Allied Telesis AR400 User Manual
AR400 SERIES
User Guide
Software Release 2.7.1
AR410
AR440S
AR441S
AR450S
AR400 Series Router User Guide for Software Release 2.7.1
Document Number C613-02021-00 REV F.
Copyright © 2004 Allied Telesyn International Corp.
19800 North Creek Parkway, Suite 200, Bothell, WA 98011, USA.
All rights reserved. No part of this publication may be reproduced without prior written
permission from Allied Telesyn.
Allied Telesyn International Corp. reserves the right to make changes in specifications
and other information contained in this document without prior written notice. The
information provided herein is subject to change without notice. In no event shall Allied
Telesyn be liable for any incidental, special, indirect, or consequential damages
whatsoever, including but not limited to lost profits, arising out of or related to this
manual or the information contained herein, even if Allied Telesyn has been advised of,
known, or should have known, the possibility of such damages.
All trademarks are the property of their respective owner.
Contents
CHAPTER 1 Introduction
Why Read this User Guide? ............................................................................... 7
Where To Find More Information ...................................................................... 8
The Documentation Set .............................................................................. 8
Technical support .............................................................................................. 9
Features of the Router ...................................................................................... 9
Management Features .............................................................................. 10
Layer 3 and Other Features ....................................................................... 10
Special Feature Licences ........................................................................... 12
Warning about FLASH memory ....................................................................... 12
CHAPTER 2
CHAPTER 3
Getting Started with the Command Line Interface (CLI)
This Chapter ................................................................................................... 13
Connecting a Terminal or PC ........................................................................... 14
Terminal Communication Parameters .............................................................. 14
Logging In ...................................................................................................... 15
Assigning an IP Address .................................................................................. 15
Setting Routes ................................................................................................ 17
Changing a Password ..................................................................................... 17
Choosing a Password ...................................................................................... 18
Using the Commands ..................................................................................... 18
Aliases ...................................................................................................... 19
Getting Command Line Help .......................................................................... 19
Enabling Special Feature Licences .................................................................... 20
Setting System Parameters .............................................................................. 20
Getting Started with the Graphical User Interface (GUI)
This Chapter ................................................................................................... 23
What is the GUI? ............................................................................................ 24
Accessing the Router via the GUI .................................................................... 24
Browser and PC Setup .............................................................................. 24
Establishing a Connection to the Router ................................................... 26
Secure Access ........................................................................................... 31
System Status and System Hardware Details ............................................. 33
Using the GUI: Navigation and Features .......................................................... 34
The Quick Start Menu (some models only) ................................................ 34
The Configuration Menu .......................................................................... 34
Using Configuration Pages ....................................................................... 35
The Management Menu ........................................................................... 38
The Monitoring Menu .............................................................................. 38
The Diagnostics Menu .............................................................................. 39
Changing the Password ............................................................................ 39
Context Sensitive GUI Help ....................................................................... 39
Saving Configuration Entered with the GUI .............................................. 40
Combining GUI and CLI Configuration ..................................................... 40
Configuring Multiple Devices .................................................................... 40
Upgrading the GUI ......................................................................................... 41
Troubleshooting .............................................................................................. 42
Deleting Temporary Files ........................................................................... 43
Accessing the Router via the GUI .............................................................. 43
Traffic Flow and Network Address Translation (NAT) .................................. 44
Firewall .................................................................................................... 45
IP Addresses and DHCP ............................................................................ 47
Traffic Logging and Firewall Alert Messages .............................................. 48
Time and NTP ........................................................................................... 48
Loading Software ..................................................................................... 49
CHAPTER 4
Operating the router
This Chapter ................................................................................................... 51
User Accounts and Privileges ........................................................................... 51
Normal Mode and Security Mode ................................................................... 53
Remote Management ..................................................................................... 56
Storing Files in FLASH Memory ........................................................................ 56
Using Scripts ................................................................................................... 57
Saving the Router’s Configuration ............................................................ 58
Storing Multiple Scripts ............................................................................ 59
Loading and Uploading Files ........................................................................... 59
File Naming Conventions .......................................................................... 59
Loading Files ............................................................................................ 60
Setting LOADER Defaults .......................................................................... 61
Example: Load a Patch File Using HTTP ..................................................... 61
Uploading Files From the Router ............................................................... 62
Example: Upload a Configuration File Using TFTP ...................................... 62
More information ..................................................................................... 63
Upgrading Router Software ............................................................................ 63
Example: Upgrade to a New Software Release Using TFTP ......................... 64
Example: Upgrade to a new patch file ...................................................... 66
Using the Built-in Editor .................................................................................. 67
SNMP and MIBs .............................................................................................. 68
For More About Operations and Facilities ........................................................ 68
CHAPTER 5
Physical and Layer 2 Interfaces
This Chapter ................................................................................................... 71
Interfaces ........................................................................................................ 73
Naming Interfaces ........................................................................................... 73
Ethernet Ports ................................................................................................. 74
Asynchronous Port .......................................................................................... 75
Asynchronous Call Control (ACC) ............................................................. 76
ADSL and ATM (models with ADSL port) ......................................................... 76
Synchronous Ports (models with PIC bay) ........................................................ 77
Switch Ports .................................................................................................... 77
Port Speed and Duplex Mode ................................................................... 77
Limiting Switch Traffic (AR410 and AR410S only) ...................................... 78
Packet Storm Protection (AR440S, AR441S, AR450S only) ........................ 79
Virtual LANs .................................................................................................... 80
Point to Point Protocol (PPP) ............................................................................ 81
Dynamic PPP Interfaces and PPP Templates ............................................... 81
PPPoE ....................................................................................................... 82
Frame Relay (models with PIC bay) .................................................................. 82
Integrated Services Digital Network (ISDN) (models with PIC bay) .................... 85
BRI Versus PRI ........................................................................................... 85
Configuring the Basic Rate Interface ......................................................... 85
Configuring the Primary Rate Interface ..................................................... 85
Default Setup ........................................................................................... 86
Testing the BRI or PRI PIC .......................................................................... 86
Configuring ISDN (models with PIC bay) ......................................................... 87
Ordering ISDN in the USA and Canada ..................................................... 87
Configuring Basic Rate ISDN ..................................................................... 87
Configuring Primary Rate ISDN ................................................................. 90
Configuring ISDN Dial on Demand ........................................................... 92
Configuring ISDN Bandwidth on Demand ................................................. 93
Installing Port Interface Cards (PICs) (models with PIC bay) .............................. 94
Connecting to a Leased Line Circuit (models with PIC bay) .............................. 94
Using Trace Route for IP Traffic ........................................................................ 96
CHAPTER 6
CHAPTER 7
Routing
This Chapter ................................................................................................... 99
Configuring an IP Network ............................................................................. 99
Before You Start ..................................................................................... 100
Configuring IP ........................................................................................ 100
Configuring IP Multicasting ........................................................................... 103
Configuring IGMP .................................................................................. 104
Multicasting using DVMRP ..................................................................... 104
Configuring Dynamic Host Configuration Protocol (DHCP) ............................ 109
Configuring a Novell IPX Network ................................................................. 111
Before You Start ..................................................................................... 111
Configuring IPX ...................................................................................... 112
Configuring IPX Dial-on-Demand ............................................................ 115
AppleTalk ...................................................................................................... 118
Routing Information Protocol (RIP) ................................................................ 119
Resource Reservation Protocol (RSVP) ............................................................ 119
OSPF ............................................................................................................. 120
Configuring a Basic OSPF Network ......................................................... 121
Maintenance and Troubleshooting
This Chapter ................................................................................................. 123
How the Router Starts Up ............................................................................. 124
How to Avoid Problems ................................................................................ 125
What to Do if You Clear FLASH Memory Completely ..................................... 127
What to Do if the PPP Link Disconnects Regularly .......................................... 128
What to Do if Passwords are Lost .................................................................. 128
Getting the Most Out of Technical Support ................................................... 128
Resetting Router Defaults ............................................................................. 129
Checking Connections Using PING ................................................................ 129
Troubleshooting IP Configurations ................................................................ 130
Troubleshooting DHCP IP Addresses .............................................................. 132
Troubleshooting IPX Configurations .............................................................. 132
Using Trace Route for IP Traffic ...................................................................... 134
Chapter 1
Introduction
Welcome to the AR400 Series router — the optimal solution for your small or
medium sized business.
This guide introduces your new router and will guide you through the most
common uses and applications. Getting started will not take long—many
applications are set up in just a few minutes. If you have any questions about
the router, contact your authorised distributor or reseller.
Your router is supplied with default settings which allow you to operate it
immediately, without any configuration. Even if this is all you want to do, you
should still gain access to the router configuration, if only to change the
manager password to prevent unauthorised access.
To change the switching configuration, and to take advantage of the advanced
routing features, you will need to enter detailed configuration. The router has
both a Command Line Interface (CLI) and a Graphical User Interface (GUI) for
configuration and management. Before you can use the GUI, you will need to
login to the router and use its CLI to allocate an IP address to at least one
interface.
Why Read this User Guide?
Before you use your router in a live network, please read this guide. The guide
tells you how to access and use the Command Line Interface (CLI) to configure
the router software, and how to access and use the router’s Graphical User
Interface (GUI). It then introduces a number of common router functions and
how to configure them using the CLI. For information on configuration using
the GUI, see the context-sensitive online GUI help. For more detailed
descriptions of all commands, display outputs, and background information,
see the Software Reference.
This user guide is organised into the following chapters:
■ Chapter 1, Introduction gives an overview of the router features and of the
documentation supplied with your router.
■ Chapter 2, Getting Started with the Command Line Interface (CLI) describes
how to gain access to the command line interface.
8 AR400 Series Router User Guide
■ Chapter 3, Getting Started with the Graphical User Interface (GUI) describes
how to access and use the graphical user interface.
■ Chapter 4, Operating the router introduces general operation, management
and support features, including loading and installing support files and
new releases.
■ Chapter 5, Physical and Layer 2 Interfaces describes how to configure Layer 1
and Layer 2 features, including PPP, ISDN and synchronous interfaces.
■ Chapter 6, Routing describes how to configure routing over IP and other
Layer 3 interfaces.
■ Chapter 7, Maintenance and Troubleshooting describes some of the commands
you can use to monitor the router and diagnose faults.
Where To Find More Information
Before installing the router and any expansion options, read the important
safety information in the Safety and Statutory Information booklet.
Follow the Quick Install Guides’ step-by-step instructions for physically
installing the router and any expansion options.
The Hardware Reference gives detailed information about the equipment
hardware.
The context-sensitive online GUI help gives descriptions of each page and
element of the GUI.
Once you are familiar with the basic operations of the router, use the Software
Reference for full descriptions of routing features and command syntax.
The Documentation Set
The documentation set for the router includes:
■ The printed Safety and Statutory Information booklet
■ The printed Quick Install Guide
■ The Documentation and Tools CD-ROM, which includes the following
PDF documents:
• Safety and Statutory Information
• Quick Install Guide
•This User Guide
• Hardware Reference
• Software Reference
• PIC Quick Install Guide
• PIC Hardware Reference
The CD-ROM also includes:
• Application Notes—a collection of technical and background papers on
the application of AR400 router technologies.
Software Release 2.7.1
C613-02021-00 REV F
Introduction 9
• Configuration Examples—a collection of ready-to-use examples of
typical network configurations, complete with scripts to download to
an AR400 router using AT-TFTP.
• AT-TFTP Server for Windows, for downloading software releases,
scripts and other files to or from an AR400 router.
• Adobe Acrobat Reader for Windows for viewing and printing the
online documentation in PDF format. Get instant access to information
with full-text searching of PDF documents by keyword or phrase.
•Microsoft Internet Explorer.
• Demonstration versions of networking utilities, such as AR-Remote File
Manager (AR-RFM) from Allied Telesyn and F-Secure’s Secure Shell
client for Windows.
• Information about other Allied Telesyn routing and switching
products.
Technical support
For online support for your AR400 Series router, see our online support page at
http://www.alliedtelesyn.co.nz/support/ar400
.
This site contains the latest router software releases, patches, GUI resource files
and documentation. Download software upgrades from the Allied Telesyn web
site to your server, and the use the LOAD command to copy them to the
router’s FLASH memory. Use the SET INSTALL command to enable the new
software (see “Upgrading Router Software” on page 63 for detailed instructions).
If you require further assistance, contact your authorised distributor or reseller.
Features of the Router
The AR400 Series router supports a wide range of network interfaces which
allows you to choose the network service that is right for you.
The AR410 base unit supports:
■ four 10/100 Mbps full duplex switched Ethernet LAN ports.
■ one 10/100 Mbps full duplex Ethernet WAN port
■ one asynchronous serial port
■ one Port Interface Card (PIC) Bay
Software Release 2.7.1
C613-02021-00 REV F
■ one internal MAC slot
The AR440S and AR441S base unit supports:
■ AR440S: One Asynchronous Digital Subscriber Line (ADSL) Annex A port.
■ AR441S: One Asynchronous Digital Subscriber Line (ADSL) Annex B port.
■ Five 10/100 LAN switch ports.
■ One asynchronous RS-232 (ASYN0) port.
10 AR400 Series Router User Guide
You can add additional interfaces to these routers by installing a Port Interface
Card (PIC) in the PIC bay.
The AR450S base unit supports:
■ five 10/100 Mbps full duplex switched Ethernet LAN ports.
■ two 10/100 Mbps full duplex Ethernet WAN port
■ two asynchronous serial ports
■ one built-in encryption processor
The software support for the AR400 Series router and the expansion options
provides wirespeed Layer 2 switching, including support for Virtual LANs. In
addition, the router provides a wide array of multiprotocol routing, security
and network management features.
Management Features
The following features enhance management of the router:
■ A sophisticated and configurable event logging facility for monitoring and
alarm notification to single or multiple management centres.
■ Triggers for automatic and timed execution of commands in response to
events.
■ Scripting for automated configuration and centralised management of
configurations.
■ Dynamic Host Configuration Protocol (DHCP) for IP and IPv6. DHCP lets
you automatically assign IP addresses and other configuration information
to PCs and other hosts on TCP/IP networks.
■ Support for the Simple Network Management Protocol (SNMP), standard
MIBs and the Allied Telesyn Enterprise MIB, enabling the router to be
managed by a separate SNMP management station.
■ Telnet client and server.
■ Secure Shell remote management.
■ An HTTP client that allows the direct download of files from a web server
to the router’s FLASH memory.
For complete descriptions of these software features, see the Software Reference.
Layer 3 and Other Features
AR400 Series routers provide efficient and cost-effective multiprotocol routing,
terminal serving and integrated network management over wide area
networks and LANs. The router can provide multiple functions
simultaneously. Different models run different software suites, and the
available functionality depends on the model and hardware configuration:
■ Wide area networking via Point-to-Point Protocol.
■ Wide area networking via Frame Relay, and X.25, operating over
synchronous links up to 2Mb/s (models with a PIC bay).
■ Basic Rate and Primary Rate access to Integrated Services Digital Network
(ISDN) services, with dial-on-demand and channel aggregation (models
with a PIC bay).
Software Release 2.7.1
C613-02021-00 REV F
Introduction 11
■ TCP/IP routing.
■ Novell® IPX routing.
■ DECnet™ routing (Phase IV+ and area).
■ AppleTalk routing.
■ Generic Routing Encapsulation (GRE) protocols.
■ IP multicast routing support, including Internet Group Management
Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP)
and Protocol Independent Multicast (PIM) Sparse and Dense Modes.
■ Ping Polling for determining device reachability and responding when a
device or link goes up or down.
■ IPv6 routing support, including stateless address autoconfiguration, RIPv6
and ICMPv6.
■ IPv6 multicast routing support, including Multicast Listener Discovery
(MLDv2) and Protocol Independent Multicast (PIM) Sparse and Dense
Modes.
■ OSPF, RIP (IP and Novell®), SAP (Novell®), EGP and BGP routing
protocols.
■ ARP, Proxy ARP and Inverse ARP address resolution protocols.
■ Sophisticated packet filtering.
■ Bridging.
■ Van Jacobson’s header compression, STAC LZS and Predictor compression,
and hardware-based AES (not AR410 or AR410S) and DES encryption.
■ Create secure Virtual Private Networks (VPNs) across the Internet or any
other public or shared IP network, using AT-VPNet.
■ Tunnelling of synchronous (HDLC) data through TCP/IP (models with a
PIC bay).
■ Terminal serving using Telnet, with local host nicknames.
■ Access to network printers via LPD or TCP streams (AR410 only).
■ Resource Reservation Protocol (RSVP) for delivering quality of service to
application data streams.
■ TPAD support for fast credit card authorisation transactions (models with
a PIC bay).
■ A fully featured, stateful inspection firewall.
■ IPsec-compliant IP security services.
■ Integration with a Public Key Infrastructure (PKI).
Software Release 2.7.1
C613-02021-00 REV F
■ Virtual Router Redundancy Protocol (VRRP).
■ Open Systems Interconnection (OSI) Connectionless Network Service
(CLNS).
■ Border Gateway Protocol version 4 (BGP-4).
■ Load Balancing for distributing traffic among multiple resources.
■ Software Secure Sockets Layer (SSL).
■ Voice over IP (VoIP).
■ 802.1x port authentication.
Special Feature Licences
You need a special feature licence and password to activate some special
features over and above the standard software release. Typically, these special
features are covered by government security regulations. Special feature
licences and passwords are quite separate and distinct from the standard
software release licences and passwords. The features that are available and
that require special feature licences depend on region and router model. Some
of the software features that require a special feature licence are:
■ Tripl e DES S / W
■ DES encryption
■ Firewall SW (enabled on the AR410S and AR450S)
■ Firewall SMTP Application Gateway (enabled on the AR410S and AR450S)
■ Firewall HTTP Application Gateway (enabled on the AR410S and AR450S)
■ IPv6
■ Resource Reservation Protocol (RSVP)
■ BGP-4
■ Load balancer
Most software features that require a special feature licence are bundled into
one of the following special feature licence packs:
■ Advanced Layer 3 Feature Licence
■ Security Pack Feature Licence
For more information about purchasing special feature licences, contact your
Allied Telesyn authorised distributor or reseller. For information on how to
enable special feature licences using the CLI, see “Enabling Special Feature
Licences” on page 20.
Warning about FLASH memory
Before you start to configure your router, note that it is possible to enter
commands that can impact severely on your router’s performance.
DO NOT clear the FLASH memory completely. The software release files are
stored in FLASH, and clearing FLASH memory would leave no software to run
the router.
While FLASH is compacting, do not restart the router or use any commands
that affect the FLASH file subsystem. Do not restart the router, or create, edit,
load, rename or delete any files until a message confirms that FLASH file
compaction is completed. Interrupting flash compaction may result in damage
to files. Damaged files are likely to prevent the router from operating correctly.
For more information, see “How to Avoid Problems” on page 125 and “What to
Do if You Clear FLASH Memory Completely” on page 127.
Chapter 2
Getting Started with the Command Line Interface (CLI)
This Chapter
This chapter describes how to access the router’s CLI, and provides basic
information about configuring the router, including how to:
■ Physically connect a terminal or PC to the router (see “Connecting a
Terminal or PC” on page 14 and the Quick Install Guide).
■ Set the Terminal Communication parameters to match the router settings
(see “Terminal Communication Parameters” on page 14).
■ Log in to the router as a manager (see “Logging In” on page 15).
■ Configure IP addresses on the router interfaces over which you will
manage the router. This is necessary if you will access the router using the
GUI or Telnet (see “Assigning an IP Address” on page 15).
■ Set routes (see “Setting Routes” on page 17)
■ Change the management password to limit unauthorised access to the
router configuration (see “Changing a Password” on page 17).
■ Use the command line interface to control the router software, including
creating aliases for often used character sequences (see “Using the
Commands” on page 18).
■ Set the online help file to gain access to command syntax help (see “Getting
Command Line Help” on page 19).
■ Enable any special feature licences (see “Enabling Special Feature Licences”
on page 20).
■ Set the name, location and contact details for the router (see “Setting System
Parameters” on page 20).
14 AR400 Series Router User Guide
Connecting a Terminal or PC
The first thing to do after physically installing the router is to start a terminal or
terminal emulation session to access the router. Then you can use the
command line interface (CLI) to configure the router. If you wish to configure
the router using the Graphical User Interface, you must first access the CLI and
assign an IP address to at least one interface.
You can use a PC running terminal emulation software as the manager console
instead of a terminal. Many terminal emulation applications are available for
the PC, but the most readily available is the HyperTerminal application
included in Microsoft® Windows™ 95, Windows™ 98, and Windows™ 2000.
In a normal Windows™ installation HyperTerminal is located in the
Accessories group. In Windows™ 2000, HyperTerminal is located in the Start >
Programs > Accessories > Communications menu.
The key to successfully using terminal emulation software with the router is to
configure the communications parameters in the terminal emulation software
to match the default settings of the console port on the router. For instructions
on how to configure HyperTerminal, see the Hardware Reference.
To start a terminal session, connect to the router in one of the following ways:
■ Connect a VT100-compatible terminal to the RS-232 Terminal Port (asyn0),
set the communications parameters on the terminal (Table 1 on page 14),
and press [Enter] a few times until the router login prompt appears; OR
■ Connect the COM port of a PC running terminal emulation software such
as Windows Terminal or HyperTerminal to the RS-232 Terminal Port
(asyn0), set the communications parameters on the terminal emulation
software (Table 1 on page 14), and press [Enter] a few times until the router
login prompt appears.
Terminal Communication Parameters
Check that the terminal or modem’s communication settings match the settings
of the asynchronous port. By default, the asynchronous port (also known as the
Console, RS-232, or Config port) on the router is set to the parameters shown in
Tab le 1:
Table 1: Parameters for terminal communication
Parameter Value
Baud rate 9600
Data bits 8
Parity None
Stop bits 1
Flow control Hardware
Refer to the user manual supplied with the terminal or modem for details of
how to change the communications settings for the terminal or modem.
Software Release 2.7.1
C613-02021-00 REV F
Getting Started with the Command Line Interface (CLI) 15
If a modem is connected, configure the router to make and/or accept calls via
the modem. To set the CDCONTROL parameter to “CONNECT” and the
FLOW parameter to “HARDWARE”, enter the command:
SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE
If the terminal or modem is used with communications settings other than the
default settings, then configure the asynchronous port to match the terminal or
modem settings using the SET ASYN command.
See the router’s online help or the Interfaces chapter in the Software Reference
for more information on how to configure the asynchronous port.
Logging In
When you access the router from a terminal or PC connected to the RS-232
terminal port (asyn0), or via a Telnet or HTTP connection, you must enter a
login name and password to gain access to the command prompt. When the
router is supplied, it has a manager account with an initial password friend.
Enter your login name at the login prompt:
login: manager
Enter the password at the password prompt:
password: friend
After you log into the manager account you can enter commands from this
document and from the Software Reference.
Assigning an IP Address
To configure the router to perform IP routing (for example, to access the
Internet) you need to configure IP. You also need to configure IP if you want to
manage the router from a Telnet session or with the GUI. For detailed
instructions on accessing the router with the GUI, see “Accessing the Router via
the GUI” on page 24.
Some router models are preloaded with a basic IP configuration, including an
IP address. To check your router’s configuration, use the command:
SHOW CONF DYN
Software Release 2.7.1
C613-02021-00 REV F
To configure IP, first enable it, using the command:
ENABLE IP
Then, add an IP address to each of the router interfaces that you want to
process IP traffic. Depending on the router model, these may include:
■ the default VLAN (vlan1)
■ the DMZ (vlan2, which contains port 3, on the AR410 and AR410S; eth1 on
the AR450S)
■ the WAN Ethernet port (eth0).
For the default VLAN, use the command:
ADD IP INTERFACE=vlan1 IPADDRESS=ipadd MASK=mask
where:
■ ipadd is an unused IP address on your LAN.
■ mask is the subnet mask (for example 255.255.255.0)
If IP addresses on your LAN are assigned dynamically by DHCP, you can set
the router to request an IP address from the DHCP server, using the
commands:
ADD IP INTERFACE=vlan1 IPADDRESS=DHCP
ENABLE IP REMOTEASSIGN
You do not need to set the MASK parameter because the subnet mask received
from the DHCP server is used.
If you use DHCP to assign IP addresses to devices on your LAN, and you want to
manage the router within this DHCP regime, it is recommended that you set your
DHCP server to always assign the same IP address to the router. This will enable you
to access the GUI by browsing to that IP address, and will also let you use the router as
a gateway device for your LAN. If you need the router's MAC address for this, it can be
displayed using the command SHOW SWITCH or SHOW ETH=x MACADDRESS.
Similarly, for the default WAN Ethernet port (eth0) use the command:
ADD IP INTERFACE=eth0 IPADDRESS=ipadd MASK=mask
where ipadd is the globally-unique IP address that your ISP has assigned to
you.
For the default DMZ interface on the AR450S, use the command:
ADD IP INTERFACE=eth1 IPADDRESS=ipadd MASK=mask
where ipadd is an unused private or public IP address.
The default DMZ interface on the AR410 or AR410S is vlan2, which contains
port 3. Therefore connect your DMZ server/s to the router’s switch (network)
port 3 and give vlan2 an IP address, using the command:
ADD IP INTERFACE=vlan2 IPADDRESS=ipadd MASK=mask
where ipadd is an unused private or public IP address.
To protect servers on your DMZ (or LAN), you need to configure the firewall (see the
Firewall chapter in the Software Reference, especially the Configuration Examples). A
special feature licence is required but is enabled by default on the AR410S and AR450S.
To change the IP address for an interface, enter the command:
SET IP INTERFACE=interface IPADDRESS=ipadd MASK=ipadd
When you are configuring the router remotely, if you change the configuration (for
example, the VLAN membership) of the port over which you are configuring, the router
is likely to break the connection.
For more information about switch ports and Virtual LANs (VLANs), see
Chapter 5, Physical and Layer 2 Interfaces in this document, and Switching on the
Getting Started with the Command Line Interface (CLI) 17
AR410 and Switching on the AR440S, AR441S and AR450S in the Software
Reference. For more information about IP addressing and routing, see Chapter
6, Routing in this document, and the Internet Protocol (IP) chapter in the
Software Reference.
Setting Routes
The process of routing packets consists of selectively forwarding data packets
from one network to another. Your router makes a decision to send a packet to
a particular network on information it learns dynamically from listening to the
selected route protocol and on the static information entered as part of the
configuration process. In addition, you can configure user-defined filters to
restrict the way packets are sent.
Your router maintains a table of routes which holds information about routes to
destinations. The route table tells the router how to find a remote network or
host. A route is uniquely identified by IP address, network mask, next hop,
ifIndex, protocol and policy. A list of routes comprises all the different routes to
a destination. The routes may have different metrics, next hops, policy or
protocol. A list of routes is uniquely identified by its IP address and net mask.
The routing table is maintained dynamically by using one or more routing
protocols such as RIP, EGP and OSPF. These act to exchange routing
information with other routers or hosts.
You can also add static routes to the route table to define default routes to
external routers or networks and to define subnets.
To add a static route, enter the command:
ADD IP ROUTE=ipadd INTERFACE=interface NEXTHOP=ipadd
[CIRCUIT=miox-circuit] [DLCI=dlci]
[MASK=ipadd][METRIC=1..16] [METRIC1=1..16]
[METRIC2=1..65535][POLICY=0..7] [PREFERENCE=0..65535]
To displays the entire routing table, including both static and dynamic routes,
enter the command:
SHOW IP ROUTE
For more information about setting IP routes, see the Internet Protocol (IP)
chapter in the Software Reference.
Changing a Password
Software Release 2.7.1
C613-02021-00 REV F
You should change this password to prevent unauthorised access to the router.
Enter the command:
SET PASSWORD
The router prompts you for the current password, for the new password, and
for confirmation of the new password. The password can contain any printable
characters, and must be at least a minimum length, by default six characters.
(To change the default minimum length, see the SET USER command in the
Operations chapter in the Software Reference.)
18 AR400 Series Router User Guide
Choosing a Password
All users, including managers, should take care in selecting passwords. Tools
exist that enable hackers to guess or test many combinations of login names
and passwords easily. The User Authentication Facility (UAF) provides some
protection against such attacks by allowing the manager to set the number of
consecutive login failures allowed and a lockout period when the limit is
exceeded.
However, the best protection against password discovery is to select a good
password and keep it secret. When choosing a password:
■ Do make it six or more characters in length. The UAF enforces a minimum
password length, which the manager can change. The default is six
characters.
■ Do include both alphabetic (a–z) and numeric (0–9) characters.
■ Do include both uppercase and lowercase characters. The passwords
stored by the router are case-sensitive, so “bgz4kal” and “Bgz4Kal” are
different.
■ Do avoid words found in a dictionary, unless combined with other random
alphabetic and numeric characters.
■ Do not use the login name, or the word “password” as the password.
■ Do not use your name, your mother’s name, your spouse’s name, your
pet’s name, or the name of your favourite cologne, actor, food or song.
■ Do not use your birth date, street number or telephone number.
■ Do not write down your password anywhere.
Make sure you remember the new password created as you cannot retrieve a
lost password. Recovery of access to the router is complex.
Once you have logged into the manager account you are able to enter
commands from this guide and from the Software Reference.
Using the Commands
You control the router with commands described in this document and in the
Software Reference. While the keywords in commands are not case sensitive,
the values entered for some parameters are (especially passwords). The router
supports command line editing and recall. Command line editing functions
and keystrokes are shown in Table 2.
Table 2: Command line editing functions and keystrokes
Function VT100 Terminal Dumb terminal
Move cursor within command line ←, → Not available
Delete character to left of cursor [Delete] or [Backspace] [Delete] or [Backspace]
Toggle between insert/overstrike [Ctrl/O] Not available
Clear command line [Ctrl/U] [Ctrl/U]
Software Release 2.7.1
C613-02021-00 REV F
Getting Started with the Command Line Interface (CLI) 19
Table 2: Command line editing functions and keystrokes (Continued)
Function VT100 Terminal Dumb terminal
Recall previous command ↑ or [Ctrl/B] [Ctrl/B]
Recall next command ↓ or [Ctrl/F] [Ctrl/F]
Display command history [Ctrl/C] or
SHOW PORT HISTORY
Clear command history RESET PORT HISTORY RESET PORT HISTORY
Recall matching command [Tab] or [Ctrl/I] [Tab] or [Ctrl/I]
[Ctrl/C]
or SHOW PORT HISTORY
The router assumes that the width of the terminal screen is 80 characters, and
performs command line wrapping at the 80th column regardless of the setting
of the terminal. To execute a command the cursor does not need to be at the
end of the line. The default editing mode is insert mode. Characters are
inserted at the cursor position and any characters to the right of the cursor are
pushed to the right to make room. In overstrike mode, characters are inserted
at the cursor position and replace any existing characters.
Commands are limited to 1000 characters, excluding the prompt. Path names
of up to 256 characters, including file names, and file names up to 16 characters
long, with extensions of 3 characters, are supported.
Aliases
The command line interface supports aliases. An alias is a short name for an
often-used longer character sequence. When the user presses [Enter] to execute
the command line, the command processor first checks the command line for
aliases and substitutes the replacement text. The command line is then parsed
and processed normally. Alias substitution is not recursive—the command line
is scanned only once for aliases.
Aliases are created and destroyed using the commands:
ADD ALIAS=name STRING=substitution
DELETE ALIAS=name
Getting Command Line Help
Online help is available for all router commands, via the command:
HELP [topic]
If you do not specify a topic, then a list of available topics is displayed.
The system help file that the help information comes from can be stored in
FLASH memory. If you upgrade your software release, you can also upload
any associated new help file, then activate it using the command:
Software Release 2.7.1
C613-02021-00 REV F
SET HELP=helpfile
To display the current help file, enter the command:
SHOW SYSTEM
Also, typing a question mark “?” at the end of a partially completed command
displays a list of the parameters that may follow the current command line,
with the minimum abbreviations in uppercase letters. The current command
line is then re-displayed, ready for further input.
Enabling Special Feature Licences
You must enable the special feature licence you have purchased before you can
use the licenced features. You will need the password provided by your
authorised distributor or reseller. The advanced upgrade licence and password
are different from the standard software release licence and password. The
licence cannot be transferred from one router to another.
For software features that require a special feature licence see “Special Feature
Licences” on page 12.
You must order passwords for special feature licences from your authorised distributor
or reseller. You must specify the special feature licence bundle and the serial number(s)
of the router(s) on which the special feature licences are to be enabled.
The password for a special feature licence is a string of at least 16 hexadecimal
characters. This password encodes the special feature, or features, covered by
the license, and the router serial number. The password information is stored in
the router’s FLASH memory.
To enable or disable a special feature licence, enter the commands:
ENABLE FEATURE=feature PASSWORD=password
DISABLE FEATURE=feature
To list the current special feature licences, enter the command:
SHOW FEATURE[={featurename|index}]
Setting System Parameters
You can set some general system parameters to ensure the router’s
compatibility with the public network, and to aid network administration.
Some services, for instance ISDN, use slightly different versions in different
countries. To make sure that the router uses protocols consistent with the
services it is connected to, set the system territory to the country or region in
which your router operates. Enter the command:
SET SYSTEM TERRITORY={AUSTRALIA|CHINA|EUROPE|JAPAN|KOREA|
NEWZEALAND|USA}
In Australia only: to use the Micro service, SET SYSTEM LOCATION=australia; to
use the OnRamp service, SET SYSTEM LOCATION=europe.
Getting Started with the Command Line Interface (CLI) 21
System name, location and contact parameters can help a remote network
administrator identify the router. By convention the system name is the full
domain name. Set the name of the router, for example:
SET SYSTEM NAME=nd1.co.nz
the location of the router, for example:
SET SYSTEM LOCATION=”Head Office, 3rd floor east”
and a contact name and phone number for the network administrator
responsible for the router, for example:
SET SYSTEM CONTACT=”Anna Brown 03-456 789”
The name, location, and contact are strings 1 to 80 characters in length of any
printable character. If the string includes spaces enclose the string in double
quotes.
Set the router’s real time clock to the current local time in 24 hour notation
(hh:mm:ss), for example:
SET TIME=14:50:00
and to the current date (dd-mmm-yy, or dd-mmm-yyyy), for example:
SET DATE=29-JAN-02
or
SET DATE=29-JAN-2003
Software Release 2.7.1
C613-02021-00 REV F
22 AR400 Series Router User Guide
Software Release 2.7.1
C613-02021-00 REV F
Chapter 3
Getting Started with the Graphical User Interface (GUI)
This Chapter
This chapter describes how to access the router’s HTTP-based Graphical User
Interface (GUI), and provides basic information about using the GUI,
including:
■ What is the GUI?
• an introduction to the Graphical User Interface
■ Accessing the router via the GUI:
• browser and PC setup, including interaction with HTTP proxy servers
• establishing a connection to your router, including an example of
configuring SSL for secure access
• the System Status page, the first GUI page you see
■ Using the GUI: navigation and features:
• an overview of the menus
• using configuration pages, with a description of key elements of GUI
pages
• changing your password
• using the context sensitive online help
• saving your configuration
• combining GUI and CLI configuration
• configuring multiple devices
■ Upgrading the GUI
■ Troubleshooting
• diagnosing and solving connection problems
• using the GUI to troubleshoot the router’s configuration.
What is the GUI?
The GUI (Graphical User Interface) is a web-based device management tool,
designed to make it easier to configure and monitor the router. The GUI
provides an alternative to the CLI (Command Line Interface). Its purpose is to
make complicated tasks simpler and regularly performed tasks quicker.
The GUI relies on an HTTP server that runs on the router, and a web browser
on the host PC. When you use the GUI to configure the router, the GUI sends
commands to the router and the router sends the results back to your browser,
all via HTTP.
The tasks you may perform using the GUI are not as comprehensive as the
command set available on the CLI, but for some protocols, a few clicks of the
mouse will perform many commands. A great example of this is the ease with
which you can configure an ISDN link.
The GUI is stored on the router in the form of an embedded resource file, with
file extension
version encoded in the file name.
rsc. Resource files are model-specific, with the model and
Accessing the Router via the GUI
To use the GUI to configure the router, you use a web browser to open a
connection to the router’s HTTP server. Therefore, you need a PC, a web
browser and the router. Supported browsers and operating systems, and the
settings you need on your PC and browser, are detailed in the following
section. Router setup is detailed in “Establishing a Connection to the Router” on
page 26.
Browser and PC Setup
The GUI requires a web browser installed on a PC. Table 3 shows supported
combinations of operating system and browser.
Table 3: Supported browsers and operating systems
IE 5.0 IE 5.5 IE 6.0 NS 6.2.2 NS 6.2.3
Windows 95
Windows 98 999
Windows ME 99999
Windows 2000 99999
Windows XP 99999
9
JavaScript must be enabled. To enable JavaScript in Internet Explorer:
1. From the Tools menu, select Internet Options
2. Select the Security tab
3. Click on the Custom Level button
4. Under the Scripting section, ensure that “Active scripting” is enabled.
Getting Started with the Graphical User Interface (GUI) 25
To enable JavaScript in Netscape 6.2.x:
1. From the Edit menu, select Preference
2. Select the Advanced menu option.
3. Ensure that the “Enable JavaScript for Navigator” checkbox is checked.
The minimum screen resolution on the PC is 800x600.
Pop-up Windows
Pop-up windows must be allowed. If you are using a toolbar or plug-in on
your browser to block pop-ups, disable it while using the GUI. The GUI
displays detailed configuration options and information in pop-up windows.
Either turn the toolbar off or specify that pop-ups are allowed for the IP
address of the router. To turn off a toolbar on Internet Explorer 6, select
Toolbars from the View menu and make sure the toolbar is not checked.
HTTP Proxy Servers
An HTTP proxy server provides a security barrier between a private network’s
PCs and the Internet. The PCs send HTTP requests (and other web traffic) to
the server, which then forwards the requests appropriately. Similarly, the server
receives incoming HTTP traffic addressed to a PC on the private network, and
forwards it to the appropriate PC. Proxy servers can be used to block traffic
from undesirable websites, to log traffic flows, and to disallow cookies.
If your browser is configured to use a proxy server, and the router is on your
side of the proxy server, you will need to set the browser to bypass proxy
entries for the IP address of the appropriate interface on the router. (See
“Establishing a Connection to the Router” on page 26 for information about
giving router interfaces IP addresses.)
To ensure that your network’s security settings are not compromised, see your
network administrator for information about bypassing the proxy server on
your system.
To bypass the proxy server on Internet Explorer, if your browser administration
does not use a script, and the PC and the router are in the same subnet:
1. From the Tools menu, select Internet Options.
2. Select the Connections tab and click the LAN Settings button.
3. Check the “Bypass proxy server for local addresses” checkbox.
4. If necessary, click the Advanced button and enter a list of local addresses.
To bypass the proxy server on Netscape, if your browser does not use a script:
1. From the Edit menu, select Preferences
2. Click on the Advanced menu option to expand it.
Software Release 2.7.1
C613-02021-00 REV F
3. Select the Proxies menu option
4. Enter the router’s IP address in the “No Proxy for” list.
26 AR400 Series Router User Guide
Establishing a Connection to the Router
Before you start, consider how the router fits into your network. If you are
installing a new router, consider whether you want to configure it before
deploying it into the LAN, or want to configure it in situ. If you want to access
a router that has already been configured, consider the relative positions of the
PC and the router. The flow chart below summarises this process, and the
procedures that follow take you through each possibility in detail.
Figure 1: A summary of the process for establishing a connection via the GUI.
Start here
Is the router
already installed and
configured in
the LAN?
No
Do you want
to configure the router
before installing it in
the LAN?
Ye s
Ye s
Determine the IP address
of an interface on the router
and browse to it.
See “Option 3: Connecting
to an Installed Router” on
page 30.
Connect your PC directly to
the router, give the router an
IP address and browse to it.
See “Option 1: Configuring
the Router before
Installation” on page 27.
No
Install the router into the LAN,
give it an IP address and
browse to it.
See “Option 2: Installing
the Router into the LAN”
on page 28.
Software Release 2.7.1
C613-02021-00 REV F
Getting Started with the Graphical User Interface (GUI) 27
Option 1: Configuring the Router before Installation
Use this procedure if:
■ You want to configure the router before installing it in your LAN.
■ You will be installing the router at a remote office or a customer site and
want to configure it first.
■ You want a dedicated management PC permanently connected to the
router.
1. Select a PC to browse to the router from
You can browse to the router from any PC that is running a supported
operating system with a supported browser installed. See “Browser and
PC Setup” on page 24 for more information.
You need to know the PC’s subnet.
2. Connect the PC to the router
Use a straight-through Ethernet cable to connect an Ethernet card on the
PC to any one of the switch ports (see Figure 2).
Figure 2: Connecting a PC directly to the router
straight-through cable
AR400 Series router
ON
OFF
POWER
ETHERNET
10BASE-T/100BASE-TX SWITCH PORTS
3450 WAN1 DMZ
21
Switch Ports
You can browse to the router through any VLAN or ETH port, as long as you give that
interface an IP address (see below). The recommended LAN interface is vlan1, and these
instructions assume you will use vlan1 as the LAN interface. The switch ports all belong
to vlan1 by default.
3. Access the router’s command line interface
Access the CLI from the PC, as described in “Connecting a Terminal or PC”
on page 14.
4. Enable IP
ENABLE IP
RS-232
ASYN1
ASYN0 CONSOLE
PC
Software Release 2.7.1
C613-02021-00 REV F
5. Assign the vlan1 interface an IP address in the same subnet as the PC
ADD IP INTERFACE=vlan1 IP=ipaddress MASK=mask
6. Save the configuration and set the router to use it on bootup
CREATE CONFIG=your-name.cfg
SET CONFIG=your-name.cfg
7. On the PC, bypass the HTTP proxy server, if necessary
See “HTTP Proxy Servers” on page 25 for more information.
8. Point your web browser at the LAN interface’s IP address
9. At the login prompt, enter the user name and password
The default username is manager:
User Name: manager
Password: friend
The System Status page is displayed (Figure 5 on page 33). Select options
from the sidebar menu to configure and manage the router.
Option 2: Installing the Router into the LAN
Use this procedure if:
■ You want to install the router into the LAN before you configure it.
1. Select a PC to browse to the router from
You can browse to the router from any PC that is running a supported
operating system with a supported browser installed, with JavaScript
enabled. See “Browser and PC Setup” on page 24 for more information.
You need to know the PC’s subnet.
2. Plug the router into the LAN
To i n st al l th e router into the same subnet as the PC:
Use an Ethernet cable to connect one of the switch ports to a device on the
LAN segment, for example, a hub, router or switch (see Figure 3). Connect
AR410 and AR410S routers through port 4 and ensure that the PC/hub
switch is pressed in.
Figure 3: Connecting the router into the same LAN segment as the PC.
ON
OFF
POWER
AR400 Series Router
PC
ON
OFF
POWER
Hub or Layer 2
Switch
10BASE-T/100BASE-TX SWITCH PORTS
3421
To i n st al l th e router into a different subnet than the PC:
Use an Ethernet cable to connect any one of the switch ports to a device on
the LAN segment in which you require the router to work, for example, a
hub, router or switch (see Figure 4). Connect AR410 and AR410S routers
through port 4 and ensure that the PC/hub switch is pressed in.
ETHERNET
10BASE-T/100BASE-TX SWITCH PORTS
3450 WAN1 DMZ
21
Switch Ports
RS-232
ASYN1
ASYN0 CONSOLE
Getting Started with the Graphical User Interface (GUI) 29
Figure 4: Configuring the router from a PC in another subnet.
gateway
subnetsubnet
AR400 Series router
You can browse to the router through any VLAN or ETH port, as long as you give that
interface an IP address (see below). The recommended LAN interface is vlan1, and these
instructions assume you will use vlan1 as the LAN interface. The switch ports all belong
to vlan1 by default.
3. Access the router’s command line interface
Access the CLI from the PC, as described in “Connecting a Terminal or PC”
on page 14.
4. Enable IP
ENABLE IP
5. Assign the vlan1 interface an IP address
ADD IP INTERFACE=vlan1 IP=ipaddress MASK=mask
If you use DHCP to assign IP addresses to devices on your LAN, and you want to
manage the router within this DHCP regime, it is recommended that you set your
DHCP server to always assign the same IP address to the router. This will enable you
to access the GUI by browsing to that IP address, and will also let you use the router as
a gateway device for your LAN. If you need the router's MAC address for this, you can
display it using the command SHOW SWITCH or SHOW ETH=x MACADDRESS.
To set the interface to obtain its IP address by DHCP, use the commands:
ADD IP INTERFACE=VLAN1 IPADDRESS=DHCP and
ENABLE IP REMOTEASSIGN.
6. If the PC you want to browse from is in a different subnet from the router,
give the router a route to the PC
ADD IP ROUTE=PC-subnet INTERFACE=vlan1
NEXTHOP=gateway-ipaddress
Software Release 2.7.1
C613-02021-00 REV F
where:
• PC-subnet is the IP subnet address of the PC. For example, if the PC has
an IP address of 192.168.6.1 and a mask of 255.255.255.0, its subnet
address is 192.168.6.0.
• gateway-ipaddress is the IP address of the gateway device that connects
the PC’s subnet with the router’s subnet (Figure 4 on page 29).
30 AR400 Series Router User Guide
7. If you want to be able to browse to the GUI securely, configure SSL (Secure
Sockets Layer)
See “Secure Access” on page 31 for more information.
8. Save the configuration and set the router to use it on bootup
CREATE CONFIG=filename.cfg
SET CONFIG=filename.cfg
9. On the PC, bypass the HTTP proxy server, if necessary
See “HTTP Proxy Servers” on page 25 for more information.
10. Point your web browser at the LAN interface’s IP address
For normal access, point your web browser to
http://ip-address
For secure access, point your web browser to
https://ip-address
where ip-address is the interface’s IP address.
11. At the login prompt, enter the user name and password
The default username is manager:
User Name: manager
Password: friend
The System Status page is displayed (see Figure 5 on page 33). Select
options from the sidebar menu to configure and manage the router.
Option 3: Connecting to an Installed Router
Use this procedure if:
■ At least one interface on the router already has an IP address, and the
router is already installed in a LAN.
1. Find out the IP address of the router’s interface
Ask your system administrator. Alternatively, access the CLI, as described
in “Connecting a Terminal or PC” on page 14, and enter the command:
SHOW IP INTERFACE
You can browse to the router through any VLAN or ETH port, as long as you give that
interface an IP address (see below). The recommended LAN interface is vlan1, and these
instructions assume you will use vlan1 as the LAN interface. The switch ports all belong
to vlan1 by default.
2. Select a PC
You can browse to the GUI from any PC that:
• has an IP address in the same subnet as the router, or that the router has
a route to
• is running a supported operating system
• has a supported browser installed, with JavaScript enabled
Software Release 2.7.1
C613-02021-00 REV F
Loading...