IPSec ESP with AES (256-bit) and HMAC-SHA1

In this example, the Black Box1 router offers two IPSec proposals to the peer while the Black Box2 router offers only one
proposal. As a result of quick mode negotiation, the two routers are expected to converge on a mutually acceptable proposal,
which is the proposal “IPSec ESP with AES (256-bit) and HMAC-SHA1” in this example.

Figure 10 Tunnel Mode Between Two Black Box Security Gateways - Multiple Proposals

Step 1: Configure a WAN bundle of network type untrusted

Black Box1/configure/interface/bundle wan1> link t1 1

Black Box1/configure/interface/bundle wan1> encapsulation ppp

Black Box1/configure/interface/bundle wan1> ip address 172.16.0.1 24

Black Box1/configure/interface/bundle wan1> crypto untrusted

Black Box1/configure/interface/bundle wan1> exit

Step 2: Configure the Ethernet interface with trusted network type

Black Box1/configure> interface ethernet 0

message: Configuring existing Ethernet interface

Black Box1/configure interface/ethernet 0> ip address 10.0.1.1 24

Black Box1/configure/interface/ethernet 0> crypto trusted

Black Box1/configure/interface/ethernet 0> exit

Step 3: Display the crypto interfaces

UNTRUSTED

TRUSTED

TRUSTED

IPSec ESP

Tasman1

Tasman2

172.16.0.1

172.16.0.2

Network
10.0.1.0/24

Network
10.0.2.0/24

BlackBox 2

BlackBox 1

«
...
29
30
31
32
33
...
»

Summary of Contents for LR1102A-T1/E1

Page 1: ...Monday to midnight Friday 877 877 BBOX FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 Mail order Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018...

Page 2: ...s operated in a commercial environment Operation of this equipment in a residential area is likely to cause interfer ence in which case the user at his own expense will be required to take whatever me...

Page 3: ...servicio calificado 9 El aparato el ctrico debe ser situado de tal manera que su posici n no interfiera su uso La colocaci n del aparato el ctrico sobre una cama sof alfombra o superfi cie similar pu...

Page 4: ...no sean derramados sobre la cubierta u orificios de ventilaci n 18 Servicio por personal calificado deber ser provisto cuando A El cable de poder o el contacto ha sido da ado o B Objectos han ca do o...

Page 5: ...GMP Configuration 17 IGMP Commands 18 IGMP Configuration Examples 18 Example 1 18 Example 2 18 Example 3 18 Example 4 18 Example 5 19 Example 6 19 Example 7 19 Example 8 19 Example 9 19 Example 10 19...

Page 6: ...ing 29 Bit 55 Pros and Cons of Different IP Addressing Schemes 55 Routing Considerations for IP Multiplexing 55 IP MULTIPLEXING HDLC CONFIGURATIONS 57 Connecting a Black Box Router to a Router CSU via...

Page 7: ...ying NAT address with the policy command 88 Method 2 Attaching nat pool to the policy 88 REMOTE ACCESS VPNS 89 Secure Remote Access Using IPSec VPN 89 Access Methods 89 Remote Access User Group 89 Rem...

Page 8: ...t name 108 Configuring interface ethernet 0 108 Configuring interface bundle Dallas 108 Configuring OSPF 108 Configuring interface Dallas parameters 108 Configuring interface ethernet 0 parameters 108...

Page 9: ...ation 131 Fractional T1 131 VIRTUAL LAN FORWARDING 133 Managing VLAN Traffic 133 POP configuration Black Box LR1104A 135 Configure mlppp bundle interface 135 Configure interface ethernet 0 135 Configu...

Page 10: ...Black Box LR11xx Series Router Configurations Guide 10 Configure the LR1104A LR1104A at Site 1 141 Configure the LR1104A 141 Configure the LR1104A LR1114A at Site 2 142 Configure the LR1104A 142...

