background image

 

 

 

LR120A, LR121A, LR122A, LR125A

 

WAN Access  Routers

 

Getting Started Guide

Summary of Contents for LR120A

Page 1: ...LR120A LR121A LR122A LR125A WAN Access Routers Getting Started Guide...

Page 2: ...XXX If requested this number must be provided to the telephone company A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC P...

Page 3: ...peraci n Todo otro servicio deber ser referido a personal de servicio calificado 9 El aparato el ctrico debe ser situado de tal manera que su posici n no interfiera su uso La colocaci n del aparato el...

Page 4: ...a cubierta u orificios de ventilaci n 18 Servicio por personal calificado deber ser provisto cuando A El cable de poder o el contacto ha sido da ado o B Objectos han ca do o l quido ha sido derramado...

Page 5: ...34 5 Serial Port Configuration 38 6 WAN Services 45 7 Security 62 8 DHCP and DNS configuration 76 9 IP Services 87 10 System Configuration 90 11 SNTP Client Configuration 99 12 System Status 102 A Spe...

Page 6: ...cument 11 General conventions 11 Mouse conventions 11 1 General Information 12 WAN Access High Speed Routers overview 13 General attributes 13 Ethernet 14 Protocol support 14 PPP support 14 WAN interf...

Page 7: ...uration 38 WAN serial port configuration 39 Serial interface 39 Variables 39 Web interface configuration 40 T1 E1 interface configuration 40 Configuring the WAN Access Routers LR120A for T1 operation...

Page 8: ...ved map 73 8 DHCP and DNS configuration 76 Introduction 77 Services and features normally associated with each other 77 DHCP Server 78 Parameters for the DHCP Server subnet 80 IP Addresses to be avail...

Page 9: ...tus 104 WAN Status 104 Hardware Status 104 Defined Interfaces 104 Status LEDs 105 A Specifications 106 General Characteristics 107 Ethernet 107 Sync Serial Interface 107 T1 E1 Interface 107 Protocol S...

Page 10: ...48C Connector 116 D Command Line Interface CLI Operation 117 Introduction 118 CLI Terminology 118 Local VT 100 emulation 118 Remote Telnet 118 Using the Console 118 Administering user accounts 120 Add...

Page 11: ...t attributes 36 20 Configurable Ethernet parameters 37 21 LR121A X 21 serial port configuration parameters 40 22 LR122A V 35 serial port configuration parameters 40 23 LR120A T1 E1 WAN port configurat...

Page 12: ...list 84 66 Hyperlink path to the DNS Relay webpage 85 67 DNS Relay configuration webpage 86 68 DNS Relay configuration completed 86 69 System Services configuration web page 88 70 Authentication web p...

Page 13: ...tation on the Black Box 52 5 Features and services matrix 78 6 Standard port numbers for the System Services 89 7 Status LED descriptions 105 8 Ethernet Port MDI X switch in out position 113 9 RS 232...

Page 14: ...cribing router operation Chapter 3 provides quick start installation procedures Chapter 4 describes configuring the Ethernet WAN port Chapter 5 describes configuring the serial port Chapter 6 describe...

Page 15: ...port DCE DTE when using special V 35 cable LR120A T1 configuration RJ 48C 100 ohm interface LR125A E1 configuration RJ 48C 120 ohm and dual BNC interface 75 ohm The shock hazard symbol and WARNING hea...

Page 16: ...them dir Bold Courier font indicates where the operator must type a response or command Table 2 Mouse conventions Convention Meaning Left mouse button This button refers to the primary or leftmost mo...

Page 17: ...s 13 Ethernet 14 Protocol support 14 PPP support 14 WAN interfaces 14 Management 14 Security 15 Front panel status LEDs and console port 15 Console port 16 Rear panel connectors and switches 17 Power...

Page 18: ...ranches via common WAN services The WAN Access Routers boast easy installation offering Console VT 100 Telnet HTTP and SNMP management options The following sections describe WAN Access Router feature...

Page 19: ...rver selection NAT RFC 3022 with network address port translation NAPT MultiNat with 1 1 Many 1 Many Many mapping Port IP redirection and mapping IGMPv2 Proxy support RFC 2236 Frame Relay with Annex A...

Page 20: ...Logging of session blocking and intrusion events and Real Time alerts Logging or SMTP on event Password protected system management with a username password for console and virtual terminal Sepa rate...

Page 21: ...e condition RD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition Sync Serial TD Green Green indicates a binary 0 condition off indicates a binary 1 or idle conditio...

Page 22: ...supply connects to an external source providing 5 VDC via a barrel type connector 48 VDC power supply The DC power supply connects to a DC source via a terminal block Rated voltage and current 36 60 V...

Page 23: ...in the default out position the Ethernet circuitry takes on a straight through MDI configuration and functions as a transceiver It will connect directly to a hub When in the in position the Ethernet c...

Page 24: ...19 Chapter 2 Product Overview Chapter contents Introduction 20 Applications overview 21...

Page 25: ...itecture is understood Also while configuring The WAN Access Router via a browser using the built in HTTP server is very intuitive an understanding of the architecture is essential when using the comm...

Page 26: ...owerful data routing to make shared Internet connectivity simple and easy With NAT support the WAN Access Routers offer convenient and economical operation by using a single IP address while the integ...

Page 27: ...he Black Box LR120A s T1 E1 interface port 24 Installing an interface cable on the Black Box LR121A s X 21 interface port 26 Installing an interface cable on the Black Box LR122A s V 35 interface port...

Page 28: ...ng the modem see Web operation and configura tion on page 32 What you will need WAN Access Routers High Speed Router Ethernet cable with RJ45 plugs on each end included with router DB9 RJ45 adapter in...

Page 29: ...are presented on an RJ 48C connector with selectable line impedances of 100 ohms for T1 and 120 ohms for E1 lines see figure 5 The LR125A also comes with dual BNC for alternate connection to unbalanc...

Page 30: ...A showing location of Ethernet and WAN connectors The interface cable has been installed go to section Installing the AC power cord on page 29 Cro ssover 10 100 Ethern et W AN MDI X Crossover 10 100 E...

Page 31: ...party equipment is configured as DTE the Model 3086 X 21 serial port can be config ured as DCE and a regular straight through cable can then be used Do the following to configure the X 21 port as a D...

Page 32: ...uration To change to DCE configuration lift the daughter board from the connector turn it around so that the DCE label an arrows point to the X 21 connector and place it back on the connector The X 21...

Page 33: ...DCE device The serial port on the Black Box LR122A is configured as a DCE it connects directly to a DTE using a stan dard straight through V 35 cable However in many applications the Black Box s V 35...

Page 34: ...ter Do the following Note Do not connect the other end of the power cord to the power outlet at this time 1 If your unit is equipped with an internal power supply go to step 2 Otherwise insert the bar...

Page 35: ...er to power down the unit Figure 13 Black Box front panel LEDs and Console port locations LR120A shown The WAN Access Router power supply automatically adjusts to accept an input voltage from 100 to 2...

Page 36: ...ll the commands will be displayed Login superuser Password Login successful 8 Any commands parameters may be seen by entering the command followed by a space and a question mark ethernet The following...

Page 37: ...uter the PC s IP address should be on the same subnet as the router Connect a straight through Ethernet cable between the PC s NIC or PCMCIA Ethernet card and an Ethernet hub or switch Web browser Do...

Page 38: ...Hardware installation 33 WAN Access Routers Getting Started Guide 3 Initial configuration Figure 15 LR121A home page Figure 16 LR122A home page...

Page 39: ...34 Chapter 4 Ethernet LAN Port Chapter contents Introduction 35 LAN connections 35 Ethernet Port 35...

Page 40: ...webpage Go to Services Configura tion in the Configuration Menu LAN Change default LAN port IP address button on the main window See figure 17 The primary IP address and mask can be modified here but...

Page 41: ...tes See figure 19 Figure 19 Advanced Ethernet port attributes The three configurable parameters are all either true or false Auto Negotiation the autonegotiation can be enabled default or disabled In...

Page 42: ...ort Full Duplex Mode the default value is true for Full Duplex operation Setting it to false configures the Ethernet port to operate only in half duplex mode Rarely do these parameters require a chang...

Page 43: ...s 39 Web interface configuration 40 T1 E1 interface configuration 40 Configuring the WAN Access Routers LR120A for T1 operation 41 Web configuration 41 Configuring the WAN Access Routers LR120A for E1...

Page 44: ...rnal RX Clock Invert TX Clock Invert Inverted The clock invert functions could be used to invert the clocks that are used on the serial interface It is not recommended to change this parameter unless...

Page 45: ...e shows the LR122A V 35 serial port configuration parameters Figure 22 LR122A V 35 serial port configuration parameters After the serial port has been configured go to section WAN Services on page 45...

Page 46: ...r T1 operation Web configuration Launch Netscape Internet Explorer or similar web browser type the IP address of the LR120A enter username superuser and password superuser From the main page click on...

Page 47: ...Normal Powered Down When powered down T1 E1 transceiver input and output lines will be set to high impedance to protect the device set unit to Normal for regular operation After all options have been...

Page 48: ...cted otherwise by your service provider Idle code Options are Enabled or Disabled When idle code is Enabled the LR120A inserts idle codes 7E hex on unused timeslots Set this option to Disabled unless...

Page 49: ...plication therefore select Fdl none for E1 applications Clocking Mode Options are Internal or Receive Recover Clock network In most applications clocking for the LR120A will be derived from the E1 net...

Page 50: ...iguration 48 Central site configuration 51 LMI Management Frame Relay links 52 LMI configuration 52 Frame Relay Local Management Interface 52 LMI Configuration Options 53 Web Configuration Methods 54...

Page 51: ...e review the router s configuration for connection to a remote bridge See figure 27 Figure 27 PPP Bridged Application WAN Access Routers Remote First configure the IP address on the Ethernet port inte...

Page 52: ...uration If the central site also has an Black Box you may configure as described in this section Refer to the web page images for the Remote Black Box configuration above In this example the IP addres...

Page 53: ...ion See figure 30 Remote site configuration First configure the IP address on the Ethernet port interface ip1 for 192 168 200 2 24 via the command line CLI The PC will be on the same subnet as the Bla...

Page 54: ...Mode ON No authentication Username blank Password blank Figure 31 PPP Routed Configuration menu 4 Click on Create 5 Go to Services Configuration WAN Edit for PPP routed Edit IP Interface Ipaddr enter...

Page 55: ...he Gateway field See figure 33 8 Click the Update button Figure 33 Configuring the gateway The other fields should be Destination 0 0 0 0 Gateway 192 168 164 3 Mask 0 0 0 0 Cost 1 Interface blank You...

Page 56: ...e configuration web pages In this example the PC s IP address is 192 168 172 229 24 Notice that this subnet differs from the subnets of the WAN service link and also the Ethernet port of the remote Bl...

Page 57: ...P link by going to the Edit PPP web page and paging down until you see the Summary description To get to the Edit PPP web page follow this path Services Configuration WAN Edit Edit PPP LMI Management...

Page 58: ...l be used The unit will operate as the User side of the connection ANSI Both NNI The ANSI T1 617 protocol will be used The unit will operate as both the Network and User side of the connection Managem...

Page 59: ...ion variables available Figure 35 LMI Configuration webpage Frame Relay bridged Figure 36 shows configuration for two Black Box units in bridged mode If using a third party router at the Central site...

Page 60: ...parameters are DLCI Consult with your service provider for the DLCI number required Encapsulation type Bridged Ether Defines the RFC 1490 encapsulation type to be used by the chan nel In some instance...

Page 61: ...ox 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select Frame Relay bridged and clic...

Page 62: ...f using a third party router at the Central site review the router s configuration for connection to a remote bridge Figure 39 Frame Relay routed application Remote site configuration First configure...

Page 63: ...capsulation type that will be used by the channel Choose the encapsulation method best suited for your network needs from the following options Routed IP default value Raw WAN IP address Enter the IP...

Page 64: ...is example it is the default 8192 Channel segment size The channel segment size is used to define fragmentation of the packets based on the Frame Relay Forum IA FRF 12 If this variable is set to 0 the...

Page 65: ...24 The PC must be on the same subnet for configuring the Black Box via the web pages 1 Bring up the web page management system on your browser by entering the IP address of the Black Box 2 On the Men...

Page 66: ...mple it is the default 8192 TX Max PDU Enter the number of transmit side max PDU in this example it is the default 8192 Channel segment size The channel segment size is used to define fragmentation of...

Page 67: ...nfiguring the security interfaces 65 Configuring security policies 66 Deleting a security Policy 67 Enabling the Firewall 67 Firewall Portfilters 68 Security Triggers 69 Intrusion Detection System IDS...

Page 68: ...his is a significant security risk This risk can be avoided by using security triggers Triggers tell the security mechanism to expect these second ary sessions and how to handle them Rather than allow...

Page 69: ...on the Create button See figure 44 Ipaddr 192 168 101 1 Mask 255 255 255 0 Figure 44 IP address of PPP routed WAN service The next step in configuring the router is to add the default gateway route Th...

Page 70: ...figured See figure 45 Figure 45 Valid gateway route Configuring the security interfaces The interfaces and routes have been configured on the WAN Access Router The Ethernet side of the WAN Access Rout...

Page 71: ...ace to define the WAN interface as external 5 Select ppp 0 beside the Name pull down menu and select external beside the Interface Type pull down menu Click on Create See figure 48 Figure 48 Define pp...

Page 72: ...on Apply Deleting a security Policy To delete a security policy go to the table of Current Security Policies and click on the Delete button for the selected security policy Figure 51 Deleting a Securi...

Page 73: ...rewall Portfilters Next we configure the Firewall to permit certain types of data transfer between the PCs in general hosts on the different networks This is done by the implementation of Firewall por...

Page 74: ...for both Start and End 4 Set Inbound as Block but Outbound as Allow See figure 53 5 Click on Create Figure 53 Configuring TCP port filter for FTP After configuring the FTP portfilter you can open an...

Page 75: ...er You should now be able to use FTP commands to pass data between Remote and Local Intrusion Detection System IDS The security feature in the WAN Access Router provides protection from a number of at...

Page 76: ...f a DOS attack is detected all suspicious hosts are blocked by the firewall for a set time limit Scan Attack Block Duration Default 86400 seconds Sets the duration for blocking all suspicious hosts Th...

Page 77: ...firewall before an Echo Storm is detected Echo Storm is a DOS attack An attacker sends oversized ICMP datagrams to the system using the ping command This can cause the system to crash freeze or reboo...

Page 78: ...server and Host B is a web server By mapping the FTP port to Host A and the HTTP port to Host B both insides hosts can share the same global address Setting the protocol number to 255 0xFF means that...

Page 79: ...5 NAT Global Address Pool configuration 4 Next create a reserved mapping between a global IP address from the global pool and a PC on the side of the internal interface ip1 In this example 10 10 19 11...

Page 80: ...o NAT 75 WAN Access Routers Getting Started Guide 7 Security Figure 56 NAT Reserved mapping configuration The PC on the Ethernet side of the Black Box can now communicate with the public or global sid...

Page 81: ...ith each other 77 DHCP Server 78 Parameters for the DHCP Server subnet 80 IP Addresses to be available on this subnet 81 DNS server option information 82 Default gateway option information 82 Addition...

Page 82: ...ansparently between a a DHCP client and a DHCP server The DHCP relay appears as a DHCP server to the DHCP client s point of view The relay operates by forwarding all broadcast client request to known...

Page 83: ...rial interfaces 2When NAT is used together with DHCP Relay the WAN service must be routed 3When DHCP Relay is used with a Bridged WAN service the DHCP server must be on the same subnet as the clients...

Page 84: ...for this subnet defines the subnet and netmask the origin of the subnet maximum lease time and default lease time IP addresses to be available on this subnet either define the IP address range for the...

Page 85: ...t Four parameters are in the section for defining the DHCP subnet See figure 59 Figure 59 DHCP Server subnet parameters The first two parameters are applicable when you will define the subnet Subnet v...

Page 86: ...terface The two remaining parameters are Maximum lease time the default value is 86 400 seconds Default lease time the default value is 43 200 seconds IP Addresses to be available on this subnet The n...

Page 87: ...to figure 62 Figure 62 Configuration of the DNS server IP addresses Enter the IP addresses of the primary and secondary DNS servers Subsequently the client will receive these addresses when assigned a...

Page 88: ...on example DHCP Relay With this webpage you can enter a list of IP addresses for DHCP servers When a client requests an IP address it uses one of the DHCP addresses listed in the DHCP relay webpage Th...

Page 89: ...resses will appear in the section Edit DHCP server list In the second section you may update or delete the DHCP server IP addresses See figure 65 To update or change a DHCP server IP address enter the...

Page 90: ...s DNS queries from a client to a pre defined DNS server and DNS server responses to the client You can configure the DNS Relay for two IP addresses These are for access to primary and secondary DNS se...

Page 91: ...the IP address of the secondary DNS server Figure 67 DNS Relay configuration webpage You can change the IP address of the DNS servers on the DNS Relay webpage see figure 68 by modifying the IP address...

Page 92: ...87 Chapter 9 IP Services Chapter contents Introduction 88 WEB Server 88 CLI Configuration 88 Associated Ports for the different System IP Services 89...

Page 93: ...st be wisely disabled is the WEB Server After you disable the WEB Server from the web page you can no longer access the any of the Black Box s web pages The only way to enable it is through the Comman...

Page 94: ...IP Services This section is for information purposes only Consult the table to identify which ports are associated with the different System IP Services Table 6 Standard port numbers for the System Se...

Page 95: ...nfiguration Chapter contents Introduction 91 Detailed Description 91 Authentication 91 Alarm 92 Remote Access 94 Update 94 Save 95 Backup Restore 95 Restart 96 Website Settings 96 Error Log 97 SNMP Da...

Page 96: ...a soft start of the Black Box or to restore the Black Box to factory defaults Key the key version is used to identify which features are installed in the Black Box Website Settings configures the ref...

Page 97: ...a new user See figure 71 You will define the new user by creating a Username defining the Password give the user ability to configure the Black Box or read only authority add a comment useful to the a...

Page 98: ...utton can you clear the alarm and reset the Time and Count parameters The parameter definitions are Alarm Severity there are five categories of severity Critical Major Minor Informational and Ignore T...

Page 99: ...ccess session is closed Figure 74 Remote Access Telnet access limit Update To upgrade the Black Box to another software version select the software image by clicking on the Browse but ton The software...

Page 100: ...the Save button and wait until seeing the message Saved information model to im conf Figure 76 Save configuration changes in non volatile memory Backup Restore You may save or use previously saved con...

Page 101: ...figure 78 Then click on the Restart button No warning is given before beginning the reboot process You will need to configure the IP address of the Ethernet port again as described in chapter 3 Initi...

Page 102: ...80 Error Log and Syslog Settings SNMP Daemon For remote management from an SNMP capable management station the Black Box s SNMP Daemon must be configured To identify a specific Black Box configure th...

Page 103: ...ation The Trap Table identifies the IP address of the SNMP trap along with its Password System Tools The System Tools webpage provides two utilities for testing network connectivity The two utilities...

Page 104: ...SNTP Client Configuration Chapter contents Introduction 100 Configuring the SNTP client 100 SNTP Client Mode Configuration Parameters 100 SNTP Client General Configuration Parameters 101 System Clock...

Page 105: ...point mode Broadcast mode is for use when the SNTP server is on the local network that is the same subnet as the Black Box When Unicast mode is enabled the Black Box sends a request to the server desi...

Page 106: ...er request for the number times configured in this parameter The maximum number of retries is 10 Default value is 2 Polling value in minutes The SNTP client will automatically send a time synchronizat...

Page 107: ...102 Chapter 12 System Status Chapter contents System Status 103 Port Connection Status 103 LAN Status 104 WAN Status 104 Hardware Status 104 Defined Interfaces 104 Status LEDs 105...

Page 108: ...ver web pages WAN Status parameters and links to the WAN services defined on the serial port PPPoE Status the connection authentication status is available when the PPPoE WAN service is configured and...

Page 109: ...ress of the WAN service is statically assigned or as a DHCP client Default gateway the gateway defined by the IP Routes submenu item under Services Configuration in the Configuration Menu Primary DNS...

Page 110: ...ion RD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition Sync Serial TD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition RD Gre...

Page 111: ...07 Sync Serial Interface 107 T1 E1 Interface 107 Protocol Support 107 PPP Support 108 Management 108 Security 108 Compliance Standard Requirements 109 Australia Specific 109 Dimensions 109 Power and P...

Page 112: ...and labor Ethernet Auto sensing Full Duplex 10Base T 100Base TX Ethernet Standard RJ 45 and built in MDI X cross over switch IEEE 8021 d transparent learning bridge 8 IP address subnets on Ethernet in...

Page 113: ...ent of installing client software on a local PC and allows sharing of the connection across a LAN User configurable PPP PAP RFC 1661 or CHAP RFC 1994 authentication PPP BCP RFC 1638 support for bridge...

Page 114: ...8H x 4 16W x 3 75D in 10 6H x 4 1W x 8 8D cm Power and Power Supply Specifications The WAN Access Router may come with either an AC or DC power supply AC universal power supply The WAN Access Router o...

Page 115: ...110 Appendix B Cable recommendations Chapter contents Ethernet Cable 111 Adapter 111...

Page 116: ...ng Started Guide B Cable recommendations Ethernet Cable Ethernet cable P N 10 2500 refer to RJ 45 shielded 10 100 Ethernet port on page 113 Adapter EIA 561 to DB 9 P N 16F 561 refer to RJ 45 non shiel...

Page 117: ...ysical connectors Chapter contents RJ 45 shielded 10 100 Ethernet port 113 RJ 45 non shielded RS 232 console port EIA 561 113 Serial port 114 V 35 M 34 and DB 25 Connector 114 X 21 DB 15 Connector 115...

Page 118: ...hielded RS 232 console port EIA 561 The RS 232 serial control port of the Black Box is configured to operate as a DCE Table 8 Ethernet Port MDI X switch in out position Pin No Signal Name Direction 1...

Page 119: ...for M 34 DB 25 connectors M 34 Pin No DB 25 Pin No Signal Name Direction A 1 Frame Chassis Ground n a P 2 TD a from DTE R 3 RD a to DTE C 4 RTS from DTE D 5 CTS to DTE E 6 DSR to DTE B 7 Signal Ground...

Page 120: ...gnal Ground or Common Return 2 T Transmit Data a from DTE 3 C Control a from DTE 4 R Receive Data a to DTE 5 I Indication a to DTE 6 S Signal Timing a to DTE 7 8 Ga DTE Common Return 9 T Transmit Data...

Page 121: ...he T1 E1 transmit signals are not polarity sensitive even though they have the traditional designation of Tip and Ring Figure 88 T1 E1 RJ 48C connector Table 12 T1 E1 Port Pin No Signal 1 Receive Ring...

Page 122: ...Introduction 118 CLI Terminology 118 Local VT 100 emulation 118 Remote Telnet 118 Using the Console 118 Administering user accounts 120 Adding new users 120 Setting user passwords 121 Changing user s...

Page 123: ...interface Object an object is anything that you can create and manipulate as a single entity for example interfaces transports static routes and NAT rules List Objects are numbered entries in a list F...

Page 124: ...ollowed by a space and To continue our example ethernet list ports transports ethernet list Then ethernet list transports ethernet list transports enter Ethernet transports ID Name Port 1 eth1 etherne...

Page 125: ...r user accounts Adding new users To add a new user username use the command system add user username Comment system add login user username Comment The first command creates a user who can access the...

Page 126: ...that you lose all superuser privileges Note Only superusers can use the user change command Changing user settings To change any of the default settings for a user use the following commands For examp...

Page 127: ...Copyright 2006 Black Box Corporation All rights reserved Released April 19 2006 1000 Park Drive Lawrence PA 15055 1018 724 746 5500 Fax 724 746 0746...

Page 128: ......

Reviews: