Patton electronics IPLink 3210 Series User Manual Download

Page: 1 / 113

IPLink 3210 Series

G.SHDSL VPN Router

Getting Started Guide

Sales Office:

+1 (301) 975-1000

Technical Support:

+1 (301) 975-1007

E-mail:

[email protected]

WWW:

www.patton.com

Document Number:

13220U1-002 Rev. A

Part Number:

07M3210-GS

Revised:

March 22, 2007

Summary of Contents for IPLink 3210 Series

Page 1: ...HDSL VPN Router Getting Started Guide Sales Office 1 301 975 1000 Technical Support 1 301 975 1007 E mail support patton com WWW www patton com Document Number 13220U1 002 Rev A Part Number 07M3210 GS...

Page 2: ...h license Patton Electronics warrants all IPLink router components to be free from defects and will at our option repair or replace the product should it fail within one year from the first date of th...

Page 3: ...iguration 40 5 VPN configuration 45 6 Access control list configuration 57 7 Link scheduler configuration 71 8 LEDs status and monitoring 90 9 Contacting Patton for assistance 92 A Compliance informat...

Page 4: ...Summary Table of Contents IPLink 3210 Series Getting Started Guide 4...

Page 5: ...iptions 22 Applications overview 23 Branch Office virtual private network over Frame Relay service 23 Corporate multi function virtual private network 24 2 Hardware installation 26 Planning the instal...

Page 6: ...N configuration task list 47 Creating an IPsec transformation profile 47 Creating an IPsec policy profile 48 Creating modifying an outgoing ACL profile for IPsec 50 Configuration of an IP interface an...

Page 7: ...heduler configuration 71 Introduction 72 Configuring access control lists 72 Configuring quality of service QoS 73 Applying scheduling at the bottleneck 73 Using traffic classes 73 Introduction to Sch...

Page 8: ...ranty Service and Returned Merchandise Authorizations RMAs 93 Warranty coverage 93 Out of warranty service 94 Returns for credit 94 Return for credit policy 94 RMA numbers 94 Shipping instructions 94...

Page 9: ...Power Adapter 102 C Cabling 103 Introduction 104 Serial console 104 Ethernet 10Base T and 100Base T 105 D Port pin outs 107 Introduction 108 Console port RJ 45 EIA 561 RS 232 108 Ethernet 10Base T and...

Page 10: ...Table of Contents IPLink 3210 Series Getting Started Guide 10...

Page 11: ...he terminal 36 12 Connecting the IPLink VPN Router to the network 38 13 Configuring the G SHDSL card for PPPoE 41 14 Using traffic filters to prevent traffic from being routed to a network 59 15 Deny...

Page 12: ...mmands 43 8 PVC channels in bridged Ethernet mode 43 9 PVC channels in PPPoE mode 43 10 Diagnostics commans 44 11 Command cross reference 77 12 TOS values and their meaning 84 13 Traffic control info...

Page 13: ...evice Chapter 6 on page 57 provides an overview of IP access control lists and describes the tasks involved in their configuration through the IPLink router Chapter 7 on page 71 describes how to use a...

Page 14: ...ORTANT heading calls attention to important information The alert symbol and CAUTION heading indicate a potential hazard Strictly follow the instructions to avoid property damage The shock hazard symb...

Page 15: ...its with an external power adapter the adapter shall be a listed Lim ited Power Source For AC powered units ensure that the power cable used with this device meets all applicable standards for the cou...

Page 16: ...that the proper voltage is present before plugging the power cord into the receptacle Failure to do so could result in equipment damage The interconnecting cables shall be acceptable for external use...

Page 17: ...italic type Parts of commands which are related to elements already named by the user are in boldface italic font Italicized Futura type Variables for which you supply values are in italic font Futura...

Page 18: ...About this guide IPLink 3210 Series Getting Started Guide 18...

Page 19: ...el 3210 Series overview 20 IPLink 3210 Series detailed description 21 Model code extensions 21 Ports descriptions 22 Applications overview 23 Branch Office virtual private network over Frame Relay ser...

Page 20: ...otect against unauthorized users while encryption and anti replay capa bilities preserve data confidentiality Patton s powerful CoS and QoS mechanisms provide traffic shaping and prioritization to gua...

Page 21: ...Ethernet LAN connectivity and a G SHDSL WAN interface see figure 2 Figure 2 IPLink 3210 Series G SHDSL connector Figure 3 IPLink 3210 Series power input connectors Model code extensions A model code e...

Page 22: ...throughput supporting ATM QoS Supports multiple PVC and DSLAM interoperability The DSL LEDs are located on either side of the DSL port ACT when lit or blinking shows activity and Link when lit shoes t...

Page 23: ...QoS services The G SHDSL port pro vides WAN access by means of a leased line connection to the network The following sections show some typical applications for the IPLink 3210 Series This chapter des...

Page 24: ...veraging IPLink s multiple frame relay PVC support see figure 6 The enterprise enjoys the benefits of secure multi office virtual private networking with QoS for prioritized traffic flow for mission c...

Page 25: ...tion of corporation and Internet traffic is managed by using an ACL using IP addresses as the watershed To configure this application you must configure the following features A serial Frame Relay lin...

Page 26: ...Network information 29 Network Diagram 29 IP related information 29 Software tools 29 Power source 29 Location and mounting requirements 30 Installing the VPN router 30 Mounting the VPN router 30 Con...

Page 27: ...efined by the applicable local and international regulations Ensure that your site is properly prepared before beginning installation Before installing the VPN Router device the following tasks should...

Page 28: ...in your site log Table 3 Installation checklist Task Verified by Date Network information available recorded in site log Environmental specifications verified Site power voltages verified Installation...

Page 29: ...ts IP addresses and subnet masks used for the V 35 or X 21 serial WAN port IP addresses and subnet masks used for the T1 E1 WAN port IP addresses of central TFTP Server used for configuration upload a...

Page 30: ...PN Router should be installed in a dry environment with sufficient space to allow air circulation for cooling Note For proper ventilation leave at least 2 inches 5 cm to the left right front and rear...

Page 31: ...a cable terminated with RJ 45 plugs Note Pins not listed are not used Figure 7 Connecting an IPLink 3210 Series device to a hub Installing the DSL cable The IPLink 3210 comes with a G SHDSL interface...

Page 32: ...w describes installing the power cord into the VPN Router Do the following Note Do not connect the power cord to the power outlet at this time 1 If your unit is equipped with an internal power supply...

Page 33: ...figure 9 Congratulations you have finished installing the IPLink VPN Router Now go to chapter 3 Getting started with the IPLink on page 34 The UI and EUI power supplies automatically adjust to accept...

Page 34: ...pter contents Introduction 35 1 Configure IP address 36 Power connection and default configuration 36 Connect with the serial interface 36 Login 37 Changing the IP address 37 2 Connect the IPLink VPN...

Page 35: ...outer to the network 3 Load configuration Console port Serial interface PC or workstation with VT 100 emulation terminal Ethernet interface ETH0 Network interface PC or workstation or VT 100 emulation...

Page 36: ...Console port is wired as an EIA 561 RS 232 port Use the included Model 16F 561 adapter and cable see figure 11 between the IPLink VPN Router s Console port and a PC or workstation s RS 232 serial inte...

Page 37: ...the context IP mode to configure an IP interface 172 16 40 1 cfg context ip router 172 16 40 1 ctx ip router Now you can set your IP address and network mask for the interface eth0 Within this exampl...

Page 38: ...pplication that you can use it to speed up configuring the IPLink router Simply download the configuration note that matches your application to your PC Adapt the configu ration as described in the co...

Page 39: ...k VPN Router has been rebooted the new start up configuration will be activated 172 16 1 99 if ip eth0 reload Running configuration has been changed Do you want to copy the running config to the start...

Page 40: ...nts Introduction 41 Line Setup 41 Configuring PPPoE 41 Configuration Summary 42 Setting up permanent virtual circuits PVC 43 Using PVC channels in bridged Ethernet mode 43 Using PVC channels with PPPo...

Page 41: ...ED on the back of the device is blinking while the modem attempts to connect and lit when the link is established If the modem keeps blinking check the cabling Configuring PPPoE Figure 13 explains how...

Page 42: ...use authentication which is why you bind to a subscriber You can use authentication chap or authentication pap The line bind sub scriber MySubscriber binds the PPPoE session to the PPP subscriber in...

Page 43: ...as if the PVC was a regular Ethernet port Note The bridged PVC connections are internally mapped to VLANs on a virtual Ethernet port 0 2 You will therefore see references to this third Ethernet port w...

Page 44: ...not working there is probably no compatible authentication protocol configured Make sure authentication chap and authentication pap are included in the subscriber setup If only CHAP failed there may b...

Page 45: ...an IP interface and the IP router for IPsec 51 Displaying IPsec configuration information 51 Debugging IPsec 52 Sample configurations 53 IPsec tunnel DES encryption 53 IPLink configuration 53 Cisco r...

Page 46: ...is a combination of the keyed hashing for message authentication HMAC and the mes sage digest version 5 MD5 hash algorithm It requires an authenticator of 128 bit length and calculates a hash of 96 bi...

Page 47: ...c Displaying IPsec configuration information Debugging IPsec Creating an IPsec transformation profile The IPsec transformation profile defines which authentication and or encryption protocols which au...

Page 48: ...cured communication Furthermore the profile defines which IPsec transformation profile to apply and whether transport or tunnel mode shall be most effective The SPI identifies a secured communication...

Page 49: ...see section Authentication on page 46 and Encryption on page 46 or explicit specification Keys must be available for inbound and out bound directions They can be different for the two directions Make...

Page 50: ...passes an ACL if available twice once before and once after encryption authentication So the respective ACLs must permit the encrypted authenticated and the plain traffic For detailed information on h...

Page 51: ...mation This section shows how to display and verify the IPsec configuration information Procedure To display IPsec configuration information Mode Configure Step Command Purpose 1 node cfg context ip r...

Page 52: ...oblems Procedure To debug IPsec connections Mode Configure Example IPsec Debug Output 3210 cfg debug ipsec IPSEC monitor on 23 11 04 ipsec Could not find security association for inbound ESP packet SP...

Page 53: ...ofiles Adjust the IP addresses of the LAN and WAN interfaces Adjust the route for the remote network IPsec tunnel DES encryption IPLink configuration profile ipsec transform DES esp encryption des cbc...

Page 54: ...255 255 252 crypto map VPN_DES ip route 192 168 1 0 255 255 255 0 FastEthernet0 1 IPsec tunnel AES encryption at 256 bit key length AH authentication with HMAC SHA1 96 IPLink configuration profile ips...

Page 55: ...MD5 esp encryption 3des cbc 192 esp authentication hmac md5 96 profile ipsec policy manual VPN_TDES_MD5 use profile ipsec transform TDES_MD5 session key inbound esp authentication 1234567890ABCDEF1234...

Page 56: ...rations 56 IPLink 3210 Series Getting Started Guide 5 VPN configuration match address 110 For the remainder of the configuration see above just change the name of the IPsec policy profile in the ACL p...

Page 57: ...ccess control list 60 Creating an access control list profile and enter configuration mode 61 Adding a filter rule to the current access control list profile 61 Adding an ICMP filter rule to the curre...

Page 58: ...mine whether to forward or drop the packet based on the criteria you specified within the access lists Access list criteria could be the source address of the traffic the destination address of the tr...

Page 59: ...tioned between two parts of your network to control traffic entering or exiting a specific part of your internal network To provide the security benefits of access lists you should configure access li...

Page 60: ...cket matching the criteria to be dropped To delete an entire access control list enter configuration mode and use the no form of the profile acl com mand naming the access list to be deleted e g no pr...

Page 61: ...statements that will make up the access control list Use the no form of this command to delete an access control list profile You cannot delete an access control list profile if it is currently linked...

Page 62: ...control list entry that denies access defined according to the command options Keyword Meaning src The source address to be included in the rule An IP address in dotted decimal format e g 64 231 1 10...

Page 63: ...procedure describes how to create an ICMP access control list entry that denies access Mode Profile access control list Step Command Purpose 1 node pf acl name permit icmp src src wildcard any host s...

Page 64: ...cluded in the rule An IP address in dotted decimal format e g 64 231 1 10 dest wildcard A wildcard for the destination address See src wildcard host dest The address of a single destination host msg n...

Page 65: ...Mode Profile access control list This procedure describes how to create a TCP UDP or SCTP access control list entry that denies access Mode Profile access control list Step Command Purpose 1 node pf...

Page 66: ...dicates that a packets port must be equal to the specified port in order to match the rule lt port Optional Indicates that a packets port must be less than the specified port in order to match the rul...

Page 67: ...ist profile to incoming packets on the interface wan in the IP router context 3210 cfg context ip router 3210 cfg ip router interface wan 3210 cfg if wan use profile acl WanRx in Step Command Purpose...

Page 68: ...rofile Mode Administrator execution or any other mode except the operator execution mode Example Displaying an access control list entries The following example shows how to display the access control...

Page 69: ...e disables the debug monitor for access control lists globally 3210 no debug acl Step Command Purpose 1 node cfg context ip router Selects the IP router context 2 node ctx ip router interface if name...

Page 70: ...s that have to be entered are listed below The commands access the IPLink device via a Telnet session running on a host with IP address 172 16 2 13 which accesses the IPLink via IP interface lan 172 1...

Page 71: ...ist profile 78 Packet classification 78 Creating an access control list 79 Creating a service policy profile 80 Specifying the handling of traffic classes 82 Defining fair queuing weight 82 Defining t...

Page 72: ...hy we apply a rate limit to reduce delay and what a traffic class means Configuring access control lists Packet filtering helps to control packet movement through the network Such control can help to...

Page 73: ...scarce resources really makes a difference Frequently the access link modem is outside of the IPLink and the queueing would happen in the modem which does not distinguish between packet types To impro...

Page 74: ...arbiter to define the arbitration mode and the order in which packets of different classes are served Introduction to Scheduling Scheduling essentially means to determine the order in which packets o...

Page 75: ...ery source had to strictly obey its limit all following packets would also have to be delayed by the same amount and further collisions would reduce the achieved rate even further To avoid this effect...

Page 76: ...ra tion Setting the modem rate To match the data multiplexing of different traffic types to the capacity of the access link is the most common application of the IPLink link scheduler 1 Create a minim...

Page 77: ...rators to straight forwardly configure IPLink devices In table 11 the Cisco IOS Release 12 2 QoS commands are in contrast with the respective IPLink commands Link scheduler configuration task list To...

Page 78: ...eries of packet descriptions like addressed to xyz Those descrip tions are called rules For each packet the list of descriptions is sequentially checked and the first rule that matches decides what ha...

Page 79: ...traffic from a Web server The scenario is depicted in figure 20 The IP address of the Web server is used as source address in the permit statement of the IP filter rule for the access control list Fi...

Page 80: ...ontrol lists the link arbiter needs rules defining how to handle the different traffic classes For that purpose you create a service policy profile The service policy profile defines how the link arbi...

Page 81: ...ies the name of the link arbiter profile to configure On the second line the global band width limit is set The value defining the bandwidth is given in kilobits per second Each service policy profile...

Page 82: ...e classes the values are relative to each other It is recommended to split 100 which can be read as 100 among all available source classes e g with 20 30 and 50 as value for the respec tive share comm...

Page 83: ...the class name Excess pack ets are dropped Used in class mode queuing only happens at the leaf of the arbitration hierarchy tree The no form of this command reverts the queue limit to the internal def...

Page 84: ...ice RFC791 RFC1349 The precedence field is defined by the first three bits and supports eight levels of priority The low est priority is assigned to 0 and the highest priority is 7 The no form of this...

Page 85: ...time critical data Under 802 1p a 4 byte Tag Control Info TCI field is inserted in the Layer 2 header between the Source Address and the MAC Client Type Length field of an Ethernet Frame Table 13 list...

Page 86: ...argument aver age kilobits defines the average permitted rate in kbps the value of the second argument kilobits ahead defines the tolerated burst size in kbps ahead of schedule Excess packets are dro...

Page 87: ...r transmit direction Providers may use input shaping to improve downlink voice jitter in the absence of voice support The default setting no service policy sets the interface to FIFO queuing Mode Inte...

Page 88: ...ueue 10 Displaying link scheduling profile information The show profile service policy command displays link scheduling profile information of an existing ser vice policy profile This command is only...

Page 89: ...all queues of a profile The following example shows how to enable statistic gathering for all traffic classes 3210 enable 3210 configure 3210 cfg profile service policy sample 3210 pf srvpl sample de...

Page 90: ...90 Chapter 8 LEDs status and monitoring Chapter contents Status LEDs 91...

Page 91: ...pplied Off indicates no power applied Run When lit indicates normal operation Flashes once per second during boot startup Ethernet each port Link Lit when Ethernet link is up 100M On when 100 Mbps Eth...

Page 92: ...n Support Headquarters in the USA 93 Alternate Patton support for Europe Middle Ease and Africa EMEA 93 Warranty Service and Returned Merchandise Authorizations RMAs 93 Warranty coverage 93 Out of war...

Page 93: ...75 1007 Fax 1 253 663 5693 Alternate Patton support for Europe Middle Ease and Africa EMEA Online support available at http www patton inalp com E mail support email sent to support patton inalp com w...

Page 94: ...ill be issued upon receipt and inspection of the equipment 30 to 60 days We will add a 20 restocking charge crediting your account with 80 of the purchase price Over 60 days Products will be accepted...

Page 95: ...n Chapter contents Compliance 96 EMC 96 Safety 96 PSTN Regulatory 96 Radio and TV Interference FCC Part 15 96 CE Declaration of Conformity 96 Authorized European Representative 97 FCC Part 68 ACTA Sta...

Page 96: ...will not occur in a particular installation If the IPLink router does cause interference to radio or television reception which can be determined by disconnecting the unit the user is encouraged to t...

Page 97: ...s possible Also you will be advised of your right to file a complaint with the FCC if you believe it is necessary The telephone company may make changes in its facilities equipment operations or proce...

Page 98: ...services 99 Management 99 Operating environment 99 Operating temperature 99 Operating humidity 99 System 100 Dimensions 100 G SHDSL Daughter Card 101 Power supply 102 Internal AC version 102 12VDC ve...

Page 99: ...v2 RFC 1058 and 2453 Programmable static routes ICMP redirect RFC 792 Packet fragmentation DiffServe ToS set or queue per header bits Packet Policing discards excess traffic 802 1p VLAN tagging IPSEC...

Page 100: ...m 100 IPLink 3210 Series Getting Started Guide B Specifications System CPU Motorola MPC875 operating at 66 MHz Memory 32 Mbytes SDRAM 8 Mbytes Flash Dimensions 7 3W x 1 6H x 6 1D in 18 5H x 4 1W x 15...

Page 101: ...G 991 2 Section E 9 TPS TC for ATM transport ITU T G 991 2 Section E 11 TPS TC for PTM transport DSL Connection RJ 11 12 2 wire Management I 610 OAM F4 F5 Management interfaces GUI and Telnet Software...

Page 102: ...ved external SELV source which provides reinforced insulation from the AC mains power and where the DC connector is the disconnect device The source must have a rating of 12 VDC 1 25 A 5VDC Version wi...

Page 103: ...103 Appendix C Cabling Chapter contents Introduction 104 Serial console 104 Ethernet 10Base T and 100Base T 105...

Page 104: ...onnecting a serial terminal Note See section Console port RJ 45 EIA 561 RS 232 on page 108 for console port pin outs The interconnecting cables must be acceptable for external use and must be rated fo...

Page 105: ...ase T are connected to the IPLink over a cable with RJ 45 plugs Use a cross over cable to a host or a straight cable to a hub See figure 25 host and figure 26 on page 106 hub for the different connect...

Page 106: ...et 10Base T and 100Base T 106 IPLink 3210 Series Getting Started Guide C Cabling Figure 26 Ethernet straight through Hub Straight through cable RJ 45 male Tx Tx Rx Rx 1 2 3 6 RJ 45 male 1 Rx 2 Rx 3 Tx...

Page 107: ...107 Appendix D Port pin outs Chapter contents Introduction 108 Console port RJ 45 EIA 561 RS 232 108 Ethernet 10Base T and 100Base T port 109 DSL 109...

Page 108: ...n figure 27 showing the RJ 45 receptacle with the numerical identification of the pin numbers and functions Figure 27 EIA 561 RJ 45 8 pin port Refer to table 17 which tabulates the pin number signal n...

Page 109: ...d 100Base T port The Ethernet ports are auto detect MDI X Note Pins not listed are not used DSL Note Pins not listed are not used Table 18 RJ 45 socket Pin Signal Direction 1 TX from IPLink 2 TX from...

Page 110: ...110 Appendix E IPLink 3210 Series factory configuration Chapter contents Introduction 111...

Page 111: ...APT profile dhcp server DHCP network 192 168 1 0 255 255 255 0 include 192 168 1 10 192 168 1 19 lease 2 hours default router 192 168 1 1 context ip router interface eth0 ipaddress 172 16 40 1 255 255...

Page 112: ...112 Appendix F Installation checklist Chapter contents Introduction 113...

Page 113: ...g Table 20 Installation checklist Task Verified by Date Network information available recorded in site log Environmental specifications verified Site power voltages verified Installation site pre powe...

Search results

Summary of Contents for IPLink 3210 Series

Reviews:

Related manuals for IPLink 3210 Series

Brands by name

Popular brands

Patton electronics IPLink 3210 Series, Getting Started Manual

Search results

Summary of Contents for IPLink 3210 Series

Reviews:

Related manuals for IPLink 3210 Series

Brands by name

Popular brands