Page 11: ...ure 1 DHCP Relay Overview 1 1 2 Functionality The DHCP relay feature uses BOOTP requests and replies to negotiate packet delivery between the DHCP client and server 1 1 2 1 BOOTP Requests BOOTP reques...

Page 12: ...needs to have IP address 192 168 20 1 in this example The DHCP server configuration should be able to give 10 1 1 x addresses for packets from 192 168 20 1 However there may be a limitation that the D...

Page 13: ...net 0 dhcp gateway_address 192 168 20 1 1 1 5 Displaying DHCP Configuration The following screen captures show the displayed results of issuing show commands relevant to DHCP relay with and without ga...

Page 14: ...ion status down operationally down configured auto speed mode actual speed 100 mode half_duplex mtu 1500 ethernet1 unit number 1 Type ETHERNET 802 3 Flags 0x807c203 UP MULTICAST ROUTE Internet Address...

Page 15: ...version 1 hosts also provides support for source filtering Source filtering enables a multicast receiver host to signal to a router which groups it wants to receive multicast traffic from and from whi...

Page 16: ...IGMP Configuration Examples Use the examples shown in this section to use IGMP in multicast configurations 2 1 2 1 Example 1 The following example enables IGMP Blackbox configure ip igmp 2 1 2 2 Examp...

Page 17: ...2 8 Example 8 The following example configures ethernet 0 with the default Query Interval to be 200 seconds Blackbox configure ip igmp interface ethernet0 query interval 200 2 1 2 9 Example 9 The fol...

Page 18: ...Black Box LR11xx Series Router Configurations Guide 20...

Page 19: ...you enter the filtering rules is important As the Black Box system is evaluating each packet the Black Box OS tests the packet against each rule statement sequentially After a match is found no more r...

Page 20: ...p any 222 199 19 12 dport 21 Blackbox configure ip filter_list add deny tcp any 222 199 19 0 dport 21 Blackbox configure ip filter_list add permit ip any any Blackbox configure ip filter_list exit Bla...

Page 21: ...s To see the licenses available in this release enter To install the advanced VPN and firewall license and use all the security features available in this release enter Blackbox configure system licen...

Page 22: ...uring new bundle Black Box1 configure interface bundle wan1 link t1 1 Black Box1 configure interface bundle wan1 encapsulation ppp Black Box1 configure interface bundle wan1 ip address 172 16 0 1 24 B...

Page 23: ...lack Box2 172 16 0 2 exit Step 6 Display IKE policies Blackbox show crypto ike policy all Policy Peer Mode Transform Black Box 172 14 0 2 Main P1 pre g1 3des sha Blackbox Step 7 Display IKE policies i...

Page 24: ...n exit Black Box1 configure firewall internet policy 1002 in service telnet self Black Box1 configure firewall internet policy 1002 in exit Black Box1 configure firewall internet policy 1003 in protoc...

Page 25: ...on permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Service Name is telnet Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Htt...

Page 26: ...ox1 from Black Box2 s LAN display the IKE and IPSec SA tables using show crypto ike sa all show crypto ike sa all detail show crypto ipsec sa all show crypto ipsec sa all detail 4 3 Example 2 Single P...

Page 27: ...peer gateway Black Box1 configure crypto ike policy Black Box2 172 16 0 2 Black Box1 configure crypto ike policy Black Box2 172 16 0 2 local address 172 16 0 1 message Default proposal created with pr...

Page 28: ...show crypto ipsec policy all command Step 8 1 Configure firewall policies to allow IKE negotiation through untrusted interface applicable only if firewall license is also enabled Black Box1 configure...

Page 29: ...0 Step 8 4 Configure firewall policies to allow transit traffic from remote LAN to the local LAN applicable only if firewall license is also enabled Black Box1 configure firewall corp Black Box1 confi...

Page 30: ...sabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1023 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Sourc...

Page 31: ...al As a result of quick mode negotiation the two routers are expected to converge on a mutually acceptable proposal which is the proposal IPSec ESP with AES 256 bit and HMAC SHA1 in this example Figur...

