manualshive.com logo in svg

Patton IPLink 2603 Series, Руководство пользователя

Поделиться
Скачать
Patton IPLink 2603 Series Скачать руководство пользователя страница 71

Configuring the security interfaces

71

Models 2603, 2621, & 2635 High Speed Routers User Guide 

5 • Security

The next step in configuring the router is adding the default gateway route.  Since the WAN IP address of the 
IPLink router modem at the CO site is 192.168.101.2, this will be the gateway for the IPLink router modem 
at the CPE site, the modem we are currently configuring.

1. Click on 

IP Routes

 under Configuration on the IPLink router modem’s Menu.

2. Click on 

Create a New IP Route

.

3. Enter 192.168.101.2 in the box adjacent to Gateway.

4. Leave Destination and Netmask both as 0.0.0.0 because this is the gateway default route.

5. Click on 

Create

 and the route will be entered.

6. The default gateway can be verified by clicking on

 IP Routes

 under Status in the menu.

Configuring the security interfaces

The interfaces and routes have been configured on the IPLink Router which will function as the firewall. The 
Ethernet side of the IPLink router will be configured to be an internal security interface whereas the WAN side 
is configured as an external security interface since it is on “public” side of the modem connection.

1. Click on 

Security

 under Configuration on the IPLink router modem’s menu.

2. Under Security Interfaces, click on 

Add Interface

.

3. Select Name of the WAN port (PPPoH) and Interface Type to be external. Click on 

Apply

.

Содержание IPLink 2603 Series

Страница 1: ...h Speed Routers User Guide Sales Office 1 301 975 1000 Technical Support 1 301 975 1007 E mail support patton com WWW www patton com Document Number 033261U Rev A Part Number 07M2603 Revised July 14 2003 Start Installation For Quick see page 27 ...

Страница 2: ... defects and will at our option repair or replace the product should it fail within one year from the first date of the shipment This warranty is limited to defects in workmanship or materials and does not cover customer damage abuse or unauthorized modification If the product fails to perform as warranted your sole recourse shall be repair or replacement as described above Under no condition shal...

Страница 3: ...eral Information 15 IPLink Series High Speed Routers overview 16 General attributes 16 Ethernet 17 Protocol support 17 PPP Support 17 WAN Interfaces 17 Protocol Support 17 Management 18 Security 18 Front Panel Status LEDs and Console Port 19 Console port 20 Rear panel connectors and switches 20 Power connector 20 AC universal power supply 20 48 VDC power supply 21 Ethernet port outlined in green 2...

Страница 4: ...eb Interface Configuration 43 CLI Configuration 43 T1 E1 Interface Configuration 44 Configuring the IPLink Series 2603 for T1 Operation 44 Web Configuration 44 CLI configuration 45 Configuring the IPLink Series 2603 for E1 Operation 46 Web Configuration 46 CLI configuration 47 WAN Service Configuration 47 PPP Configuration 48 PPPoH Configuration 48 PPPoH Bridged Remote Site Configuration 48 Centra...

Страница 5: ...tings 83 SNMP Daemon Settings window 84 Static Variables 84 Community Table 85 Save SNMP Configuration 85 Misc System Settings window 86 CPU Usage 86 Enabled Status of System Services 87 MAC Filtering of the Bridge Interface 87 8 Monitoring Status 89 Status LEDs 90 9 T1 E1 Diagnostics 91 Introduction 92 Ping 92 Traceroute 92 2603 IPLink s Line Loop 92 D4 Loop CO loop 93 Operating Remote Digital Lo...

Страница 6: ...ompliance Standard Requirements 106 Australia Specific 106 Dimensions 106 Power and Power Supply Specifications 106 AC universal power supply 106 48 VDC power supply 107 B Cable Recommendations 109 Ethernet Cable 110 Adapter 110 C Physical Connectors 111 RJ 45 shielded 10 100 Ethernet port 112 RJ 45 non shielded RS 232 console port EIA 561 112 Serial port 113 V 35 DB 25 Female Connector 113 X 21 D...

Страница 7: ...7 Models 2603 2621 2635 High Speed Routers User Guide Contents Changing user settings 119 Controlling login access 119 Controlling user access 119 ...

Страница 8: ...Contents Models 2603 2621 2635 High Speed Routers User Guide 8 ...

Страница 9: ...ted by ACTA On the bottom side of this equipment is a label that contains among other information a product identifier in the format US AAAEQ TXXXX If requested this number must be provided to the telephone company A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA This e...

Страница 10: ... met It does not imply that Industry Canada approved the equipment Service All warranty and non warranty repairs must be returned freight prepaid and insured to Patton Electronics All returns must have a Return Materials Authorization number on the outside of the shipping container This number may be obtained from Patton Electronics Technical Services at Tel 1 301 975 1007 Email support patton com...

Страница 11: ... and capabilities Chapter 2 contains an overview describing router operation Chapter 3 provides quick start installation procedures Chapter 4 describes configuring the IPLink router Chapter 5 describes configuring security for the router Chapter 6 describes configuring for network address translation NAT Chapter 7 describes configuring SNMP daemon settings Chapter 8 contains definitions for the LE...

