manualshive.com logo in svg

Ericsson HL950, Руководство администратора

Пользователи электроники Ericsson HL950 могут бесплатно скачать Руководство администратора для этого продукта с нашего веб-сайта. Этот мануал поможет вам использовать устройство на полную мощность. Посетите manualshive.com для загрузки.

Поделиться
Скачать
background image

Multi Service Edge Device HL950 

Administrator’s Guide 

 

 

 
Page 117 (159)  

 

EN/LZT 108 5995 R3 

  

June 

2003 

6.6.7 IPSEC 

Used to control the IPSEC (Internet Protocol Security) service. 
Authority: ADMIN 
 

Prefixes 

Parameters and Descriptions 

SET 
SHOW 
ADD 
DEL 
START 
STOP 

NAME<STR>

Policy name. Any unique arbitrary string for policy identification.

 

MODE<STR>

IPSec mode. Valid modes are TUNNEL or TRANSP. TUNNEL mode for 

gateway-to-gateway configuration. TRANSPORT mode is rarely used as it only encrypts the 
data portion (payload) of each packet, but leaves the header untouched. It must be used only 
when an application on the security gateway communicates directly with another application.

 

TYPE<STR>

:

 Key management policy type. Valid types are AUTO or MANUAL. In 

MANUAL policy the user decides the keys while in AUTO policy the keys are decided by 
the IPSec gateways automatically. NOTE! You must configure a corresponding IKE for an 
automatic policy.

 

STATUS<STR>

:

 Policy status. Valid values are ACTIVE or INACTIVE. The status 

determines whether the policy is activated or inactive. It may be switched on or off. 

 

ACTION<STR>:

 

Policy action; APPLY, DISCARD, or BYPASS. Default: APPLY 

 

IPSS<IP>

:

 Start of the source IP address range

 

IPSE<IP>

:

 End of the source IP address range

 

SMASK<NUM>

:

 Source address mask bits (1 to 32) can be specified instead of the range end.

 

IPDS<IP>

:

 Start of the destination IP address range

 

IPDE<IP>

:

 End of the destination IP address range

 

DMASK<IP>

:

 Destination address mask (1 to 32) can be specified instead of the range end.

 

SPORT<NUM>

:

 Source port. Default is 0 (allow all ports) but you may decide to activate 

only a specific port.

 

DPORT<NUM>

:

 Destination port. Default is 0 (allow all ports) but you may decide to activate 

only a specific port.

 

PROT<STR>

:

 Protocol type (TCP, UDP, or ICMP; default = allow all protocols). You may 

decide to activate security for a specific protocol. 

 

LSGW<IP>

:

 Local Security gateway IP address. This is the IP address of the WAN 

interface.

 

PSGW<IP>

Peer Security gateway IP address. This is the IP address of the Peer WAN 

interface.

 

SECP<STR>

:

 Security protocols. This parameter decides what type of security protocol to 

use for this security association. Valid values are AH (used for source authentication), ESP 
(used for packet confidentiality), AH+ESP (both AH and ESP as two separate transforms on 
the packet), EWA (ESP with AUTH; performs both encryption and authentication on the 
packet in a single transform), and AH+EWA.  

AHALG<STR>

:

 AH Authentication Algorithm. Valid values are MD5 and SHA1. 

ESPALG<STR>

:

 ESP Encryption Algorithm. Valid values are DES, 3DES, or AES. 

EWAALG<STR>

:

 EWA Authentication Algorithm. Valid values are MD5 and SHA1for ESP 

with AUTH. 
 

OAHKEY<STR>

:

 Outbound AH key (Manual policy) 

IAHKEY<STR>

:

 Inbound AH key (Manual policy) 

OEKEY<STR>

:

 Outbound Encryption key (Manual policy) 

IEKEY<STR>

:

 Inbound Encryption key (Manual policy) 

OEWAKEY<STR>

:

 Outbound Auth key for EWA (Manual policy-ESP with AUTH) 

IEWAKEY<STR>

:

 Inbound Auth key for EWA (Manual policy-ESP with AUTH) 

ISPI<NUM>

:

 Inbound SPI for 1

st

 TF (>255, Manual policy) 

OSPI<NUM>

:

 Outbound SPI for 1

st

 TF (>255, Manual policy) 

Содержание HL950

Страница 1: ...Multi Service Edge Device HL950 Version 2 0 Administrator s Guide ...

Страница 2: ...s are the property of their respective owners Copyright No part of this document may be reproduced in any form without the written permission of the copyright owner The contents of this document are subject to revision without notice due to continued progress in methodology design and manufacturing Ericsson shall have no liability for any error or damage of any kind resulting from the use of this ...

Страница 3: ...TERFACE 18 3 1 Access the Command Line Interface CLI 18 3 1 1 Access the CLI via Console Port 18 3 1 2 Access the CLI via Ethernet Local LAN 18 3 1 3 Access the CLI from a Network Management Center 19 3 1 4 User Accounts and Access Rights 19 3 2 Command Structure 20 3 2 1 Main Commands 20 3 2 2 Commands for Functions and Services 20 3 3 Command Conventions 21 3 4 Command Navigation 22 3 4 1 Gettin...

Страница 4: ... Typical ATM VCC Example 58 4 5 3 DATA ETHERNET 59 4 5 4 DATA PHY 63 4 5 5 DATA WANAAL5 63 4 5 6 Example Network Scenarios 65 4 5 7 LINE SERIAL X1 68 4 5 8 TELEPHONY FXS 68 4 5 9 WAN SHDSL 69 4 5 10 Debug and Verification Tips 70 4 6 Configure Security 71 4 6 1 Stateful Inspection Firewall 71 4 6 2 NAT with ALG support 75 4 6 3 IPSec Management 77 4 7 Configure Service 84 4 7 1 Quality of Service ...

Страница 5: ... 11 FTP 96 6 1 12 LINE 97 6 1 13 LOGOFF 97 6 1 14 LS 97 6 1 15 LSR 97 6 1 16 MKDIR 98 6 1 17 MV 98 6 1 18 PASSWORD 98 6 1 19 PING 98 6 1 20 PWD 99 6 1 21 QKEY 99 6 1 22 RELOAD 99 6 1 23 RM 100 6 1 24 RMDIR 100 6 1 25 SAVE 100 6 1 26 TAR 101 6 1 27 TFTP 101 6 1 28 UPGRADE 102 6 1 29 WHOAMI 102 6 1 30 WHOISON 103 6 1 31 XCP 103 6 1 32 XRM 103 6 2 CES Commands and Parameters 104 6 2 1 ATM 104 6 2 2 I...

Страница 6: ...112 6 5 8 WAN SHDSL 112 6 6 SECURITY Commands and Parameters 114 6 6 1 ACCESS 114 6 6 2 ALG 114 6 6 3 CERTIFICATE 114 6 6 4 CONNECTION 115 6 6 5 FIREWALL 115 6 6 6 IKE 116 6 6 7 IPSEC 117 6 6 8 NAT 118 6 7 SERVICE Commands and Parameters 119 6 7 1 DHCP 119 6 7 2 NFS 119 6 7 3 QOS 120 6 7 4 RIP 120 6 7 5 SNMP 120 6 7 6 SNTP 121 6 7 7 SSH 122 6 7 8 TELNET 122 6 7 9 TFTP 122 6 8 SYSTEM Commands and P...

Страница 7: ...nced E1 130 7 4 2 Unbalanced E1 131 7 5 Serial Interfaces 131 7 5 1 V 35 132 7 5 2 V 36 133 7 5 3 X 21 134 7 6 FXS and Life Line Interfaces 135 8 TROUBLESHOOTING 136 8 1 Reset System Password 136 8 2 Troubleshooting Upgrades 136 9 IMPORTANT INFORMATION 137 9 1 Product Care and Maintenance 137 9 2 Freeware Licenses 137 9 2 1 Java Runtime Environment JRE v1 4 1 137 9 2 2 OpenSSH 137 9 2 3 OpenSSL 14...

Страница 8: ...tor s Guide EN LZT 108 5995 R3 Page 8 159 June 2003 9 4 1 EU Directives 143 9 4 2 Safety Approval 144 9 4 3 EMC Approval 144 9 4 4 Telecom Approval 144 9 4 5 Caution 145 9 4 6 Environmental Information 145 9 4 7 Intended Use 145 10 GLOSSARY 147 ...

Страница 9: ...Adaptive Clocking and Axerra Mode 51 Figure 22 View of Element and Prefixes for the DATA Command 53 Figure 23 View of Element and Prefixes for the GOS Command 57 Figure 24 View of Elements and Prefixes for the INTERFACE Command 58 Figure 25 Integrated Routing 59 Figure 26 Multi VLAN Support 60 Figure 27 Routed Protocols over ATM PVCs 65 Figure 28 Bridged Protocols over ATM PVCs 66 Figure 29 Bridge...

Страница 10: ...for the Ethernet Ports 129 Table 4 Pin and Signals for the SHDSL Port 0 129 Table 5 Pin and Signals for the SHDSL Port 1 130 Table 6 Pin and Signals for the E1 T1 Connector 130 Table 7 Pin and Signals for the E1 Transmit Connector 131 Table 8 Pin and Signals for the E1 Receive Connector 131 Table 9 Pin and Signals for the M 34 V 35 Connector 132 Table 10 Pin and Signals for the DB37 V 36 Connector...

Страница 11: ...included in the HL950 Chapter 3 The Command Line Interface Describes how to access and use the HL950 Command Line Interface Chapter 4 Configuration Explains how to perform the initial configuration as well as how to make additional configuration of each of the HL950 supported types of interfaces and services Chapter 5 Operation and Maintenance Describes maintenance and file transfers such as back ...

Страница 12: ...placed with what is indicated within the brackets port number Alternatives in a command are separated by a line on off Default values in commands are underlined cesoip axerra rad The following symbol is used for special information NOTE Provides special information 1 2 Related Documents Product Description Multi Service Edge Device HL950 Version 2 0 Document Number 2 1551 ZAT75963 RevB Quick Insta...

Страница 13: ...nferencing The HL950 offers integrated data and voice services for small and medium sized enterprises It provides a complete set of services ranging from basic access provisioning to advanced voice and exchange functionality The HL950 version 2 0 allows leased line replacement through ATM or IP leased line emulation over integrated ATM or IP broadband access In addition it can link to existing or ...

Страница 14: ...nsparent bridging and switching of local Ethernet LANs over both an ATM and a twisted pair Ethernet access network connection This service supports Layer 2 VLANs IP VPN The HL950 supports creation of secure connections over shared or public IP networks using the IPSec protocol IP Firewall The HL950 includes an ICSA certified Stateful Inspection Firewall with ALG s for the most common uses IP QoS P...

Страница 15: ...mm W x 275 mm D x 54 mm H Freestanding or 19 rack placement 2 3 1 Baseboard DTC 1000 The baseboard is based on a high performance MIPS32 4Km architecture network processor with integrated hardware engines for packet processing voice processing and on chip accelerated encryption decryption The baseboard includes Dual 10 100 Base T Ethernet ports IEEE802 3 for WAN access and for local networking The...

Страница 16: ... connections 2 3 3 2 Serial Module This user interface provides a single port for V 35 V 36 X 21 n x 64 Kbps synchronous services It includes a 60 pin universal serial connector which through different cable adapters provide the following interfaces V 35 34 pin Winchester female connector ISO 2593 V 36 37 pin Sub D female connector ISO 4902 X 21 15 pin Sub D female connector ISO 4903 2 3 4 TIF Mod...

Страница 17: ...rd EU UK X 21 Cable Adapter ZAT 759 63 A2011 HL950 CES over ATM Configuration WAN SHDSL LIF SC V 35 Power cord EU UK V 35 Cable Adapter ZAT 759 63 A2012 HL950 CES over IP Configuration WAN Ethernet LIF E1 Power cord EU UK ZAT 759 63 A301 MSED Baseboard DTC NTM 101 793 1 MSED WIF DUAL SHDSL Module NTM 101 794 1 MSED LIF E1 Module NTM 101 795 1 MSED LIF SC V 35 V 36 X 21 Module NTM 101 796 1 MSED TI...

Страница 18: ...connect as follows In the Connection Description dialog box enter a name and select an icon for the connection In the Connect to dialog box select COM1 or COM2 depending on which serial port you are using In the COM1 or COM2 Properties dialog box enter the following port settings Baud rate 9600 Data 8 bit Parity none Stop 1 bit Flow Control none The HL950 displays the command line Enter the user n...

Страница 19: ...s 1 Use Telnet to access the HL950 CLI from a Network Management workstation For information on using Telnet see Access the CLI from a Local LAN above 2 Use FTP TFTP or SFTP upload and download files and for general OAM 3 1 4 User Accounts and Access Rights The HL950 CLI supports two different user accounts ROOT with factory default user name root and default password snowbomb USER with factory de...

Страница 20: ...TP UPGRADE WHOAMI WHOISON XCP XRM Figure 5 Main Commands for the HL950 CLI 3 2 2 Commands for Functions and Services The commands for functions and services are divided into three parts Prefixes Subgroups and Elements The command convention is a combination of prefix subgroup element followed by a number of parameters and their values 3 2 2 1 Command Prefixes There are eight command prefixes as fo...

Страница 21: ...en command components and parameters can be omitted The commas that separate parameters can be followed by a space for readability There are four types of parameters BOOL Boolean Logical either or values such as Yes or No On or Off or True or False The default is Yes On or True which can be used interchangeably If you specify a Boolean parameter without a value the default of Yes On or True is app...

Страница 22: ...oups Type help and press Enter to display instructions that explain CLI convention used special keys and other helpful information You can also type help at the beginning of a command for example help data arp to see all of the parameters and information for that command NOTE When you display the CLI help function occasionally you will see parameters preceded with an x This is internal notation in...

Страница 23: ...tile memory If you save a faulty configuration to non volatile memory and your system fails as systems with faulty configuration tend to do you may not be able to restart To commit data changes to non volatile memory by means of the save command you typically do not need to stop the object and then start it again If an object needs to be stopped and restarted the system will prompt you to do so 4 ...

Страница 24: ...m started on the PC Figure 6 System Setup for Initial Configuration 4 Insert the configuration CD provided in the PC The installation program starts automatically 5 Follow the on screen instructions 6 When the initial configuration procedure has been completed the HL950 automatically reboots and starts up the WAN with operator adapted parameters 7 After reboot the installation program checks that ...

Страница 25: ... signals at each end Figure 7 View of Elements and Prefixes for the CES Command The HL950 supports CES for CPE serial synchronous and E1 T1 lines CES over ATM AAL1 is used for UDT CES ATM services The HL950 also supports two modes of CES over IP Axerra mode also known as CESoPSN is for operator private line replacement Axerra mode allows operators to aggregate CES traffic using the Axerra AXN line...

Страница 26: ...ix is used for setting the record s parameter values The VCNAME value is used for mapping to ATM VCC individuals in the lower ATM layer while the NAME value is used for mapping to upper layer objects The SAVE command is used to commit new parameter values to non volatile memory For detailed information about prefixes and parameters for the CES ATM command see section 6 2 1 4 2 2 Typical CES over A...

Страница 27: ...S from service provider In other words the clocking configuration in HL950 is deriving a network clock source from the common ATM network In this case each HL950 is configured with a set interface wan shdsl ntrmode ref8k statement referencing the SHDSL ATM port The line code on both PABXs is High Density Binary 3 HDB3 This is default on the HL950 so it does not need to be explicitly configured PVC...

Страница 28: ...an shdsl LIF E1 Module Configuration HL950 set interface line x1 tmode unframed cmode master HL950 start interface line x1 ATM VCC Configuration HL950 add interface atm vcc name dslam type aal1 vcc 0 40 srvtype cbr pcr 2309500 CES Application Configuration HL950 add ces atm name hl950_2 vcname dslam speed e1 type udt clock network jb 10 HL950 start ces atm name hl950_2 ____________________________...

Страница 29: ...n CDV which you can configure with the set ces atm name abcd jb command The default values is 10 milliseconds The measured value is displayed in the output of the show ces atm name abcd jb command In the figure above PABX1 provides the clock source to the ATM network PABX2 is clocked from the Branch Office HL950 extracted adaptive clock The line code on both PABXs is High Density Binary 3 HDB3 Thi...

Страница 30: ...et interface wan shdsl ntrmode local HL950 start interface wan shdsl LIF E1 Module Configuration HL950 set interface line x1 tmode unframed cmode master HL950 start interface line x1 ATM VCC Configuration HL950 add interface atm vcc name dslam type aal1 vcc 0 40 srvtype cbr pcr 2309500 CES Application Configuration HL950 add ces atm name hl950_2 vcname dslam type udt clock adaptive jb 10 HL950 sta...

Страница 31: ...he common ATM network In this case each HL950 is configured with a set interface wan shdsl ntrmode ref8k statement referencing the SHDSL ATM port PVC 0 40 is used between HL950 and DSLAM The HL950 Headquarters configuration refer to Figure 11 __________________________________________________________________________________ WIF 2x SHDSL Module Configuration HL950 set interface wan shdsl ntrmode re...

Страница 32: ...ce line serial ATM VCC Configuration HL950 add interface atm vcc name dslam type aal1 vcc 0 40 srvtype cbr pcr 578000 CES Application Configuration HL950 add ces atm name hl950_2 vcname dslam type udt clock network jb 10 speed 8 HL950 start ces atm name hl950_2 __________________________________________________________________________________ Verification tips To verify that the CES circuits are u...

Страница 33: ...es atm name abcd jb command The default values is 10 milliseconds The measured value is displayed in the output of the show ces atm name abcd jb command In the figure above Router1 provides the clock source to the ATM network Router2 is clocked from the Branch Office HL950 extracted adaptive clock PVC 0 40 is used between HL950 and DSLAM NOTE In this mode the regenerated clock is subject to networ...

Страница 34: ...ne serial cts on dsr on dcd on txcsrc int rxcsrc txc HL950 start interface line serial ATM VCC Configuration HL950 add interface atm vcc name dslam type aal1 vcc 0 40 srvtype cbr pcr 578000 CES Application Configuration HL950 add ces atm name hl950_2 vcname dslam type udt clock adaptive jb 21 speed 8 HL950 start ces atm name hl950_2 _________________________________________________________________...

Страница 35: ...ce PRS from service provider We will use the following command to implement this network topology The HL950s derives a network clock source from DSLAM which is directly connected with the set interface wan shdsl ntrmode ref8k command The line code on both PABXs is High Density Binary 3 HDB3 This is default on the HL950 so it does not need to be explicitly configured PVC 0 40 is used between HL950 ...

Страница 36: ... __________________________________________________________________________________ WIF 2x SHDSL Module Configuration HL950 set interface wan shdsl ntrmode ref8k HL950 start interface wan shdsl LIF E1 Module Configuration HL950 set interface line x1 tmode framed cmode master HL950 start interface line x1 ATM VCC Configuration HL950 add interface atm vcc name dslam type aal1 vcc 0 40 srvtype cbr pc...

Страница 37: ...layer 1 The ATM network uses these bits to help resolve problems with cell delay variation cell misinsertion and cell loss AAL1 transfers data in two modes Structured Maps one or more E1 or T1 digital signal level 0 DS 0 time slots to an ATM permanent virtual circuit PVC Each DS 0 time slot or channel represents a single Nx64 circuit that can transmit CBR data at a rate of 64 kbps For example many...

Страница 38: ...fy miss sequenced missinserted and missing ATM cells Sequence Number Protection Field Cyclic Redundancy Check CRC Protects important timing and sequencing information carried in the CSI and sequence count fields Parity Provides additional protection against bit errors in the AAL1 header Covers the first seven bits of the header that CSI sequence count and CRC 3 4 2 4 2 Understanding the Pointer By...

Страница 39: ...ollowing points Cell rates are derived by dividing the required user octet rate by the number of user octets carried per cell In other words the cell rate generally is calculated with a formula that uses 47 bytes per cell not the full 53 bytes AAL1 robs a further byte from the 48 byte payload portion for an AAL1 header See ITU T Recommendation I 363 1 for the format of the header During a cycle of...

Страница 40: ... Three Structured CES with Partial Fill Formula 8000 x N K 64000 x N K where K is the number of octets filled per cell that is the partial cell value If we keep the same circuit as Example Two and simply change the partial fill value to 20 note that the bit rate stays the same and the cell rate increases significantly from 1366 to 3200 The reason for this is that partial fill means the CES hardwar...

Страница 41: ... about prefixes and parameters for the CES IP command see chapter 6 2 2 4 2 6 Typical CES over IP Examples The following examples show how to configure CES for IP the default parameter values are underlined 1 Set the interface HL950 set interface line x1 ftype e1 t1 lcode hdb3 ami b8zs tmode unframed framed crc on off cas on off cmode master slave loop remote local both off HL950 save to store the...

Страница 42: ... interface line x1 6 Start the CESoIP session HL950 start ces ip name name HL950 save to store the auto start configuration 7 Show CESoIP statistics status HL950 show ces ip name name stats yes 8 To turn on tagging for CES traffic HL950 set service qos serv ces port port number tos tos number cos cos number Where PORT allows you to specify a port number for QoS instead of a service ...

Страница 43: ... is proportional to the maximum packet delay variation PDV which you can configure with the set ces ip name abcd jb command The default value is 10 milliseconds The measured value is displayed in the output of the show ces ip name abcd jb command In the figure above PABX1 provides the clock source to the IP network PABX2 is clocked from the Branch Office HL950 extracted adaptive clock NOTE In this...

Страница 44: ...interface data Ethernet if eth0 LIF E1 Module Configuration HL950 set interface line x1 tmode unframed cmode master HL950 start interface line x1 CES Application Configuration HL950 add ces ip name hl950_2 ip 10 1 10 1 port 2142 payload 256 cesoip axerra clock adaptive jb 10 HL950 start ces ip name hl950_2 __________________________________________________________________________________ Verificat...

Страница 45: ... most stable clocking configuration is to clock HL950 off the PABXs and allow the telephone network to distribute an adequate clock source NOTE These clocks must be of equal accuracy and must be in phase The HL950 Headquarters configuration refer to Figure 18 __________________________________________________________________________________ Ethernet Configuration HL950 set interface data ethernet ...

Страница 46: ...art interface line x1 CES Application Configuration HL950 add ces ip name hl950_2 ip 10 1 10 1 port 2142 payload 256 cesoip axerra clock external jb 10 HL950 start ces ip name hl950_2 __________________________________________________________________________________ Verification tips To verify that the CES circuits are up on both sides use the show ces ip command Use the show interface data ethern...

Страница 47: ...e is 10 milliseconds The measured value is displayed in the output of the show ces ip name abcd jb command In the picture above PABX1 provides the clock source to the IP network PABX2 is clocked from the Branch Office HL950 extracted adaptive clock NOTE In this mode the regenerated clock is subject to network Packet Delay Variation and may not comply with jitter and wander specifications The HL950...

Страница 48: ...50 set interface line x1 tmode unframed cmode master HL950 start interface line x1 CES Application Configuration HL950 add ces ip name hl950_2 ip 10 1 10 1 port 1 payload 192 cesoip rad clock adaptive jb 10 HL950 start ces ip name hl950_2 __________________________________________________________________________________ Verification tips To verify that the CES circuits are up on both sides use the...

Страница 49: ...most stable clocking configuration is to clock HL950 off the PABXs and allow the telephone network to distribute an adequate clock source NOTE These clocks must be of equal accuracy and must be in phase The HL950 Headquarters configuration refer to Figure 20 __________________________________________________________________________________ Ethernet Configuration HL950 set interface data ethernet i...

Страница 50: ... start interface line x1 CES Application Configuration HL950 add ces ip name hl950_2 ip 10 1 10 1 port 1 payload 192 cesoip rad clock external jb 10 HL950 start ces ip name hl950_2 __________________________________________________________________________________ Verification tips To verify that the CES circuits are up on both sides use the show ces ip command Use the show interface data ethernet ...

Страница 51: ...ck mask is a SDT and CAS channel bitmask of which channels with the bit of the far right is the first Time Slot TS0 In the example Time Slots 1 2 3 4 5 6 7 8 9 10 11 12 13 and 14 TS0 framing and TS15 signaling are skipped along with the upper 16 time slots as their mask is all 0 s NOTE In this mode the regenerated clock is subject to network Packet Delay Variation and may not comply with jitter an...

Страница 52: ...50 add ces ip name test ip 10 1 10 1 cesoip axerra type sdt mask 0x00007ffe __________________________________________________________________________________ Verification tips To verify that the CES circuits are up on both sides use the show ces ip command Use the show interface data ethernet stats command so that the IP is established between the HL950 and the Edge Router To verify that there ar...

Страница 53: ...ut prefixes and parameters for the DATA commands see the subsections in chapter 6 3 4 3 1 APPSTAT The DATA APPSTAT command displays statistics for active data application sessions CESoIP VoIP etc including packet counts packet rates timestamps and the like Since there can be multiple data application session streams running you can show reset the statistics for a single session 4 3 2 ARP Use the D...

Страница 54: ... Domain Name msed ericsson net Primary DNS Server 206 13 28 12 Secondary DNS Server 206 13 31 12 The Domain name and DNS server IP addresses are deleted resettled as shown in the following example HL950 set data dns dns1 0 HL950 show data dns Domain Name msed ericsson net Primary DNS Server 206 13 31 12 Secondary DNS Server 0 0 0 0 HL950 set data dns domain dns1 0 HL950 show data dns Domain Name P...

Страница 55: ... can also choose to display the statistics for all protocols as shown in the example below HL950 show data protocol Protocol Statistics IP total 30854 badsum 0 tooshort 0 toosmall 0 badhlen 0 badlen 0 infragments 0 fragdropped 0 fragtimeout 0 forward 0 cantforward 242 redirectsent 0 unknownprotocol 0 nobuffers 0 reassembled 0 outfragments 0 noroute 0 TCP 2946 packets sent 1757 data packets 85247 b...

Страница 56: ...h no ports 0 full socket 1 pcb cache lookup failed 0 pcb hash lookup failed ICMP 0 call to icmp_error 0 error not generated because old message was icmp 0 message with bad code fields 0 message minimum length 0 bad checksum 0 message with bad length 0 message response generated EXECUTED 0 4 3 8 ROUTE The DATA ROUTE command is used to display and change the current routes The following example show...

Страница 57: ...uality of multiple concurrent IP services GoS protects the critical traffic flows without reducing the bandwidth or performance of real time data The following elements are used for GoS configuration and control Figure 23 View of Element and Prefixes for the GOS Command For detailed information about prefixes and parameters for the GOS command see sections 6 4 1 to 6 4 7 ...

Страница 58: ... IPL scenario The INTERFACE ATM VCC command is used to configure the ATM layer VCC with VPI VCI values and the service CBR VBR or UBR categories Each VC individual is assigned a name NAME which value is used to map VCC individuals to upper layer objects The ADD command prefix is used to add a new VCC individual the SET command prefix is used to set the parameter values for the VCC individual and t...

Страница 59: ...DATA WANAAL5 interface for bridging or for IP routing services An IFNAME interface name is provided so that a configuration record can be mapped to each Ethernet port Figure 25 Integrated Routing For detailed information about prefixes and parameters for the INTERFACE DATA ETHERNET command see section 6 5 2 4 5 3 1 Typical DATA ETHERNET Examples To configure the DATA ETHERNET interface perform the...

Страница 60: ...ports PHYs These two physical Ethernet ports eth0 and eth1 are always present and cannot be deleted You can attach any or all of these virtual Ethernet interfaces in any combination with eth0 and eth1 The virtual Ethernet interfaces eth2 through eth9 can be added or deleted by using HL950 add interface data ethernet phy 0 vid 20 Added ETH interface eth2 EXECUTED 0 HL950 add interface data ethernet...

Страница 61: ...an be used for both WAN and LAN access but VLAN implementation is only for LAN interfaces The following example shows the Ethernet specifications for both the physical and the virtual Ethernet ports eth0 settings Started No Link DOWN Phy Number 0 Interface type LAN MAC address 00 80 37 84 F2 6F Speed Auto negotiate DHCP No IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Data Mode Routed VLAN ID None Max Tr...

Страница 62: ...umber 0 Interface type LAN MAC address 00 80 37 84 F2 6F Speed Auto negotiate DHCP No IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Data Mode Routed VLAN ID 40 Max Transmission Unit 1500 eth5 settings Started No Link DOWN Phy Number 1 Interface type LAN MAC address 00 80 37 84 F2 70 Speed Auto negotiate DHCP No IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Data Mode Routed VLAN ID 50 Max Transmission Unit 1500 ...

Страница 63: ...otiate DHCP No IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Data Mode Routed VLAN ID 90 Max Transmission Unit 1500 EXECUTED 4 5 4 DATA PHY The DATA PHY command is used to show statistics for the physical Ethernet interfaces 0 and 1 For detailed information about prefixes and parameters for the INTERFACE DATA PHY command see chapter 6 5 3 4 5 5 DATA WANAAL5 The DATA WANAAL5 interface is an ATM Adaptation...

Страница 64: ... For detailed information about prefixes and parameters for the INTERFACE DATA WANAAL5 command see section 6 5 4 4 5 5 1 Typical DATA WANAAL5 Examples To configure a DATA WANAAL5 interface perform the following steps default values are underlined 1 Add an ATM VCC profile HL950 add interface atm vcc name name type aal1 aal2 aal5 vcc vpi vci srvtype cbr ubr vbrrt vbrnrt HL950 save to store the ATM V...

Страница 65: ...a header is not necessary Logical Link Control LLC Encapsulation The user multiplexes multiple protocols over a single ATM VC The protocol of a carried data unit PDU is identified by prefixing the PDU with an LLC header PVC 0 38 is used between HL950 and DSLAM Figure 27 Routed Protocols over ATM PVCs The HL950 configuration refer to Figure 27 _______________________________________________________...

Страница 66: ...an LLC encapsulation but reduces overhead because a header is not necessary Logical Link Control LLC Encapsulation The user multiplexes multiple protocols over a single ATM VC The protocol of a carried data unit PDU is identified by prefixing the PDU with an LLC header PVC 0 38 used between HL950 and DSLAM Figure 28 Bridged Protocols over ATM PVCs The HL950 configuration refer to Figure 28 _______...

Страница 67: ...ses more VCs than LLC encapsulation but reduces overhead because a header is not necessary Logical Link Control LLC Encapsulation The user multiplexes multiple protocols over a single ATM VC The protocol of a carried data unit PDU is identified by prefixing the PDU with an LLC header PVC 0 38 used between HL950 and DSLAM Figure 29 Bridged Encapsulation PVCs using LLC or VCMux The HL950 configurati...

Страница 68: ...tions available for synchronous serial E1 and T1 ports the line coding and the use of connector pins There is no IF Name however since version 2 0 supports one port and consequently there is no requirement for multiple records For detailed information about prefixes and parameters for the INTERFACE LINE SERIAL and X1 commands see sections 6 5 5 and 6 5 6 4 5 7 1 Typical LINE X1 Example To configur...

Страница 69: ...tion 6 5 8 4 5 9 1 Typical WAN SHDSL Examples The following example shows the applicable WAN SHDSL interface commands Note that the SAVE command is used after SET to commit new data to non volatile memory and that DBC partial matching is accepted by the system Use the SHOW prefix to verify that the parameter changes have been correctly committed To set up the WAN SHDSL interface perform the follow...

Страница 70: ...ce atm vcc stats command to display all ATM PVCs and traffic information including the interface number of the PVC Displays all PVCs on the specified interface Use the show interface data wanaal5 stats command to display all WAN traffic information Use the show interface wan shdsl command to show the trained up speed for the DSL link Use the show data bridge stats command to display all Bridge dat...

Страница 71: ...such as stateful inspection firewall IPSec NAT and dynamic remote user access The SECURITY command and elements are used to manage the security services in the HL950 Figure 30 View of Elements and Prefixes for the SECURITY Command 4 6 1 Stateful Inspection Firewall The Firewall protects your internal network from Internet intruders It also effectively controls the internal usage of a network and I...

Страница 72: ...and lets you define an access scheme for the HL950 system from the internal external and DMZ networks Use the SET prefix to enable disable the following access rules Web Login from LAN WAN and DMZ enables HTTP configuration access from the respective network interface Ping from LAN WAN and DMZ enables you to control whether or not ping ICMP Echo Request packets and ICMP Echo Response packets belon...

Страница 73: ... the services on the Internet or the DMZ Each access policy is made up of two components one is traffic selector and other is traffic controller Traffic selector component defines the set of network traffic for which this policy will be applied and traffic controller component defines the rules to treat the selected traffic Most of the network traffic is logical connection based Each logical conne...

Страница 74: ... Policy 2 Allow outgoing traffic that is initiated from IP addresses that belong inside the corporate LAN This prevents address spoofing by internal users HL950 add security firewall type lanout ipss 192 168 10 0 smask 24 ipdn any psn any pdn any prot all log true ppos begin allow true At this time you may remove the pre configured policy allowing traffic from any IP address to any IP address as i...

Страница 75: ...rities in the list as the following HL950 set security firewall pnum 19 ppos end HL950 set security firewall pnum 22 move true 4 6 2 NAT with ALG support By enabling NAT the HL950 hides the IP addresses of machines from the WAN before the data goes out from inside the firewall By performing NAT internal machines in a LAN can access the Internet from a local server as if they were logged on to the ...

Страница 76: ...Many NAT is used when you want to map an internal private IP address to public IP address from a group of registered public IP addresses Figure 34 Example of Many to Many NAT In the example above the computer with the IP address 192 168 0 0 will translate to the first available IP address in the range from 213 18 123 150 The NAT policies can be deployed for your network access when configuring oth...

Страница 77: ...keeper Enabled msgudp Enabled rpc Enabled ike Enabled n2p Enabled pcanywhere Enabled l2tp Enabled sipalg Enabled rtsp554 Enabled rtsp7070 Enabled h323 Enabled msgtcp Enabled irc Enabled aim Enabled pptp Enabled ftp Enabled web Enabled smtp Enabled dummy Enabled icq Enabled msn Enabled ils Enabled cuseeme Enabled mszone Enabled EXECUTED 0 For detailed information about prefixes and parameters for t...

Страница 78: ...ulti Service Edge Device HL950 Administrator s Guide EN LZT 108 5995 R3 Page 78 159 June 2003 Figure 35 Point to Point Virtual Private Network IPSec Figure 36 Multiple Point Virtual Private Network IPSec ...

Страница 79: ...s configured In the case of Manual Key Management the administrator has to configure the SA manually A SA contains the authentication algorithms the encryption blue prints authentication and encryption keys and the expirations Use the IPSEC element to add VPN policies the IKE element to add IKE policies and the CERTIFICATE element to add certificates as described in the following subsections 4 6 3...

Страница 80: ...535 Protocol type allow you to set the transport protocol for this VPN policy selector It can be set to TCP UDP or ICMP If you don t set a protocol type all transport protocols riding on IP will be allowed Peer Security Gateway the IP address of the remote end of the VPN tunnel i e WAN IP address of the remote Security Gateway Local Security Gateway the IP address of the local end of the VPN tunne...

Страница 81: ...Initiator only or Responder only For detailed information about prefixes and parameters for the SECURITY IKE command see section 6 6 6 4 6 3 2 1 Typical IKE Examples The following gives some examples of IKE configuration Example 1 Both SG s are initiators and responders to IKE requests The key exchange mode is aggressive Perfect forward secrecy is not set and the user provides the key The lifetime...

Страница 82: ... 11 ridd 10 0 1 11 pkey qwertyuiopasdfgh DATA2 add security ike name BBDMPFS1PKEY type both mode main lidt ipv4 ridt ipv4 etyp 3des atyp md 5 dhgr modp1024 pfs true amode pkey lsgw 10 0 1 11 lidd 10 0 1 11 rsgw 10 0 1 10 ridd 10 0 1 10 pkey qwertyuiopasdfgh 4 6 3 3 CERTIFICATE The SECURITY CERTIFICATE command is used to control the Certificate service Digital certificates are strings generated usi...

Страница 83: ...ceeds as per the VPN policies specified for the user system Two types of certificates can be configured SSC and SC Self Certificate that are issued by the CAs which are usable over the Net Trusted Certificate that is the public key of the CA For detailed information about prefixes and parameters for the SECURITY CERTIFICATE command see section 6 6 3 ...

Страница 84: ...ms There are also a number of IP applications NFS FTP TFTP etc available for remote management for software downloads and for log file uploads Your HL950 also comes with a Configuration CD that you can use if necessary to restore your HL950 to its initial configuration Figure 38 View of Element and Prefixes for the SERVICE Command For detailed information about prefixes and parameters for the SERV...

Страница 85: ...0 set service qos serv snmp port 161 tos 1 cos 7 EXECUTED 0 HL950 show service qos serv all QoS Daemon QoS Daemon Running Realtime Settings Circuit Emulation Service CES Type of Service 0xB8 Class of Service 7 Voice Over IP VOIP Type of Service 0xB8 Class of Service 7 Name Port ToS CoS Type Description HTTP 80 0x02 Static Hyper Text Transfer Protocol Web SNMP 161 0x01 7 Static Simple Network Manag...

Страница 86: ...une 2003 4 8 Configure System The SYSTEM level configuration commands are used for supervision and control of the HL950 Figure 39 View of Element and Prefixes for the SYSTEM Command For detailed information about prefixes and parameters for the SYSTEM command see sections 6 8 1 to 6 8 10 ...

Страница 87: ...ixes for the VOICE Command Figure 41 Voice over ATM BLES For detailed information about prefixes and parameters for the VOICE command see sections 6 9 1 to 6 9 3 4 9 1 1 Configure the BLES ATM Service The VOICE MEDIA ATM command combined with the SET prefix is used for configuring BLES ATM parameters The HL950 provides BLES over ATM AAL2 using CAS signaling according to ATM Forum AF VMOA 0145 000 ...

Страница 88: ...1 2 Manage the ATM and FXS ports The VOICE PORT ATM is used for managing the BLES ports and the VOICE PORT FXS is used for controlling the FxS ports The HL950 supports CLIP transmission to the analogue ports in on hook and off hook state It also provides echo cancellation for received voice signal for 16 simultaneous voice channels 4 9 1 3 Lifeline Support Life line support is provided through a l...

Страница 89: ...igure VGW The VGW command is used for starting stopping the Voice GateWay VGW and related modules Figure 42 View of Elements and Prefixes for the VGW Command Start the Voice Gateway by using the START VGW SERVICE For detailed information about prefixes and parameters for the VGW command see section 6 10 1 ...

Страница 90: ...w modules do not work as expected you can capture debugging information using the following command HL950 set system modules name module name level none misc trace debug all 3 To redirect the message logs to your predefined location you can use HL950 set system logging and specify the new location details 5 3 Back Up To preserve your HL950 configuration you should back up your system when you init...

Страница 91: ...tion And the system will be rebooted automatically Do you want to proceed Y N 3 If you enter Y the system will copy the configuration files from the backup archive and then restart the system If you want to restore from a backup image other than the one in the root directory you must copy the desired file into the HL950 root directory and if necessary rename it to systemname tar where systemname i...

Страница 92: ... upgrades the system prompts you for the name of the bootrom file This file should be located in the root directory 5 5 2 Upgrade System JOGWARE To upgrade your system JOGWARE file 1 From the HL950 CLI enter HL950 upgrade jogware 2 The system responds Going to upgrade the jogware File source NET LOC NET TFTP server w x y z File name jogware bin Getting jogware bin from TFTP Where w x y z is the IP...

Страница 93: ...ctory of the HL950 to be upgraded HL950 upgrade bootrom Going to upgrade the bootrom File source NET LOC NET loc File name bootrom bin Proceed to upgrade the bootrom with bootrom bin Y N Y Reprogramming flash with new image Erasing blocks from 0 to 8 Start writing to Flash at 0x00000000 Flash written successfully Success EXECUTED 0 HL950 HL950 upgrade jogware Going to upgrade the jogware File sour...

Страница 94: ... take a considerable amount of time and may leave the command line interpreter prompt and input displayed as ASCII corrector symbols To return the CLI to normal text display you will have to logoff and log back onto the HL950 6 1 2 CD Changes the default directory Authority EVERYONE Syntax cat pathname directoryname Parameter s Example user cd logs This command moves from the present directory to ...

Страница 95: ...figuration from a backup file reset Reset the system configuration to factory defaults file optional Specifies the file name to back up to or restore from Example root config backup msedbk12 root config reset 6 1 6 CP Copies a file into another file directory Authority ADMIN Syntax cp source file path filename destination file path new file name Parameter s Example root cp startup log monday log 6...

Страница 96: ...cluding JOGWARE However BOOTROM is not affected allowing you to reboot after formatting your device Authority ADMIN Syntax format volume device Parameter s Example 6 1 11 FTP Starts the FTP daemon Authority ADMIN Syntax ftp i host user pwd get put source dest Parameter s i Specifies Binary transfer mode host Specifies the remote host The host name can either be in dotted decimal format or if you a...

Страница 97: ... do not specify a file name lines are added to the file startup scr The HL950 automatically runs this start up script file every time the HL950 boots Example user add line this is a test hello world sample log 6 1 13 LOGOFF Logs the user off the HL950 You are not prompted to verify that you want to logoff Authority EVERYONE Syntax logoff Parameter s Example 6 1 14 LS Generate a brief listing of th...

Страница 98: ... directory to the hl950 subdirectory 6 1 18 PASSWORD Changes the current users password or disables password checking To reset the system password to factory default see the Troubleshooting chapter Authority EVERYONE for changing password but ADMIN for disabling enabling password check Syntax SET SHOW password old new enable disable Parameter s Example root password Enter old password abcd1234 Ent...

Страница 99: ...SET SHOW QKEY 0 9 command string to use YES NO Parameter s QKEY 0 9 A number between 0 and 9 YES NO Whether to automatically execute the string or not Default YES If you specify NO the QKEY will type the string at the prompt and wait for your input You must press Enter to run the command string Example set qkey 0 show system modules yes Programs the 0 number key to display the modules installed To...

Страница 100: ...ted The pathname must not be specified if you issue the command at the same level as the directory you want to delete The directory must be empty before you can delete it Example root rmdir msedtest EXECUTED 0 6 1 25 SAVE Commits database changes to non volatile memory Authority ADMIN Syntax save Parameter s Example HL950 save Notice that when you have made changes to the system and these changes ...

Страница 101: ...C Parameter s C Creates a tar file from the specified directory dir X Extracts files from the specified tar file dir Directory to use to create the tar file for the C option only fileC Name of tar file to be created for the C option only fileX Name of tar file to be extracted for the X option only The syntax is not case sensitive Example HL950 tar c me msedtar Creating tar file msedtar done HL950 ...

Страница 102: ...e ipaddress y interactive mode Parameter s Example See chapter Operation and Maintenance 6 1 29 WHOAMI Displays information about your current account with optional group details Authority EVERYONE Syntax whoami details Parameter s Example whoami Name Groups State Inherit Access Authentication DEV DEVELOPERS Enabled Yes CTSW Internal EXECUTED whoami details Name Groups State Inherit Access Authent...

Страница 103: ...nation Parameter s source Specifies the filenames using wild cards destination Specifies the location for the copied files Example HL950 xcp menlo menlodir Copies all the files with names starting with menlo to the subdirectory named menlodir 6 1 32 XRM Delete multiple files using the asterisk as a wild card Authority ADMIN Syntax xrm dir Parameter s dir Specifies the filenames using wild cards Ex...

Страница 104: ...ault 0x7F CLOCK STR Clock to be taken from ADAPT IVE NETWORK EXTERNAL or INTERNAL Default NETWORK JB NUM Jitter buffer delay in milliseconds Default 10 STATS BOOL Whether to display the session statistics Default NO AC BOOL Whether to show the adaptive clock statistics Only useful when the clock is set to ADAPTIVE JBINFO BOOL Whether to show the jitter buffer information RESET BOOL Whether to rese...

Страница 105: ...f which channels with the bit of the far right is the first Time slot TS0 Default 0xFFFFFFFE STATS BOOL Whether to display the session statistics Default NO AC BOOL Whether to show the adaptive clock statistics Only useful when the clock is set to ADAPTIVE JBINFO BOOL Whether to show the jitter buffer information RESET BOOL Whether to reset the session statistics Default NO PORT in AXERRA mode is ...

Страница 106: ...splay or change the ARP Address Resolution Protocol table Authority EVERYONE Prefixes Parameters and Descriptions SHOW ADD DEL IP STR IP Address or Host name to map to the MAC Ethernet address MAC STR MAC Address to map to IP FLUSH BOOL Whether to flush all entries in the ARP table 6 3 3 BRIDGE Used to configure the Bridge data service Authority EVERYONE Prefixes Parameters and Descriptions SET SH...

Страница 107: ...splays the current connections Authority EVERYONE Prefix Parameters and Descriptions SHOW No parameters required with this prefix 6 3 7 PROTOCOL Displays the statistics on a specified protocol Authority EVERYONE Prefix Parameters and Descriptions SHOW PROTOCOL STR Specifies the protocol Valid choices are IP TCP UDP ICMP and ALL RESET BOOL Whether to reset the statistics counters 6 3 8 ROUTE Used t...

Страница 108: ...ty ADMIN Prefixes Parameters and Descriptions SET SHOW ADD DEL NAME STR Name to identify the classification LK NUM Link number QG STR GoS Quality Group A1 A2 A3 B1 B2 B3 C1 C2 C3 or BE TYPE STR SMAC DMAC VLAN COS TOS DIFF ECN SPORT DPORT SIP DIP or IPPROTO VALUE STR Value to filter against Port supports common names MASK STR Used with some filters DEFAULT BOOL Default entry ADD only 6 4 4 FILTER U...

Страница 109: ...nk 6 4 6 QUALGP Used to configure GoS quality groups Authority ADMIN Prefixes Parameters and Descriptions SET SHOW DEL LK NUM Link number QG STR GoS Quality Group A1 A2 A3 B1 B2 B3 C1 C2 C3 or BE TYPE STR Quality Group type POLICED or CAR Default POLICED RATE NUM Rate as a percentage of MAXRATE for a Quality Group BURST NUM Burst rate as a percentage of uncommitted bandwidth for a Quality Group 6 ...

Страница 110: ...ontrol the Ethernet data interfaces Authority EVERYONE Prefixes Parameters and Descriptions SET SHOW ADD DEL START STOP IF STR Interface name The HL950 supports two physical interfaces eth0 and eth1 as well as eight virtual interfaces eth2 through eth9 PHY NUM The physical layer number Valid values are 0 and 1 DHCP BOOL Whether to use DHCP for the interface configuration RENEW BOOL Renew an existi...

Страница 111: ... the SERIAL line interface The CTS DSR and DCD parameters control the permanent state of the line Authority EVERYONE Prefixes Parameters and Descriptions SET SHOW START STOP CTS BOOL Specify the Clear To Send 106 handshake option of the interface DSR BOOL Specify the Data Set Ready 107 handshake option of the interface DCD BOOL Specify the Data Carrier Detect DCD RLSD 109 handshake option of the i...

Страница 112: ...d Descriptions SET SHOW CMODE STR Specifies the TDM clock mode Valid values are INTERNAL and NETWORK PFILE STR Slac coefficient file blank to use default 6 5 8 WAN SHDSL Used to control the G SHDSL WAN interface Authority EVERYONE Prefixes Parameters and Descriptions SET SHOW START STOP INTF NUM Specifies the interface number 0 interface 0 1 interface 1 and 2 all TTYPE STR Terminal type Valid valu...

Страница 113: ...XSTART RXSTART and STOP STATUS BOOL Whether to display the interface status FSTATS BOOL Whether to display the framer statistics CFG BOOL Whether to display configuration settings EOC BOOL Enable or disable EOC LOOP STR Specifies the loop back action Valid values are REMOTE ANALOG DIGITAL and OFF The DSLAM uses the EOS Embedded Operations Channel to interrogate the HL950 for performance data softw...

Страница 114: ...m DMZ PINGDMZ BOOL Enable or disable Ping from DMZ TELDMZ BOOL Enable or disable Telnet from DMZ 6 6 2 ALG Used to manage ALGs Application Level Gateways Authority ADMIN Prefixes Parameters and Descriptions SHOW START STOP NAME STR ALG Name 6 6 3 CERTIFICATE Used to control the Certificate service Authority ADMIN Prefixes Parameters and Descriptions SET SHOW ADD DEL NAME STR Unique certificate nam...

Страница 115: ...toWAN or WANtoDMZ Packet Source Identifiers IPSN STR Source IP address name ANY or OTHER Default OTHER IPSS IP Start source IP address range IPSE IP End source IP address range SMASK NUM Source IP address mask bits 0 to 32 PSN STR Source port name ANY SAFE or OTHER PSS NUM Start source port range PSE NUM End source port range Packet Destination Identifiers IPDN STR Destination IP address name ANY ...

Страница 116: ...ifier This is the local security gateway identifier used during IKE RIDT STR Remote Security Gateway Identifier type IPV4 FQDN UFQDN or DASN1 This is used to identify the peer security gateway during key exchange You may use IPV4 a version 4 IP address FQDN a fully qualified domain name UFQDN a user fully qualified domain name or an ASN1 domain name RIDD STR Remote Security Gateway Identifier This...

Страница 117: ...DMASK IP Destination address mask 1 to 32 can be specified instead of the range end SPORT NUM Source port Default is 0 allow all ports but you may decide to activate only a specific port DPORT NUM Destination port Default is 0 allow all ports but you may decide to activate only a specific port PROT STR Protocol type TCP UDP or ICMP default allow all protocols You may decide to activate security fo...

Страница 118: ...ally It must be the same for the Peer security gateway ALL BOOL Whether to display all inbound and outbound policies 6 6 8 NAT Used to control the NAT Network Address Translation service Authority ADMIN Prefixes Parameters and Descriptions SET SHOW ADD DEL START STOP NAME STR NAT policy name TYPE STR NAT type Valid values are ONE ONE MANY ONE and MANY MANY DIRECTION STR Policy type Valid values ar...

Страница 119: ...ess for static host SIP IP IP Address for static host SNAME STR Name for static host RELAY BOOL Enable or Disable DHCP relay on interface DHCPSRV STR External DHCP server for relay e g 192 168 2 160 or abc ericsson com BOOTSRV STR External Bootp server for relay e g 192 168 2 160 or abc ericsson com OPTIONS BOOL Whether to display all options need interface name e g DNS name PARAM BOOL Whether to ...

Страница 120: ...ed routes 0 EXPIRE NUM Set the expired time of RIP routes 0 This is the maximum time for which a route entry can exist in the table before it will be automatically timed out MCAST BOOL Enable or disable Multicast If Multicast is enabled the box will send RIP messages to the predefined multicast address of 224 0 0 9 Otherwise packets will be transmitted to the broadcast of each interface DEBUG NUM ...

Страница 121: ...gent Version Trap SNMPv1 Port 161 Get Community public Set Community private SNMP Notification Trap Disabled Destination IP 127 0 0 1 Port 162 Community trapcmty Authentication Trap Disabled SNMP Over ATM SNMP VCC Not Running ATM VCC Disable VC Name SNMPVC Traps Over ATM Disable General Information Contact Ericsson Name Support Location Silicon Valley EXECUTED 0 HL950 6 7 6 SNTP Used to control th...

Страница 122: ...RYONE Prefixes Parameters and Descriptions SET SHOW ADD DEL START STOP IP IP IP address to allow access from PORT IP Port to use for Telnet Default 23 FILTER BOOL Whether to restrict Telnet to specific source IP addresses 6 7 9 TFTP Used to control the TFTP Trivial File Transfer Protocol daemon Authority ADMIN Prefixes Parameters and Descriptions SET SHOW ADD DEL START STOP RESTRICT BOOL Restrict ...

Страница 123: ...INTERNAL EFREQ NUM What the External freq actually is required 6 8 3 CFGCLI Used to control the Configuration Client Authority ADMIN Prefixes Parameters and Descriptions SET SHOW START STOP MCS STR The URL of the MSED Configuration Server SUBID STR The subscriber ID required INTV NUM The time interval for communication with the Configuration Server and checking for new configuration 0 No check N O...

Страница 124: ...s and Descriptions SHOW No parameters required with this prefix 6 8 8 LOGGING Used to control the System logging daemon Authority ADMIN Prefixes Parameters and Descriptions SET SHOW ADD DEL START IP IP Specifies the IP address of the UDP redirector PORT NUM Specifies the port number of the UDP redirector FNAME STR Path Name for the File redirector DEST STR Specifies where to send logging reports V...

Страница 125: ...efixes Parameters and Descriptions SET SHOW PROMPT STR Any string you specify up to 31 characters all characters are valid but spaces are not Or specify one of the following special prompts path shows the current path sysname shows the system name ip shows the primary IP address WIDTH NUM Width of the terminal Default 80 TIMEOUT NUM Inactivity logoff in minutes 0 disabled RETRIES NUM Number of inv...

Страница 126: ...Service ports Authority USER Prefixes Parameters and Descriptions SET SHOW ADD DEL PORT NUM BLES port number CID NUM Connection ID FPORT NUM FXS port REPEAT NUM Times of repeat action CFG BOOL Show connection configuration 6 9 3 PORT FXS Used for controlling FxS ports Authority USER Prefixes Parameters and Descriptions SET SHOW ADD DEL PORT NUM FXS port number CTYPE NUM Type of the FXS circuit LPS...

Страница 127: ...27 159 EN LZT 108 5995 R3 June 2003 6 10 VGW Commands and Parameters 6 10 1 SERVICE Used for starting stopping the Voice Gateway VGW and related modules Authority USER Prefixes Parameters and Descriptions SHOW START STOP No parameters required with this prefixes ...

Страница 128: ...OM port on a standard PC The signals are according to the RS 232 standard Figure 44 DB9 Connector Pin Signal Comment 1 Not connected 2 TXD Transmit Data 3 RXD Receive Data 4 Not connected 5 GND Ground 6 Not connected 7 CTS Clear To Send 8 RTS Request To Send 9 Not connected Table 2 Pin and Signals for the Console Port 7 2 Ethernet Interfaces Two RJ45 female connectors are used for the Ethernet por...

Страница 129: ...ft connector and port 1 is the right connector Figure 46 Connectors indicators on the Dual SHDSL Interface module If 2 wire interface is required port 0 shall be used If 4 wire mode is required either a 4 wire cable in port 0 or two 2 wire cables one in port 0 and one in port 1 shall be used The RJ45 RJ11 connectors each have two built in LEDs The left LED Link is blinking during SHDSL training an...

Страница 130: ...or both 120 ohms balanced RJ 45 and 75 ohms unbalanced DIN 1 0 2 3 modes Figure 47 Connectors indicators on the E1 Interface module 7 4 1 Balanced E1 One RJ45 female connector is used as a common connector for both E1 and T1 in balanced mode The RJ45 connector has two built in LEDs The left LED Carrier lit when receive carrier is detected and the right LED Sync indicates when link synchronization ...

Страница 131: ...able 7 Pin and Signals for the E1 Transmit Connector Pin Dir Signal Comment Tip In RX Receive Positive Ring In RX Receive Negative GND optional Table 8 Pin and Signals for the E1 Receive Connector 7 5 Serial Interfaces This serial interface provides one single port V 35 V 36 X 21 n x 64 synchronous services It includes a 60 pin universal serial connector which through different cable adapters can ...

Страница 132: ...ted K Not Connected L Not Connected M Not Connected N Not Connected P In TxD 103 a Send Data A R Out RxD 104 a Receive Data A S In TxD 103 b Send Data B T Out RxD 104 b Receive Data B U In TT A 113 a Terminal Timing A V Out RT A 115 a Receive Timing A W In TT B 113 b Terminal Timing B X Out RT B 115 b Receive Timing B Y Out ST A 114 a Send Timing A Z Not Connected AA Out ST B 114 b Send Timing B B...

Страница 133: ...11 Out DM Data Mode A 12 In TR Terminal Ready A 13 Out RR Receiver Ready A 14 Not connected 15 Not connected 16 Not connected 17 In TT Terminal Timing A 18 Not connected 19 SG Signal Ground 20 RC Receive Common 21 Not connected 22 In SD Send Data B 23 Out ST Send Timing B 24 Out RD Receive Data B 25 In RS Request To Send B 26 Out RT Receive Timing B 27 Out CS Clear To Send B 28 Not connected 29 Ou...

Страница 134: ...X 21 interface Figure 51 DB15 Connector Pin Dir Signal Comment 1 Shield 2 In Transmit A 3 In Control A 4 Out Receive A 5 Out Indication A 6 Out Signal Timing A 7 Not connected 8 Ground 9 In Transmit B 10 In Control B 11 Out Receive B 12 Out Indication B 13 Out Signal Timing B 14 Not Connected 15 Not Connected Table 11 Pin and Signals for the DB15 X 21 Connector ...

Страница 135: ...r is intended for Life Line support In case of power loss all FxS connectors will be connected to this connector During normal operation this connector is not connected to anything inside the HL950 Figure 52 Connectors on the Telephony FxS Interface Module Pin Signal Comment 1 Not Connected 2 Not Connected 3 Tip 4 Ring 5 Not Connected 6 Not Connected Table 12 Pin and Signals for the FxS and Life L...

Страница 136: ...lt password to login Use the PASSWORD command to change the password to the desired setting 8 Save the new configuration using the SAVE command 9 Log OFF and power down the system Remote the chassis cover if necessary 10 Remove the jumper on block JP6 11 Reattach the chassis cover 12 Power ON the system and log on using the new password 8 2 Troubleshooting Upgrades If after upgrading jogware bootr...

Страница 137: ...invalidate the warranty Treat the product with care keep it in a clean and dust free place Use only a soft damp cloth to clean the product 9 2 Freeware Licenses 9 2 1 Java Runtime Environment JRE v1 4 1 This product includes code licensed from RSA Security Inc Some portions licensed from IBM are available at http oss software ibm com icu4j 9 2 2 OpenSSH This file is part of the OpenSSH software Th...

Страница 138: ...ANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITI...

Страница 139: ...of California since we pulled these parts from original Berkeley code The Regents of the University of California have declared that term 3 is no longer enforceable on their source code but we retain that license as is Copyright c 1983 1990 1992 1993 1995 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification a...

Страница 140: ...it See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org OpenSSL License Copyright c 1998 2002 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions a...

Страница 141: ...of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic sof...

Страница 142: ...or condition of this Agreement Upon any termination you must destroy all copies of the Software in any form 9 3 3 Limited Warranty Vendor warrants the media on which the Software is provided to be free of defects in materials and workmanship under normal use for ninety 90 days after the date of receipt The Vendor s and its suppliers entire liability and your exclusive remedy under this warranty wh...

Страница 143: ...use this Software Vendor and its supplier s entire liability under this Agreement shall be limited to the amount actually paid by Licensee for the Software 9 3 6 Governing Law The validity construction and performance of this Agreement shall be governed by the laws of Sweden 9 4 Regulatory Information 9 4 1 EU Directives The HL950 meets the following EU directives for the CE mark 73 23 EEC Low Vol...

Страница 144: ...m the wall outlet before servicing or disassembling this product 9 4 3 EMC Approval EN 300386 2000 EN 55022 1998 Class A EN 55024 1998 EN 61000 3 2 2000 EN 61000 3 3 1995 FCC Part 15 Class A 9 4 3 1 FCC Part 15 This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protecti...

Страница 145: ...ly your modem has a problem and must remain disconnected and officially serviced or returned for repairs If upon the above disconnection your regular phone still has problems notify your telco that they may have a problem If problem is still found in premises wiring not telco installed you are subject to a service charge If a fault is found in telco installed wiring you may still be subject to a s...

Страница 146: ...Multi Service Edge Device HL950 Administrator s Guide EN LZT 108 5995 R3 Page 146 159 June 2003 ...

Страница 147: ...r error detection support ABR Available Bit Rate A type of ATM service that provides a guaranteed minimum capacity but allows data to be bursted at higher capacities when the network is free AES Advanced Encryption Standard AES is a symmetric 128 bit block data encryption technique AES works at multiple network layers simultaneously AH Authentication Header A security protocol used for source auth...

Страница 148: ...g status sent repetitively and associated with that specific circuit CBID Circuit Bundle IDentifier CBR Constant Bit Rate An ATM service category that supports a constant or guaranteed rate to transport services such as video or voice as well as circuit emulation that requires rigorous timing control and performance parameters CDV Cell Delay Variation CDV is a component of cell transfer delay indu...

Страница 149: ...ors A number of file transfer protocols use CRC in addition to checksum See also Checksum CSU Channel Service Unit An interface for digital leased lines that performs loopback testing and line conditioning CTD Cell Transfer Delay This is defined as the elapsed time between a cell exit event at the measurement point 1 e g at the source UNI and the corresponding cell entry event at the measurement p...

Страница 150: ...sts Typically the DMZ contains devices accessible to Internet traffic such as Web HTTP servers FTP servers SMTP e mail servers and DNS servers DNS Domain Name System or Service DNS is an Internet service that translates domain names into IP addresses DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexor A DSLAM card converts multiple ADLS lines into ATM traffic For a service...

Страница 151: ...a single transform F Firewall Usually a combination of hardware and software that protects an organization s network from external attacks or intrusions Most firewalls make use of a proxy server that performs a validation and filtering function for the organization FR Full Rate also Frame Relay FTP File Transfer Protocol FTP is the protocol used on the Internet for sending files FxO Foreign eXchan...

Страница 152: ...transmission to the carrier It also demultiplexes the incoming stream into their respective channels IAL Integrated Access Line ICMP Internet Control Message Protocol ICMP is an extension to the Internet Protocol IP ICMP supports packets containing error control and informational messages The PING command for example uses ICMP to test an Internet connection ICMP Redirect Not necessarily a maliciou...

Страница 153: ...rection of a particular packet and reverses or swaps these two IP addresses This kind of attack can range from being a nuisance to being a tragic menace if it prevents the delivery of an important document or message Latency The amount of time it takes a packet to travel from source to destination Together latency and bandwidth define the speed and capacity of a network LIF Legacy Interface Module...

Страница 154: ...ern WAN protocols including TCP IP X 25 and Frame Relay are based on packet switching technologies PAT Port Address Translation PBX Private Branch Exchange A private telephone network used within an enterprise Users of the PBX share a certain number of outside lines for making telephone calls external to the PBX PDA Personal Digital Assistant PDU Protocol Data Unit The PDU is the unit of data in t...

Страница 155: ...uch a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them Moreover it is virtually impossible to deduce the private key if you know the public key PVC Permanent Virtual Circuit A virtual circuit that is permanently available The only difference between a PVC and a switched virtual circuit SVC is that an SVC must be reestab...

Страница 156: ...that allows a program on one computer to execute a program on a server computer Using RPC a system developer need not develop specific procedures for the server The client program sends a message to the server with appropriate arguments and the server returns a message containing the results of the program executed ...

Страница 157: ...prises SNMP Simple Network Management Protocol A set of protocols for managing complex networks SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters SNTP Simple Network Time Protocol A simplified version of NTP Network Time Protocol SPI Secu...

Страница 158: ... sent TDM Time Division Multiplexing TDMoIP TDM over IP TIF Telephony Interface Module Traffic shaping Is a process of minimizing the congestion of a stream of traffic at every connection physical or virtual The net effect is to optimize the overall result U UBR Unspecified Bit Rate A type of ATM service that does not guarantee any throughput levels This is used for applications such as file trans...

Страница 159: ...are rather than hardware which makes them extremely flexible VoIP Voice over IP An Internet telephony product VP Virtual Path A logical communication channel that is available across a physical cell relay interface and that can carry one or more virtual channels VPI Virtual Path Identifier An 8 bit value used to identify an ATM path The VPI is part of the header of an ATM cell The VPI is assigned ...

Отзывы:

Нет отзывов

Похожие инструкции для HL950

Galleon NTS-4000-R Installation And Configuration Manual preview
NTS-4000-R
Бренд: Galleon Страницы: 35
Patton electronics 29XX Series Administrator'S Reference Manual preview
29XX Series
Бренд: Patton electronics Страницы: 326
N-Tron ESERV-11T User Manual preview
ESERV-11T
Бренд: N-Tron Страницы: 55
IBM xSeries 235 User Manual preview
xSeries 235
Бренд: IBM Страницы: 66
360 Systems MAXX-1200-HD Operation Manual preview
MAXX-1200-HD
Бренд: 360 Systems Страницы: 148
Supero SuperServer 6123L-8R User Manual preview
SuperServer 6123L-8R
Бренд: Supero Страницы: 105
Icy Box IB-NAS902 User Manual preview
IB-NAS902
Бренд: Icy Box Страницы: 17
Acer Altos RM900 Installation Manual preview
Altos RM900
Бренд: Acer Страницы: 52
Acer AB2x280 F1 Service Manual preview
AB2x280 F1
Бренд: Acer Страницы: 94
Acer Altos R700 Series User Manual preview
Altos R700 Series
Бренд: Acer Страницы: 135
Acer AC100 Specifications preview
AC100
Бренд: Acer Страницы: 10
Acer Altos R710 Service Manual preview
Altos R710
Бренд: Acer Страницы: 148
Acer Altos G300 User Manual preview
Altos G300
Бренд: Acer Страницы: 108
Acer Altos 350 User Manual preview
Altos 350
Бренд: Acer Страницы: 118
Acer Altos S300 User Manual preview
Altos S300
Бренд: Acer Страницы: 78
Acer Altos G700 series User Manual preview
Altos G700 series
Бренд: Acer Страницы: 126
Acer Altos S700 Series User Manual preview
Altos S700 Series
Бренд: Acer Страницы: 124
Acer Altos 1200LP User Manual preview
Altos 1200LP
Бренд: Acer Страницы: 126

Бренды по названию

Популярные бренды

Загрузить еще бренды