Page 32: ...ure crypto ike policy Black Box2 172 16 0 2 proposal 1 exit Black Box1 configure crypto ike policy Black Box2 172 16 0 2 exit Black Box1 configure crypto exit Black Box1 configure Step 6 Display IKE p...

Page 33: ...IPSec SA tables Use the show crypto ike sa all and show crypto ipsec sa all commands 4 5 Example 4 IPSec remote access to corporate LAN using user group method The following example demonstrates how...

Page 34: ...configure crypto dynamic ike policy sales proposal 1 encryption algorithm 3des cbc Black Box1 configure crypto dynamic ike policy sales proposal 1 exit Black Box1 configure crypto dynamic ike policy...

Page 35: ...ypto dynamic ipsec policy sales proposal 1 encryption algorithm aes256 cbc Black Box1 configure crypto dynamic ipsec policy sales proposal 1 exit Black Box1 configure crypto dynamic ipsec policy sales...

Page 36: ...disabled Match Address Protocol is Any Source ip address ip mask port any any any Destination ip address ip mask port 10 0 1 0 255 255 255 0 any Proposal of priority 1 Protocol esp Mode tunnel Encrypt...

Page 37: ...mit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Service Name is ike Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter...

Page 38: ...nfiguration method The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode configuration method The client could be any standard mode configuration...

Page 39: ...orsales Black Box1 configure crypto dynamic ike policy sales proposal 1 Black Box1 configure crypto dynamic ike policy sales proposal 1 encryption algorithm 3des cbc Black Box1 configure crypto dynami...

Page 40: ...roup group1 Lifetime in seconds 86400 Lifetime in kilobytes unlimited Step 7 Configure dynamic IPSec policy for a group of mobile users Black Box1 configure crypto Black Box1 configure crypto dynamic...

Page 41: ...face applicable only if firewall license is also enabled Black Box1 configure firewall internet Black Box1 configure firewall internet policy 1000 in service ike self Black Box1 configure firewall int...

Page 42: ...d Bytes In 0 Bytes Out 0 Step 13 Configure firewall policies for a group of mobile users to allow access to the local LAN applicable only if firewall license is enabled Black Box1 configure firewall c...

Page 43: ...le is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1023 is enabled Direction is in...

Page 44: ...Black Box LR11xx Series Router Configurations Guide 46...

Page 45: ...able 1 IPSec Protocols Support Table 2 Encryption Algorithms Table 3 Authentication Algorithms Supported Security Protocols Mode ESP Tunnel Transport AH Tunnel Transport Encryption Algorithms for ESP...

Page 46: ...user must enter a pre shared key Figure 11 IKE Default Values 5 1 1 2 IPSec Defaults The following table lists IPSec defaults When the user creates an IPSec policy and provides the match address an IP...

Page 47: ...Parameter Name Black Box Default Value Key management type Automatic Hash algorithm SAH1 Encryption algorithm 3DES Protocol ESP Mode Tunnel Lifetime 3600 seconds Direction Out Position in SPD where p...

Page 48: ...Black Box LR11xx Series Router Configurations Guide 50...

Page 49: ...ified as a default router gateway on a LAN 6 1 1 Packet Forwarding Modes There are two modes for WAN to LAN and WAN to WAN packet forwarding IP Routes Forwarding based on routing statements both speci...

Page 50: ...ng Networks IP addressing in an IP Multiplexing design must take into account the fact that the router on the LAN must see the remote router as residing on the same LAN or IP network There are a numbe...

Page 51: ...ler 30 bit subnets Table 7 Split Subnet Addressing POP Router e0 192 1 1 1 28 POP Black Box e0 wan1 wan2 wan3 192 1 1 2 28 10 1 1 1 30 10 1 1 5 30 10 1 1 9 30 Black Box 1 e0 wan1 192 1 1 3 28 10 1 1 2...

Page 52: ...the directly connected Black Box reside in a different 30 bit subnet Table 9 30 Bit Secondary Addressing POP Router e0 200 1 1 1 30 primary 199 1 1 1 29 secondary 199 1 1 9 29 secondary 199 1 1 17 29...

Page 53: ...d and detected only on primary addresses therefore secondary addressing schemes are not usable BGP4 Routing updates are fully functional over primary and secondary addresses POP Router e0 200 1 1 1 30...

Page 54: ...Black Box LR11xx Series Router Configurations Guide 56...

Page 55: ...nnel The Site 2 WAN bundle named ToSite1 consists of a single T1 channel coming in via a CT3 circuit Site 1 router s default route is directed to the Site 2 router 0 0 0 0 0 10 1 1 1 The Site 2 router...

Page 56: ...5 255 255 0 Site2 LR1104A configure interface ethernet exit Site2 LR1104A configure interface bundle toSite1 Site2 LR1104A configure interface bundle link ct3 1 1 Site2 LR1104A configure interface bun...

Page 57: ...Black Box LR1114A communicating over a 4 x T1 WAN bundle Site 2 utilizes a Black Box LR1114A communicating over a 2 x T1 WAN bundle Site 3 utilizes a router T1 CSU combination to communicate over a s...

Page 58: ...1 1 0 24 10 1 2 1 and To Site 3 203 1 1 0 24 10 1 3 1 Router Router T1 CSU Router Router MAIN SITE SITE 1 SITE 2 SITE 3 CT3 Tasman 6300 Tasman 1400 Tasman 1400 203 1 1 1 24 10 1 2 2 24 Telco 201 1 1...

Page 59: ...module ct3 1 MainLR1104A configure module ct3 t1 5 6 esf b8zs line gen_det description 2 x T1 to Site 2 MainLR1104A configure module ct3 exit MainLR1104A configure interface bundle toSite2 MainLR1104A...

Page 60: ...Black Box LR11xx Series Router Configurations Guide 62...

Page 61: ...d multilink PPP connections from two CPE sites to a main site Figure 17 PPP MLPPP Application Site 1 uses a Black Box LR1114A system to establish a 6 Mbps MLPPP connection four T1 lines to the main si...

Page 62: ...ox configure interface bundle mlppp seg_threshold LR1114A differential_delay 50 Blackbox configure interface bundle ip addr 192 168 1 1 255 255 255 0 Blackbox configure interface bundle exit Blackbox...

Page 63: ...he firewall features Also includes Basic VPN Management Advanced VPN and firewall vpn_plus_firewall Allows users to manage remote LANs Also includes Basic VPN and Firewall licenses To see the licenses...

Page 64: ...k a server farm and the Internet In this example the firewall features in the Black Box router will protect the CORP network and the server farm in the DMZ from unauthorized access from the Internet T...

Page 65: ...nfigure interface ethernet 1 Configuring existing Ethernet interface Blackbox configure interface ethernet 1 ip address 10 3 1 1 24 Blackbox configure interface ethernet 1 exit Blackbox configure inte...

Page 66: ...rp policy 1024 out exit Blackbox configure firewall corp policy 1021 in deny Blackbox configure firewall corp policy 1021 in exit Blackbox configure firewall corp object Blackbox configure firewall co...

Page 67: ...2 Blackbox configure firewall dmz policy 100 in apply object nat pool ftpsrvr Blackbox configure firewall dmz policy 100 in apply object ftp filter putdeny Blackbox configure firewall dmz policy 100 i...

Page 68: ...alarms thresholds exit thresholds exit alarms linemode exit linemode exit t1 module t1 3 alarms thresholds exit thresholds exit alarms linemode exit linemode exit t1 module t1 4 alarms thresholds exi...

Page 69: ...terface bundle wan link t1 1 encapsulation ppp ip address 193 168 94 220 255 255 255 0 ip multicast ospfrip2 red exit red icmp exit icmp qos exit qos aaa exit aaa crypto untrusted exit bundle interfac...

Page 70: ...licy 1021 in deny exit policy policy 1022 out self exit policy policy 1023 in self exit policy policy 1024 out nat ip 193 168 94 220 apply object http filter javadeny exit policy exit firewall firewal...

Page 71: ...s IP sequence number checks unaligned timestamps MIME flooding source routing checks SYN flooding and WIN nuke attacks To configure the firewall for protection against all of these attacks enter Black...

Page 72: ...system also adds an entry into a table it keeps which maps the internal address and source port number that the PC generated against the port number it allocated to this session Therefore when some se...

Page 73: ...m manner dynamically If a NAT IP address cannot be allocated dynamically at the connection creation time the packet would be dropped Figure 19 Dynamic NAT The dynamic NAT configuration shown in Figure...

Page 74: ...The static NAT configuration shown in Figure 20 includes Private network address 10 1 1 1 10 1 1 3 Public NAT IP address range 50 1 1 1 50 1 1 3 To create NAT pool with type static specify the IP addr...

Page 75: ...21 includes Private network address 10 1 1 1 10 1 1 3 PAT address 50 1 1 5 Method 1 Specifying NAT address with the policy command To configure this method of PAT add the policy with the source IP add...

Page 76: ...gure firewall corp object nat pool addresspoolPat pat 50 1 1 5 Blackbox configure firewall corp object exit Blackbox configure firewall corp policy 2 out address 10 1 1 1 10 1 1 3 any any Blackbox con...

Page 77: ...Threshold The router first selects a key by performing a hash over the packet header fields that identify the flow The N next hops have been assigned unique regions in the hash functions output space...

Page 78: ...ommand enables compatibility between the Black Box router and equipment running Cisco IOS Blackbox configure ip multicast multipath mode cisco Blackbox configure ip multicast The following command ena...

Page 79: ...ess and port number generated by the PC The Black Box system also adds an entry into a table it keeps which maps the internal address and source port number that the PC generated against the port numb...

Page 80: ...ation for Figure 1 Blackbox configure terminal Blackbox configure interface bundle Trenton Blackbox configure interface bundle Trenton nat Blackbox configure interface bundle Trenton nat enable dynami...

Page 81: ...e dynamic Blackbox configure interface bundle Trenton nat enable static Blackbox configure interface bundle Trenton nat address 192 168 1 6 81 100 1 1 6 81 12 1 5 Reverse NAT Reverse NAT could be used...

Page 82: ...onfigure interface ethernet0 nat enable static Blackbox configure interface ethernet0 nat port tcp 100 1 1 6 25 192 168 1 6 25 Blackbox configure interface ethernet0 nat port tcp 100 1 1 6 81 192 168...

Page 83: ...dress and source port number that the PC generated against the port number it allocated to this session Therefore when some server com sends a reply packet to the PC the Black Box system can quickly d...

Page 84: ...NAT configuration shown in Figure 25 includes Private network addresses 10 1 1 1 10 1 1 4 Public NAT IP address range 60 1 1 1 60 1 1 2 To create NAT pool with type dynamic specify the IP address and...

Page 85: ...T configuration shown in Figure 26 includes Private network address 10 1 1 1 10 1 1 3 Public NAT IP address range 50 1 1 1 50 1 1 3 To create NAT pool with type static specify the IP address and the e...

Page 86: ...ss range then specify the nat ip address in the policy command Blackbox configure firewall corp Blackbox configure firewall corp policy 2 out address 10 1 1 1 10 1 1 3 any any nat ip 50 1 1 5 Blackbox...

Page 87: ...ec security gateway the VPN server of the corporate office which is typically an always on Internet connection One of the main limitations in providing remote access is the typical remote user connect...

Page 88: ...icy Also the record contains one or more pools of private IP addresses to be used for allocating the addresses to the VPN clients Besides the private IP address the VPN server can also provide WINS an...

Page 89: ...mic ike policy admin remote id email id sampledata Black Boxuser Blackbox configure crypto dynamic ike policy admin key pskforadminuser Blackbox configure crypto dynamic ike policy admin proposal 1 Bl...

Page 90: ...are as follows 3DES with SHA1 Mode Config IPSec ESP tunnel with AES256 and HMAC SHA1 Figure 29 Configuration Mode Remote Access Configuration To configure the VPN gateway Blackbox configure term Blac...

Page 91: ...Blackbox configure crypto dynamic ike policy IDCsales key pskforsalesusers Blackbox configure crypto dynamic ike policy IDCsales proposal 1 Blackbox configure crypto dynamic ike policy IDCsales encry...

Page 92: ...Black Box LR11xx Series Router Configurations Guide 94...

Page 93: ...114A configure router rip interface wan1 LR1114A configure router rip exit 15 1 2Displaying RIP Configuration Execute show ip rip global to display RIP configuration information Figure 30 show ip rip...

Page 94: ...ons Guide 96 Figure 31 show ip rip interface all Command show ip rip interface all RIP is configured for interface ethernet0 Mode RIP 2 Metric 5 Authentication None Split Horizon Poison Routers None I...

Page 95: ...er an MLPPP bundle to the main Black Box B Black Box B in turn routes to the customer router Figure 32 IP Routing The customer router Ethernet 0 IP address is 200 1 1 1 255 255 255 0 and the IP route...

Page 96: ...ackbox configure ip routing Blackbox configure ip route 0 0 0 0 0 0 0 0 10 1 1 2 1 16 1 2Configure the Router at site B Blackbox configure term Blackbox configure interface ethernet 0 Blackbox configu...

Page 97: ...name LR1114A 17 1 2Configuring interface ethernet 0 LR1114A configure interface ethernet 0 LR1114A configure interface ethernet 0 ip address 10 10 10 1 24 LR1114A configure interface ethernet 0 exit 1...

Page 98: ...ghbors The following display shows the route 30 30 30 0 24 which was learned through OSPF from the router advertisements Figure 35 show ip ospf routes Command The metric shows a value of 2 By default...

Page 99: ...ross a single protocol backbone environment IPSec and GRE complement each other well while IPSec provides a secure method of transporting data across the internet GRE provides the capability to transp...

Page 100: ...upgrade licenses SYNTAX licenses license_type cr DESCRIPTION license_type Specifies the type of feature upgrade license The parameter may have any of the following values enable_1_port Enable 1 port e...

Page 101: ...erface bundle wan1 link t1 1 Blackbox configure interface bundle wan1 encapsulation ppp Blackbox configure interface bundle wan1 ip address 192 168 94 220 255 255 255 0 Blackbox configure interface bu...

Page 102: ...76 bytes Source Address 192 168 94 220 Destination Address 192 168 55 75 Gateway wan1 Protocol GRE Mac Address 00 50 52 60 00 00 Blackbox show interface tunnel t0 Tunnel t0 Status up Internet Address...

Page 103: ...255 255 0 Tunnel0 Blackbox configure terminal Blackbox configure interface bundle wan1 Blackbox configure interface bundle wan1 link t1 1 Blackbox configure interface bundle wan1 encapsulation ppp Bla...

Page 104: ...rface all NOTE Using the redistribute connected command adds a recursive route to the tunnel destination This will cause the tunnel to shut down To prevent this add a 32 bit static route for the tunne...

Page 105: ...g example shows OSPF running between a Black Box LR1112A and a router over a serial T1 link with back to back Frame Relay Figure 37 OSPF Over a Single T1 with Frame Relay Area 760 Tasman 6300 Router 1...

Page 106: ...LR1112A configure interface bundle Dallas fr pvc 16 ip address 20 20 20 1 255 255 255 0 LR1112A configure interface bundle Dallas fr pvc 16 exit 3 19 1 4Configuring OSPF LR1112A configure router rout...

Page 107: ...Point RP known to the senders and receivers and by forming shared trees from the RP to the receivers PIM SM is described in RFC 2362 20 1 1PIM Commands The general PIM commands supported in this relea...

Page 108: ...Blackbox configure ip pim cbsr address address Configure CBSR period Blackbox configure ip pim cbsr period time Configure CBSR holdtime Blackbox configure ip pim cbsr holdtime time Configure CBSR pri...

Page 109: ...ain Blackbox configure ip pim interface wan1 boundary PIM SSM Configure the SSM range Blackbox configure ip pim ssm range group address group mask Display PIM global configuration Blackbox show ip pim...

Page 110: ...er Blackbox configure ip pim crp group add 224 1 1 0 To set the flag at the DR to switch to the SPT on receiving the first packet default on enter Blackbox configure ip pim dr switch immediate The fol...

Page 111: ...igure ip pim hello interval 145 To set the priority to 15 enter Blackbox configure ip pim hello priority 15 To set the holdtime to 30 seconds enter Blackbox configure ip pim join prune holdtime 30 To...

Page 112: ...onfigure ip pim interface ethernet1 To display information on PIM neighbors enter Blackbox configure display ip pim neighbors Neighbor Interface Uptime Expires Hello Priority Blackbox configure To dis...

Page 113: ...15 MRT SPT Multiplier 10 MRT Stale Multiplier 5 Blackbox configure To examine PIM BSR statistics enter Blackbox configure ip pim display ip pim bsr info Candidate BSR Information Candidate BSR Status...

Page 114: ...Black Box LR11xx Series Router Configurations Guide 116...

Page 115: ...ectly connected networks changes the packet type to indicate a response packet and sends the completed response to the response destination address The response may be returned before reaching the fir...

Page 116: ...0 0 192 168 2 22 239 254 254 254 mtrace from 192 168 2 0 to 192 168 2 22 through group 225 254 254 254 Querying full reverse path 1 192 168 2 15 PIM thresh 0 0 ms 2 192 168 2 7 PIM thresh 0 2 ms 3 192...

Page 117: ...an share its access bandwidth among its different departments 22 1 1Features The network administrator manages bundle bandwidth across various customers by defining traffic classes Each traffic class...

Page 118: ...te that a class cannot borrow more than the bundle bandwidth 22 1 3Classification Types The example in Figure 1 reserves the largest CR 1536 Kbps for two servers 10 1 1 1 and 10 1 1 2 which are member...

Page 119: ...rc_ip 10 1 1 2 255 255 255 255 LR1104A configure interface bundle AppTest qos class SrcOne exit LR1104A configure interface bundle AppTest qos class SrcTwo LR1104A configure interface bundle AppTest q...

Page 120: ...d 25 29 LR1104A configure interface bundle VLANtest qos class SmithInc exit LR1104A configure interface bundle VLANtest qos class Default LR1104A configure interface bundle VLANtest qos class Default...

Page 121: ...word xxxxxxxx LR1104A configure qos bulk_statistics sample_interval 5 upload_interval 1 LR1104A configure qos show qos bulkstats_config Figure 40 Screen Display for show qos bulkstats_config Command B...

Page 122: ...Black Box LR11xx Series Router Configurations Guide 124...

Page 123: ...1 cable has been connected Thus deploying a technician to reconfigure the unit is not necessary By connecting the Black Box LR1104A using a VLAN switch additional LR1104As and POP routers can be easil...

Page 124: ...private address on the Reston end reston configure interface balt1 fr pvc 100 ip addr 10 1 1 1 255 255 255 252 The POP router is 205 1 1 1 30 reston configure interface balt1 fr pvc 100 ip source_forw...

Page 125: ...gure interface ethernet 0 dc1 configure interface ethernet 0 dc1 configure interface ethernet0 ip addr 205 100 1 1 255 255 255 0 dc1 configure interface ethernet0 exit 23 1 2 2 Configure interface bun...

Page 126: ...Black Box LR11xx Series Router Configurations Guide 128...

Page 127: ...trunk group is configured with three IP addresses and a single MAC address One IP address is utilized for WAN connectivity the second address provides for communication between the switch and Black B...

Page 128: ...ethernet 0 Blackbox configure interface ethernet ip address 199 1 1 2 255 255 255 252 Blackbox configure interface ethernet failover Blackbox configure interface ethernet exit Blackbox configure inte...

Page 129: ...rational and descriptive parameters for T1 number 6 Configure T1 Parameters Blackbox configure module t1 6 Blackbox configure module t1 circuitId X1234567890 Blackbox configure module t1 contactInfo G...

Page 130: ...gure interface bundle demo2 Blackbox configure interface bundle link t1 4 Blackbox configure interface bundle encap ppp Blackbox configure interface bundle ip unnumbered ethernet0 Blackbox configure i...

Page 131: ...subnet is extended all the way to the POP router making remote management of LAN services e g DHCP file servers SMTP possible The VLAN forwarding feature has the added benefit of being able to suppor...

Page 132: ...directions and the interface receiving the response will be cached with the reply The source MAC address used by the Black Box will be associated with the Ethernet port associated with the management...

Page 133: ...nt default_route 10 1 1 1 ethernet0 POP LR1104A configure vlanfwd management exit 2 26 1 1 4 Configure rate limiting for vlans POP LR1104A configure interface bundle bldg1 POP LR1104A configure interf...

Page 134: ...A configure interface bundle uplink qos bldg1 LR1114A configure interface bundle uplink no enable_cbq bldg1 LR1114A configure interface bundle uplink add_class mgmt vlan root out vlan_id 4092 cr 10 br...

Page 135: ...plement DTE to DTE MFR can use the architecture illustrated in Figure 1 The normal ordering process can be used to obtain the fame relay T1s From the perspective of the CPE the Black Box LR1114As comb...

Page 136: ...e CVC3 Blackbox configure interface bundle cvc3 Blackbox configure interface bundle cvc3 link t1 2 Blackbox configure interface bundle cvc3 encapsulation frelay Blackbox configure interface bundle cvc...

Page 137: ...Site 3 The Frame Relay switching equipment is represented simply as a Frame cloud Figure 45 MFT Configuration Figure 46 provides greater detail including the use of a LR1104A inside the cloud as a Fr...

Page 138: ...e bundle description hssi link to router Blackbox configure interface bundle encap fr Blackbox configure interface bundle fr Blackbox configure interface bundle fr intf_type dce Blackbox configure int...

Page 139: ...Blackbox configure interface bundle link t1 5 8 Blackbox configure interface bundle description 6 Mbps MFR Blackbox configure interface bundle encap fr Blackbox configure interface bundle fr Blackbox...

Page 140: ...is default LR1114A configure interface bundle fr lmi ansi LR1114A configure interface bundle fr lmi keepalive 10 LR1114A configure interface bundle fr lmi exit LR1114A configure interface bundle fr p...

Page 141: ...1000 Park Drive Lawrence PA 15055 1018 724 746 5500 Fax 724 746 0746 Copyright 2004 Black Box Corporation All rights reserved...

Page 142: ......

Reviews:

No comments

Related manuals for LR1102A-T1/E1

Brand: Nayar Systems Pages: 37

ICS-G7748A Series

Brand: Moxa Technologies Pages: 10

Brand: Lancom Pages: 25

Brand: Stephen Pages: 102

Brand: Net to Net Technologies Pages: 4

Brand: Zonet Pages: 53

Brand: ZyXEL Communications Pages: 2

Brand: Wave Wireless Networking Pages: 167

Brand: NETGEAR Pages: 20

GlobeSurfer X-1

Brand: Option Audio Pages: 30

Brand: Tenda Pages: 82

Brand: METREL Pages: 21

Brand: R3 Pages: 48

Brand: Allied Telesis Pages: 44

Brand: netsys Pages: 243

Brand: l-com Pages: 11

Brand: Acrosser Technology Pages: 42

Nvidia Jetson Series

Brand: Aetina Pages: 7

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands