Cyclades Cyclades-PR4000 Installation Manual Download Page 141 | Manualshive

Page: 141 / 174

background image

Cyclades-PR4000

Chapter 15 - IPX

141

The routing table is displayed by the menu option INFO => SHOW ROUTING TABLE => IPX. For the example,
and using only the static route created above, the routing table appears as in Figure 13.2.

Destination Interface/ Subinterface/

Remote address

hops

ticks

Type

00000001

0

1

PrimaryNet

00A0B000

Ethernet

0

1

Connected

00010001

Slot1 Node 00602E001100

1

1

Static

00B0C000

Slot1

0

1

Connected

FIGURE 13.2 ROUTING TABLE FOR THE EXAMPLE

The SAP (Service Advertisement Protocol) Table

In Novell networks, a given server can provide various services. In order for the router to identify these servers,
their locations and services are entered into a SAP table in the router. This is done using the menu CONFIG
=>IPX => SAP TABLE. The parameters for each entry are shown in the table.

SAP Table Menu CONFIG =>IPX => SAP TABLE

Parameter

Description

Service Type

Service this server offers. ? provides a list of valid codes. For the server Columbo, in
the example, this code is 0166.

Server Name

In the example, the name is Columbo.

Service Network
Number

00000003

Server Node

00602e001111

Server Socket
Number

? provides a list of valid codes.

Number of Hops

Number of routers between this router and the server. 0 in the example.

«
...
139
140
141
142
143
...
»

Summary of Contents for Cyclades-PR4000

Page 1: ...Cyclades PR4000 Installation Manual Mid range Multi protocol Expandable Remote Access Server Cyclades Corporation ...

Page 2: ...he Cyclades PR4000 has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with...

Page 3: ...THE BOX 13 SWAN Expansion Card 14 CHAPTER 3 USING CYROS MENUS 18 Connection Using the Console Cable and a Computer or Terminal 18 Special Keys 20 The CyROS Management Utility 21 Operating the Front Panel Display 25 Modem Overview 26 Interface Overview 28 IP Traffic 29 Syslog Messages 29 System Info 29 CHAPTER 4 STEP BY STEP INSTRUCTIONS FOR COMMON APPLICATIONS 30 Example 1 Using the PR4000 as a Re...

Page 4: ...RFACE 49 CHAPTER 7 THE E1 AND T1 INTERFACES WITHOUT SIGNALING 52 CHAPTER 8 THE E1 AND T1 INTERFACES WITH SIGNALING 57 The CCS Signaling Mode ISDN PRI 59 The CAS Signaling Mode 62 Parameters Independent of Signaling Mode 63 Multilink Options 64 CHAPTER 9 NETWORK PROTOCOLS 75 The IP Protocol 76 The Transparent Bridge Protocol 78 CHAPTER 10 DATA LINK PROTOCOLS ENCAPSULATION 79 PPP The Point to Point ...

Page 5: ... 91 Dynamic Routing 91 Static Routes 92 RIP Configuration 95 OSPF 96 OSPF Configuration on the Interface 97 OSPF Global Configurations 99 BGP 4 Configuration 103 CHAPTER 12 CYROS THE OPERATING SYSTEM 114 Creation of the host table 114 Creation of user accounts and passwords 114 IP Accounting 116 CHAPTER 13 NAT NETWORK ADDRESS TRANSLATION 117 Types of Address Translation 119 ...

Page 6: ...rfaces 139 PPP 139 Frame Relay 140 X 25 140 Routing 140 The SAP Service Advertisement Protocol Table 141 CHAPTER 16 VIRTUAL PRIVATE NETWORK CONFIGURATION 142 APPENDIX A TROUBLESHOOTING 147 What to Do if the Login Screen Does Not Appear When Using a Console 147 What to Do if the Router Does Not Work or Stops Working 148 Testing the Ethernet Interface 149 Testing the WAN Interface 150 How to Test th...

Page 7: ...les 159 Straight Through Cable 159 Cross Cable 160 Router MD V 35 Cable 161 DB 25 to M 34 Adapter 162 162 Cross Cable for Testing the T1 E1 Ports 163 ISO 2110 Standard Cable 164 E1 DB 15 Cable 165 APPENDIX C CONFIGURATION WITHOUT A CONSOLE 166 Requirements 166 Procedure 166 APPENDIX D INSTALLATION OF ADDITIONAL DIGITAL MODEMS 167 INDEX 172 ...

Page 8: ... of all three manuals and the latest version of CyROS can be downloaded from Cyclades web site All manuals indicate on the second page the manual version and the corresponding version of CyROS The first three chapters of this manual should be read in the order written with exceptions given in the text The most appropriate example in Chapter 4 should then be read with chapters 5 through 14 providin...

Page 9: ...l Private Network describes CyROS VPN implementation Appendix A Troubleshooting provides solutions and tests for typical problems Appendix B Hardware Specifications Appendix C Configuration Without a Console Appendix D Modem Installation and Configuration Installation Assumptions This Installation Manual assumes that the reader understands networking basics and is familiar with the terms and conce...

Page 10: ...repended Screen Text Screen Text ESC Enter Simbols representing special keyboard keys Icons Icons are used to draw attention to important text Icon Meaning Why What is Wrong When an error is common text with this icon will mention the symptoms and how to resolve the problem Where Can I Find More Information CyROS contains many features and sometimes related material must be broken up into digestib...

Page 11: ...and software options and versions Information about the environment network carrier etc The product configuration Print out a copy of the listing obtained by selecting INFO SHOW CONFIGURATION ALL A detailed description of the problem The exact error or log messages printed by the router or by any other system The Installation Guide for your product Contact information in case we need to contact yo...

Page 12: ...0 12 Chapter 1 How to Use This Manual The mailing address and general phone numbers for Cyclades Corporation are Cyclades Corporation Phone 01 510 770 9727 Fax 01 510 770 0355 41829 Albrae Street Fremont CA 94538 USA ...

Page 13: ...entation CD Power Cord Mounting Kit with Handles Console Cable Expansion Slot Port 1 T1 E1 Console Port 10 BaseT 100 BaseT 10 BaseT 230 Cyclades PR4000 Port 2 T1 E1 Mounting Kit Cyclades PR4000 Quick Installation Manual Interface Cable Slot 1 0 Console Cable Labeled Console Power Cable Power CD Rom Containing Documentation FIGURE 2 1 ITEMS INCLUDED WITH ALL PR4000 MODELS ...

Page 14: ... a modem or DSU CSU as shown in Figure 2 3 Cables are not included with the product or Straight Cable DB 25 Male V 35 Cable Set DB 25 Female M 34 Male Converter RS 232 Modem with DB 25 Interface DB 25 Male DB 25 Male Slot with SWAN RSV Card Back Panel of PR4000 DB 25 Male V 35 with M 34 Interface DSU CSU FIGURE 2 3 SWAN EXPANSION CARD SHOWING CABLE CONNECTIONS ...

Page 15: ...he trunk can be carried by a separate channel or can share the same channel used to carry data There are three basic signaling protocols ISDN PRI T1 or E1 CAS BR T1 or R2D MFR2 E1 Newer systems use the ISDN PRI signaling protocol with channels dedicated to control With this protocol a T1 line carries 23 phone connections and an E1 line carries 30 phone connections In North America older T1 systems...

Page 16: ... data support is preferable If only one may be chosen voice should be chosen to support modem V 34 V 90 clients and data should be chosen to support clients using ISDN BRI or V 110 The Cyclades PR4000 supports both digital and analog calls and can terminate both at the same time in the same trunk Phone Numbers Hunting Groups and Hunting Sequence Each T1 E1 channel can have a different phone number...

Page 17: ...Order 3 HDB3 and Alternate Mark Inversion AMI HDB3 is the more modern of the two and better suited to digital transmissions Framing This refers to how the data bits are framed in the TDM bus For T1 lines the possibilities are D4 Super Frame D4 or Extended Super Frame ESF ESF provides error checking and should be the choice if available For E1 lines the choices are usually Frame Alignment Signal wi...

Page 18: ...n the Windows operating system or kermit in the Unix operating system The termi nal parameters should be set as follows Serial Speed 9600 bps Data Length 8 bits Parity None Stop Bits 1 stop bit Flow Control Hardware flow control or none Once the console connection is correctly established a Cyclades banner and login prompt should appear on the terminal screen If nothing appears see the first secti...

Page 19: ...d using a short cut method This method must be activated first by choosing a shortcut chraacter in the example that follows in the CONFIG SYSTEM ROUTER DESCRIPTION menu Typing 4 1 1 at the main menu prompt for example is equivalent to choosing option 4 in the main menu Debug then choosing option 1 in the debug menu Trace then choosing option 1 in the trace menu Driver Trace In addition to menus so...

Page 20: ...any traces activated in the Debug Menu On leaving a menu where a change in configuration was made CyROS will ask whether or not the change is to be saved D iscard save to F lash or save to R un configuration Selecting Discard will eliminate all changes made since the last time the question was asked Saving to Flash memory makes all changes permanent The changes are immediately effective and are sa...

Page 21: ... ID and password will be requested these are the same ID and password used with the line terminal interface A clickable image of the router back panel will apear as shown in Figure 3 2 Configuration Menu Interface Text Mode Global Ras Table End HTTP session Firmware version Cyclades PR4000 Cyros V_1 9 0i Mar 28 00 2 Cyros Management Utility FIGURE 3 2 CYROS MANAGEMENT UTILITY HOME PAGE The link Co...

Page 22: ... 11 Apr 18 18 05 Apr 18 18 31 Apr 18 16 05 Apr 18 18 08 Apr 18 17 41 Apr 18 18 10 Apr 18 18 09 Caller ID 1115553000 1115551268 1115554811 1115550000 1115559743 1115557553 1115551174 1115559800 Md 23 V34 28800 26400 LAPM V42Bis Md 12 V90 28800 42666 LAPM V42Bis Md 21 V34 28800 24000 LAPM V42Bis Md 13 V34 28800 16800 LAPM V42Bis Md 17 V90 24000 28000 LAPM V42Bis Md 19 V34 31200 33600 LAPM V42Bis Md ...

Page 23: ...s Change it to UP Username cas Start Session Time Apr 18 00 18 01 29 Elapsed Time 0 11 01 Inactivity Timeout None Caller ID 5554321 modem Id 9 V32B Initial Rate 14400 14400 Current Rate 14400 14400 LAPM V42Bis Number of transmitted Frames 237670 Number of transmitted bytes 106541777 Number of transmission errors 2368 Number of received frames 245235 Number of received bytes 34399893 Number of rece...

Page 24: ...tween name and speed When set to name as shown in Figure 3 5 passing the mouse over a channel displays the username When set to speed it displays the carrier and speed of the connection The ports are color coded with the current status E1 Line Signalling Type CAS BR Inactive Port Hardware Error Port In Test Administrative Down Connection OK Waiting Connection Connecting CyROS Management Utility FI...

Page 25: ...10Base T 100Base T Ethernet 1 10Base T LAN Connection 100Base T RX TX Link Collision Menu Select FIGURE 3 6 FRONT PANEL DISPLAY There are 5 push buttons 4 arrows and one menu selection button Pressing the menu selection button displays the main menu which contains the following options Modem Overview Interface Overview IP Traffic Syslog Messages System Info Reboot If configured to appear using the...

Page 26: ...sent the screen will appear as in Figure 3 7 The box on the upper left is the first modem the upper right is the eight modem and so forth for as many modems as are installed T TR R R ND NO NO ND NO AD AD T TR R ND NO AD Modem Idle Modem Connecting Modem Connected Modem Transmitting and Receiving Modem Transmitting Modem Receiving Modem Administrative Down Modem Not Detected Modem Not Operational R...

Page 27: ... with 30 channels each The box on the upper left is the first channel the upper right is the eighth channel and so forth for as many channels as are configured TR R NO AD T TR R Slot Link Idle Modem Connecting Modem Connected Modem Transmitting and Receiving Modem Transmitting Modem Receiving ND Slot Link Not Configured FIGURE 3 8 SLOT LINK ORDER SCREEN ...

Page 28: ...interface and indicates which modem has been allocated to each channel The ordering of the channels is the same as for the previous screen 01 AD Not Configured Not Connected Connected PRI Admin Down Connected to a modem Number of The Modem Allocated 21 09 25 40 39 01 AD AD AD FIGURE 3 9 INTERFACE OVERVIEW SCREEN ...

Page 29: ... that allows changes in the display of syslog messages Syslog messages are administrative and debug events The following options are available Display Exibits the last syslog message generated by CyROS Arrow keys may be used to see the syslog history Stop New syslog messages are discarded The syslog history remains unchanged Start New syslog messages are stored in the syslog history and are displa...

Page 30: ... after 10 minutes of inactivity All data not explicitly saved to memory is then lost Collecting the data while configuring the router will likely cause delays and frustration Example 1 Using the PR4000 as a Remote Access Server This example explains the configuration of an E1 or T1 line with signaling the most common option when the PR4000 is used as a RAS When the incoming call is made by a compu...

Page 31: ...0 _ _ _ _ _ _ _ _ _ _ Key Pinocchio _ _ _ _ _ _ _ LAN ISDN BRI Line IP Address 100 130 130 1 _ _ _ _ _ _ _ _ _ _ IP Addresses 100 130 130 11 _ _ _ _ _ _ _ _ _ 100 130 130 12 Network 100 130 130 0 _ _ _ _ _ _ _ _ _ _ Mask 255 255 255 0 _ _ _ _ _ _ _ _ _ PC Modem Telephone ISDN Network PR4000 Multiple Calls Telephone Number 5533 3333 _ _ _ _ _ _ _ FIGURE 4 1 RAS EXAMPLE SHOWING DIAL IN USERS ...

Page 32: ...Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Unnumbered Numbered Primary IP Address 100 130 130 1 Subnet Mask 255 255 255 0 Secondary IP Address 0 0 0 0 for none Enable Dynamic Local IP Address No IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Global because NAT is not being used in...

Page 33: ... Bipolar and AMI Signaling Mode CCS for ISDN PRI digital or analog remote access CAS for analog modem based remote access usually used with telephone networks that do not support ISDN Clock Mode CAS only Slave Line Build Out Applies only to T1 The T1 service provider should supply this parameter Receiver Sensitivity Short Haul Companding Mode This value is provided by the T1 E1 line provider A law...

Page 34: ...e More than one Radius server can be configured Fill in the data for your Radius Server in the table below Menu CONFIG SECURITY RADIUS RADIUS STATUS ADD Parameter Example Your Application Radius Server IP Address 100 130 130 200 Radius Server Type Both Authentication and Accounting Radius Server Retries 5 Radius Server Timeout 5 Radius Server Encryption Key pinocchio Radius Server Authentication P...

Page 35: ...ccording to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN WRITE CONFIGURATION TO FLASH Be sure to change the superuser password using the m...

Page 36: ...ITE CONFIGURATION TO FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN LOAD CONFIGURATION FTP SERVER option Instructions for listing the configuration The menu option INFO SHOW CONFIGURATION ALL will list to the terminal scree...

Page 37: ...e you can fill in the parameters for your system Do this now before continuing PC Host Host IP Address Assigned Dynamically RS 232 _ _ _ DSU CSU 192 168 0 10 _ _ _ _ _ _ _ _ _ 192 168 0 1_ _ _ _ _ _ _ _ _ 192 168 0 11 192 168 0 30 _ _ _ _ _ _ _ _ _ PR4000 Network 192 168 0 0 FIGURE 4 6 CONNECTION TO ACCESS PROVIDER USING A SWAN INTERFACE AND A MODEM Please read the entire example and follow the in...

Page 38: ...ACE ETHERNET NETWORK PROTOCOL IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Numbered Unnumbered Numbered Primary IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is frag...

Page 39: ...RS STEP THREE The network protocol parameters shown in Figure 4 9 are similar to those for the Ethernet interface Fill in the parameters for your network in the right most column For an example using NAT where the Primary IP Address is not dynamically assigned see the chapter dedicated to NAT in the Installation Manual Menu CONFIG INTERFACE SWAN NETWORK PROTOCOL IP Parameter Example Your Applicati...

Page 40: ... 0 IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Global Assigned because the IP address of the SWAN interface will be assigned dynamically ICMP Port Inactive Incoming Rule List None filters and traffic control are not included in this example Outgoing Rule List Name None filters and traffic control are not included in this example Routing of ...

Page 41: ...rs appropriate for your system consulting chapter 11 of the Installation Guide for more information if necessary Menu CONFIG INTERFACE SWAN ENCAPSULATION PPP Parameter Example Your Application MLPPP No PPP Inactivity Timeout None so that the connection is never broken Enable Van Jacobson IP Header Compression No Disable LCP Echo Requests No Edit ACCM No Value This will depend on the modem used Tim...

Page 42: ...ion Destination IP Address Type in the word DEFAULT Gateway or Interface Interface because the IP addresses are not known at configuration time Interface Link 1 in the example Is This a Backup Route No OSPF Advertises This Static Route No FIGURE 4 11 STATIC ROUTE MENU PARAMETERS STEP SIX NAT must now be activated There are two varieties of NAT Normal and Expanded This example uses the Normal NAT M...

Page 43: ...re appropriate for this example STEP EIGHT Now that the parameters have been defined enter into each menu described above in the order presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are era...

Page 44: ...re the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN LOAD CONFIGURATION FTP SERVER option Instructions for listing the configuration The menu option INFO SHOW CONFIGURATION ALL will list to the terminal screen the configuration of the router This can be saved as a text file and or ...

Page 45: ...ncapsulation menu are preset at the factory and it is usually not necessary to change them The first step in the Ethernet configuration is to choose which network protocol to use and assign values to the relevant parameters Either IP Transparent Bridge or IPX optional must be activated In this chapter IP Bridges are also described Use the information provided below to set the parameters for the Et...

Page 46: ... the traceroute output However there are security and performance reasons to leave this option Inactive Incoming Rule List Filter rule list for incoming packets See chapter 14 for instructions on how this parameter should be set Detailed Incoming IP Accounting Applies when a list is selected in the previous parameter See explanation of IP Accounting in chapter 12 IP Accounting for a rule requires ...

Page 47: ...without subnetting Whenever a subnetwork is created two IP numbers are lost one describing the network and the other reserved for broadcast This does not occur with an IP Bridge PR4000 PR3000 ETH0 ETH0 200 240 240 1 200 240 240 4 200 240 240 8 200 240 240 2 200 240 240 3 200 240 240 9 Link 1 FIGURE 5 1 IP BRIDGE EXAMPLE ...

Page 48: ...arious sections Up to 8 sections can be defined In the example this value is 200 240 240 4 Ending IP Address to be Bridged Indicates the end of the range of IP addresses to be transferred to another physical location In the example this value is 200 240 240 8 Broadcast Over the Link Allows propagation of broadcast IP packets over this bridge Bridge Over Link Indicates which link forms the other ha...

Page 49: ...arameter is determined by the mode of the device at the other end of the connection Clock Source Applies for Synchronous Mode Whether this interface provides clock for the device at the other end of the cable or vice versa When the interface is connected to a modem the Clock Source is always External Receive Clock Applies for Internal Clock Source When this interface provides clock it can either c...

Page 50: ...o or more points X 25 The X 25 Protocol is generally used to connect to a public network The router can act either as a DTE or a DCE HDLC A proprietary alternative to PPP For synchronous or asynchronous communication PPP The PPP Point to Point protocol is used for leased dial up and ISDN lines Multilink PPP is also provided Information on how to determine the values of the parameters for each data...

Page 51: ...d Applies when Authentication Type is Remote The password the remote device expects to receive Authentication Server Applies when Authentication Type is Server Indicates that either a Radius or Tacacs server is used for validation The location and other parameters of the server must be configured in CONFIG SECURITY See section 4 3 of the CyROS Reference Guide Authentication Protocol Applies when A...

Page 52: ...ed in Europe and many other countries It has a clock speed of 2MHz and has 32 channels with two reserved for signaling Aside from this there are few differences between the two standards in terms of configuration The Controller menu tree for the PR4000 for Signaling Mode None is shown in figure 7 1 Frame Mode Line Code Signaling Mode Clock Mode Line Build Out Receiver Sensitivity Companding Mode A...

Page 53: ...r should supply this parameter Receiver Sensitivity Short haul is usually used Long haul is necessary if attenuation prevents reception of data usually when the router is installed more than 2000 feet from the cable termination For the CCS Signaling Mode ISDN PRI and the CAS Signaling Mode read chapter 8 INSTEAD of this chapter The T1 E1 interface can be broken up into channels defined by timeslot...

Page 54: ...ines the end of the range Timeslot N Applies for Manual Timeslot Allocation Allows inclusion of this timeslot in the channel STEP TWO The parameters for each E1 T1 channel are configured in the CONFIG INTERFACE T1 E1 CHANNEL menu A summary menu tree is given in Figure 7 2 A brief description of each principal item appears in the following table E1 T1 Interface Menu CONFIG INTERFACE T1 E1 CHANNEL M...

Page 55: ... Traffic Control List Frame Relay menu shown in a later figure PPP menu shown in a later figure X 25 menu shown in a later figure HDLC Inactive General Authentication Type Username Password Authentication Server Authentication Protocol Config Interface Channel if Channelized T1 E1 FIGURE 7 2 E1 T1 INTERFACE CONFIGURATION MENU TREE STEP THREE There are many encapsulation options on this interface F...

Page 56: ...ist of users defined in CONFIG SECURITY USERS ADD Server uses either Radius or Tacacs to authenticate the user Remote is when this interface is considered to be the user and the other end of the connection performs the authentication Username Applies when Authentication Type is Remote The username the remote device expects to receive Password Applies when Authentication Type is Remote The password...

Page 57: ...s used for ISDN PRI The first step in the configuration process is to configure the channels using the Controller menu The Controller Menu tree is shown in Figure 8 1 The parameters are described in the table that follows Config Controller E1 T1 Frame Mode Line Code Signaling Mode Clock Mode Receiver Sensitivity Companding Mode Signaling Type Tone Signaling Contry Signaling Switch Type FIGURE 8 1 ...

Page 58: ... Short haul is usually used Long haul is necessary if attenuation prevents reception of data usually when the router is installed more than 2000 feet from the cable termination Companding Mode Defines the compression mode to be used Depends on the telephone exchange and the E1 T1 provider should supply this parameter A law is usually used for E1 lines and u law is usually used for T1 lines Signali...

Page 59: ...used for residential or small business access PRI Primary Rate Interface used to provide access or used by large businesses for access Two PRI interfaces are provided on the PR4000 via E1 or T1 ports with CCS Signaling These connections can be digital or analog via a modem The data layer protocols CHAR PPPCHAR and Slip are used with a modem connection A typical application in an Internet Service P...

Page 60: ...ete Entry Edit Entry Clear All Entries ISDN One Channel Config Interface All Channels Range Destination IP Address DestinationPhone Slot N Channel Same as Add Entry Encapsulation Network Protocol Routing Protocol ISDN Traffic Control Authentication Wizards Bandwidth IP Traffic Control List Authenticarion Type Username Passaword Authentication Server Authenticarion Protocol Same Parameters as One C...

Page 61: ...hen the T200 period passes without a response the command is re sent up to N200 times T203 When no messages are received for T203 seconds an enquiry RR or RNR is sent At the end of this parameter list appears the menu for the dial out table It can also be reached by using the ESC key at any time during the parameter list Each entry is an association between a channel and the IP Address and Phone n...

Page 62: ...one Network FIGURE 8 4 CAS APPLICATION EXAMPLE The CAS Signaling Mode does not have a menu equivalent to the CONFIG INTERFACE T1 E1 ISDN PRI ISDN menu described above Both signaling modes have a mode specific menu at the channel level with different names but basically the same function This menu CONFIG INTERFACE T1 E1 CHANNEL SIGNALING will be described in the next section The Interface Configura...

Page 63: ...cation Server Authentication Protocol Range All Channels FIGURE 8 5 CAS INTERFACE CONFIGURATION MENU TREE Parameters Independent of Signaling Mode The channel specific parameters can be set for each channel individually for a range of channels or for all channels Wizards are available to automatically configure the channels for typical applications Details appear at the end of this chapter The not...

Page 64: ...ptions PPP PPPCHAR CHAR Slip and SlipChar are discussed in chapter 10 Multilink Options There are three ways to make two or more physical links perform as one logical link 1 Multichassis Multilink PPP 2 Multilink PPP 3 CyROS Multilink at the network protocol level Multichassis PPP is a feature that allows two or more connections to different PR4000s on the same LAN act as one logical connection Th...

Page 65: ...cket Packet BC BC PR4000 PR4000 Internet Service Provider FIGURE 8 6 FIRST INCOMING CONNECTION OF A MULTICHASSIS PPP CIRCUIT The RAS that receives the second connection from the same ISDN modem shown in Figure 8 7 has already been informed by the broadcast message that the first RAS has the primary link The connection is set up as a secondary link with this RAS IP 200 200 200 3 in the example as t...

Page 66: ...ntaining the primary link for a given PPP connection The menu option ADMIN KILL VIRTUAL SESSION will show all active secondary links Selecting one of them will cause the master RAS to send a message to the slave RAS holding that secondary link ordering it to drop its connection ISDN Modem Server PR4000 PR4000 Master Slave Link 1 Packet PR4000 Secondary Link Link 2 Packet LAN Primary Link Internet ...

Page 67: ...protocol level When compared to Multilink MLPPP is slightly more efficient and less generic because it applies only to PPP encapsulation Router A Router B Modem Modem Link 2 Bundle 6 Link 1 Bundle 6 Modem Modem FIGURE 8 8 MULTILINK PPP EXAMPLE In Figure 8 8 Router B connects to Router A via two modem connections to achieve a larger bandwidth Router A accepts the two physical connections but treats...

Page 68: ...nly for Multichassis Multilink PPP The menu CONFIG IP MCPPP contains the only two parameters necessary to enable MCPPP The first is the MCPPP End Point Discriminator which must be the same for all RASs that will participate in the Multichassis Multilink PPP Circuit The value of the number is immaterial but it must have the form of a MAC number as shown in the example The other parameter is the MCP...

Page 69: ...rement by zero assigns all channels in the range the same phone number set in the previous item Increment by one assigns consecutive phone numbers to all channels in the selected range Digital Modem Profile ID Applies for Dial in or Both The modem profiles are defined in CONFIG SYSTEM MODEMS DIGITAL MODEM Automatic Dial Out Applies only for ISDN and Dial out If Yes the router will try to connect w...

Page 70: ...eive Password Applies when Authentication Type is Remote The password the remote device expects to receive Authentication Server Applies when Authentication Type is Server Indicates that either a Radius or Tacacs server is used for validation The location and other parameters of the server must be configured in CONFIG SECURITY See section 4 3 Authentication Protocol Applies when Authentication Typ...

Page 71: ...AN Profile Copy From Channel Username Phone Digital Modem Profile ID Remote IP Address Phone Digital Modem Profile ID Primary IP Address Subnet Mask Secondary IP Address Subnet Mask Remote IP Address Type Remote IP Address Phone Digital Modem Profile ID Channel Wizards Config Interface FIGURE 8 10 WIZARDS MENU TREE ...

Page 72: ...ollowing ports will be the numbered consecutively Lan to Lan Profile Used to connect two LANs The only parameters are the Primary IP Address the Subnet Mask any Secondary IP Addresses and Subnet Masks the Remote IP Address Type and the Address For CAS the parameters Phone Number and Digital Modem Profile ID are also requested Copy From Channel Used to copy an entire configuration from one channel ...

Page 73: ...t Bridge Bandwidth IP Traffic Control List Van Jacobson IP Header Compression LCP ECHO Requests Time Interval to Send Config Requests ACCM for Reception Escape Session Character Code Switch Session Character Code Predictor Compression Inactivity Timeout Link Authentication Method Connection Phone Digital Modem Profile ID PPPCHAR Active Unnumbered Depends on the IP Fixed 1500 Global Inactive None N...

Page 74: ...ICMP Port Incoming Filter List Outgoing Filter List None Interface Transparent Bridge Bandwidth IP Traffic Control List Van Jacobson IP Header Compression LCP ECHO Requests Time Interval to Send Config Requests ACCM for Reception Predictor Compression Inactivity Timeout Link Authentication Method Connection Phone Digital Modem Profile ID PPP Active Numbered 1500 Global Inactive None None Inactive ...

Page 75: ...ocol Menu is given in figure 7 1 Note that this menu varies slightly for each interface Specific information on the options for each interface is provided in the CyROS Reference Guide in the chapter for the interface Config Interface IP Transparent Bridge Active Interface Unnumbered Numbered Assign IP from Interface Primary IP address Subnet Mask Secondary IP Address Subnet Mask IP MTU NAT ICMP Po...

Page 76: ...plies to Numbered interfaces Indicates a second or third etc up to eight IP address that can be used to refer to this interface This parameter and the next are repeated until no value is entered Subnet Mask Applies to Numbered interfaces Subnet mask of Secondary IP Address Enable Dynamic Local IP Address The terminal connected through PAD assigns an IP address to the router for purposes of their c...

Page 77: ...ive Incoming Rule List Filter rule list for incoming packets See chapter 12 for instructions on how this parameter should be set Detailed Incoming IP Accounting Applies when a list is selected in the previous parameter See explanation of IP Accounting later in this chapter IP Accounting for a rule requires that the parameter CONFIG RULES LIST IP CONFIGURE RULES ADD RULE ALLOW ACCOUNT PROCESS also ...

Page 78: ...ority For the Spanning Tree Algorithm a priority is given to each link in the router and to each router in the network See CONFIG TRANSPARENT BRIDGE SPANNING TREE in the CyROS Reference Guide for more information Incoming Rule List Name Transparent Bridge rule list name for incoming packets Note Rule lists for Transparent Bridge and IP are created separately See section 4 7 in the CyROS Reference ...

Page 79: ... parameters will appear for all interfaces PPP Menu CONFIG INTERFACE LINK ENCAPSULATION PPP Parameter Description MLPPP Enables Multilink PPP on this interface MLPPP is described in the CyROS Reference Guide for each interface that supports it Leased Dial in etc Applies for MLPPP Yes Type of line used on this link Identification for This Bundle Applies for MLPPP Yes and Dial out or Leased An integ...

Page 80: ...XOFF control characters to the ACCM table Toggle Char Add other control characters to the ACCM table using their ASCII value Typing the option once for example X includes it in the table Typing it again excludes it from the table More details are given in the CyROS Reference Guide Enable Predictor Compression Enables data compression using the Predictor algorithm This feature should be enabled onl...

Page 81: ...er menu without closing the session Username Applies for a Terminal Device Must be entered into the local user table first See chapter 10 If this parameter is left blank the user will have to enter a username Wait for or Start a Connection Applies for Socket Device Wait is used when the remote application will start the communication When Start is used a connection is attempted as soon as the line...

Page 82: ...es with the same frequency or will be considered inoperative Frame Relay FR supports multiple connections over a single link Each data link connection DLC has a unique DLCI data link connection identifier This allows multiple logical connections to be multiplexed over a single channel These are called Permanent Virtual Circuits PVCs The DLCI has only local significance and each end of the logical ...

Page 83: ...to be used ANSI Group of Four defined by the vendors that first implemented Frame Relay Q933a defined by ITU T and None used for a dedicated FR connection without a network T391 Interval between the LMI Status Enquiry messages N391 Full Status Polling Counter Full Status Enquiry messages are sent every N391 th LMI Status Enquiry message N392 Error Threshold The network counts how many events occur...

Page 84: ... table pairing destination network with router interface and gateway A Frame Relay Address Map is also created either statically or dynamically to associate each DLCI with the destination router IP For the router in Salvador the Frame Relay address map will look like this DLCI IP 11 200 1 1 1 21 200 1 1 4 81 200 1 1 3 Data link connections are defined in the Add DLCI menu which appears at the end ...

Page 85: ...85 Rio de Janeiro Network 192 168 201 0 Recife Network 192 168 202 0 São Paulo Network 192 168 200 0 Salvador Network 192 168 203 0 Router Router Router Router 200 1 1 1 200 1 1 4 200 1 1 3 200 1 1 2 11 81 21 FIGURE 8 1 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES ...

Page 86: ...se there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Compression Applies when Predictor Compression Enabled Sixteen is fastest but 1...

Page 87: ...E Router DTE Router DTE FIGURE 8 2 PUBLIC X 25 NETWORK EXAMPLE X 25 A Cyclades Router can act either as a DTE Data terminal Equipment connected to a public X 25 network or as a DTE or DCE Data circuit terminating Equipment as part of a private X 25 network The first case is discussed in this chapter The second case is described in the CyROS Reference Guide Both Permanent Virtual Circuits PVCs and ...

Page 88: ...tive Suppress Calling Address Public X 25 Network This parameter must be chosen according to the guidelines given by the Public X 25 Network provider When activated the sender s Local DTE address is not included in the Call Request Message Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic Configure as DTE or DCE As mentioned above the router ...

Page 89: ...ilized see last parameter in this table Number of Retries N2 Number of times an information frame can be resent without response before the link is considered down TL Time the frame level waits for an acknowledgement for a given frame before re sending it T2 Time that can elapse after receiving a frame until the router must send an acknowledgement T21 Call Request response Timer After this time ha...

Page 90: ...for IP Address Type Enables data compression using the Predictor algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time nec...

Page 91: ...are described in section 4 4 of the CyROS Reference Guide Dynamic Routing Dynamic routing is recommended when the network contains a large number or routers with redundant links between them RIP and OSPF are currently available in the Power Router line RIP is simpler to configure and is appropriate for systems that are stable links do not go down often OSPF is more complicated to configure require...

Page 92: ...142 10 0 2 142 10 0 1 142 10 0 3 142 10 0 4 Router 2 142 10 0 0 Mask 255 255 0 0 192 168 100 0 Mask 255 255 255 0 A B E C D F Network 2 Network 3 Network 1 FIGURE 12 1 STATIC ROUTING EXAMPLE 1 In the first example three networks are connected by 2 routers The routing table for router 1 will automatically include servers A B C and D as they are direct links A static route must be created for access...

Page 93: ...o explain the Gateway or Interface parameter Between the two routers is a point to point connection Another network could be created but is not necessary Both routers can be assigned unnumbered interfaces because everything that leaves one router is sent to the other To define static routes enter the menu CONFIG STATIC ROUTES IP ADD ROUTE A description of the parameters in this menu with the confi...

Page 94: ...he port Ethernet or slot N that will be unnumbered In Example 2 it is Slot 1 Metric Relative cost of this link Generally measured in number of routers between two IP addresses Both Examples 1 Is This a Backup Route Indicates that this route is used as a backup in a multilink circuit See section 4 4 for more information about multilink circuits OSPF Advertises This Static Route Static routes define...

Page 95: ... only RIP2 is used RIP2 with multicast is recommended Unlike static routes RIP is configured on each interface rather than in a global menu The menu is the same for all interfaces and its parameters are presented in the table below RIP Menu CONFIG INTERFACE LINK ROUTING PROTOCOL RIP Parameter Description Send RIP Causes the router to transmit RIP messages Listen RIP Causes the router to accept RIP...

Page 96: ...ter suited to a given network is beyond the scope of this manual An example network using OSPF is given in Figure 12 3 Router 0 Router 1 Router 2 Router 3 AREA 1 AREA 0 Backbone AREA 2 AREA 3 Router 4 Router 5 Virtual Link Link 1 To Another Autonomous System Router 6 Area Border Routers R3 R6 R8 AS Boundary Router R5 Router 7 Router 8 Router 9 AN AUTONOMOUS SYSTEM FIGURE 12 3 OSPF EXAMPLE ...

Page 97: ... will make up the backbone and each area Determine if each router is an area border router or an autonomous system boundary router OSPF Configuration on the Interface STEP TWO Contrary to most other protocols in CyROS OSPF must first be configured on each interface then configured in the CONFIG IP OSPF menu Enter into each interface and set the parameters listed in the table OSPF Menu CONFIG INTER...

Page 98: ...d router Transit Delay in Seconds Estimated transit time in seconds to route a packet through this interface Use the preset value 1 or increase the number for slow links Retransmit Interval Time in seconds between link state advertisement retransmissions for adjacencies belonging to this interface Hello Interval Time in seconds between the hello packets on this interface Dead Interval Inactivity t...

Page 99: ...nly Router 5 is an ASBR The following parameters apply only to Autonomous System Boundary Routers Originate Default Gateway Advertisement Router will advertise itself as the Default Gateway DG Default Gateway External Metric Applies when Originate Default Gateway Advertisement is set to Yes Defines the metric that will be advertised by OSPF Default Gateway External Metric Type Applies when Origina...

Page 100: ...for the interface to be advertised Advertise Static Routes Static routes defined in the router will be converted to OSPF Note that static routes can be configured individually as advertised or not in the parameter CONFIG STATIC ROUTES IP ADD ROUTE OSPF ADVERTISES THIS STATIC ROUTE Both parameters must be Yes for the route to be advertised STEP FOUR The next step is to define the areas created in s...

Page 101: ...SPF NEIGHBORS Parameter Description Interface Link for which neighbors will be defined In the OSPF example consider link 1 of Router 3 Neighbor s IP The router ID of the neighboring router For Router 3 link 1 use the router ID of router 1 Neighbor s Status Enable includes link in OSPF database Enable Inactive leaves link in OSPF database but router at end of link Router 1 in this case no longer pa...

Page 102: ...dress Neighbor s ID Router ID of router at end of virtual link In the example this will be Router 6 Virtual Link Status Activates the virtual link Parameters available only when Virtual Link Status is Active Transit Delay in Seconds Estimated transit time in seconds to route a packet from Router 8 to Router 6 Use the preset value 1 or increase the number for slow links Retransmit Interval in Secon...

Page 103: ...ormance and reduce the size of the routing table If some routes that might be received are undesired they can be filtered as they enter or leave so that they are not placed in the routing table or are not propagated to other autonomous systems This requires the following three steps 3 Create an Access List 4 Add rules to the Access List 5 Return to the Neighbor configuration and match each list to...

Page 104: ... will now be clarified STEP ONE The global parameters apply to the router s AS Classless Inter Domain Routing CIDR Address notation is used instead of the normal IP Address and Subnet mask notation Both are shown in Figure 12 4 Tele Brutus Tele Popeye 100 100 100 2 100 100 100 1 200 200 200 2 AS 310 200 200 200 1 200 50 51 0 200 50 50 0 AS 747 AS 100 255 255 255 0 255 255 255 0 200 50 51 0 24 200 ...

Page 105: ...f the interface routes from the list of routes to be advertised In the example these would be 100 100 100 1 200 200 200 1 and the LAN interface IP address Advertise Static Routes Allows the removal of static routes from the list of routes to be advertised Advertise RIP Routes Allows the removal of routes learned via RIP from the list of routes to be advertised Advertise OSPF Routes Allows the remo...

Page 106: ...e destination IP is this value For Popeye the value would be 100 100 100 1 Passive Causes the router to not initiate BGP connections with this neighbor Transparent AS Yes causes the router to NOT include its own AS number in the AS Path path attribute for update messages sent to this neighbor Transparent NextHop Yes causes the router to NOT alter the NextHop path attribute for update messages sent...

Page 107: ...a filter access list to update messages sent to this neighbor Incoming Community Access List Name Applies a filter access list to update messages received from this neighbor Outgoing Community Access List Name Applies a filter access list to update messages sent to this neighbor Incoming Route Map Number Applies a route map to update messages received from this neighbor Outgoing Route Map Number A...

Page 108: ... type allows filtering by AS number the Dist BGP type allows filtering by IP address and the Community BGP type allows filtering by community In the figure the filtering can be done based either on AS 5 or the address 100 10 0 0 16 Rule Status Enables the rule Default Scope If the default of the list is permit the default of each rule must be deny and the corresponding rule must define which route...

Page 109: ...n Access list popeye_path type AS Path BGP 4 Message From Tele Popeye Seq 2 Rule 2 Rule 2 Rule 0 Rule 0 Rule 0 Rule 1 Rule 1 Rule 1 FIGURE 12 6 UPDATE MESSAGE ARRIVING FROM TELE POPEYE PASSING THROUGH 3 FILTERS AND A ROUTE MAP An update message arriving from the neighbor called Popeye in step 2 will pass through the filters assigned to it in the Neighbor Menu The figure shows the case where the sc...

Page 110: ...ype Applies only for Access List Type equal to Dist BGP Exact filters rules that match the IP Address Mask pair exactly Refine matches more specific routes Rule Distr Address Applies only for Access List Type equal to Dist BGP Applies the rule to routes with this IP number and the mask defined in the next parameter Rule Distr Mask Bitlen Applies only for Access List Type equal to Dist BGP The shor...

Page 111: ...Seq 10 Access list popeye_comm type Community Access list popeye_dist type Distribution Access list popeye_path type AS Path Seq 2 Rule 2 Rule 0 Rule 0 Rule 1 Rule 1 Rule 2 Rule 0 Rule 1 BGP 4 Message From Tele Popeye FIGURE 12 7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST In figure 12 7 the access list popeye_path is associated with sequence 2 of Route Map 1 Instead of the access list causing the di...

Page 112: ...the weight parameter in the neighbor configuration Origin Set Nexthop Set Metric Set Local Preference Set Atomic Aggregate Set Aggregate AS number Set AS Path AS Path Prepend AS Path AS SET These parameters modify the path attributes with the same name in the update message STEP SEVEN The neighbor definition should now be changed again to include the new route map This is done in the Neighbor Menu...

Page 113: ...ddress In the example 200 50 50 0 Mask bitlen The mask for the aggregated address In the example 23 AS Set Yes causes the route to be tagged with the AS Set path attribute Otherwise the AS Sequence path attribute is assigned Summary Only Yes removes all more specific routes leaving only the aggregated form No maintains both the individual and aggregated routes ...

Page 114: ...ame a maximum of 8 characters The IP address to be associated with this host name and the port to be used for telnet is then requested This host name can be used in aplications like ping and telnet and in some other configuration menus Another way to identify hosts by name is to configure access to a DNS Server This is done in the menu CONFIG IP DNS CLIENT The domain name where the router is locat...

Page 115: ...he list of users The parameters are User Name Password User Type Super Usr Auto or PPPAuto User Status Disabled or Enabled Hosts 1 through 4 the host names entered here must already exist in the host table Automatic login name for hosts 1 through 4 only for user of type auto Then the main menu items for this user are determined Telnet Ping Traceroute PPP SLIP Lastly any restrictions as to how the ...

Page 116: ...he criterions defined in a rule Traffic Rules are not supported To see all packets a special rule list permitting everything can be defined Rules are described in chapter 14 Two versions of the IP account table are available for viewing The result of INFO SHOW ACCOUNT TABLE SUMMARY is shown below for four filter rules IP Accounting Table Interface Direction Filter List Rule Bytes Packets Ethernet ...

Page 117: ...of the utility of NAT WWW Server Host Global Address Range Network 200 240 230 224 Mask 255 255 255 240 PR4000 With Expanded NAT PC 200 240 230 2 Router Ethernet Port Primary IP Address 192 168 0 1 Secondary IP Address 200 200 200 1 200 200 200 10 200 200 200 11 192 168 0 5 Networks 192 168 0 0 200 200 200 0 Host ftp Server 192 168 0 31 192 168 0 30 FIGURE 11 1 NAT EXAMPLE In this example the comp...

Page 118: ...een maintained for backward compatibility Expanded NAT provides static translation not only from one IP address to another but from one IP address port pair to another IP address port pair As a preview after configuring the router as shown in the example CONFIG SECURITY NAT L will display NAT Enabled NAT mode Expanded Port map translation Enabled UDP Timeout min 5 DNS Timeout min 1 TCP Timeout min...

Page 119: ...ntly associ ated with one local IP address or global IP address port pair In the example the web server is connected to one of the global IP addresses for services on port 80 reducing the IP address pool to 13 Static address translation is used when the connection with the external network is to be initiated from either side external or internal Translation may be done in two ways 1 Address transl...

Page 120: ...the example three such pairs are defined Timeout Definition of inactivity timeouts for UDP DNS and TCP dynamic NAT translations STEP ONE The first step in the configuration of NAT is to enable NAT and choose the NAT Mode Normal or Extended Only the extended mode is discussed in this chapter The normal mode is a previous version of NAT maintained for backwards compatability See chapter 4 of the CyR...

Page 121: ...me required after the receipt of a FIN RST or SYN Synchronize sequence numbers flag before a TCP translation is removed from the translation table This time can be relatively short because after the TCP connection has been closed there is no further need for its address translation STEP THREE The next step is to define the global address range to which the local addresses will be translated This i...

Page 122: ...ich is translated to an Internet IP address Local Port The port to be translated on the LAN side When a request comes in on port 80 for IP 200 240 230 225 in the example it is sent to the server with IP 192 168 0 31 port 80 STEP FIVE After the NAT menu parameters have been set the NAT property in the Network Protocol Menu of each interface must be configured In the example the IP Address of the Et...

Page 123: ...pter See section 4 7 of the CyROS Reference Guide for more information about all four types of rules As an introduction the Rules List Menu Tree is presented in Figure 12 1 First a rule list is created and named Second rules are added to the list and defined Configuration of IP Filters IP Filter rules are a very important part of a network s firewall They permit packets into or out of the network ...

Page 124: ...tocol Source IP Operator IP Address Start Mask IP Address Start IP Address End Destination IP Operator IP Address Start Mask IP Address Start IP Address End Source Port Operator Source Port Start Source Port End Destination Port Operator Destination Port Start Destination Port End Allow TCP connections Allow Account Process Rule List Name Same as Add Rule List Rule to delete Configure Rules Clear ...

Page 125: ... Network Bastion Host ETH0 ETH0 192 168 0 2 192 168 0 3 10 0 0 0 172 16 0 0 192 168 0 1 Perimeter Network 192 168 0 0 Slot 1 Slot 1 FIGURE 12 2 FIREWALL EXAMPLE Figure 12 2 will be used to show how both an exterior router and an interior router would be configured using the filters available in CyROS ...

Page 126: ... by choosing the Default Scope to be Deny Thus ALL desired traffic must be expressly allowed by the rules in the rule list Let e mail in World of Possib l e P a c k e t s Let e mail out DENY DENY DENY Let Telnet Connections Out FIGURE 12 3 DENY AS DEFAULT SCOPE In Figure 12 3 a conceptual equivalent of the interface is shown All packets except those which fall into the holes in the ball will be de...

Page 127: ...his is done in the menu CONFIG RULES LIST IP CONFIGURE RULES The parameters for rules 0 and 1 in the example are shown in Figure 12 4 3 Link the rule lists to the respective interface parameters in the menu CONFIG INTERFACE INTERFACE NETWORK PROTOCOL INCOMING OUTGOING RULE LIST NAME exterior_in should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list na...

Page 128: ...e Rule List exterior_in Enabled Deny Filter exterior_out Enabled Deny Filter Filter_list Name exterior_in Rule 0 Status Enabled Scope Permit Protocol TCP Source IP Operator None Destination IP Operator Equal Destination IP start 192 168 0 3 Destination IP Mask 255 255 255 255 Source Port Operator Greater than Source Port Start 1023 Destination Port Operator Equal Destination Port Start SMTP TCP co...

Page 129: ... Greater than Destination Port Start 1023 TCP connections allowed N Account Process allowed N FIGURE 12 4 OUTPUT FOR IP FILTERING EXAMPLE Interior Router If an interior router exists in the network the administrator may decide to use a Default Scope of Permit In this case all undesired traffic must be excluded by a rule in the rule list In Figure 12 5 a conceptual equivalent of the interface is sh...

Page 130: ...Forged Packets World of Possi b l e P a c k e t s Don t Allow Access to News PERMIT PERMIT PERMIT Stop Telnets From the Outside Except Bastion Host FIGURE 12 5 PERMIT DEFAULT SCOPE The configuration for Stop forged packets is shown in the following listing ...

Page 131: ...tions allowed Y Account Process allowed N Slot1_in rule 0 prohibits any incoming packets with source IP addresses of the internal network Since the addresses used for internal networks cannot be routed on the Internet they cannot be valid unless there is a leak of traffic through another router to the perimeter network Imagine that as shown in the figure the network is expanded and another range o...

Page 132: ... the division of bandwidth is strictly adhered to 2 Bandwidth Reservation the division with the larger priority can steal bandwidth from the others An example showing the first two types is given in figure 12 6 Network of Client A 50 or more of total bandwidth 25 or less of total bandwidth 25 or less of total bandwidth Client C Client B Link 0 11 11 11 1 Link 3 Link 1 22 22 22 1 Link 2 33 33 33 1 ...

Page 133: ... steal it from Client A However each has the right to 25 of the total bandwidth on link 3 if it is needed This is Traffic Shaping Note that this rule list is applied to link 3 and not separately on links 0 2 Steps for this configuration 1 Create a Traffic Rule list traffic_1 This is done in the CONFIG RULES LIST IP ADD RULE LIST menu with the Rule List Type set to Traffic 2 Create rules for each o...

Page 134: ...e Rule List traffic_1 Enabled Traffic Filter_list Name traffic_1 Rule 0 Status Enabled Flow priority 0 Rule bandwidth 50 Bandwidth priority 1 Protocol 0 Source IP Operator Equal Source IP start 11 11 11 0 Source IP Mask 255 255 255 0 Destination IP Operator None Source Port Operator None Destination Port Operator None ...

Page 135: ... None Destination Port Operator None Rule 2 Status Enabled Flow Priority 0 Rule bandwidth 25 Bandwidth priority 2 Protocol 0 Source IP Operator Equal Source IP start 33 33 33 0 Source IP Mask 255 255 255 0 Destination IP Operator None Source Port Operator None Destination Port Operator None FIGURE 12 7 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1 An example showing the third type of traffi...

Page 136: ... requested The traffic control rule must be placed on link 2 In the case of e mail the important flow is the data leaving the e mail server and not the acknowledgements back This is also governed by link 2 Note flow control could be placed on the data request packets and the SMTP acknowledgements by associating rules to link 1 Web Server E mail Server Web Client E mail Server PR4000 Requests ACKs ...

Page 137: ...l Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List web_access Enabled Traffic Filter_list Name web_access Rule 0 Rule 1 Status Enabled Status Enabled Flow priority 1 Flow Priority 2 Rule bandwidth 0 Rule bandwidth 0 Bandwidth priority 0 Bandwidth priority 0 Protocol TCP Protocol TCP Source IP Operator None Source IP Operator None Destination IP Operator None Destinat...

Page 138: ...X traffic passing through it IPX is not discussed in the other chapters of this manual to avoid confusion for those who are using IP ETH0 Internal Network Number 00000001 IPXWAN Network Number 00B0C000 Internal Network Number 00000002 Mac Address 00 60 2E 00 11 00 IPX Network Number 00A0B000 Static Route Windows Network with Network Number 00010001 Server Named Colombo Novell Network Management St...

Page 139: ...ulation parameter should be set according to the value used by the servers on the network In the menu CONFIG INTERFACE ETHERNET NETWORK PROTOCOL IPX the protocol should be activated and the LAN Network Number 00A0B000 in the example set All other parameters are explained in chapter 5 Configuring Other Interfaces This stage depends on which board is occupying slot 1 and which encapsulation will be ...

Page 140: ...X protocol specific parameters are the same as those described in the PPP section but are located in the menu CONFIG INTERFACE INTERFACE ENCAPSULATION X25 ESC ADD DTE Routing Routing can be done statically by configuring static routes or dynamically using RIP RIP is described in chapter 11 To create a static route as shown in Figure 13 1 navigate to the menu CONFIG STATIC ROUTES IPX ADD ROUTE The ...

Page 141: ...vell networks a given server can provide various services In order for the router to identify these servers their locations and services are entered into a SAP table in the router This is done using the menu CONFIG IPX SAP TABLE The parameters for each entry are shown in the table SAP Table Menu CONFIG IPX SAP TABLE Parameter Description Service Type Service this server offers provides a list of v...

Page 142: ...tion IP address is contained in the Remote Security Network list the message is encrypted and encapsulated The only destination address is that for the remote gateway defined in the Remote Security Network list Upon arrival at the remote gateway the packet is unwrapped and sent to its destination PC PC Message Message Message PR3000 PR4000 Header Header with destination remote security gateway IP ...

Page 143: ...figured and operational before beginning the VPN configuration Each router has an IP address with optional secondary IP addresses for each numbered interface In addition each router has a Router IP Address which is one of the interface IP addresses This router IP address is used whenever a single IP address is needed to identify the router It is critical that each router being used as a remote sec...

Page 144: ... IP 190 190 190 1 Link 1 0 70 70 1 IP 7 16 0 0 IP 172 0 0 0 0 IP 1 Link 1 IP 50 50 50 1 IP Network IP 10 255 255 0 Router IP Address 20 20 20 1 PR2000 Link 1 0 20 20 1 IP 2 RSG2 RSG1 Router IP Address 9 9 9 1 168 0 0 IP 192 Router PR4000 REMOTE SECURITY NETWORK 2 LOCAL SECURITY NETWORK REMOTE SECURITY NETWORK 1 FIGURE 14 2 VIRTUAL PRIVATE NETWORK EXAMPLE ...

Page 145: ...EP FOUR The next step is to define the devices contained in the Local Security Network Navigate to the menu CONFIG SECURITY VPN LOCAL IP NETWORKS ADD NETWORK Enter the Network IP address and mask for all devices to be included in the local network for VPN purposes In the example the networks 10 0 0 0 and 172 16 0 0 must be added Traffic from other networks attached to the router will still be rout...

Page 146: ...nd activated on that network too The VPN Options Menu parameters should be set using the guidelines given below The options should be defined identically for all Remote Security Gateways in a VPN VPN Options Menu CONFIG SECURITY VPN OPTIONS Parameter Description Cyclades VPN Status Activates the Virtual Private Network Warning until VPN is activated on both ends of a given tunnel all traffic will ...

Page 147: ...r on the screen 3 While the router is booting the LEDs labeled Port 1 and Port 2 indicate the stage of the boot process as shown in Figure A 1 Test CPU 3 2 1 Boot Code step 1 Off Off Off On Boot Code CRC check 2 Off Off On off Configuration vector load 3 Off Off On on DRAM test 4 Off On Off off Flash memory Configuration validation 5 Off On Off on Flash memory Code validation 6 Off On On off Inter...

Page 148: ...the cable temporarily to see the CPU status The Port 2 LED should blink consistently one second on one second off If this is not the case see figure A 2 for an interpretation of the blink pattern Event Port 2 LED Morse code Normal Operation S short short short Flash Memory Error Code L long long long Flash Memory Error Configuration S L Ethernet Error S S L No Interface Card Detected S S S L Netwo...

Page 149: ...d see if a modem is being allocated The menu command INFO SHOW DIGITAL MODEMS SHOW STATUS displays the status of each modem and related information This information is also available using the CyROS Management Utility or the LCD display on the front panel See chapter 3 for more information on using CyROS 8 Setting the menu item CONFIG SYSTEM SYSLOG to level 7 will cause the syslog to show if incom...

Page 150: ...0 99 ms 32 bytes from 200 246 93 37 icmp_seq 4 ttl 127 time 0 99 ms 32 bytes from 200 246 93 37 icmp_seq 5 ttl 127 time 0 98 ms 200 246 93 37 ping statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 0 98 1 19 1 96 ms Testing the WAN Interface The WAN interface can be tested using ping as described in the previous section If the ping is not successful check the ...

Page 151: ...se to test ports T1 E1 2 and T1 E1 3 Slot 2 is T1 E1 port 1 and slot 3 is T1 E1 port 2 2 In the T1 E1 2 Tests Menu select Comm Test master 3 In the T1 E1 3 Tests Menu select Comm Test slave The screen output of the test should appear as shown in the following figure Daughter Boards tests statistics Slot 2 E1 Communication test Last Line Mode Status Bandwidth Clock Status Synchronized Master Fracti...

Page 152: ...f modems in your system The maximum is 62 3 The second parameter is Number of Tests to be Performed Enter zero for continuous tests Tests can be stopped at any time with the escape key The test will be performed repeatedly until you use the ESC key After each test results similar to the following will be displayed on the screen TEST NUMBER 1 TESTING 12 MODEMS Resetting communication Waiting for th...

Page 153: ... OK 3 3 60 61 96 24000 33 31 4 OK 4 4 62 63 88 24500 23 0 2 OK 5 5 0 1 91 22750 57 35 9 OK 6 6 2 3 98 24500 23 0 2 OK 7 7 4 5 97 24250 28 110 3 OK 8 8 6 7 99 24750 18 46 1 OK 9 9 8 9 0 0 0 0 0 NOK 10 10 10 11 100 25000 14 0 0 OK 11 11 12 13 98 24500 23 106 2 OK 12 12 14 15 98 24500 23 0 2 OK The Conn column often shows a NOK for a few modems each test due to the short timeout value After a few tes...

Page 154: ... Not Dis Out RXERR TXERR TXBYTES RXBYTES ID Tests Conn Conn bound 0 2 0 0 1 0 0 50056 49846 1 2 0 0 1 0 1 50058 49979 2 2 0 0 1 113 6 50042 49373 3 2 0 0 1 0 0 50016 49944 4 2 0 0 1 74 5 50084 49419 5 2 0 0 1 135 2 50106 49491 6 2 0 0 1 112 11 50094 49177 7 2 0 0 1 102 4 50070 49789 The exact numbers in this output are not important If the ratios RXERR RXBYTES and TXERR TXBYTES are both less than ...

Page 155: ... VAC Some models have an external switch to select between 115 and 230 VAC Models with a universal power supply have an input voltage range of 110 240 VAC Input frequency range 50 60 Hz single phase Power base unit 250W Environmental Conditions Operating temperature 32o to 112o F 0o to 44o Celsius Relative humidity 5 to 95 non condensing Altitude Operating 10 000 feet max 3000 m Physical Specifica...

Page 156: ...peed of 115 2kbps is supported on this port Use a straight through cable to connect to DCE devices modems for example Use a cross cable to connect to a DTE device terminal host computer etc The pinout diagram is shown below 8 1 CONSOLE PORT Pin RS 232 Signal 1 RTS 2 DTR 3 TX 4 Ground 5 CTS 6 RX 7 DCD 8 DSR FIGURE B 1 CONSOLE PORT RS 232 INTERFACE WITH AN RJ 45 FEMALE CONNECTOR ...

Page 157: ...ts IEEE I802 3 physical specifications It provides a single Ethernet interface and supports 10Base T Unshielded Twisted Pair on a standard RJ 45 female connector 8 1 ETHERNET PORT Pin Ethernet Signal 1 TPTX 2 TPTX 3 TPRX 4 N C 5 N C 6 TPRX 7 N C 8 N C FIGURE B 2 ETHERNET PORT RJ 45 FEMALE CONNECTOR ...

Page 158: ...rdware Specifications 158 T1 and E1 Both the T1 and E1 interfaces use an 8 pin RJ 48C female connector T1 E1 Interface Pin Signal 1 RXTIP 2 RXRING 3 N C 4 TXTIP 5 TXRING 6 N C 7 N C 8 N C FIGURE B 3 T1 OR E1 RJ 48C FEMALE CONNECTOR ...

Page 159: ...e optional Straight Through Cable 2 3 4 5 6 7 8 15 17 20 22 24 2 3 4 5 6 7 8 15 17 20 22 24 TxD RxD RTS CTS DSR Gnd DCD TxClk_DTE RxClk DTR RI TxClk_DCE TxD RxD RTS CTS DSR Gnd DCD TxClk_DTE RxClk DTR RI TxClk_DCE Pin DB 25 Male DCE DTE DB 25 Male Cyclades Router Signal Straight Through Cable Pin Signal FIGURE B 4 PINOUT DIAGRAM OF THE STRAIGHT CABLE DB 25 MALE TO DB 25 MALE ...

Page 160: ... TxClk_DTE A 4 15 4 RTS RTS 24 RxClk 5 17 5 CTS CTS 17 8 16 18 8 DCD DCD 19 21 RxClk V 35 B TxClk DCE V 35 B RxClk V 35 A 11 13 RxD V 35 B TxD V 35 B 11 TxD V 35 B RxD V 35 B RxD V 35 A TxD V 35 A 7 24 19 7 Gnd Gnd 15 16 TxClk_DCE V 35 B RxClk V 35 B RxClk V 35 A TxClk DTE V 35 B TxClk DTE V 35 A TxClk_DCE V 35 A TxClk_DTE V 35 B TxClk DCE V 35 A TxClk_DCE TxClk_DTE V 35 A Cross Cable FIGURE B 5 P...

Page 161: ... D E B F S P T R AA Y W U V X PGnd RTS CTS DSR Gnd DCD TxD V 35 B TxD V 35 A RxD V 35 B RxD V 35 A TxClk_DTE V 35 B TxClk_DTE V 35 A TxClk_DCE V 35 B TxClk_DCE V 35 A RxClk V 35 A RxClk V 35 B Signal Pin Pin DB 25 Male Cyclades Router DB 25 Male Telebrás CSU DSU DB 25 Male DB 25 Male R o u t e r M D V 3 5 FIGURE B 6 ROUTER MD V 35 CABLE DB 25 MALE TO DB 25 MALE ...

Page 162: ... V 35 A TxClk_DCE V 35 B DTR TxClk_DCE V 35 A RxClk V 35 A RxClk V 35 B Male Retention Screw Female Retention Screw Female Retention Screw M 34 Male Signal PGnd RTS CTS DSR Gnd DCD TxD B TxD A RxD B RxD A TxClk_DTE B TxClk_DTE A TxClk_DCE B DTR TxClk_DCE A RxClk A RxClk B Pin A C D E B F S P T R AA Y W H U V X Pin 1 4 5 6 7 8 11 12 13 14 16 18 19 20 21 23 25 FIGURE B 7 DB 25 TO M 34 ADAPTER ...

Page 163: ...or Testing the T1 E1 Ports Please see appendix A for a description of the use of this cable 4 TxTip 5 TxRing 1 RxTip 2 RxRing RxTip 1 RxRing 2 TxTip 4 TxRing 5 RJ 48C RJ 48C Loopback Cable FIGURE B 8 PINOUT DIAGRAM OF THE CROSS CABLE FOR TESTS RJ 48C MALE TO RJ 48C MALE ...

Page 164: ... Y W U V X PGnd RTS CTS DSR Gnd DCD TxD V 35 B TxD V 35 A RxD V 35 B RxD V 35 A TxClk_DTE V 35 B TxClk_DTE V 35 A TxClk_DCE V 35 B TxClk_DCE V 35 A RxClk V 35 B RxClk V 35 A Signal Pin Pin DB 25 Male Cyclades Router DB 25 Male V 35 Modem ISO 2110 Standard DB 25 Male DB 25 Male R o u t e r M D 2 1 1 0 FIGURE B 9 PINOUT DIAGRAM OF THE ISO 2110 STANDARD CABLE DB 25 MALE TO DB 25 MALE ...

Page 165: ...Cyclades PR4000 Appendix B Hardware Specifications 165 E1 DB 15 Cable E1 DB15 RJ 45 M Pin 1 2 4 5 ale DB 15 Male Pin 3 11 1 9 E1 DB15 B 10 PINOUT OF THE E1 DB 15 CABLE RJ 45 MALE TO DB 15 MALE ...

Page 166: ... one location to another the configuration should be reset using the menu option ADMIN LOAD CONFIGURATION FACTORY DEFAULTS before the router is moved Procedure 1 Edit the ARP table of the PC in the LAN and associate the MAC address of the router affixed to the underside of the router to the IP address for the interface In Unix and Microsoft Windows systems the command to manipulate the ARP table i...

Page 167: ...d could suffer irreversible damage Please follow the instructions outlined below carefully to avoid damaging the board Step One Unplug the PR4000 from the power source and remove the power cord Remove all cables connecting the PR4000 to other devices Step Two Carry the PR4000 to a workbench or table with an anti static surface and wrist strap If a workbench of this type is not available use the wr...

Page 168: ...ep Five Remove the PR4000 s cover Be careful to not touch any components inside the PR4000 s case as they also can be damaged by static electricity LCD Display_ Cyclades PR4000 Port 2 Port 1 WAN Connection Ethernet 2 10Base T 100Base T Ethernet 1 10Base T LAN Connection 100Base T RX TX Link Collision Menu Select Base Cover ...

Page 169: ...end on the board being installed in a particular slot but installing the first board in slot 0 the second in slot 1 and so on makes the installation of each succeeding board easier It is important that each board be handled as few times as possible Step Seven Confirm that the wrist strap is grounded Remove the modem board from its anti static packaging being careful to not touch the components or ...

Page 170: ...ght Insert the board carefully into the slot aligning the indentations in the board with the guides of the slot Forcing the board or pushing it in at an angle can damage the board and the slot Step Nine Push the board into the slot until the clamps close around the board Slot Clamp ...

Page 171: ... on When the PR4000 boots the following messages should appear two boards are shown in this example DSP Cards Detected OK 8 DSP CARD on DIMM 1 8 DSP CARD on DIMM 2 Loading modem 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 done If there is a problem with the board or if the messages shown above for the correct number of modems do not appear call Cyclades Technical Support The board should be connected t...

Page 172: ...enus 20 L list current configuration 20 Hunting Groups 16 I Icons 10 IP Bridges 47 IP Filter Rules 123 ISDN Switch Type 16 ISDN PRI see E1 and T1 Interfaces with signaling L LEDs 147 Line Coding 17 Lucent Portmaster 3 64 M Manuals for this product 8 Memory flash 20 Menu controller menu PR4000 52 controller menu with signaling 57 E1 T1 interface configuration menu with signaling 64 without signalin...

Page 173: ...tion 133 Signaling Method 17 Signaling Protocols 15 SNMP and IP accounting 116 Static Routes 42 SWAN Expansion Card 14 SWAN Interface 49 testing 150 Syslog 149 T T1 Interface see E1 and T1 Interfaces Technical Support 11 Telephone Numbers 11 Tests of Modems Interfaces 150 Text Conventions 10 Traffic Rule Lists 132 Traffic Shaping 132 Troubleshooting 147 U Using CyROS menus 18 V Version of CyROS ne...

Page 174: ...3 3388 www cyclades com br Cyclades Germany Phone 49 0 81 22 90 99 90 Fax 49 0 81 22 90 999 33 www cyclades de Cyclades UK Phone 44 1724 277179 Fax 44 1724 279981 www uk cyclades com Cyclades Philippines Phone 632 813 0353 Fax 632 655 2610 www ph cyclades com Cyclades Australia Phone 61 7 3279 4320 Fax 61 7 3279 4393 www au cyclades com Cyclades Italy Phone 39 329 0990451 ...

Reviews:

No comments

Related manuals for Cyclades-PR4000

Altos R700 Series

Brand: Acer Pages: 80

Altos G700 series

Brand: Acer Pages: 14

Brand: Acer Pages: 103

Altos R720 Series

Brand: Acer Pages: 104

Brand: Unisys Pages: 20

Brand: Buffalo Pages: 80

Brand: Qeedji Pages: 58

SuperServer 7089P-TR4T

Brand: Supermicro Pages: 155

DL380 Gen 10 AI

Brand: Bosch Pages: 18

Brand: Bosch Pages: 48

Brand: Bosch Pages: 44

Brand: Sony Pages: 2

DAV-LF10 - DVD Dream System Platinum Home Theater

Brand: Sony Pages: 1

DAV-LF10 - DVD Dream System Platinum Home Theater

Brand: Sony Pages: 2

Brand: Sony Pages: 2

Brand: Sony Pages: 1

Brand: Sony Pages: 2

Brand: Sony Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands