manualshive.com logo in svg

Cyclades Access Router Cyclades-PR2000, Installation Manual

Share
Download
Cyclades Access Router Cyclades-PR2000 Installation Manual Download Page 55

Configuring Packet and Service Filtering

PR2000 Installation Guide

53

 Protocol. This allows you to set filtering by protocol (TCP, UDP,

ICMP). Select Other to specify a different protocol by number or
None if this rule doesn’t depend on the protocol.

 Source IP Operator. Allows filtering by source IP address. The

source addresses to be filtered are specified by an operator (Equal,
Less than, Greater than, etc – use “?” to review the options) and an
IP address. Select “None” (9) if the source IP address is irrelevant
for this rule.

 Destination IP Operator. Similar to source IP address, it defines

filtering based on the destination IP address of a packet.

 Source Port Operator. To set filtering for the application based on

the source port (each TCP or UDP application uses a different port
number; for example, Telnet uses port 23) using an operator similar
to those used for IP addresses. When specifying a port, you can
type '?' to get a listing of common applications associated to each
port number (or to specify another protocol).

 Destination Port Operator. Similar to source port, it defines

filtering based on the destination port.

 Allow TCP Connection.  Type 'Y' to filter TCP connection request

packets (packets with ACK bit set). This will prevent the completion
of all TCP connections. Type 'N' if you want to allow TCP
connections (or if this is irrelevant to the rule).

 Set Accounting Process. Type ‘Y’ to enable the account process

for this rule. When this option is enabled, all packets that match this
rule are logged. To see the account process logs, use the “Info ->
Show Account Table” command. This option enables the
summary log; detailed logs are enabled when the Rule List is
attributed to the interface.

 For IPX, the parameters are:

 Filter status. Select Enable to activate the rule in the filter or

Disable if you want to create a rule but not use it for now.

 Scope. Permit causes packets that comply with this rule to be

accepted and Deny causes the packets to be discarded.

 SRC Network Number and SRC Network Mask. Let you specify

the packet by source network number and network mask.

 DST Network Number and DST Network Mask. Let you specify

the packet by destination network number and network mask.

 Protocol id to filter. This allows you to set filtering by protocol

(RIP, SAP, SPX, NetBIOS). Select Other to specify a different
protocol by number or None if this rule doesn’t depend on the
protocol.

Summary of Contents for Access Router Cyclades-PR2000

Page 1: ...Cyclades PR2000 High Performance Access Router Installation Guide Cyclades Corporation...

Page 2: ...ts for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commerci...

Page 3: ...tcuts 15 2 5 Configuring the PR2000 with a web browser 15 2 6 Changing the super user password 18 2 7 Reading the PR2000 LEDs 18 2 8 Configuring the PR2000 without a console 20 3 GETTING THE ETHERNET...

Page 4: ...nfiguration 38 5 6 Finishing IPX configuration 38 5 7 Where to go from here 39 6 MANAGING THE PR2000 40 In this Chapter 40 6 1 Configuring Users 40 6 2 Updating the Firmware version in flash memory 41...

Page 5: ...ring Multilink Circuits 58 11 CONFIGURING OSPF 60 In this Chapter 60 11 1 What is OSPF 60 11 2 Configuring OSPF in the PR2000 60 12 CONFIGURING X 25 PAD 65 In this Chapter 65 12 1 What is a PAD 65 12...

Page 6: ...sically connect the PR2000 At the end of this chapter you should be ready to power up the router Chapter 2 Turning the PR2000 On is a basic overview of the PR2000 user interface At the end of this cha...

Page 7: ...ontacting us for technical support on a configuration problem please make sure to follow the steps described in the first three chapters of this manual and have the following information handy Cyclade...

Page 8: ...xperience accumulated by Cyclades over the years It is a proven software platform that allows us to introduce new features and products without compromising stability reliability and robustness It als...

Page 9: ...important that you follow the instructions carefully Wrong physical connections can damage not only the PR2000 but also the equipment connected to it 1 1 Identifying the PR2000 components The PR2000...

Page 10: ...WAN 1 and WAN 2 High speed Synchronous interfaces The second synchronous WAN port is optional Ethernet 10Base T RJ 45 Jack To connect to the Ethernet LAN typically an Ethernet Hub or Switch using a s...

Page 11: ...station with a terminal emulation program Windows with Hyper Terminal or Unix Linux with cu or minicom for example In this case the console port is normally connected to the COM2 serial port the mouse...

Page 12: ...Installing the PR2000 10 PR2000 Installation Guide Console Cable provided Console Port PR2000 DB 25 Connector COM2 PR2000 Console Connection...

Page 13: ...er cable is required for direct connection to a computer a RJ 45 Ethernet pinout is provided in the Appendix A PR2000 Ethernet Hub Ethernet Hub Straight through RJ 45 Cable not provided PR2000 Etherne...

Page 14: ...n the PR2000 with wrong physical connections can damage not only the PR2000 unit but also the devices it is connected to Turn the power switch on The PR2000 will perform a self test You should see rep...

Page 15: ...er password set to surt For security reasons you should change this password as soon as possible as indicated later in this chapter To complete the login process type in the super user password surt y...

Page 16: ...en in brackets pressing Enter without entering any data maintains the previous value Some configuration menus allow you to list the current parameters by pressing L list The availability of this optio...

Page 17: ...the current information or list the current router configuration Admin allows you to access administrative commands to set the date and time update the firmware save current run configuration to flas...

Page 18: ...nd of a command line see above Escape Cancel Selection Return to the previous menu level L In some configuration menus this button lists the current parameters without forcing you to navigate back to...

Page 19: ...sion and someone telnets to the PR2000 the HTTP session will be automatically closed Console sessions have the highest priority level and close any other type of connection telnet or HTTP Select Retur...

Page 20: ...er responsible for router administration should have no access restriction When leaving the Security Menu save the changes to the flash memory so that they become permanent Make sure that the new pass...

Page 21: ...r If you notice that the CPU LED is not blinking regularly one second on one second off the cause of the problem is identified by a Morse code starting at the first short 1 second blink after a long b...

Page 22: ...he initial configuration of the router without a console The availability of a PC with a serial port almost anywhere and the vital hardware and software verification messages printed at boot time are...

Page 23: ...t to factory default it will adopt the destination IP address of the first IP packet and accept the connection The adopted IP address is saved only in memory The configuration has to be explicitly sav...

Page 24: ...Ethernet encapsulation type LAN network number 3 2 Configuring the Ethernet interface From the main menu select Config Interface Ethernet You will see a menu that looks like this Cyclades PR2000 PR200...

Page 25: ...ing the format NN NN NN NN Secondary IP Addresses The PR2000 supports more than one up to 8 IP addresses per interface Configuring secondary IP addresses is necessary when more than one network is sha...

Page 26: ...0001 and FFFFFFFE that identifies the IPX network this interface is connected to Incoming Filter List Name and Outgoing Filter List Name Allows you to select filters for packets being sent received to...

Page 27: ...meters for this test Your screen should look like this example for Ping over IP protocol Host host01 address of the host to ping packet size even number from 32 to 1024 32 count 0 if forever or 5 to 3...

Page 28: ...rrect Verify that the Link LED on the back panel of the PR2000 is on indicating that the Ethernet physical link is correctly terminated Review the Ethernet LAN configuration in this chapter Make sure...

Page 29: ...sing IP and or IPX and the data link protocol PPP Frame Relay X 25 or HDLC 4 2 Configuring the WAN Interfaces From the main menu select Config Interface For each WAN interface select the appropriated...

Page 30: ...get a list of the possible options Media for SWAN cable You will be asked to select between RS 232 normally used in asynchronous mode V 35 the most common for DSU CSU or X 21 used in Europe 4 4 Config...

Page 31: ...ed to provide dial in out information modem phone numbers etc For PPP you should also configure the Authentication exit the PPP and Encapsulation Menus and select option 6 in the Interface Menu Authen...

Page 32: ...00 supports up to 32 simultaneous DLCIs Also you can enable Predictor data compression see not about data compression below 4 4 3 X 25 When you select X 25 in the encapsulation menu you will be asked...

Page 33: ...ve You can enable or disable the IP protocol on the interface Numbered or Unnumbered Interface A numbered interface is an interface that has an IP address associated to it Unnumbered Interfaces do not...

Page 34: ...If you don t know what the correct configuration for your router is it is safe to leave it inactive Incoming Filter List Name Outgoing Filter List Name If you want to filter packets in the WAN interf...

Page 35: ...as RIP or OSPF If you are using a routing protocol select this option and enable them For the RIP protocols RIP1 and RIP2 the configuration is very simple You can separately enable disable the recepti...

Page 36: ...d is to get the router working If you have followed all the steps in this manual carefully until now chances are this will be the case Remember that a WAN connection depends not only on the configurat...

Page 37: ...t the DCD signal is low in a serial connection the line is not active Depending on your knowledge of the protocol configured on the line the statistics information Info Show Statistic and the PR2000 d...

Page 38: ...and IPX networking protocols are enabled you will also need to select what routing table to list The PR2000 knows the routes for the networks it is directly connected to It also knows the routes rece...

Page 39: ...R2000 is being managed from the same location and you want to know which router you are connected to To configure these strings select Config System Router Description from the main menu and enter the...

Page 40: ...00 symbolic name and enable disable the DNS client 5 5 Finishing IP configuration Additional configuration that is specific to IP is found under Config IP The parameters needed for basic IP functional...

Page 41: ...next chapter which explains some of the main administrative tasks related to the PR2000 including Firmware updates and user administration The other chapters explain important functionality topics suc...

Page 42: ...ration You can list the current users by selecting Info Show Configuration Security and change the user configuration add modify delete by selecting Config Security Users For each user you will be abl...

Page 43: ...l CyROS router software After powering on the PR2000 searches the Flash looking for the Alternate Boot Code If there is a valid alternate boot code it is executed Otherwise the Original Boot Code is e...

Page 44: ...to reboot the router to execute it Save in Flash and Run save the new firmware downloaded to flash memory and reboot you will be asked to confirm reboot Before a software upgrade you might want to upl...

Page 45: ...hich are portable among different versions of firmware and can be edited with a text editor Conversely the run configuration can be loaded or restored from the menu Config Load Configuration The run c...

Page 46: ...console super user session is open That means that if there is a super user session in progress it will be automatically and unconditionally closed when a programmed event is triggered for execution T...

Page 47: ...r at the console or at a server in the network using the syslog facility available in a number of Operating Systems You can select the level of detail of the event logging from 0 to 7 and whether to a...

Page 48: ...allation Guide Disabling some hardware tests will allow a router to reboot faster but might allow the operation of a router with corrupted software or defective hardware By default the RAM test and th...

Page 49: ...ts in the network are simultaneously connected to the external world NAT allows a potentially large network to use only a small pool of valid IP addresses Another instance of NAT is port mapping In th...

Page 50: ...g Security NAT Cyclades PR2000 PR2000 name Configure NAT Menu 1 Global Address 2 Local Address 3 Static Translation 4 Timeout and Options Select option Selecting Global Address allows you to define gl...

Page 51: ...PD connections DNS connections TCP connections and TCP connections with FIN flag no more data from sender or RST flag reset connection set Another NAT option is port translation When port translation...

Page 52: ...for each protocol Because it has to be performed on a packet by packet basis enabling filtering has a potential impact on router performance The PR2000 has CPU processing power much greater than the a...

Page 53: ...tested The deny permit scope for the first rule that matches the packet is applied to it If the packet does not match any of the rules the default deny permit scope for the filter associated to the in...

Page 54: ...previously configured filter The Configure Rules option lets you edit the actual filtering rules for each filter being set When selecting this option you will have to enter the name of the filter to...

Page 55: ...ed on the destination port Allow TCP Connection Type Y to filter TCP connection request packets packets with ACK bit set This will prevent the completion of all TCP connections Type N if you want to a...

Page 56: ...defined The Flow Prioritization option allows you to enable packet prioritization You will be asked to provide the following parameter Data Flow Prioritization Select Active to enable Flow Prioritiza...

Page 57: ...ing allows you to divide an IP network into smaller networks One of the reasons why someone would sub net is to allow the use of one range of addresses over two separate LAN networks The problem is th...

Page 58: ...and use all the remaining IP addresses locally This would be very difficult and inefficient to do using sub netting To do this using the PR2000 bridging emulation feature set Proxy ARP to Active in t...

Page 59: ...ally all the traffic to the destination reached by a Multilink Circuit is balanced among the Main Link s according to the load balance parameters A Backup Link is activated only when a specific event...

Page 60: ...to be added to the multilink circuit Select Add Modify Interface in the Multilink Circuit Menu You will see a menu to select one of the available interfaces Select the interface to be added Select whe...

Page 61: ...the Bandwidth upper limit This number will specify the traffic expressed in percentage of the available bandwidth in the main links that will trigger the activation of a backup link backup load Set ze...

Page 62: ...an traditional RIP protocols OSPF has two main advantages over RIP as a routing protocol it converges and propagates routing changes faster in complex networks and it uses less network throughput for...

Page 63: ...uration is completed and double checked simply change it to Enable If you disable OSPF on the interface you will be asked whether this non OSPF interface should or not be advertised to the OSPF networ...

Page 64: ...st be configured with the same password Metric This parameter sets the metric cost for normal service and is used to calculate the cost of an interface To get balanced routing the cost parameter shoul...

Page 65: ...face OSPF configuration Stub Area The backbone area cannot be a stub area So this question will be presented if you are configuring areas other than the backbone Areas that are connected to the backbo...

Page 66: ...rs for virtual links are identical to those in the OSPF interfaces 11 2 3 Viewing OSPF database and statistics Current OSPF database information can be retrieved under the menu Info Show OSPF Statisti...

Page 67: ...eceive a PR2000 login prompt Once they type a valid user name and password they gain access to the PR2000 application menu so that they can use the router applications Typically a PAD user will open a...

Page 68: ...11 3 Y Binary Speed of Start Stop mode 12 0 Y Flow control of the PAD 13 0 Y LF insertion after CR 14 0 Y Padding after LF 15 0 Y Editing 16 8 Y Character Delete 17 24 Y Line Delete 18 42 Y Line Displ...

Page 69: ...PR2000 Configuration Language PR2000 Installation Guide 67...

Page 70: ...fications are listed in the table below Power Requirements Input voltage range 90 to 264 VAC 13W Input frequency range 47 63 Hz single phase Environmental Conditions Operating temperature 32o to 112o...

Page 71: ...device terminal host computer etc The pinout diagrams are shown below CONSOLE PORT Pin RS 232 Signal 1 RTS 2 DTR 3 TX 4 Ground 5 CTS 6 RX 7 DCD 8 DSR A 2 2 Ethernet Port The PR2000 Ethernet port supp...

Page 72: ...e WAN DB 25 connector with RS 232 Interface WAN RS 232 Pin Signal 1 Cable Shield 2 TxD 3 RxD 4 RTS 5 CTS 6 DSR 7 GND 8 DCD 15 TxCLK DTE 17 RxCLK 20 DTR 22 RI 24 TxCLK DCE WAN DB 25 connector with V 35...

Page 73: ...gnal 1 Shield 2 Signal Timing A 4 Indication B 6 RxD B 7 Ground 9 Control B 11 TxD B 15 Signal Timing B 17 Indication A 19 RxD A 22 Control A 24 TxD A A 2 3 Asynchronous ASYNC Interface RS 232 ASYNC R...

Page 74: ...ooting 26 Event Programming 43 FCC Warning 2 Filtering 50 Firmware Updates 41 Frame Relay 29 Configuration 29 Hardware Specifications 68 HDLC 30 IPX ActivationSee Enabling Optionals See LEDs 18 login...

Page 75: ...10 770 9727 Fax 510 770 0355 Electronic mail sales cyclades com support cyclades com Cyclades Brazil Av Santa Catarina 155 Aeroporto Sao Paulo SP 04635 000 Brazil Phone 55 11 5033 3300 Fax 55 11 5033...

Reviews:

No comments

Brands by name

Popular brands

Load more brands