Страница 12: ...port DTE Model 2635 V 35 DB 25 port DCE DTE when using special V 35 cable Model 2603 T T1 configuration RJ 48C 100 ohm interface Model 2603 K E1 configuration RJ 48C 120 ohm and dual BNC interface 75 ohm The shock hazard symbol and WARNING heading indicate a potential electric shock hazard Strictly follow the warning instructions to avoid injury caused by electric shock The alert symbol and WARNIN...

Страница 13: ...m would display them dir Bold Courier font indicates where the operator must type a response or command Table 2 Mouse conventions Convention Meaning Left mouse button This button refers to the primary or leftmost mouse button unless you have changed the default configuration Right mouse button This button refers the secondary or rightmost mouse button unless you have changed the default configurat...

Страница 14: ...About this guide Models 2603 2621 2635 High Speed Routers User Guide 14 ...

Страница 15: ...ol support 17 PPP Support 17 WAN Interfaces 17 Protocol Support 17 Management 18 Security 18 Front Panel Status LEDs and Console Port 19 Console port 20 Rear panel connectors and switches 20 Power connector 20 AC universal power supply 20 48 VDC power supply 20 Ethernet port outlined in green 21 MDI X 21 Line port outlined in yellow 21 ...

Страница 16: ... routers boast easy installa tion offering Console VT 100 Telnet and HTTP SNMP management options The following sections describes the IPLink series features and capabilities General attributes see section General attributes Ethernet see section Ethernet on page 17 Protocol support see section Protocol support on page 17 PPP support see section PPP Support on page 17 Management see section Managem...

Страница 17: ...with 8 individual address pools DNS relay with primary and secondary name server selection NAT RFC 3022 with network address port translation NAPT MultiNat with 1 1 Many 1 Many Many mapping Port IP redirection and mapping PPP Support Point to point protocol over HDLC PPPoE RFC 2516 Client for autonomous network connection Eliminates the requirement of installing client software on a local PC and a...

Страница 18: ...Fragmentation Management User selectable HDLC or Frame Relay WAN datalink connection Web Based configuration via embedded web server CLI menu for configuration management and diagnostics Local Remote CLI VT 100 or Telnet SNMPv1 RFC 1157 MIB II RFC 1213 Quick Start Setup runs through common options to simplify circuit turn up Logging via SYSLOG and VT 100 console Console port set at 9600 bps 8 N 1 ...

Страница 19: ...d Off indi cates that no power is applied T1 E1 Link Green Solid green connected Off disconnected LOS Red On indicates a T1 E1 loss of frame condition It also indicates that no T1 E1 signal is detected TD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition RD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition Sync Serial TD Green...

Страница 20: ...ers internal or external AC power supply options The internal power supply connects to an AC source via an IEC 320 connector 100 240 VAC 200 mA 50 60 Hz The external power supply connects to an external source providing 5 VDC via a barrel type connector Ethernet Link Green ON indicates an active 10 100 Base T connec tion 100M Green ON connected to a 100BaseT LAN Off connected to a 10BaseT LAN Tx G...

Страница 21: ... When in the default out position the Ethernet circuitry takes on a straight through MDI configuration and functions as a transceiver It will connect directly to a hub When in the in position the Ethernet circuitry is configured in cross over MDI X mode so that a straight through cable can connect The IPLink Series router s Ethernet port directly to a PC s NIC card Line port outlined in yellow The...

Страница 22: ...1 General Information Models 2603 2621 2635 High Speed Routers User Guide 22 IPLink Series High Speed Routers overview ...

Страница 23: ...23 Chapter 2 Product Overview Chapter contents Introduction 24 Applications Overview 25 ...

Страница 24: ... architecture is understood Also while configuring The IPLink Series router via a browser using the built in HTTP server is very intuitive an understanding of the architecture is essential when using the command line interface CLI commands The fundamental building blocks comprise a router or bridge interfaces and transports the router and bridge each have interfaces A transport provides the path b...

Страница 25: ...use with powerful data routing to make shared Internet connectivity simple and easy With NAT support the IPLink routers offer convenient and economical operation by using a single IP address while the integrated DHCP server automates IP address assignment for connected LAN computers Security is standard with built in firewall and violation alerting features that protect the network from would be i...

Страница 26: ...2 Product Overview Models 2603 2621 2635 High Speed Routers User Guide 26 Applications Overview ...

Страница 27: ...on the IPLink 2603 s T1 E1 interface port 29 Installing an interface cable on the IPLink 2621 s X 21 interface port 31 Installing an interface cable on the IPLink 2635 s V 35 interface port 33 Installing the AC power cord 34 Installing the Ethernet cable 36 IP address Quick Start modification 36 Web Operation and Configuration 37 PC Configuration 37 Web Browser 37 ...

Страница 28: ...rowser in preparation for configuring the modem see Web Operation and Configura tion on page 37 What you will need IPLink Series High Speed Router Ethernet cable with RJ45 plugs on each end included with router DB9 RJ45 adapter included with router RJ45 RJ45 straight through cable for connecting to control port included with router PC computer with HyperTerminal or equivalent VT 100 emulation prog...

Страница 29: ...1 WAN interface see figure 4 Located on the back of the IPLink the T1 and E1 interfaces are presented on an RJ 48C connector with selectable line impedances of 100 ohms for T1 and 120 ohms for E1 lines see figure 5 The 2603 K also comes with dual BNC for alternate connection to unbalanced 75 ohm E1 lines see figure 6 on page 30 Figure 4 Rear View of the 2603 T showing location of Ethernet and WAN ...

Страница 30: ... 2621 2635 High Speed Routers User Guide 30 Hardware installation Figure 6 Rear view of the 2603 K showing location of Ethernet and WAN connectors The interface cable has been installed go to section Installing the AC power cord on page 34 ...

Страница 31: ...ar view of the 2621 showing location of Ethernet and X 21 connectors When the local third party equipment is configured as DTE the Model 3086 X 21 serial port can be config ured as DCE and a regular straight through cable can then be used Do the following to configure the X 21 port as a DCE 1 Open the IPLink s case by inserting a screwdriver into the slots and twist the screwdriver head slightly T...

Страница 32: ...ory with the DTE label and arrows pointing towards the X 21 connector DTE configuration To change to DCE configuration lift the daughter board from the connector turn it around so that the DCE label an arrows point to the X 21 connector and place it back on the connector The X 21 port is now configured as a DCE Note When the X 21 port is configured as a DTE the clocking mode for the port must be s...

Страница 33: ...IPLink comes with a V 35 cable Use this cable to interconnect the IPLink s V 35 port to a device configured as a DCE Figure 11 Connecting the 2635 to a DCE device The serial port on the IPLink Model 2635 is configured as a DCE it connects directly to a DTE using a stan dard straight through V 35 cable However in many applications the IPLink s V 35 interface will connect to a DCE modem or multiplex...

Страница 34: ...uter Do the following Note Do not connect the other end of the power cord to the power outlet at this time 1 If your unit is equipped with an internal power supply go to step 2 Otherwise insert the barrel type con nector end of the AC power cord into the external power supply connector see figure 12 2 Insert the female end of the AC power cord into the internal power supply connector see figure 12...

Страница 35: ...outlet 5 Verify that the green Power LED is lit see figure 13 6 Unplug the AC power cord from the IPLink Series router to power down the unit Figure 13 IPLink front panel LEDs and Console port locations Model 2603 shown The IPLink router power supply automatically adjusts to accept an input voltage from 100 to 240 VAC 50 60 Hz Verify that the proper voltage is present before plugging the power cor...

Страница 36: ...mands parameters may be seen by entering the command followed by a space and a question mark ethernet The following parameters appear add delete set show list clear IP address Quick Start modification The first parameter to change is the IP address from the default IP address of 192 168 200 10 to your selected IP address Do the following comments are in brackets ip list interfaces enter lists the ...

Страница 37: ...router the PC s IP address should be on the same subnet as the router Connect a straight through Ethernet cable between the PC s NIC or PCMCIA Ethernet card and an Ethernet hub or switch Web Browser Do the following 1 Launch a standard web browser such as Netscape Communicator or Internet Explorer IE 2 Enter the IPLink router s IP address into the URL or Address field of the browser The IPLink Ser...

Страница 38: ... Start Installation Models 2603 2621 2635 High Speed Routers User Guide 38 Hardware installation Figure 15 Models 2621 or 2635 home page The IPLink Series router menu structure is shown in figure 16 on page 39 ...

Страница 39: ...Hardware installation 39 Models 2603 2621 2635 High Speed Routers User Guide 3 Quick Start Installation Figure 16 IPLink Series router menu structure ...

Страница 40: ...3 Quick Start Installation Models 2603 2621 2635 High Speed Routers User Guide 40 Hardware installation ...

Страница 41: ...I configuration 47 WAN Service Configuration 47 PPP Configuration 48 PPPoH Configuration 48 PPPoH Bridged Remote Site Configuration 48 Central Site Configuration 49 PPPoh Routed 50 Remote site configuration 50 Central Site Configuration 52 Frame Relay Configuration 53 Frame Relay bridged 53 Remote Site Configuration 54 Central site configuration 56 Frame Relay Routed 59 Remote Site Configuration 5...

Страница 42: ...e serial interface will determine the source of timing for the serial interface only External rxClkInv txClkInv Inverted The clock invert functions could be used to invert the clocks that are used on the serial interface It is not recommended to set this parameter unless requested by Patton Electronics technical support Normal Speed Any n x 64 kbps speed Speed should be enter ed as the rate i e 51...

Страница 43: ...ailable to help configure the system The commands with their responses are shown below Serial Show Shows the current configuration on the serial interface serial show Clock Source internal Intf Speed 512 Tx Sample Point txclk Tx Clk Inv normal Rx Clk Inv normal Serial Help Describes each of the serial commands that are available serial help Serial Interface Help Screen serial show Show the current...

Страница 44: ...al Clock or the Transmit clock to sample data options txClk use Transmit Clock extClk use External Clock After the serial port has been configured go to section WAN Service Configuration on page 47 for router bridge and WAN service configuration T1 E1 Interface Configuration The IPLink Series Model 2603 is equipped with a user selectable T1 E1 interface The T1 interface is pre sented via an RJ 48C...

Страница 45: ...oncludes the T1 interface configuration via the web browser go to section WAN Service Configura tion on page 47 for instructions on router bridge and WAN service configuration CLI configuration Using terminal or Telnet software log into the Model 2603 enter username superuser and password superuser You can display all E1 T1 configurable options by typing e1t1 and pressing Enter Time Slot Select Fo...

Страница 46: ... return and invalid selection message Line Options Choose from Clear Channel E1 Fractional E1 Multi Frame CAS E1 Multi Frame CAS E1 with CRC Consult with your service provider which option is required Line Code Choose from AMI or HDB3 Most E1 applications use HDB3 Line Build Out Select 120 Ohms if the E1 connection is made via the RJ 48C connector select 75 Ohm if the E1 connection is made via the...

Страница 47: ...3 At the prompt type e1t1 set codeSel hdb3 then press Enter Line Build Out Select 120 Ohms if the E1 connection is made via the RJ 48C connector select 75 Ohm if the E1 connection is made via the Dual BNC connectors For 120 ohm connections type e1t1 set buildOut 120_Ohm_E1 then press Enter FDL Mode option FDL is aT1 feature therefore for E1 applications select FDL none At the prompt type e1t1 set ...

Страница 48: ...router at the Central side review the router s configuration for connection to a remote bridge IPlink series Remote From the command line interface CLI via the RS 232 control port ip list interfaces One IP interface is called ip1 with an IP address of 192 168 1 1 Let s change the IP address so it is in the same subnet as both PCs For example to 192 168 100 2 ip set interface ip1 ipaddress 192 168 ...

Страница 49: ...terface CLI via the RS 232 control port ip list interfaces One IP interface is called ip1 with an IP address of 192 168 1 1 Change the IP address so it is in the same subnet as both PCs For example to 192 168 100 3 ip set interface ip1 ipaddress 192 168 100 3 255 255 255 0 1 Now you can bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu g...

Страница 50: ...rface was called ip1 with an IP address of 192 168 1 1 Change it to an IP address which is in the same subnet as the Desktop PC For example to192 168 200 2 The default IP mask is 255 255 255 0 ip set interface ip1 ipaddress 192 168 200 2 255 255 255 0 1 Now you can bring up the web page management system on your browser by entering the IP address of the IPLink 2 Click on Action 3 Select deactivate...

Страница 51: ...word blank 1 Click on Configure 2 Go to Configuration Menu Configuration WAN connections Edit for PPPoH Routed service Edit IP Interface Ipaddr enter the WAN IP Address in this example 192 168 164 2 3 Click on Change 4 Configuration Menu Configuration IP Routes Create new Ip V4 Route Create the gateway to the remote router by entering the WAN IP address of the remote router in this example enter 1...

Страница 52: ...the RS 232 control port ip list interfaces ip clear routes pppoh clear transports ethernet add transport eth1 ethernet One IP interface was called ip1 with an IP address of 192 168 1 1 Change the IP address so it is in the same subnet as the laptop PC The laptop s IP address is 192 168 172 229 so in this example change the IP address of the IPLink to 192 168 172 3 The default IP mask is 255 255 25...

Страница 53: ...e 192 168 164 3 Click on Change 6 Go to Configuration Menu Configuration IP Routes Click on Create new Ip V4 Route 7 Create the gateway to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 2 in the Gateway field 8 Click OK The other fields should be Destination 0 0 0 0 Gateway 192 168 164 2 already changed in the first part of step 5 Mask 0 0 0...

Страница 54: ...n IP address which is in the same subnet as the Desktop PC For example to192 168 200 2 The default IP mask is 255 255 255 0 ip set interface ip1 ipaddress 192 168 200 2 255 255 255 0 1 Now you can bring up the web page management system on your browser by entering the IP address of the IPLink 2 Click on Action 3 Select deactivate for Action 4 Click on the Action button 5 On the Menu go to Configur...

Страница 55: ...h In this example it is called Frame Relay bridged 8 DLCI number Consult with your service provider for the DLCI number required 9 Encapsulation Method Defines the FRC1490 encapsulation type that will be used by the channel Choose the encapsulation method best suited for your network needs from the following options Bridged Ethernet Bridged Ethernet with CRC Raw 10 Go to Configuration Menu Configu...

Страница 56: ...ill be disabled if set to any other value it will set the fragmentation size used Port Defines the port that should be used to setup the Frame Relay Connection For routed applications the port should be set to frf for bridged applications the port should be set to fr Central site configuration Note If you are using a IPLink at the Central location follow the instruc tions below otherwise refer to ...

Страница 57: ...suited for your network needs from the following options Bridged Ethernet Bridged Ethernet with CRC Raw WAN IP address Enter the IP address assigned to the WAN port V 35 X 21 or T1 E1 Enable NAT on this interface In this example leave this option blank 4 Hit the Apply button 5 Go to Configuration Menu Configuration WAN connections Edit for Frame Relay Routed service Edit Frame Relay Channel Ipaddr...

Страница 58: ... 192 168 164 3 8 Click on Change 9 Go to Configuration Menu Configuration IP Routes Click on Create new Ip V4 Route Create the gate way to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 2 in the Gateway field 10 Click on OK The other fields should be Destination 0 0 0 0 Gateway 192 168 164 2 Mask 0 0 0 0 Cost 1 Interface blank Click the Ok b...

Страница 59: ... port ip list interfaces One IP interface was called ip1 with an IP address of 192 168 1 1 Change it to an IP address which is in the same subnet as the desktop PC For example to 192 168 100 2 The default IP mask is 255 255 255 0 ip set interface ip1 ipaddress 192 168 100 2 255 255 255 0 1 Now you can bring up the web page management system on your browser by entering the IP address of the IPLink ...

Страница 60: ...r for the DLCI number required Encapsulation Method Defines the FRC1490 encapsulation type that will be used by the channel Choose the encapsulation method best suited for your network needs from the following options Bridged Ethernet Bridged Ethernet with CRC Raw WAN IP address Enter the IP address assigned to the WAN port V 35 X 21 or T1 E1 Enable NAT on this interface In this example leave this...

Страница 61: ...mple enter 8192 Txmaxpdu Enter the number of transmit side max PDU in this example enter 8192 Channel segment size The channel segment size is used to define fragmentation of the packets based on the Frame Relay Forum IA FRF 12 If this variable is set to 0 then FRF 12 Frame Relay Fragmentation will be disabled if set to any other value it will set the fragmentation size used Port Defines the port ...

Страница 62: ... on Configuration Menu Configuration IP Routes Click on Create new Ip V4 Route 4 Create the gateway to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 3 in the Gateway field 5 Click OK The other fields should be Destination 0 0 0 0 Gateway 192 168 164 3 Mask 0 0 0 0 ...

Страница 63: ...ame subnet as the laptop PC The laptop s IP address is 192 168 172 229 so in this example change the IP address of the IPLink to 192 168 172 3 The default IP mask is 255 255 255 0 ip set interface ip1 ipaddress 192 168 172 3 255 255 255 0 6 Now you can bring up the web page management system on your browser by entering the IP address of the IPlink 7 On the Menu go to Configuration then to WAN Conn...

Страница 64: ...te the gateway to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 2 in the Gateway field 15 Click OK The other fields should be Destination 0 0 0 0 Gateway 192 168 164 2 already configured in first part of step 5 Mask 0 0 0 0 Cost 1 Interface blank LMI Configuration Frame Relay Local Management Interface The Frame Relay Local Management Inter...

Страница 65: ...e connection 617D_Both The ANSI T1 617 protocol will be used The unit will operate as both the Network and User side of the connection MgtState Defines the current state of the DTE side LMI Possible options are as follows Mgt_Port_DOWN Currently the LMI on the DTE side is DOWN Mgt_Port_UP Currently the LMI on the DTE side is UP mgtAutoStart Default Value FALSE The management Auto Start variable al...

Страница 66: ...State Mgt_Port_DOWN Full Report Cycle 6 User Max Errors 3 Net Max Errors 3 User Error Window Size 4 Net Error Window Size 4 T391_Value 10 T392_Value 16 Mgt Auto Start false set configuration variable command lmi set variable value variable Any variable from the above list value Value as defined by the variable lmi set managementType 933A_Network Web Configuration Methods The following documentatio...

Страница 67: ...gh Speed Routers User Guide 4 Configuring the IPLink Router All LMI configuration variables are contained under the LMI Management window found through the Con figuration LMI Management link The following screen shows the configuration variables available ...

Страница 68: ...4 Configuring the IPLink Router Models 2603 2621 2635 High Speed Routers User Guide 68 WAN Service Configuration ...

Страница 69: ...ter contents Introduction 70 Configuring the router 70 Configuring the security interfaces 71 Deleting a Firewall Policy 72 Enabling the Firewall 73 Firewall Portfilters 73 Security Triggers 74 Intrusion Detection System IDS 76 ...

Страница 70: ... by using security triggers Triggers tell the security mechanism to expect these second ary sessions and how to handle them Rather than allowing a range of port numbers triggers handle the situa tion dynamically opening the secondary sessions only when appropriate The triggers work without needing to understand the application protocol or reading the payload of the packet although this does happen...

Страница 71: ...sk both as 0 0 0 0 because this is the gateway default route 5 Click on Create and the route will be entered 6 The default gateway can be verified by clicking on IP Routes under Status in the menu Configuring the security interfaces The interfaces and routes have been configured on the IPLink Router which will function as the firewall The Ethernet side of the IPLink router will be configured to be...

Страница 72: ...ed etoi is added between the external and internal interfaces 1 Under Policies Triggers and Intrusion Devices on the Security page click on Firewall Policy Configuration 2 In the Current Firewall Policies page click on New Policy 3 Select the parameters so the policy applies between interface of types external internal Also Validators will block traffic This blocks all hosts 4 Click on Apply Delet...

Страница 73: ... State The network is now secure All the interfaces which have been defined are protected and all traffic is blocked between different the different interface types That is all traffic is blocked between the external and internal interfaces The next section describes how to configure the Firewall for allowing certain types of data transfer to occur between the PC s on different networks Firewall P...

Страница 74: ...ty Triggers Security triggers are used to allow an application to open a secondary port in order to transport data The most common example is FTP This procedure is to set up a trigger on the Firewall to have an FTP session from PC A to PC B but not the reverse 1 First create an outbound only portfilter for FTP and add it to the item0 policy 2 Following the path given in step 1 for the ping portfil...

Страница 75: ...l add a trigger which will open a secondary channel only when data is being passed This prevents the need to open too many ports which offer a security risk 1 From the Configuration Menu Configuration Security Firewall Trigger Configuration New Trig ger 2 Set the parameters as follows Transport Type tcp Port Number Start 21 Port Number End 21 Allow Multiple Hosts Block Max Activity Interval 3000 E...

Страница 76: ...bled Enables Victim Protection Victim Protection protects the victim from an attempted spoofing attack Web spoofing allows an attacker to create a shadow copy of the world wide web WWW All access to the shadow Web goes through the attacker s machine so the attacker can monitor all of the victim s activities and send false data to or from the victim s machine When enabled packets destined for the v...

Страница 77: ...unreachable addresses and keeps resending them This creates a backlog queue of unacknowledged SYN ACK packets Once the queue is full the system will ignore all incoming SYN request and no legitimate TCP connections can be established Once the maximum number of unfinished TCP handshaking sessions is reached an attempted DOS attack is detected The firewall blocks the suspected attacker for the time ...

Страница 78: ...5 Security Models 2603 2621 2635 High Speed Routers User Guide 78 Intrusion Detection System IDS ...

Страница 79: ...79 Chapter 6 NAT Network Address Translation Chapter contents Introduction 80 Enabling NAT 80 Global address pool and reserved map 81 ...

Страница 80: ...an also be used so that different inside hosts can share a global address by mapping different ports to different hosts For example Host A is an FTP server and Host B is a web server By mapping the FTP port to Host A and the HTTP port to Host B both insides hosts can share the same global address Setting the protocol number to 255 0xFF means that the mapping will apply to all protocols Setting the...

Страница 81: ...Pool The global IP addresses need to be created and put into the Global Address Pool 3 Set the parameters to the following values Interface Type internal Use Subnet Configuration Use IP Address Range IP Address 100 100 100 101 Subnet Mask IP Address 2 100 100 100 102 Click on Add Global Address Pool 4 Next create a reserved mapping between a global IP address from the global pool and an internal P...

Страница 82: ...r Guide 82 Introduction 6 Set the parameters to the following values Global IP Address 100 100 100 101 Internal IP address 10 1 1 2 Transport Type all Port Number 65535 This port number means all port numbers for TCP or UDP protocols will be mapped 7 Click on Add Reserved Mapping ...

Страница 83: ...Chapter contents SNMP Daemon Settings window 84 Static Variables 84 Community Table 85 Save SNMP Configuration 85 Misc System Settings window 86 CPU Usage 86 Enabled Status of System Services 87 MAC Filtering of the Bridge Interface 87 ...

Страница 84: ...ny changes made in the file will be reflected on the Daemon Settings pages Static Variables These static variables can be retrieved with an SNMP request and provide details about this specific unit These variables are modified as a group Variable Definition System Description Description of this unit System Object ID The root object ID of the system System Location Physical location of unit System...

Страница 85: ...snmpd cnf The system configuration must still be saved for the changes to persist after reset Note The changes made to these settings will take effect immediately how ever they will not be persistent after a reboot unless saved Variable Definition Index This is a unique ID field given by our system used when editing from the CLI Password The community string needed to access the box Management IP ...

Страница 86: ...this threshold is exceeded a flag reporting this is set The overflow flag can be checked with a self clearing SNMP variable cpuUsageOverThresholdPP 1 3 6 1 4 1 1768 1 5 and cpuUsageOverThresholdNP 1 3 6 1 4 1 1768 1 6 Note Settings will take effect immediately System must be saved to persist over reboot Variable Definition Current PP CPU Usage The current usage of the PP Processor PP Error Thresho...

Страница 87: ...affic from an unknown MAC address is only permitted to access the IP of the unit itself This allows a PC joining the network to communicate with the DHCP server in the unit in order to obtain an IP address Once the PC has received a lease from the DHCP server the MAC address is granted permission to cross the bridge allow ing the user extra control of the traffic through the unit Note Administrati...

Страница 88: ... the Bridge Interface To modify these values type the following from the CLI Command Desciption bridge set dhcpFilteredPort This value is provided for future expandability it is not recommended that the user modify this bridge set dhcpMACFiltering Possible values for this are disable and enable ...

Страница 89: ...89 Chapter 8 Monitoring Status Chapter contents Status LEDs 90 ...

Страница 90: ... condition RD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition Sync Serial TD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition RD Green Green indicates a binary 0 condition off indicates a binary 1 or idle condition CTS Green ON indicates the CTS signal from the router is active binary 1 off indicates CTS is binary 0 DTR Gre...

Страница 91: ...ceroute 92 2603 IPLink s Line Loop 92 D4 Loop CO loop 93 Operating Remote Digital Loopback RDL 94 BIT Error Rate V 52 Diagnostics 95 T1 E1 connection Status 95 Alarms 96 Transceiver Status 96 FDL statistics T1 only 96 E1 T1 DS0 Monitor 96 Software Upgrades 96 Configuration 97 ...

Страница 92: ... is a diagnostic utility that allow users to trace the route that packets traversing across a network con nection between two hosts To use a traceroute use the following command ip traceroute usage traceroute n v m max_ttl q nqueries w waittime ipaddr or hostname n print addresses numerically rather than symbolically v verbose output m max ttl q queries set number of probes per ttl w wait time hos...

Страница 93: ... follows 1 Go to the IPLink Main page select E1 T1 Next click on Test Modes select network Loop using the drop down menu click on the Configure and Activate button 2 Perform a BER bit error rate test This test can be initiated from the far end using a BER tester to verify the condition of the T1 E1 line D4 Loop CO loop The IPLink 2603 responds to D4 or CO Central Office loop The CO is a T1 network...

Страница 94: ...e returned to the originating device i e data sent by the local 2603 will be returned by the far end device Figure 19 Remote Digital Loop To perform an RDL test follow these steps 1 Go to the IPLink Main page select the E1 T1 option Next click on Test Modes select Remote Loop using the drop down menu and click on the Configure and Activate button to start the test 2 Perform a bit error test BERT S...

Страница 95: ...ink 2603 can also initiate a built in QRSS pattern with errors This test pattern generator injects intentional errors approximately once per second in the transmitted stream To perform a V 52 BER test follow these steps 1 From the Main page T1 E1 option select the QRSS option and then click on the Configure and Activate button This will start the internal test pattern generator for data sent and l...

Страница 96: ...clude Current and historical near end line statistics E1 T1 DS0 Monitor The DS0 monitor page allows monitoring of a particular timeslot in the E1 T1 stream To enable this feature click on the DSO Monitor link under the E1 T1 menu and select the desired receive and transmit timeslot Software Upgrades Software upgrades are required in two scenarios First for new features Second for standard software...

Страница 97: ... to the TFTP server Configuration The Patton products are configured as a TFTP server with the default IP address 192 168 200 10 Procedure 1 Go to Upgrade patton com and download the software upload package The package contains the follow ing files Tftplock key Tftpupdt beg Image Npimage Key Initbun Im conf Tftpupdt rbt Tftpupdt end Script bat 2 Connect the control console port of the unit to a PC...

Страница 98: ...9 T1 E1 Diagnostics Models 2603 2621 2635 High Speed Routers User Guide 98 Software Upgrades ...

Страница 99: ...ontents Introduction 100 Contact information 100 Warranty Service and Returned Merchandise Authorizations RMAs 100 Warranty coverage 100 Out of warranty service 100 Returns for credit 100 Return for credit policy 101 RMA numbers 101 Shipping instructions 101 ...

Страница 100: ...ore ship ment All of our products are backed by a comprehensive warranty program Note If you purchased your equipment from a Patton Electronics reseller ask your reseller how you should proceed with warranty service It is often more convenient for you to work with your local reseller to obtain a replacement Patton services our products no matter how you acquired them Warranty coverage Our products...

Страница 101: ...Completing a request on the RMA Request page in the Support section at www patton com By calling 1 301 975 1000 and speaking to a Technical Support Engineer By sending an e mail to returns patton com All returned units must have the RMA number clearly visible on the outside of the shipping container Please use the original packing material that the device came in or pack the unit securely to avoid...

Страница 102: ...10 Contacting Patton for assistance Models 2603 2621 2635 High Speed Routers User Guide 102 Warranty Service and Returned Merchandise Authorizations RMAs ...

Страница 103: ...104 Sync Serial Interface 104 T1 E1 Interface 104 Protocol Support 105 PPP Support 105 Management 105 Security 106 Compliance Standard Requirements 106 Australia Specific 106 Dimensions 106 Power and Power Supply Specifications 106 AC universal power supply 106 48 VDC power supply 106 ...

Страница 104: ...ont panel LEDs indicate Power WAN Ethernet LAN speed and status Field Factory Default Option Standard 1 year warranty Ethernet Auto sensing Full Duplex 10Base T 100Base TX Ethernet Standard RJ 45 and built in MDI X cross over switch IEEE 8021 d transparent learning bridge up to 1 024 addresses and Spanning Tree 8 IP address subnets on Ethernet interface Sync Serial Interface ITU T X 21 or V 35 int...

Страница 105: ... with 1 1 mapping NAT Many 1 NAT Many Many mapping NAT Port IP redirection and mapping uPNP controlled device for seamless networked device interconnectivity and Windows XP integration IGMPv2 Proxy support RFC 2236 Frame Relay with Annex A D LMI RFC 1490 MpoFR and FRF 12 Fragmentation PPP Support Point to Point Protocol over HDLC PPPoE RFC 2516 Client for autonomous network connection Eliminates t...

Страница 106: ...ystem SNMP HTTP TELNET Logging or SMTP on events POST POST errors PPP DHCP IP Compliance Standard Requirements FCC part 15 Class A US EMC CE per RTTE 99 5 EC EMC LVD FCC Part 68 US Permission to connect CTR 12 and CTR 13 IC CS03 Canadian Permission to connect Safety EN60950 Australia Specific TS016 E1 Telecom AZ NZS 3260 Safety AZ NZS 35 48 EMC Dimensions 1 58H x 4 16W x 3 75D in 10 6H x 4 1W x 8 ...

Страница 107: ...A Specifications 48 VDC power supply Rated voltage and current 36 60 VDC 400 mA The DC power supply connects to a DC source via a terminal block Connect the equipment to a 36 60 VDC source that is electri cally isolated from the AC source The 36 60 VDC source is to be reliably connected to earth ...

Страница 108: ...A Specifications Models 2603 2621 2635 High Speed Routers User Guide 108 Power and Power Supply Specifications ...

Страница 109: ...109 Appendix B Cable Recommendations Chapter contents Ethernet Cable 110 Adapter 110 ...

Страница 110: ...gh Speed Routers User Guide 110 Ethernet Cable Ethernet Cable Ethernet cable P N 10 2500 refer to RJ 45 shielded 10 100 Ethernet port on page 112 Adapter EIA 561 to DB 9 P N 16F 561 refer to RJ 45 non shielded RS 232 console port EIA 561 on page 112 ...

Страница 111: ...cal Connectors Chapter contents RJ 45 shielded 10 100 Ethernet port 112 RJ 45 non shielded RS 232 console port EIA 561 112 Serial port 113 V 35 DB 25 Female Connector 113 X 21 DB 15 Connector 113 E1 T1 RJ 48C Connector 114 ...

Страница 112: ...ded 10 100 Ethernet port Assuming the MDI X switch is in the out position RJ 45 non shielded RS 232 console port EIA 561 Pin No Signal Direction Signal Name 1 Output TX 2 Output TX 3 Input RX 4 5 6 Input RX 7 8 Pin No Signal Direction Signal Name 1 Out DSR 2 Out CD 3 In DTR 4 Signal Ground 5 Out RD 6 In TD 7 Out CTS 8 In RTS ...

Страница 113: ...DCE Source 9 RC Receiver Clock B DCE Source 10 CD Carrier Detect B DCE Source 11 XTC External Transmitter Clock B DTE Source 12 TC Transmitter Clock B DTE Source 13 CTS Clear to Send B DCE Source 14 TD Transmit Data A DTE Source 15 TC Transmitter Clock B DCE Source 16 RD Receive Data A DCE Source 17 RC Receiver Clock A DCE Source 18 LL Local LIne Loop 19 RTS Request to Send B DTE Source 20 DTR Dat...

Страница 114: ...C Physical Connectors Models 2603 2621 2635 High Speed Routers User Guide 114 Serial port E1 T1 RJ 48C Connector ...

Страница 115: ...s Introduction 116 CLI Terminology 116 Local VT 100 emulation 116 Remote Telnet 116 Using the Console 116 Administering user accounts 118 Adding new users 118 Setting user passwords 118 Changing user settings 119 Controlling login access 119 Controlling user access 119 ...

Страница 116: ... via an interface Object an object is anything that you can create and manipulate as a single entity for example interfaces transports static routes and NAT rules List Objects are numbered entries in a list For example if you have created more than one ethernet trans port the following command ethernet list transports produces a list of numbered transport objects ID Name Port 1 eth2 ethernet 2 eth...

Страница 117: ...lowed by a space and To continue our example Æ ethernet list ports transports Æ ethernet list Then Æ ethernet list transports Æ ethernet list transports enter Ethernet transports ID Name Port 1 eth1 ethernet Æ Another example shows when the user must provide a parameter Æ ip list clear add delete set attach attachbridge detach show interface ping Æ ip interface name The name of the interface In th...

Страница 118: ...r username Comment system add login user username Comment The first command creates a user who can access the system via a dialin connection using PPP for example The second command creates a user who can login to the system For example the commands system add user fred user with dialin access system add login joe user with login access creates two new users called fred and joe The accounts are cr...

Страница 119: ... Changing user settings To change any of the default settings for a user use the following commands For example to change the set tings for user fred system set user fred access default engineer superuser system set user fred maydialin enabled disabled system set user fred mayconfigure enabled disabled For example to change the security level for fred enter system set user fred access engineer Not...

Страница 120: ...D Command Line Interface CLI Operation Models 2603 2621 2635 High Speed Routers User Guide 120 Administering user accounts ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды