Black Box LR1500A-US-R3, LR1560A-EU-STR2, LR1580A-ST-R2, LR1580A-EU-STR2, LR1500A-EU-R2 User And System Administration Manual

...

Download

Series 500 ISDN Bridge/Router

User and System Administration Guide

LR1560A-ST-R2, LR1560A-EU-STR2, LR1500A-EU-R2, LR1560A-U-R2, LR1580A-U-R2

LR1500A-US-R3, LR1580A-ST-R2, LR1580A-EU-STR2, LR1520A-EU-R2, LR1520A-US-R3

Part number 5500092-10

equivalent to 5500083-12

INSTRUCCIONES DE SEGURIDAD

(Normas Oficiales Mexicanas Electrical Safety Statement)

1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el

aparato eléctrico sea operado.

2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia

futura.

3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación

deben ser respetadas.

4. Todas las instrucciones de operación y uso deben ser seguidas.

5. El aparato eléctrico no deberá ser usado cerca del agua—por ejemplo, cerca de la tina

de baño, lavabo, sótano mojado o cerca de una alberca, etc.

6. El aparato eléctrico debe ser usado únicamente con carritos o pedestales que sean

recomendados por el fabricante.

7. El aparato eléctrico debe ser montado a la pared o al techo sólo como sea

recomendado por el fabricante.

8. Servicio—El usuario no debe intentar dar servicio al equipo eléctrico más allá a lo

descrito en las instrucciones de operación. Todo otro servicio deberá ser referido a personal de servicio calificado.

9. El aparato eléctrico debe ser situado de tal manera que su posición no interfiera su

uso. La colocación del aparato eléctrico sobre una cama, sofá, alfombra o superficie similar puede bloquea la ventilación, no se debe colocar en libreros o gabinetes que impidan el flujo de aire por los orificios de ventilación.

10. El equipo eléctrico deber ser situado fuera del alcance de fuentes de calor como

radiadores, registros de calor, estufas u otros aparatos (incluyendo amplificadores) que producen calor.

11. El aparato electico deberá ser connectado a una fuente de poder sólo del tipo descrito

en el instructivo de operación, o como se indique en el aparato.

12. Precaución debe ser tomada de tal manera que la tierra fisica y la polarización del

equipo no sea eliminada.

13. Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados

ni pellizcados por objectos colocados sobre o contra ellos, poniendo particular atención a los contactos y receptáculos donde salen del aparato.

14. El equipo eléctrico debe ser limpiado únicamente de acuerdo a las recomendaciones

del fabricante.

15. En caso de existir, una antena externa deberá ser localizada lejos de las lineas de

energia.

16. El cable de corriente deberá ser desconectado del cuando el equipo no sea usado por

un largo periodo de tiempo.

17. Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados

sobre la cubierta u orificios de ventilación.

18. Servicio por personal calificado devera ser provisto cuando: A: El cable de poder o el contacto ha sido dañado; u B: Objectos han caído o líquido ha sido derramado dentro del aparato; o C: El aparato ha sido expuesto a la lluvia; o D: El aparato parece no operar normalmente o muestra un cambio en su

desempeño; o

El aparato ha sido tirado o su cubierta ha sido dañada.

Federal Communications Commission (FCC)

Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

Warning: The user is cautioned that modifications to this equipment can void the authority granted by the FCC to operate the equipment.

1.This equipment complies with Part 68 of the FCC rules. On the bottom of this equipment is a label that contains, among other information, the FCC registration number and ringer eqivalence number (REN) for this equipment. If requested, this information must be provided to the telephone company.

2. Applicable USOC jack required: RJ49C

3. If the terminal equipment ISDN Router causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice is not practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it to be necessary.

4. The telephone company may make changes to its facilities, equipment, pertains or procedures that could affect the operation of the equipment. If this happens, the telephone company will provide advance notice in order for you to make the necessary modifications in order to maintain uninterrupted service.

5. .The following repairs may be made by the customer: none.

Canadian Emissions Standard ICES-003

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus”, ICES-003 of the Department of Communications.

Cet appareil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques”, NMB-003 édictée par le ministre des Communications.

Canadian ISDN Approval

The ISDN-S/T interface of this device is intended for direct connection to the S/T jack of an NT-1 unit and therefore does not require Communications Canada certification. The ISDN Router should only be connected to Communications Canada approved NT-1 units.

Statements for ISDN U Module

NOTICE: The Canadian Department of Communications label identifies

certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunication company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alteration made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

CAUTION: Users should not attempt to make such connections themselves, but should

contact the appropriate electric inspection authority, or electrician, as appropriate.

Specifications

Speed — Ethernet: 10 Mbps, ISDN (WAN): 128 Kbps Protocol — IP & IPX Multi-Protocol router capabilities; Protocol-

independent MAC-layer bridging; SNMP terminal access Indicators — (4) LEDs: Power, LAN, Link 1, Link 2 Connectors — RJ45 (ISDN WAN); RJ45 female 10BaseT (LAN); (2) RJ45 (Analog phone - voice); RJ45 female console port Power — 12VDC 1A (external) – center positive Size — 1.6"H x 6.1"W x 4.3"D (4 x 15.5 x 11 cm) Weight — 15 oz. (500 g);

Using This Manual This Installation and Applications Guide provides the basic information

required to initially set up and configure the Router. This guide is organized into the following sections:

“Installation” provides instructions for installing the router. “Typical Applications & How to Configure Them” provides

simple configuration examples for typical applications in which the router might be used. The applications described in this document are for example only and provide a method of quick configuration of the router. For more complete information on all of the configuration parameters available, please refer to the router PPP Menu Reference Manual on the accompanying CD-ROM.

“Introduction to Filtering” provides an introduction to the pattern filtering options of the router. Several examples of typical pattern filters are also provided.

”Menu Trees” provides a graphical tree type overview of the structure of the built-in menu system of the router. All of the configuration is performed using the options provided in the menu system. The Menu Tree is like an index to the menu options.

“Configuration Pages” provides a place to note the current configuration of the router for future reference. If a replacement unit is required, the configuration may be quickly modified to be the same as the existing unit.

“Octet Locations on Ethernet Frames” provides a graphical representation of the various common Ethernet frames that the router will bridge or route. When defining a pattern filter, these frame displays indicate the offset values to use in order to define the pattern filter correctly.

“Servicing Information” provides information on opening the case and changing the straps.

Using the Electronic Reference Manual The router Reference Manuals are provided as Adobe Acrobat PDF files

on the accompanying CD-ROM. The Menu Reference File is provided individually for ease of configuration reference. The Adobe Acrobat Reader is included on the CD-ROM.

The Adobe Acrobat Reader program is also available for most computer operating platforms from Adobe on the Internet at: www.adobe.com.

The Reference Manual provides the following information: Introduction to bridging, routing, and router features Pin out references for the link modules Pin out references for the link modules List of event and alarm logs Expanded description of programmable filtering

The router PPP Menu Reference Manual provides the following information:

Complete description of the options for the built-in menu system.

Contents

SECTION 1 INSTALLATION 5

Unpack the Router 5 Select a Site 5 Identify the Connectors 6 Configuring the Router 6 Connect to the Console 6 Make the LAN Connections 7 Make the ISDN Link Connection 7 Power Up the Router 8 Login and Enter the Required Configuration 8 Mandatory Configuration 9 Identify the Status LEDs 10 The NetWizard Graphical User Interface 11

SECTION 2 TYPICAL APPLICATIONS & HOW TO CONFIGURE THEM 13

Managing the router Using the Menus 14 Conventions 15 Bridging and Routing 16

Should You Bridge or Route? 16

Bridging 17

IP Routing 19

IP Addressing 20 Masks 21 IP Subnets 22 IP Default Gateway 24 IP Static Route 24

IPX Routing 26

Novell Servers in Both Locations 26 Novell Servers in One Location Only 27

PPP Overview 31

PPP Link Configuration 31 Numbered Links 31 Unnumbered Links 32 Multilink Operation 33

Configure Remote Site Profiles 34

ISDN Connection Remote Site Profiles 35

Frame Relay Remote Site Profiles 36

Digital Leased Remote Site Profiles 36

Basic Configurations 37

Connection 37

Contents

Basic ISDN Connections 39

“Quick Start” PPP ISDN Connections 41 IPX Router Connection 42 IP Router Connection 42

Basic Frame Relay Configuration 43

Auto Learning the Frame Relay Configuration 44

Basic Leased Line Configuration 47

Bridge Connection. 48 IP Router Connection. 48 IPX Router Connection 48

Advanced Features 49

Dynamic Host Configuration Protocol 49 Network Address Translation and Port Translation 52 Security 54

Configure PPP Security 54 Configure Firewall 57 Network Address Translation 61

Filters 61 Compression 62 Bandwidth On Demand 63

SECTION 3 INTRODUCTION TO FILTERING 65

MAC Address Filtering 65 Pattern Filtering 66 Popular Filters 69

Bridge 69

IP & Related Traffic 69

Novell IPX Frames 69

NetBIOS &NetBEUI (Microsoft Windows) 69

Banyan 69 IP Router 70

NetBIOS over TCP 70

Other interesting TCP Ports 70

APPENDIX A MENU TREES 71

APPENDIX B OCTET LOCATIONS ON ETHERNET FRAMES 75

Octet Locations on a Bridged TCP/IP Frame 76 Octet Locations on a Bridged Novell Netware Frame 76 ETHERNET Type Codes 77 Octet Locations on an IP Routed TCP/IP Frame 78

Contents

Octet Locations on an IPX Routed Novell Netware Frame 78 Octet Locations on a Bridged XNS Frame 79

APPENDIX C SERVICING INFORMATION 81

Opening the case 81 Identifying the Internal Components 82 Connecting to the ISDN-U Link Module 82 To Clear a “Lost” Password 83 Changing the Termination Straps on the ISDN Interface 83 Connecting to the Console Connector 84

APPENDIX D SOFTWARE UPGRADES 85

* * * *

Installation

SECTION 1

INSTALLATION

The router is an ISDN Ethernet Bridge/Router that provides bridging, IP/IPX routing, and compression over a PPP ISDN connection and support an ISDN BRI interface via an integral ISDN-ST or ISDN-U link module. The ISDN BRI interface supports two 64 Kbps B-channels. Two analog telephone connections are also available when the voice port module is included on a unit with voice support.

The following instructions provide a quick set-up guide for installation of the Router:

Unpack the Router

Rough handling during shipment can damage electronic equipment. As you unpack the bridge/router, carefully check for signs of damage. If damage is suspected, contact the shipper. Save the box and all packing material to protect the bridge/router should it ever need to be moved or returned for service.

Check the packing slip that identifies the components and the LAN connector. The connectors on the rear of the bridge/router provide all external connections to the Router.

Select a Site

Place the bridge/router in a well-ventilated area. The site should maintain normal office temperature and humidity levels. Air vents located on the rear of the bridge/router must have an inch or so of clearance from any object.

Installation

Identify the Connectors

Each unit is configured with both straight (MDI) and crossed over (MDIX) 10BaseT LAN connectors; the router will auto-sense between the two. Only one connector may be used at a time.

The RJ-45 ISDN connector has its ISDN interface module factory configured to either ISDN-U or ISDN-ST.

The PHONE connectors are used to connect to regular analog phone devices (phones, fax machines, modems, etc.). The PHONE connectors require the presence of the optional internal voice module.

Figure 1-1 Rear View of the Router

Configuring the Router

The router configuration may be set up either through the NetWizard Graphical User Interface or through the built in Menus system.

The NetWizard runs on one of the LAN computers. It is designed to lead the user through the basic configurations required to get the Router running.

The menu system operates through a console connection and allows access to all configuration settings available on the Router.

Connect to the Console

Connection to the bridge/router operator’s console is made through the RJ-45 connector labeled CONSOLE on the back of the bridge/router. A RJ-45 cable and RJ-45 to DB9 (female) converter are provided for connection to a DB9 (male) connector.

Connect the console port of the Router to a computer running an asynchronous communication package or a standard asynchronous terminal. The bridge/router supports autobaud rates at 1200, 2400, 9600 or 19,200 bps. The bridge/router is managed through the use of “hotkey” Menus.

Installation

Appendix D provides the pinout information for the console connector and the DB9 to RJ45 converter.

Make the LAN Connections

Connect the Router to the LAN with the available LAN interface cable. The Router may be connected directly to a wiring hub or Ethernet switch

by using the MDI LAN port and a standard 10BaseT cable. The Router may be connected directly to a computer network card by

using the MDI-X LAN port and a standard 10BaseT cable.

Make the ISDN Link Connection

The ISDN-ST interface of the Router Bridge/Router provides a RJ-45 connector to connect to the RJ-45 connector of the NT1 provided with your ISDN service.

The ISDN-U interface of the Router Bridge/Router provides an integrated NT1 with a RJ-45 connector to connect directly with your ISDN service.

Once the bridge/router has established communications with its partner across the WAN, the “Link” LED(s) will turn green.

Note: Bridge/Router database changes and statistics viewing may be done remotely

by establishing Telnet connections to a partner bridge/router across the WAN. This is accomplished by selecting the “Connect” option. The “Connect” option is found under the Telnet Access Menu.

Installation

Power Up the Router

Once the LAN and Link connections are made and the console is connected to a terminal, you are ready to power-up the Router. Connect the DC power cord from the supplied power supply to the back of the Router and plug the power supply into the AC wall outlet.

Observe the LEDs as the bridge/router powers up. The LEDs will go through a flashing pattern as the power-up diagnostics are performed. After the power-up diagnostics are finished, the Power LED will go from red to green.

Enter at least one <RETURN> (up to three if necessary) in order for the router to determine the baud rate of the terminal used for the console (i.e., autobaud). The following information will now be seen on the console connected to the router :

Terminals supported:

ansi, avt, ibm3101, qvt109, qvt102, qvt119, tvi925, tvi950, vt52, vt100, wyse-50, wyse-vp, teletype

Enter terminal type:

Select the terminal type being used if listed and enter its name (in lower case) at the prompt, or choose the terminal type teletype if your terminal is not listed. This terminal type operates in scroll mode and may be used successfully until a custom terminal definition is created.

At the login screen type a 1 and the default password to enter the menu system of the Router. The default password is “BRIDGE” (case sensitive) and should be changed if security is desired.

With the options of the built-in menu system, the Router may be configured to operate within your environment.

Refer to the router PPP Menu Reference Manual file for your operating software on the accompanying CD-ROM for a complete description of all the Menu Options.

Installation

Mandatory Configuration

The router requires a minimum amount of mandatory configuration in order to operate. The following table identifies the configuration parameters that must be defined for proper operation under the operational states shown in the table.

Mandatory Configuration

Bridge IP Router IPX Router

None

IP Address

none

IP Routing

IP Forwarding

PPP ISDN

ISDN Switch Type

Directory Numbers

Remote Site Profile

The configuration options required for proper initial operation are described in Section 2: Typical Applications and How to Configure Them.

Refer to Section 2 for details on configuring the router. Also refer to the router PPP Menu Reference Manual file on the accompanying CD-ROM for a complete description of all the Menu Options.

Other options may be changed depending on specific installation configurations. Refer to the menu tree in Appendix A for a reference of the menu structure and options.

Installation

Identify the Status LEDs

The meanings of the four 3-color Light Emitting Diodes (LEDs) on the front of the Router are found in the following chart.

Figure 1-2 Front View of the Router

Green Bridge/Router is running and has passed power-up diagnostics

Green (flashing) Bridge/Router is in BOOT mode and is programming the flash

Red Bridge/Router is powered up but has failed power-up diagnostics

Yellow Bridge/Router is decompressing the software into the RAM

Yellow (flashing) Bridge/Router is in BOOT mode

Power

Green LAN is connected and forwarding

Red Bridge/Router is NOT connected to the LAN

Yellow

LAN is connected and NOT forwarding: i.e. Listening, Learning, or Blocking

LAN

Off LINK is idle

Green LINK is up with a data connection

Green (flashing) Voice call is up

Yellow LINK is negotiating connection: line answered

Yellow (flashing)

Voice call off hook with dial tone or on hook incoming call ringing

Red Software failure

LINK 1

Off LINK is Disabled or ISDN call is down

Green LINK is up with a data connection

Green (flashing) Voice call is up

Yellow LINK is negotiating connection: line answered

Yellow (flashing)

Voice call off hook with dial tone or on hook incoming call ringing

Red Software failure

LINK 2

POWER

LINK 1

LINK 2

LAN

Installation

The NetWizard Graphical User Interface

The NetWizard router setup assistant comes on the CD-ROM packaged with this router.

The NetWizard is a standalone Java applet that communicates with the Router through the LAN connection.

The NetWizard will run on computer operating systems with Java support. It has been tested on the following platforms: Windows 95, 98 and NT, Mac OS 8, UNIX, and Linux. The minimum recommended PC system is a Pentium 100 MHz CPU, 32 MB of memory and a 256 color VGA monitor; the minimum recommended Macintosh system is a G3.

The network connections and power cord should be properly attached to the router and the router powered up.

Software Installation:

Put the CD in the CD-ROM drive. For systems that support autoplay (Windows 95/98/NT) the CD Introduction page will automatically come up on your browser. For all other systems, use the Internet browser of your choice to open the INDEX.HTM file in the root directory of the CD-ROM. Click on the NetWizard Installation icon to start the NetWizard installation. A page listing the installer operating platforms available will appear, Choose the installer for your operating system (the “Recommended installer” display bar will show which installation is recommended for your system). Download the Installer to your machine. After the download is complete, go to the location where “install” was saved and start the program (click on the “view instructions” link in the browser to get specific tips on steps required for your operating system).

The Install Anywhere setup window will appear; select the language you wish to use for the NetWizard, then click on OK and follow the installation steps.

When the NetWizard program is started, the first window that appears is the Launchpad application. This is a small program that searches the local network for any Routers and displays a listing of those found. Select the

Installation

one you wish to configure and proceed by clicking on the NetWizard button.

Follow the steps on the NetWizard through the configuration of the router.

Configuration Note:

If the NetWizard is to be installed on a WindowsNT system, the user must log in as "Administrator".

If the NetWizard is to be installed on a Linux system, the user must log in as "root" or an account with superuser privileges.

Note:

If you accidently set the Router to have an incorrect IP address, the NetWizard may not be able to find the Router again. If this occurs, you will have to use the console menu system to reset the router. Please see page 1.2 for how to connect the console and page 2.2 on using the menus.

After logging onto the console, select option 3 Diagnostics from the Main menu, then option 2 Full Reset to clear all settings on the router to their default values.

You may then resume using the NetWizard to set up the router.

Applications

SECTION 2

TYPICAL APPLICATIONS & HOW TO

CONFIGURE THEM

This product is a flexible Ethernet Bridge/Router that supports PPP ISDN circuits. This section will describe how to set up the router networking functions.

The router may be configured as a simple Ethernet bridge, an Ethernet IP router, an Ethernet IPX router, or a combination of the three. When operating the router as a combination bridge/router simply configure each of the components separately.

Note: The configuration options described within this section are only for initial set

up and configuration purposes. For more complete information on all of the configuration parameters available, please refer to the router PPP Menus Reference Manual PDF file on the accompanying CD-ROM

Important: The router uses FLASH memory to store the configuration

information. Configuration settings are stored to FLASH memory after there has been 30 seconds of idle time. Idle time is when there is no selection or modification of the value in the built-in menu system. If you wish to store a configuration immediately, enter “=” to jump to the main menu, then select option “6” to save the configuration.

Applications

Managing the router Using the Menus

This section describes the minimum configuration parameters required when setting up the router. Each of the configuration scenarios requires setting of operational parameters on the router. The built-in menu system of the router is used to configure the unit.

The Router menu system operates on a “hotkey” principle; navigating around the menu system is done by typing the number associated with the desired option; the router acts on the choice immediately (no need to hit the “enter” key).

The menu system consists of different menu levels each containing new configuration options. Navigation back out of a nested menu is easily accomplished by pressing the “tab” key. The tab key takes you to the previous menu level. If you wish to move from your current menu location directly to the main menu simply press the equals “=” key.

When choosing menu options that will toggle between values, simply pressing the number associated with that option will cause the options value to change. Each successive selection of the option will cause the option’s value to change again.

Some menu options require input from the operator. When selecting an option that requires a value, the menu system will display the range of values acceptable and a prompt symbol “>”. Enter the new value at the prompt symbol and press enter. Should you make an error in entering the new value, the <BACKSPACE> key (for most terminals) deletes the most recently entered characters.

Applications

Conventions

Throughout this section, router menu options are shown that are required for the various configuration choices. The appropriate menu options are shown in each instance in the following format:

7 Configuration Option Name

Location: Main

Ä Sub-Menu Name

Ä Option Name

The configuration option is shown as well as the options location within the menu system. The Ä character indicates

that a sub-menu level must be chosen. The option name in which a configuration parameter is to be set is shown in italics.

The keyboard graphic in the left margin indicates that this is information that the user will have to enter for configuration.

The note icon is used to indicate information on configuration and set up of the Router.

Configuration Note: The Configuration Note is used to indicate that there

may be a difference in configuration between the various operational modes of the Router.

The information icon is used to indicate that more information is available on this subject. The information is usually located within another document as specified.

Applications

Bridging and Routing

Should You Bridge or Route?

When connecting two Local Area Networks together, the first question to ask is should I bridge or route? The decision to bridge or to route may be decided by how the existing networks have been already set up.

Bridging should be used when the network consists of non-routable protocols or routable protocols using the same network numbers. Some protocols can only be bridged; some of the more well known are NetBEUI (used by Microsoft Windows 3.11, Windows ’95, Windows ’98, and Windows NT), and LAT (used by Digital Equipment Corp.).

If your IPX or IP network address is the same at both locations, bridging is simpler and requires less configuration. If the locations are to be routed together, the network numbers will have to be different in both cases, this could require extensive reconfiguration.

IPX routing should be used if the two locations are already set up with different IPX network numbers. Routing IPX will minimize the number of SAP and RIP messages being sent across the WAN.

IP routing should be used if the two locations are already set up with different IP network numbers or if you wish to divide your one IP network number into two sub-networks.

In some cases both bridging and routing may be required. Routing may be required for IP information and bridging may be required for NetBEUI.

Applications

Bridging

An Ethernet bridge intelligently forwards LAN traffic to remotely connected LANs across the Wide Area Network (WAN).

WAN connection

LAN #1

LAN #2

Figure 2-1 Bridged Local Area Networks

Ethernet bridges simply forward information based on Ethernet MAC addresses. If a LAN packet is destined for a device located on a remote LAN, the bridge will forward that packet to the remote LAN. If a LAN packet is destined for a device located on the local LAN, the bridge will ignore the packet.

Ethernet bridges also communicate to each other using what is called the Spanning Tree Protocol (STP). STP is used to prevent loops in a network which cause LAN traffic to be re-broadcast again and again causing network congestion.

The router is pre-configured to operate as an Ethernet bridge compatible with the IEEE 802.1d Spanning Tree Protocol definitions. This means that without configuration modifications, the router will bridge Ethernet traffic to its partner bridges when the Wide Area Network (WAN) connection has been established (see section 1, page 3 for WAN connection set-up).

Applications

The router also is pre-configured as an IPX router. This means that if you wish to bridge IPX traffic instead of routing it, you must disable the IPX routing function of the router. Once IPX routing has been disabled, all IPX traffic will be bridged between partner bridges on the WAN.

To set up a bridge between two LANs:

− Connect each Router to the LAN it will be serving

− Connect the WAN interface of each Router to the equipment

supplied by the service provider

− Configure the remote site profile of the partner router if necessary

(see section C)

− Establish the WAN connection

Applications

IP Routing

An Ethernet IP router is used to intelligently route Internet Protocol (IP) LAN traffic to remotely connected LANs across the WAN.

WAN connection

TCP/IP Computers

LAN #1

IP Network Address

199.169.1.0

IP Network Address

199.169.2.0

Router IP Address

199.169.2.12

Router IP Address

199.169.1.10

LAN #2

Figure 2-2 IP Routed Local Area Networks

IP routers forward IP frames based upon their IP destination address and an internal routing table. The router maintains the internal routing table with the remote network IP addresses and the remote partner IP routers associated with those networks. When an IP frame is received from the local LAN, the destination IP address is examined and looked up in the routing table. If destination IP network is found in the routing tables, the IP router sends the IP frame to the remote partner Router that is connected to the appropriate remote IP network. If no explicit route entry is found in the routing table, the IP frame is sent to the Default Gateway.

Applications

IP Addressing

Devices on an IP network are located by their IP addresses, which is a 32 bit number divided into four 8 bit fields. The IP address identifies both the network and the host device (also known as a node) on that network. The address is usually written as the four decimal values for the fields (between 0 and 255) separated by decimal points; for example

196.65.43.21. The high order field defines the IP class of the address. There are three

commonly used classes of IP address:

A: 1 to 127 B: 128 to 191 C: 192 to 223

For class A addresses, only the first 7 bits of the high order field represents the network address, so there can be 127 networks. The remaining three fields are the host portion of the address there can be over 16 million (224) host devices on each class A network.

Class B uses the first two fields for network addresses and can address approximately 16,000 networks. The two low order fields allow approximately 65,000 host addresses (216) for each network.

Applications

Class C Uses three high order fields to address over 2 million networks, the low order field is used to address up to 254 hosts.

IP addresses within a private network may be assigned arbitrarily, however, if that network is to interconnect with the global Internet, it is necessary to obtain a registered IP address.

For example, a small company is connected to the Internet; they are assigned a single class C IP network address (199.169.100.0). This network address allows the company to define up to 255 host addresses within their network.

Masks

The portion of the IP address to use as the network address is specified by using a mask; a mask is the contiguous number of bits to be used for the network address all set to 1. When the mask is logically ANDed with an IP address, the result is the network address. The mask is specified by entering the mask size as the number of bits in the mask. For the standard Class A, B and C Internet addresses, the mask sizes would be 8, 16 and 24 respectively.

Networks are not restricted to the above standard sizes; the mask (and hence the network address it specifies) may be any number of bits from 8 to 32. This gives much more flexibility to match the size of the two fields of the IP address to the number of networks and hosts to be serviced.

Applications

IP Subnets

An IP network may be divided into smaller networks by a process called sub-netting. A subnet is specified using some of the high order bits of the host field of the IP address for sub-network addressing. The portion of the IP address to be used as the subnet address is defined by using a subnet mask.

If the company in the example above (Class C IP address 199.169.100.0) decides to split their network into two LANs to reduce the load on their network, the original IP network address may be sub-netted into two or more smaller IP networks consisting of a smaller number of host addresses in LAN. This allows each of the sites to be a smaller IP network and to be routed together to allow inter-network communication.

The subnet mask size is the number of bits in the subnet mask. In the above figure the subnet mask size would be 26 (24 bits for the class C network address and 2 subnet bits). The subnet size is the number of subnet bits - in the above figure, the subnet size would be 2. The subnet mask size for the above example networks will be 26 and the resulting mask is 255.255.255.192:

In this example, specifying a subnet mask size of 26 will produce a subnet size of 2 bits. Two bits gives 4 possible sub-network addresses from the original IP network address. Two of the resulting sub-networks will have either all zeros or all ones as the subnet address; under standard subnets, these addresses are reserved for network functions and hence are invalid addresses. So setting a subnet mask size of 26 will generate two subnetworks with up to 62 host addresses each (64 potential addresses minus

Applications

the all zero and all one addresses). The new IP sub-network addresses will be: 199.169.100.64 and 199.169.100.128.

Original IP Network Address 199.169.100.0

Subnet IP Network Address

199.169.100.64

Router IP Address

199.169.100.65 Subnet Mask Size 26

Host IP Address

199.169.100.66

Host IP Address

199.169.100.67

Host IP Address

199.169.100.130

Host IP Address

199.169.100.131

Router IP Address

199.169.100.129 Subnet Mask Size 26

Subnet IP Network Address

199.169.100.128

Subnet Mask is

255.255.255.192

IP Computers

LAN #1

LAN #2

Figure 2-3 Defining an IP Subnet Mask

Devices on LAN#1 will have addresses from 199.169.100.65 to

199.169.100.126, devices on LAN#2 will have addresses from

199.169.100.129 to 199.169.100.254. To configure the router to route between the newly created sub-networks,

the following parameters must be defined on each router.

7 1. IP Address

Location: Main

Ä Configuration

Ä LAN Set up

Ä LAN IP Set up

Ä IP Address / Mask

199.169.100.64 / 26for Route#1

199.169.100.128 / 26 for Route#2

Applications

IP Default Gateway

An IP default gateway is an IP router that is resident on the local IP network that this Router is connected to and is used to route IP frames for destination networks that do not exist in the routing table. When an IP frame is received that is destined for a network that is not listed in the routing table of the Router, the Router will send the IP frame to the default gateway. If the device originating the IP frame is on the same LAN as the Router, the Router will then send an ICMP redirect message to the originating device. Any future IP frames for that destination network will then be sent directly to the default gateway instead of the Router.

A default gateway may be configured if there are a large number of routes that will pass through another router to a larger network. An example of this would be a router that is used to connect to the Internet. All of the routers on the LAN would have the Internet access router as the default gateway.

IP Static Route

With its default settings, the router will automatically learn the routes to other devices on the network through RIP messages. In some instances it may be desirable to have a predetermined or static route that will always be used to reach certain devices, such as when one specific router is to be used to reach a remote site network. The static route will have precedence over all learned RIP routes even if the cost of the RIP learned routes is lower.

7 Edit Static Route

Location: Main

Ä Configuration

Ä IP Routing Set up

Ä IP Routes

Ä Edit Route

Ä Route IP Address Ä Next Hop Ä Cost Ä Add

Each static IP route is defined in the Edit Route menu. The destination network IP address is specified when you first enter the menu and then the IP address of the next hop route and the cost may be defined.

Applications

Once static IP routes are defined, they may be viewed with the Show Static Routes command from the IP Routes menu.

Configuration Note: When the IP routing protocol is set to none, static routes

will be used to route traffic. The subnet mask size must also be defined when creating a static route entry. The subnet mask is required to allow a static route to be created to a different IP network address. See the previous section for an explanation of subnet masks.

Applications

IPX Routing

The router is pre-configured to operate as an IPX router when installed in an IPX network. The Router will learn the IPX network numbers from the local LAN and when the WAN connections are established, the Router will route the IPX frames to the appropriate destination IPX network.

The IPX routing scenario may consist of one of the two following configurations. The first configuration consists of Novell servers located on each of the LAN segments to be connected. The second configuration consists of Novell servers located on only one of the LAN segments to be connected. The Router will need to be configured differently in the second configuration with Novell servers located on only one of the LAN segments.

Novell Servers in Both Locations

An Ethernet IPX router is used to intelligently route Novell IPX LAN traffic to remotely connected LANs across the WAN.

WAN connection

Novell Server

Novell IPX Client

LAN #1

IPX Network Address

1512

IPX Network Address

1500

LAN #2

Figure 2-4 IPX Routed Local Area Networks (Servers on both sides)

IPX routers forward IPX frames based upon their IPX destination address and an internal routing table. The router maintains the internal routing table with the remote network IPX addresses and the remote partner IPX routers associated with those networks. When an IPX frame is received from the local LAN, the destination IPX address is examined and looked up in the routing tables. Once the destination IPX address is found in the routing tables, the IPX router sends the IPX frame to the remote partner Router that is connected to the appropriate remote IPX network.

Applications

To configure the router to be an IPX router when both LAN segments contain Novell servers, the IPX network numbers are learned automatically from the routing information and service announcements sent by the servers. The Router will automatically assign the IPX network numbers and proceed to route the IPX frames to the appropriate destination network.

When two IPX LAN segments with Novell servers on each segment are to be connected together with IPX routers, you must ensure that the IPX network numbers on each of the Novell servers is unique. If the IPX network numbers are the same, the IPX routers will not operate.

Once the WAN connections have been established to the remote partner Routers, the IPX router portion of the Routers will begin to build their routing tables according to the IPX frames they receive from the network. Manual entries may be made in the routing tables by adding static IPX routes.

Novell Servers in One Location Only

Some Novell LAN installations require that a remote LAN that consists of only Novell IPX clients be connected to a central LAN that contains the Novell servers and some more clients. In this configuration, the Router located at the remote site must be configured with the appropriate IPX network numbers. The IPX network number must be configured manually because there is no Novell server at the remote site. The Router must act as a Novell server to supply the proper IPX network number to the clients on the remote site LAN.

In the following diagram, the Router connected to LAN #2 must be configured with IPX network number 1500 using the appropriate frame type. The clients connected to LAN #2 must also be running with the same frame type as defined on the Router. After the Routers have established the WAN connection, the IPX routing procedures will cause the names of the services located on LAN #1 to be stored in the services table on the Router on LAN #2. When one of the clients on LAN #2 starts up, it will look for a server on the local LAN and the Router will respond with the list of servers that are located on the central LAN.

Applications

WAN connection

Novell Server

Novell Client

Novell IPX Client

LAN #1

IPX Network Address

1512

IPX Network Address

1500 - defined on router

LAN #2

Figure 2-5 IPX Routed Local Area Networks

(Servers on one side)

The following steps must be performed on the Router connected to LAN #2.

7 IPX Routing Disabled

Location: Main

Ä Configuration

Ä IPX Routing Set up

Ä IPX Routing

Disabling IPX routing allows the IPX frame types to be modified.

Configuration Note: IPX Routing does not need to be disabled in order to

change the defined network numbers on a PPP Router.

Applications

7 IPX Frame Types

Location: Main

Ä Configuration

Ä IPX Routing Set up

Ä Configure LAN Networks

Ä Ethernet-II Frames Ä RAW 802.3 Frames Ä IEEE 802.2 Frames Ä 802.2 SNAP Frames

Define the appropriate IPX network number for the appropriate frame type. Note that IPX network numbers must be unique. If more than one frame type is to be used, each frame type must have a unique IPX network number. There must be no duplicate IPX network numbers within your entire IPX routed network, they must all be unique. The IPX network numbers may be any value from 0 to FFFFFFFF HEX.

7 IPX Routing Enabled

Location: Main

Ä Configuration

Ä IPX Routing Set up

Ä IPX Routing

IPX routing must be re-enabled to allow the Router to operate as an IPX router with the newly defined IPX network numbers.

All Router routers connected to the same WAN must have IPX routing enabled for IPX routing to take place between the LANs. When a number of Router routers are connected on the same WAN and one of the Routers has IPX routing disabled, all of the Routers will become bridges only for IPX frames.

Applications

7 IPX Forwarding Enabled

Location: Main

Ä Configuration

Ä IPX Routing Set up

Ä IPX Forwarding

IPX forwarding must be re-enabled to allow the Router to forward IPX frames onto the WAN to the partner IPX Router routers.

Configuration Note: The IPX Forwarding function enables or disables the

forwarding of IPX traffic when IPX routing is enabled. When IPX forwarding is disabled, all IPX traffic across the WAN links will be blocked. While IPX forwarding is disabled, the Router will still operate as an IPX router and maintain its routing and server tables.

The configuration options described here are only for initial set up and configuration purposes. For more complete information on all of the configuration parameters available please refer to the router PPP Menu Reference Manual file on the accompanying CD-ROM.

Applications

PPP Overview

Point to Point Protocol (PPP) is a connection protocol that allows control over the set-up and monitoring of network communications. It is used in procedures for user authentication (name and password), connection management (spoofing, bandwidth on demand, multilink), and compression.

PPP Link Configuration

A PPP connection between two routers may use a number of Network Control Protocols for communication. An IP router connection will use the Internet Protocol Control Protocol (IPCP) for all IP communications. An IPX router connection will use the Internet Packet Exchange Control Protocol (IPXCP) for all IPX communications.

In order to establish an IPCP or IPXCP link connection between two PPP routers, either a numbered link or an unnumbered link connection must be established. The two types of link connections are available to allow for greater flexibility between vendors products.

Numbered Links

A numbered link assigns a network address (either IP or IPX) to both ends of the WAN connection. In a numbered link configuration, the WAN connection may be viewed as another LAN network with the two PPP routers simply routing information between their local LANs and the common connected WAN network.

Because the WAN is considered to be a separate network, each of the stations on that network must be assigned a network address. If a numbered IP link is to be established, then each WAN interface must be assigned an IP address on a unique IP network. The WAN IP network address must be different from the two existing networks that are being connected together with the PPP routers.

If a numbered IPX link is to be established, then each WAN interface must be assigned an IPX node address on a unique IPX network number. The WAN IPX network address must be different from the two existing networks that are being connected together with the PPP routers.

The IP address of the local WAN link is defined as the Local IP Address within the remote site profile settings and the direct dial portion of the Quick Start menu. The IP address of the WAN link of the remote PPP router is defined as the Peer IP Address within the remote site profile settings and the direct dial portion of the Quick Start menu. The WAN IP network number is defined by defining a subnet mask size to

Applications

use when defining the local IP address. The size of the subnet mask will determine the IP network number used.

The IPX node address of the local WAN link is defined as the Local IPX Node within the remote site profile settings. The IPX address of the WAN link of the remote PPP router is defined as the Peer IPX Node within the remote site profile settings. The WAN IPX network number is defined with the IPX Net option in the remote site profile settings.

Configuration Note: When making a direct dial connection within the Quick

Start menu, only IP numbered and IPX unnumbered links are allowed. For different types of connections, a remote site profile should be configured with the appropriate IPCP and IPXCP settings defined.

Unnumbered Links

An unnumbered link does not use network addressing on the WAN link. The WAN connection is roughly equivalent to an internal connection with each of the two end point routers operating as half of a complete router that is connected between the two endpoint LANs.

When an IPCP link is set to unnumbered, the only configuration option applicable is Peer IP Address. The peer IP address in this case is the IP address of the remote PPP router, that is the IP address of its LAN connection. If the peer IP address is not specified, the Router will attempt to determine it when negotiating the IPCP connection.

When an IPXCP link is set to unnumbered, no addressing configuration is required. All of the IPX settings are negotiated during the IPXCP connection.

Configuration Note: When making a direct dial connection within the Quick

Start menu, only IP numbered and IPX unnumbered links are allowed. For different types of connections, a remote site profile should be configured with the appropriate IPCP and IPXCP settings defined.

Applications

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Protocol Set up

Ä IP Parameters

Ä Peer IP address

Multilink Operation

Multilink operation defines the use of more than one link to connect between two PPP routers. When a multilink connection is required, simply enable the Multilink Operation option of the remote site profile for that connection.

When a multilink connection is established, the multilink (MP) options within the PPP Set up and Advanced PPP Set up menus will determine the operation of the multilink connection.

Applications

Configure Remote Site Profiles

Remote Site Profiles allow the Router to have different sets of configuration parameters for each of the remote site routers that may be called or that may call this Router. This allows complete control over the configuration of each possible connection.

Each remote site profile is assigned an identification number when it is created, whether it is created manually by the user editing the remote site profile or automatically under frame relay auto-learning. The remote site is also named with an alias, which provides a more descriptive identifier for the remote site profile. For example, a remote site profile may be created with a name that describes the location of the remote router or a user name on an incoming connection. The alias may be up to 16 characters long and must begin with an alphabetic character (blanks and the character ”!” are not allowed).

There can be up to 40 remote site profiles. The ID numbers are assigned automatically in ascending order as the site profiles are created.

ID numbers 41, 42 and 43 are templates for creating remote site profiles with ISDN, Frame Relay or Leased Line connections respectively. A template may have its parameters set to match common network configurations and then be used to quickly set up a number of similar new sites. In addition to the reserved templates, you can use any remote site as a template to create a new site.

The remote site profile allows the definition of various connection parameters: Circuit set-up, Bridge and Routing protocol configurations, activation criteria and security.

The following steps must be performed on the router in order to define a new remote site profile.

Remote Site Profile ID & Alias

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

The remote site alias must be entered. The remote site profile is then created, an ID number is automatically assigned to it and the remote site profile is opened for editing. If a remote site profile already exists, either

Applications

the ID number or the alias may be provided to access the site profile for editing.

Now that the remote site profile is created, a link number must be assigned as the primary link number. The primary link number is the link interface that the Router will use to attempt to establish a connection to the remote site PPP router.

Primary Link Number

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Connection Set up

Ä Primary Link Number

ISDN Connection Remote Site Profiles

The ISDN call parameters for each of the remote sites that may be called from this router must be defined. The Router must know what ISDN phone number to dial when a connection to this remote site is required and what security parameters to use when establishing a connection.

When this Router receives an ISDN connection it will prompt the calling device for a user name and password (PPP access security); when the name and password have been authenticated, the user name is used to search the remote site profile entries to find a match. Once a match is found, the configuration parameters defined within that remote site profile are used to finish establishing the PPP connection.

Configuration Note: The remote site profile alias, user name of the security entry,

and the user name defined on the partner PPP router must all be the same for a connection to be established.

Applications

7 Remote Site ISDN Phone Number

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Connection Set up

Ä ISDN Call Set up

Ä ISDN Number

The ISDN number defined here is the ISDN phone number of the remote site ISDN PPP router. This is the ISDN phone number that will be dialed to establish a connection to this remote site profile.

Frame Relay Remote Site Profiles

When frame relay is activated on the router it is set by default to automatically query the frame relay service to auto-learn the required parameters and automatically set up remote site profiles for each connection. See Frame Relay Configuration in the following section for more details.

Digital Leased Remote Site Profiles

As a leased line provides a dedicated line directly to a single remote site, the default settings will likely be all that is necessary to connect to this site.

If necessary, the Bridge, IP, IPX and Compression settings may need to be configured within their parameter menus to match the partner router.

Applications

Basic Configurations

The router may be configured to handle the two BRI B-channels as both switched circuit ISDN links, as both Digital-Leased links (Digital-Leased is also known as Super-digital, ADSL-lite or monopole) or as one of each type. In addition, each Digital-Leased link may be set for either Frame Relay or PPP operation. The types of service available should be dicussed with your service provider.

Connection

The software controls used to determine when to attempt a connection to a remote site may be any one of the following methods:

2.3.1.1 – IP Address Connect: Defining a remote site profile

within the IP Address connect table and enabling IP Address Connect will cause a call to be made when a packet for this IP address is routed. This is the most common connection method.

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä IP Address Connect

Ä Edit IP Address Entry

Ä ID # for this entry

ÄIP address of remote site Ä Remote site ID or alias

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä IP Address Connect

Äenabled

Applications

2.3.1.2 – Manual Call: The system operator may use the

Manual Call option of the Remote Site Set up menu to initiate a connection attempt.

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Manual Call

Ä Remote site ID or alias to call

2.3.1.3 - Auto Call: Enabling the Auto-Call option within the Edit

Remote Site menu of this remote site profile causes the Router to attempt to establish a connection to this remote site profile each time the Router starts up.

7 Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Connection Set up

Ä Auto call

enabled

Applications

Basic ISDN Connections

The default settings of the router configure it for ISDN routing (rather than Digital_Leased). It may establish WAN connections to other bridge/routers via ISDN (Integrated Services Digital Network) connections. Either 1 or 2 ISDN B-channels (2 B-channels per ISDN BRI interface) may be used.

Before the router can establish an ISDN connection to another router, the ISDN information must be defined. The ISDN switch type must be defined for the ISDN interface, and the phone numbers must be defined. The following diagram shows three routers connected together, with two ISDN B-channels being configured on one unit and one channel on the other units.

Figure 2-6 Basic ISDN Configuration

The following steps must be performed to configure the router for switched ISDN operation:

7 Switch Type

Location: Main

Ä Configuration

Ä WAN Set up

Ä Switch Type

ISDN

WAN connections

ISDN phone numbers assigned from the ISDN circuit provider.

555-1201

555-1101

555-1202

555-1301

PPP ISDN

IP Router

Applications

Ten ISDN switch types are available: net3, ni-1, ni-2, dms-100, 5ess-pp, 5ess-mp, tph1962, kdd, sweden, or ntt. Note that if your routers are located within different ISDN jurisdictions, the ISDN switch type may be different on each of the units.

7 Directory Numbers & SPIDs

Location: Main

Ä Configuration

Ä WAN Set up

Ä Link Set up

Ä ISDN Set up

Ä Directory Number 1 Ä SPID 1 Ä Directory Number 2 Ä SPID 2

The directory number(s) will be the ISDN phone numbers used to establish a call between the routers. The SPIDs are used to register the ISDN interface with the central switch.

Configuration Note: For most European installations, the switch type will be

NET3 which only requires one directory number. The Router will operate without putting in the directory number for a NET3 switch, but it is recommended that it be entered,

Most North American installations use the switch type NI-1 and must have the two directory numbers entered, as well as two SPID (Service Profile Identifiers) values. For an NI-1 switch type, enter only the local portion of the directory number unless the area code is required for local calls. The SPID must be set to the exact number given by the ISDN service provider.

Once the ISDN switch type and directory numbers have been configured, the Router must be reset for the new values to take effect and for the ISDN BRI interface to register with the central switch.

Applications

7 Soft Reset

Location: Main

Ä Diagnostics

Ä Soft Reset

Once the Router has restarted it is ready to establish ISDN connections.

With the ISDN numbers and switch type defined, an ISDN call may be placed to another properly configured bridge/router. The calls may be placed manually or automatically. The automatic call features available are Auto-Call or IP Address Connect. An Auto-Call connection is established each time the Router starts up. An IP Address Connect call is established to a specifically configured remote Router when certain IP traffic is received from the local LAN.

“Quick Start” PPP ISDN Connections

The PPP router provides a “Quick Start” menu option that allows you to enter the basic configuration parameters required to establish a manual direct dial ISDN connection to another PPP IP/IPX router. Once the connection is established and is working properly, the Router should be configured with a remote site profile entry for that router. Once the remote site profile is created, ISDN calls may be placed automatically each time the Router starts up (Auto-Call) or automatically depending upon the time of day activation schedule or upon receiving IP frames from the local LAN destined for the IP network connected to that particular PPP router.

When establishing a direct dial connection from the “Quick Start” menu, the Bridging, IP and IPX configuration is partially predetermined. The IP connection requires the configuration of the local IP address of this Router. The IPX connection is an unnumbered connection that does not require any configuration. Each of the IP or IPX functions may also be disabled before the manual dial ISDN call is made.

The first step to a direct dial connection is to define the switch type and numbers as shown on the previous two pages (basic ISDN configuration). Once the ISDN configuration has been entered and the Router has been reset, a direct dial may be made to a remote site Bridge or IP/IPX PPP router.

If security is required for the direct dial connection refer to the Configure PPP Security section for information on setting the security passwords and user names for PPP.

Applications

IPX Router Connection

To establish an IPX PPP direct dial connection, enter the ISDN phone number of the remote site PPP router in the manual dial option. Refer to the Configure as an Ethernet IPX Router, section 2.1.3 for more information on IPX configuration required.

7 Manual Dial

Location: Main

Ä Quick Start

Ä Direct Dial

Ä ISDN number

Enter the ISDN phone number of the remote site IPX PPP router and an ISDN call will be placed.

IP Router Connection

To establish an IP PPP direct dial connection, the IP addresses must be supplied for this device before the ISDN call may be placed. Refer to the Configure as an Ethernet IP Router, section 2.1.2 for more information on the IP configuration required.

7 IP Address

Location: Main

Ä Quick Start

Ä Direct Dial

Ä IP Address

This is the IP address and subnet mask size for the link of this Router in the numbered IP connection.

7 Manual Dial

Location: Main

Ä Quick Start

Ä Direct Dial

Ä ISDN number

Enter the ISDN phone number of the remote site IP PPP router and an ISDN call will be placed.

Applications

Basic Frame Relay Configuration

The router may be configured to route frame relay packets over Digital Leased service (also known as Super-digital, ADSL-lite or monopole) on one or both BRI channels.

If a link on the router is configured for frame relay, it will communicate over WAN connections to other frame relay units via Frame Relay Permanent Virtual Circuits (PVC). From 1 to 40 PVC’s may be defined to connect to other frame relay units. Before the router can establish a PVC connection to another frame relay router, at least one PVC must be defined. The router is pre-configured to query the frame relay service to auto-learn the required parameters; they may also be set manually.

The DLCI (Data Link Connection Identifier) number for the PVC is assigned by the frame relay service provider. The PVC must be defined on the physical link on the router. The following diagram shows three router units connected together with a PVC being configured on each unit. The configuration of the PVCs within the frame relay cloud is controlled by the frame relay service provider.

Figure 2 - 8 Frame Relay configuration

Frame Relay PVC

WAN connections

DLCI numbers assigned for these PVCs from the

frame relay provider.

51 52

Applications

The link must be set to operate in Digital-Leased mode:

7 Set link to Digital-Leased

Location: Main

Ä Configuration

Ä WAN Set up

Ä Link Set up

Ä Logical ISDN type

Digital-Leased

Frame Relay must then be enabled:

7 Frame Relay enable

Location: Main

Ä Configuration

Ä WAN Set up

Ä Link Set up

Ä Frame Relay

enabled

The router will request confirmation of the change, enter “yes”.

Auto Learning the Frame Relay Configuration

Under the default frame relay settings, the router is configured to query the frame relay service to auto-learn the LMI type and the PVC DLCI numbers. This auto-learn function allows the router to be plugged into the frame relay service and auto-learn the PVC configuration to become operational without further configuration. (Manual configuration is also allowed by modifying the options within each Remote Site Profile and the individual link configuration menus. Please see the router PPP Menus Manual on the accompanying CD-ROM for information on manual configuration).

When the router first starts up it will query the frame relay service to determine the LMI type. Once the LMI type is determined, the PVC configurations will be known from the full status enquiry messages. If the DLCI numbers of the PVC’s on your service are determined during this learning process, the router will automatically create a remote site profile for each PVC. The automatically created remote site profiles will be named “LinkxDLCIyyy” where x is the physical link number the PVC is on and yyy is the DLCI of the PVC.

Applications

If during this learning process the maximum number of remote sites (40) has been reached, the router will prompt you that there are no remote sites available. A new remote site cannot be auto-created unless one of the existing remote sites is manually deleted.

Within each of the remote site profiles automatically created, Bridging, IP routing, and IPX routing are all set to “enabled”. Because each of these options are enabled by default and the automatically created remote site profiles will establish a PVC connection to the remote site routers, the router will bridge and IPX route data without any user configuration. Because an IP router requires an IP address, the router must be configured with an IP address before IP routing is fully operational.

To configure an IP address for the router, use the IP address option.

7 IP Address

Location: Main

Ä Configuration Ä LAN Set-up

Ä LAN IP Set-up

Ä IP Address / Subnet mask size

If security is required for the PVC connection refer to the Configure PPP Security section for information on setting the security passwords and user names for PPP.

By default, PPP is disabled for each of the newly created remote site profiles. If PPP encapsulation is desired, for example to use security, the PPP encapsulation option should be set to “enabled”. By default, when PPP encapsulation is enabled multilink is also enabled.

Applications

7 PPP Encapsulation

Location: Main

Ä Configuration

Ä WAN Set-Up

Ä Remote Site Set-Up

Ä Edit Remote Site ÄConnection Set-up

Ä PPP

enable

Reference Manual file on the accompanying CD-ROM.

Applications

Basic Leased Line Configuration

The router may be configured to route PPP packets over Digital-Leased service (also known as Super-digital, ADSL-lite or monopole) on one or both BRI channels. The router in Digital-Leased mode will operate as a PPP leased line bridge/router if the frame relay function is disabled. The leased line router establishes PPP (Point to Point Protocol) WAN connections to other PPP leased line routers or to other vendor’s PPP leased line routers via direct leased line connections.

The following diagram that shows a router and another vendor’s unit connected together with a direct leased line connection.

Figure 2 - 9 Basic PPP Leased Line Configuration

The link must be set to operate in Digital-Leased mode:

7 Set link to Digital-Leased

Location: Main

Ä Configuration

Ä WAN Set up

Ä Link Set up

Ä Logical ISDN type

Digital-Leased

To run PPP leased line, frame relay must be disabled:

7 Frame Relay disable

Location: Main

Ä Configuration

Ä WAN Set up

Ä Link Set up

Ä Frame Relay

Ä disabled

The router will request confirmation of the change, enter “yes”.

PPP IP Router

Applications

Bridge Connection.

As soon as the above configuration is set, the router will attempt to establish the link connection to the remote site PPP router.

The Bridge connection does not require any configuration for operation.

IP Router Connection.

If IP traffic is to be routed, the IP address of the router must be set.

7 Local IP Address

Location: Main

Ä Configuration

Ä LAN Set-up

Ä LAN IP Set-up

Ä IP Address / Subnet mask size

Once the local IP address has been configured, the router will attempt to establish the link connection to the remote site PPP router.

The IP connection is an unnumbered connection that requires only the configuration of the IP address of this router.

IPX Router Connection

As soon as the above configuration is set, the Router will attempt to establish the link connection to the remote site PPP router.

The IPX connection is an unnumbered connection that does not require any configuration.

If security is required for the connection, refer to the Configure PPP Security section for information on setting the security passwords and user names for PPP.

Reference Manual file on the accompanying CD-ROM.

Applications

Advanced Features

Dynamic Host Configuration Protocol

The router uses Dynamic Host Configuration Protocol (DHCP) to allow users in a small office environment to be added and removed from a network with all of the network information (i.e. IP address, DNS, subnet mask, etc.) being configured automatically. DHCP configures devices (DHCP clients) from a central DHCP server. It is designed to allocate network addresses to a number of hosts on the Router’s LAN and supply the minimal configuration needed to allow hosts to operate in an IP network.

The following steps must be performed on the router to configure it as a DHCP server.

7 DHCP Services

Location: Main

Ä Configuration

ÄApplications Set up

Ä DHCP Set up

Ä DHCP Services

ÄServer

DHCP Services options which are available are none, relay and server. Set to server to enable this device as a DHCP Server.

7 IP Address Pool

Location: Main

Ä Configuration

Ä Applications Set up

Ä DHCP Set up

Ä Server IP address pool

Ä IP address pool

ÄFirst IP Address/

number of addresses

The IP address pool option requires setting the first IP address in the range that is to be used for the devices attached to the

Applications

DHCP Server. The number of addresses to be assigned must also be specified, to a maximum of 253.

With the DHCP Services and IP Address Pool defined, devices may be attached to the network (up to the maximum specified) and they will be automatically configured.

Configuration Note: When setting up a router as a DHCP server that will

have both a DNS server on the internal network and a remote connection to another DNS server (for example, through an ISP), then the local DNS server should be set as the primary DNS and the external DNS server as the secondary DNS.

7 DNS Set-Up

Location: Main

Ä Configuration

Ä Applications Set up

Ä DHCP Set up

ÄDNS set-up

ÄPrimary DNS

-IP address local DNS server

ÄSecondary DNS

-IP address external DNS server

Applications

Figure 2-10 Local + External DNS Server Configuration

Internet Service

Provider

Local

DNS Server

(Primary)

External

DNS Server (Secondary)

Applications

Network Address Translation and Port Translation

The router provides support for Network Address Translation (NAT). Network Address Translation is a technique that translates private IP address on a private network to valid global IP addresses for access to the Internet. Network Address Port Translation (NAPT) translates both the IP address and the port number. The advantage of port translation is that more than one private IP address can be translated to the same global IP address. Port translation allows data exchanges initiated from hosts with private IP addresses to be sent to the Internet via the Router using a single global IP address. A global IP address must be assigned to the WAN link upon which NAPT is enabled for port translation to work. The global IP address will be assigned by the ISP.

To use NAPT, the private network addresses of the services that will be available globally must be assigned:

7 NAT Exports

Location: Main

Ä Configuration

Ä Applications Set up

Ä NAT Exports

Ä Edit Services

Ä enter the private network IP

address of each service offered

Applications

Then NAT (Network Address Translation) is enabled:

7 NAT Enable

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Protocol Set up

Ä IP Parameters

Ä NAT Enabled

ÄEnabled

Figure 2-11 NAPT Configuration

Internet Service

Provider

Private

Network

Addresses:

Global IP

Address:

199.87.65.43

NAPT mapping:

1.1.1.2 = 199.87.65.43 (25)

1.1.1.3 = 199.87.65.43 (23)

1.1.1.4 = 199.87.65.43 (80)

e-mail server

1.1.1.2 telnet

server

1.1.1.3

WWW server

1.1.1.4

1.1.1.6

1.1.1.8

Local

DNS Server

(Primary)

Applications

Security

The Router provides a number of means of providing security on incoming and outgoing traffic on a network. These methods include access authentication, firewall limiting access to only designated device addresses, private network address translation (NAT) and filtering for both incoming and outgoing traffic.

Configure PPP Security

The PPP router provides support for both PAP and CHAP security access authentication. An outgoing user name, PAP password , and CHAP secret are defined that the Router will use when responding to an authentication request from a remote site PPP router.

The security option in the “Quick Start” menu allows you to quickly define the security level to be used for PPP authentication.

7 Security

Location: Main

Ä Quick Start

Ä Security level

When choosing the security option you may choose none, PAP or CHAP.

The cold start defaults for the security user name and passwords are as follows. These defaults will exist when the Router is first started before any configuration is entered, and after a Full Reset has been performed. These default values are also set when the Router is placed in TFTP Network load mode for upgrading the operating software via TFTP transfers. Care should be taken when upgrading a group of Routers that have security levels set. Default outgoing user name for each remote site when it is defined is the same as the default device name. Default PAP password and CHAP secret are both set to “BRIDGE”.

Applications

The complete security configuration for both incoming and outgoing calls is defined within the Security menu of the WAN Set up section.

7 Security Level

Location: Main

Ä Configuration

Ä WAN Set up

Ä Security Set up

Ä Security Level

The security level defines the type of security that this Router will request when a remote site PPP router attempts to establish a PPP connection. The security may defined as none, PAP, or CHAP.

When a security level is defined on this Router, an entry for each remote site PPP router that may be connected to this Router must be placed in the security database. The security database is used to store the user names and passwords of the remote site PPP routers.

7 Remote Site Security Parameters Entry

Location: Main

Ä Configuration

Ä WAN Set up

ÄEdit Remote Site

Ä Security Parameters

Ä Outgoing User Name Ä Incoming PAP Password Ä Outgoing PAP Password

Ä Incoming CHAP Secret Ä Outgoing CHAP Secret

The outgoing entries in the security database define the user names and passwords/secrets that this Router will send in response to an authentication request is sent from the remote partner router. The incoming entries define the

Applications

passwords/secrets that this Router expects to receive from the remote partner in response to authentication requests.

For a pair of partner routers with security enabled, the outgoing user name in the security parameters entry of one router must match the remote site alias in the partner router’s remote sites table.

The configuration options described here are only for initial set up and configuration purposes. For more complete information on all of the configuration parameters available, please refer to the PPP ISDN Menus Reference Manual file on the accompanying CD-ROM.

Applications

Configure Firewall

The router provides Firewall security for restricting access between any two networks connected through the router. Firewalls are set up on a per connection basis for the LAN and remote sites. The direction of filtering is from the perspective of the Router; incoming traffic is from the network in question to the Router, outgoing is from the Router to the network. The direction of filtering may be set to incoming, outgoing, both or none. Once the direction of filtering for a connection has been set, holes may be created in the firewall to allow specified traffic through. Normally, the LAN firewall is used for restricting intranet traffic (connections within the corporate network) and remote site firewalls are used to limit access from less trusted sources, such as the Internet or dial-up ISDN links.

Figure 2-12 Sample Firewall Application

The above diagram shows a corporate head office network, which is connected to the Internet with a router. There is also a branch office at a remote site connected with a Digital Leased link. The administrator at the corporate head office wishes to set up an IP firewall to allow everyone on the Internet to have access to the corporate FTP and Web servers and nothing else. The administrator also wishes to allow all of the TCP traffic from the branch office network to have access to the head office. Anyone in the corporation may have unrestricted access to the Internet.

Internet

Router with

firewall enabled.

Corporate Head Office Network

195.100.1.0 Branch Office Network

195.100.2.0

Any other network

any IP address

Main FTP server: 195.100.1.12

Main Web server: 195.100.1.20

Applications

The following steps must be performed on the router to set up the firewall support as desired.

First the firewall on the ISP connection (remote site 1) of the WAN is set up. The firewall option is set to “inbound” to have this WAN firewall filter traffic from the ISP to the Router while allowing unrestricted access out to the Internet.

7 Firewall WAN Remote Site Filter direction

Location: Main

Ä Configuration

Ä Applications Set up

Ä Firewall Set up

Ä WAN Firewall Set up

Ä enter ID# 1 for ISP remote site Ä Firewall

Ä inbound

The firewall on the Internet connection is set up to protect the entire corporate network, including the branch office, from unauthorized traffic.

Then the entries are made in the “Designated Servers” menu to allow Internet access to the FTP and Web servers on the corporate network.

7 FTP & WWW Designated Servers

Location: Main

Ä Configuration

Ä Applications Set up

Ä Firewall Set up

Ä WAN Firewall Set up

Ä ID# 1 for ISP remote site Ä Designated Servers

Ä FTP Server

— 195.100.1.12

Ä WWW (HTTP) Server

— 195.100.1.20

When defining a designated server you will be prompted for the IP address of that device. Adding an entry to the designated servers list allows you to quickly setup a firewall entry without having to figure out TCP port values.

Applications

Next, the LAN firewall is set up to restrict access to the LAN. The firewall option is set to “outbound” to have the LAN firewall filter traffic from the Router.

7 Firewall LAN Filter Direction

Location: Main

Ä Configuration

Ä Applications Set up

Ä Firewall Set up

Ä LAN Firewall Set up

Ä Firewall

Ä Outbound

Then an entry is placed in the firewall table to allow devices in the branch office remote site to have unlimited TCP access to devices in the head office.

7 Firewall Table Entry

Location: Main

Ä Configuration

Ä Applications Set up

Ä Firewall Set up

Ä LAN Firewall Set up Ä Edit Firewall Entry

Äfilter ID # 1 Ä Dest IP Address

— 195.100.1.0

Ä Destination Mask

— 255.255.255.0

Ä Source IP Address

— 195.100.2.0

Ä Source Mask

— 255.255.255.0

Ä Protocol Type

— TCP

Ä entry direction

—outbound

Applications

Finally, holes are provided in the LAN firewall to allow Internet access to the FTP and WWW servers.

Firewall

Location: Main

Ä Configuration

Ä Applications Set up

Ä Firewall Set up

Ä LAN Firewall Set up

Ä Designated Servers

Ä FTP Server

— 195.100.1.12

Ä WWW (HTTP) Server

— 195.100.1.20

The configuration options described here are only for initial set up and configuration purposes. For more information on all of the configuration parameters available please refer to the Menu Reference Manual file on the accompanying CD-ROM.

Applications

Network Address Translation

Using private addresses on a network and NAT/NAPT for interactions over a WAN connection hides the internal address from the rest of the world. Access is restricted to only those services that are specifically designated to be available.

Filters

The programmable filtering functions available on the router provide a very powerful means of controlling traffic flow to and from a network. Please see section 3 Introduction to Filtering for details on how to set up various filtering operations.

Applications

Compression

Compressing data allows data throughput rate considerably greater than the physical line rate. The actual rate achieved will depend on how compressible the specific data is. Generally, graphics and databases compress up to 600%, text 400 to 500%, binary codes about 200%.

7 Enable compression

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Protocol Set up

Ä CCP parameters

Ä Compression

Ä Enabled

Applications

Bandwidth On Demand

The Router may be set to activate its secondary link when the load on the primary link exceeds a user-defined threshold.

7 Set the traffic loads for enabling and disabling the

secondary circuit

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Threshold

Ä up threshold Äup stability timer Ä down threshold Ädown stability timer

The up and down stability timers are the delay times that the primary link must be above the threshold before the secondary is activated or below threshold before it is brought down. This prevents activation or deactivation of the secondary link due to momentary peaks or drops in traffic.

Applications

Bandwidth Allocation Control Protocol (BACP) may be used to negotiate the link activation between partner routers (BACP must be used if the partner router is not another Router).

7 Enable BACP

Location: Main

Ä Configuration

Ä WAN Set up

Ä Remote Site Set up

Ä Edit Remote Site

Ä Protocol Set up

Ä BACP Set up

Ä BACP

Ä enable Ä call mode

Älocal or

partner

Call mode determines which router originates the call to bring up the second link.

If BACP is not used, the partner Routers will use proprietary negotiations to determine which router is to activate the second link.

Introduction to Filtering

SECTION 3

INTRODUCTION

TO FILTERING

The router provides programmable filtering which gives you the ability to control under what conditions Ethernet frames are forwarded to remote networks. There are many reasons why this might need to be accomplished, some of which are security, protocol discrimination, bandwidth conservation, and general restrictions.

Filtering may be accomplished by using two different methods. The first method is to filter or forward frames based solely on their source or destination MAC address. This method of filtering is useful when bridging between LANs and for providing remote access security in any type of network. The Ethernet MAC (Media Access Control) address is checked against the addresses in the filtering list and the frame is filtered or forwarded accordingly.

The second method of filtering is pattern filtering where each frame is checked against a filter pattern. The filter pattern may be defined to perform a check of any portion of the Ethernet frame. Separate filter patterns may be defined for bridged frames, IP routed frames, and IPX routed frames.

For more information on filtering, please refer to the Programmable Filtering section of the router reference manual file. The PDF file is located on the accompanying CD-ROM.

MAC Address Filtering

MAC address filtering is provided by three built-in functions. The first function is “Filter if Source”; the second is “Filter if Destination.”

The third function allows you to change the filter operation from “positive” to “negative.” The positive filter operation causes frames with the specified MAC addresses to be filtered. The negative filter operation causes frames with the specified MAC addresses to be forwarded.

You may easily prevent any station on one segment from accessing a specific resource on the other segment; for this, “positive” filtering and the use of “Filter if Destination” would be appropriate. If you want to disallow

Introduction to Filtering

a specific station from accessing any service, “Filter if Source” could be used.

You may easily prevent stations on one segment from accessing all but a specific resource on the other segment; for this, “negative” filtering and the use of “Forward if Destination” would be appropriate. If you want to disallow all but one specific station from accessing any service on the other segment, the use of “Forward if Source” could be used.

Pattern Filtering

Pattern filtering is provided in three separate sections: Bridge Pattern Filters, IP Router Pattern Filters, and IPX Router Pattern Filters. When the Router is operating as an IP/IPX Bridge/Router, each of the frames received from the local LAN is passed on to the appropriate internal section of the Router. The IPX frames are passed on to the IPX router, the IP frames are passed on to the IP router, and all other frames are passed on to the bridge. Different pattern filters may be defined in each of these sections to provide very extensive pattern filtering on LAN traffic being sent to remote LANs.

Pattern filters are created by defining an offset value and a pattern match value. The offset value determines the starting position for the pattern checking. An offset of 0 indicates that the pattern checking starts at the beginning of the data frame. An offset of 12 indicates that the pattern checking starts at the 12th octet of the data frame. When a data frame is examined in its HEX format, an octet is a pair of HEX values with offset location 0 starting at the beginning of the frame. Please refer to Appendix C - Octet Locations on Ethernet Frames for more information on octet locations in data frames.

The pattern match value is defined as a HEX string that is used to match against the data frame. If the HEX data at the appropriate offset location in the data frame matches the HEX string of the filter pattern, there is a positive filter match. The data frame will be filtered according to the filter operators being used in the filter pattern.

Introduction to Filtering

The following operators are used in creating Pattern filters.

- offset Used in pattern filters to determine the starting position to start the pattern checking.

Example: 12-80 This filter pattern will match if

the packet information starting at the 12th octet equals the 80 of the filter pattern.

| OR Used in combination filters when one or the other

conditions must be met.

Example: 10-20|12-80 This filter pattern will match if

the packet information starting at the 10th octet equals the 20 of the filter pattern or if the packet information starting at the 12th octet equals the 80 of the filter pattern.

& AND Used in combination filters when one and the other

conditions must be met.

Example: 10-20&12-80 This filter pattern will match if

the packet information starting at the 10th octet equals the 20 of the filter pattern and the packet information starting at the 12th octet equals the 80 of the filter pattern.

~ NOT Used in pattern filters to indicate that all packets not

matching the defined pattern will be filtered.

Example: ~12-80 This filter pattern will match if

the packet information starting at the 12th octet does not equal the 80 of the filter pattern.

Introduction to Filtering

( ) brackets Used in pattern filters to separate portions of filter

patterns for specific operators.

Example: 12-80&(14-24|14-32) This filter pattern will be

checked in two operations. First the section in brackets will be checked and then the results of the first check will be used in the second check using the first portion of the filter pattern. If the packet information starting at the 14th octet equals 24 or 32, and the information at the 12

octet equals 80, the filter pattern will match.

Introduction to Filtering

Popular Filters

Some of the more commonly used pattern filters are shown here.

Bridge

Bridge pattern filters are applied to Ethernet frames that are bridged only. When the Router is operating as a router, all routed frames will be unaffected by the bridge pattern filters.

IP & Related Traffic

Forward only ~(12-0800|12-0806)

Filter (12-0800|12-0806)

Novell IPX Frames

EthernetII (12-8137)

802.3 RAW (14-FFFF)

802.2 (14-E0E0)

802.2 LLC (14-AAAA&20-8137)

NetBIOS &NetBEUI (Microsoft Windows)

NetBIOS & NetBEUI (Microsoft Windows)

Filter (14-F0F0)

Forward only ~(14-F0F0)

Banyan

(12-0BAD)

(12-80C4) (12-80C5)

Introduction to Filtering

IP Router

IP router pattern filters are applied to IP Ethernet frames that are being routed. When the Router is operating as an IP router, all IP routed frames will be checked against the defined IP router pattern filters. IP routed frames are unaffected by the bridge pattern filters and the IPX router pattern filters.

NetBIOS over TCP

NETBIOS Name Service (22-0089)

NETBIOS Datagram Service (22-008A)

NETBIOS Session Service (22-008B)

Note: Uses the TCP Destination Port location

Other interesting TCP Ports

Decimal Hex Usage

21 15 FTP 23 17 Telnet 25 19 SMTP

69 45 TFTP 109 6D POP2 110 6E POP3

APPENDIX A

MENU TREES

The menu trees on the next few facing pages are a graphical representation of the hierarchy of the built-in menu system of the router. The menus are shown with the options of the menus being displayed below the specific menu name.

Each of the menu options shown in the menu tree is explained in the accompanying router menu reference files. The PDF files are located on the accompanying CD-ROM.

Menu names are displayed in boxes. The numbers on the left side of the boxes indicate the menu option from the parent menu that this menu corresponds to. All menu options are listed with numbers indicating their actual position within the menu system.

ISDN Set-Up

1. Switch Type

4. Directory number

5. SPID

Dial prefix Directory number

SPID

Configuration

Quick Start

1. Terminal

2. Show

3. Add

4. Remove

1. Terminal Set-Up menu

2. Device Set-Up menu

3. Telnet Set-Up menu

4. Load FLASH Set-Up menu

5. Console

6. Hardware Status

7. TFTP access

1. ISDN Set-Up menu

2. Device Name

3. Security Level

4. IP Address

5. Default Gateway

6. Direct Dial

7. Force Disconnect

8. Link Stats

9. Reset

Access Set-Up

1]1]

2]2]

1. Password

2. Device Name

3. Show Time

4. Set Time

1. Telnet access

2. Telnet

3. Telnet port

4. Show Names

5. Add Name

6. Remove Name

1. Console (ZMODEM)

2. Network (TFTP)

Frame Relay menu options

1. Dump

2. Restore

Terminal Set-Up

Device Set-Up

Telnet Set-Up

Load FLASH Set-Up

Console

1. IP routing menu

2. NAT Advanced menu

3. IP enabled

4. NAT enabled

5. Link IP address

6. Peer IP address

7. Private Route/Negotiate address

8. VJ compression

1. IPX enabled

2. Link IPX type

3. IPX net 4 Local IPX node

5. Peer IPX node

6. Static routes only

7. IPX DMR enabled

8. Force RIP update

1. Compression

2. Extended sequence

1. Edit Remote Site menu

1. Advanced PPP Set-Up menu

1. Edit IP address entry

2. IP address connect

3. Show IP address entries

4. Remove IP address entry

5. Remote site summary

IP Address Connect

WAN Set-Up

Advanced PPP Set-Up

IP Parameters

IPX Parameters

CCP Parameters

ISDN Set-UpISDN Set-Up

Remote Site Set-Up

Link Set-Up

Group Set-Up

PPP Set-Up

2. Remote site summary

3. Display learned summary

3. Call summary

4. Remove remote site

5. Manual call

6. Force disconnect

1. Physical link type

2. Link operation

3. Logical ISDN type

4. ISDN set-up menu

5. Group

4. Frame Relay

5. Frame Relay set-up menu

6. Phantom Power detect

7. Link B channel

2. Restart Timer

3. Configure Count

4. Failure Count

5. Terminate Count

1. ACFC

2. PFC

3. Echo monitoring

4. Quality protocol

5. Quality interval

6. MP encapsulation

7. MP sequencing

8. MP discriminator

9. MP minimum

4]4]

1. Dial prefix

2. Phantom power detect

3. Force 56k

4. Directory number

5. SPID

1. Dial prefix

2. Phantom power detect

3. Force 56k

4. Directory number

5. SPID

1. Bridge set-up menu

2. IP set-up menu

3. IPX set-up menu

LAN Set-Up

Continued on

MAIN

1. State

2. Path cost

3. Priority

Bridge-STP Set-Up

1. Usage limit

2. Call limit

3. Restart time

1. Activation intervals

2. Display schedule

3. Display time

1. IP set-up

2. LAN-NAT set-up

3. IP address

4. Routing protcol

5. RIP mode

6. Route cost

Secondary

LAN IP Set-Up

1. Connection set-up menu

2. Activation menu

3. Protocol set-up menu

4. Security parameters menu

5. Remote site alias

6. Connection

7. Primary connection

8. Secondary connection

9. Remote site type

Edit Remote Site

1. Bridge parameters menu

2. IP parameters menu

3. IPX parameters menu

4. CCP parameters menu

5. CMCP parameters menu

6. BACP set-up menu

7. Multilink

1. Incoming PAP password

2. Incoming CHAP secret

3. Outgoing user name

4. Outgoing PAP password

5. Outgoing CHAP secret

Protocol Set-Up

Security Parameters

2. Bridge enabled

3. Tinygram

4. FCS preservation

Bridge Parameters

1. STP parameters menu

1. State

2. Path cost

3. Priority

1. Callback timer

2. Redial timer

3. Redial count

STP Parameters

1. Routing protocol

2. RIP mode

3. Triggered RIP

4. Auto Default Route

5. Link cost

1. Translation type

2. Show address pool

3. Dynamic IP pool

4. Add static entry

5. Remove static entry

1. Translation type

2. Show address pool

3. Dynamic IP pool

4. Add static entry

5. Remove static entry

6. NAT enable

IP Routing

NAT advanced

LAN-NAT set-up

3. CMCP enabled

4. Bridge traffic

5. Disc after last

6. Suspension timeout

CMCP Parameters

1. IP spoofing menu

2. IPX spoofing menu

1. TCP idle

2. TCP interval

3. TCP retries

4. TCP aging

IP Spoofing

1. IPX type20

2. IPX broadcast

3. IPX idle

4. IPX interval

5. IPX retries

6. IPX aging

IPX Spoofing

1. Default parameters menu

2. Security level

3. Request security

4. CHAP challenges

5. Caller ID security

1. Outgoing user name

2. Outgoing PAP password

3. Outgoing CHAP secret

Security Set-Up

Default Parameters

Connection Set-Up

2. Primary link

3. Secondary link

4. Auto-call

1. Up threshold

2. Up stability timer

3. Down threshold

4. Down stability timer

Activation

Threshold

1. Schedule

2. Usage set-up

3. Threshold set-up

4. Inactivity timer

5. Recovery timer

1. Advanced settings menu

2. ISDN number

3. Alternate ISDN #

4. Group

5. Wildcard

6. Call you

7. Call me

8. Callback

ISDN call Set-Up

Advanced settings

Usage Set-Up

Schedule

1. Force 56k

2. Hunt Group #

3. Add link

4. Show Groups

1. Switch type

1. Edit Secondary

2. Show Secondary Entry

3. Remove Secondary Entry

1. Secondary IP

2. Mask Size

3. Subnet Mask

4. Routing Protocol

5. RIP mode

6. Private Route

7. Route Cost

Secondary IP Set-Up

Edit Secondary

Menu Tree

BACP Set-Up

1. BACP

2. Call mode

3. Request number

8. Force disconnect

9. Link summary

software release: 05P.06.02.xx

1. Ethernet-II frames

2. RAW 802.3 frames

3. IEEE 802.2 frames

4. 802.2 SNAP frames

5. Auto Learn

6. Help

LAN IPX Set-Up

1. Auto learning

2. LMI type

3. Polling interval

4. Enquiry interval

5. Error threshold

6. Monitored events

Continued from

1. Destination

2. Status

3. Remote site

2. Next hop

3. Type

4. Cost

5. Private

6. Add/Remove

8. Status

7. Network mask

1. IP Routes menu

1. Edit Static Route

2. Default Gateway

3. Show all Routes

4. Show Static Routes

5. Clear Static Routes

1. Edit Route

1. Edit Service

2. ARP Set-up menu

3. IP routing

4. IP forwarding

5. ARP proxy

IP Routing Set-Up

IP Routes

Edit Static Route

1. Status

2. Network

3. Interface

4. Hops

5. Ticks

1. Status

2. Server Name

3. Service Type

4. Interface

5. Network

6. Node

7. Socket

8. Hops

Edit Route

Edit Service

2. Convert Route

3. Show Static Routes

4. Clear Static Routes

2. Convert Service

3. Show Static Services

4. Clear Static Services

1. Static Routes menu

2. Static Services menu

3. IPX Routing

4. IPX Forwarding

5. Local Networks

6. Show Routes

7. Show Services

8. Help

IPX Routing Set-Up

Static Routes

Static Services

1. STP State

2. Bridge Priority

3. Forwarding Delay

4. Message Age Timer

5. Hello Time

6. Show Bridge

7. Show Ports

1. Spanning Tree menu

2. Bridge Forwarding

3. Bridge Aging Timer

4. Show Bridging Table

5. Show Permanent Table

6. Clear Bridging Table

Bridging Set-Up

Spanning Tree

1]1]2]

Help

1. Soft Reset

2. Full Reset

3. Heartbeat

4. WAN trace

1. Trace link

2. Real Time

3. Capture

4. End

5. Data display

6. Time

Diagnostics

1. Acknowledge alarm

2. Show events

3. Clear events

4. Show security log

5. Clear security log

6. Show resumption log

7. Clear resumption log

Network Events

Logout

1. Extended Statistics

2. Interval

3. Clear All Statistics

1. Statistics set-up menu

2. Remote site information menu

3. LAN statistics menu

4. Link stats

5. Link summary

6. Interface stats

7. Interface status

8. Clear link & interface stats

Statistics

1. Bridged traffic

2. IP traffic

3. IPX traffic

4. Total LAN traffic

5. LAN error

6. Clear LAN statistics

7. Clear LAN errors

Statistics Set-Up

WAN Trace

LAN Statistics

1. Show Alias

2. Add Alias

3. Remove Alias

4. Show Pattern

5. Add Pattern

6. Remove Pattern

7. Help

1. Show Alias

2. Add Alias

3. Remove Alias

4. Show Pattern

5. Add Pattern

6. Remove Pattern

7. Help

1. Show Alias

2. Add Alias

3. Remove Alias

4. Show Pattern

5. Add Pattern

6. Remove Pattern

7. Help

IP Router Pattern

Filters

Bridge Pattern

Filters

IPX Router Pattern

Filters

MAC Address

Filters

Filter Set-Up

1. MAC Address Filters

2. Bridge Pattern Filters

3. IP Router Pattern Filters

4. IPX Router Pattern Filters

2. Filter Operation

3. Broadcast Address

4. Show Bridging Table

5. Show Permanent Table

6. Clear Bridging Table

1. Edit MAC Address Filter

1. Status

2. Location

3. Filter If Source

4. Filter If Destination

5. Permanent

6. Remove

Edit MAC

Address Filter

1]1]3]2]4]

1.Common protocol stats

2. PPP statistics

3. Status

4. Usage information

5. Clear remote site stats

Remote Site

Information

Menu Tree

software release:

05P.06.02.xx

1. ARP aging timer

2. ARP retry timer

3. Add

4. Remove

5. Show ARP table

ARP Set-Up

1. Designated servers menu

2. Edit firewall entry menu

Clear statistics Show firewall entries Remove entry

3.Firewall

4. Firewall statistics

1. LAN firewall setup menu

2. WAN firewall setup menu

3. Block src IP spoofing

Firewall Set-Up

LAN / WAN Firewall Set-Up

1,2]

1. E-mail (SMTP) server

2. POP 2/3 server

3. FTP server

4. WWW (HTTP) server

5. Telnet server

6. Local DNS

7. Remote DNS

8. Secondary local DNS

9. Secondary remote DNS

Designated Servers

1. Dest IP address

2. Destination mask

3. Source IP address

4. Source mask

5. Protocol type

6. Source port

7. Destination port

8. Description

9. Entry direction

Edit Firewall Entry

NAT Exports

Syslog

1. Edit Services

2. Router port

3. Default export

4. Show services

5. Clear services

1. Syslog

2. Syslog IP

3. Events

4. Security

5. Activation

6. Firewall

1. Other Services menu

2. E-mail

3. POP 2/3

4. FTP

5. WWW (HTTP)

6. Telnet

7. DNS

Edit Services

Other Services

1.Telnet

2. TFTP

3. SNMP

1.NAT port

2. Status

3. Host IP address

4. Host port

5. Description

6. Remove

Router Port

Application Set-Up

1. Server IP pool address menu

2.DNS setup menu

3. NetBIOS setup menu

4. DHCP services

5. Relay destination

6. ICMP echo verification

7. Lease period

8. Default Gateways

DHCP Set-Up

1. IP address pool

2. Show address pool

3. Add static address

4. Remove static address

Server IP address pool

1. Send NetBIOS node type

2. Send NetBIOS scope

3. Send NetBIOS name srv

4. NetBIOS node type

5. NetBIOS scope Id

6. NetBIOS name server

NetBIOS Setup

1. Primary DNS

2. Secondary DNS

3. Domain name

DNS Set-Up

1. SNMP set-up menu

2. DHCP set-up menu

3. Firewall set-up menu

4. NAT exports

5. Syslog

6. Time to live

7. Ping

1. Write Access

2. Show Addresses

3. Add Address

4. Remove Address

Edit Community

SNMP Set-Up

1. Edit Community menu

2. Message Size

3. Show Communities

4. Remove Community

Menu Trees

A - 4 — Router Installation & Applications Guide

* * * *

Octet Locations on Ethernet Frames

APPENDIX B

OCTET LOCATIONS

ON ETHERNET FRAMES

This appendix provides octet locations for the various portions of three of the common Ethernet frames. When creating pattern filters these diagrams will assist in the correct definition of the patterns. The offset numbers are indicated by the numbers above the frame representations.

Note the differences in the TCP/IP and Novell frames when bridging and when routing. When routing, the TCP/IP and Novell frames are examined after the Level 2 Ethernet portion of the frame has been stripped from the whole data frame. This means that the offset numbers now start from 0 at the beginning of the routed frame and not the bridged frame.

Some of the common Ethernet type codes are also shown here. The Ethernet type codes are located at offset 12 of the bridged Ethernet frame.

Octet Locations on Ethernet Frames

Octet Locations on a Bridged TCP/IP Frame

Octet Locations on a Bridged Novell Netware Frame

Octet Locations on Ethernet Frames

ETHERNET Type Codes

Type Code Description

0800 DOD IP 0801 X.75 Internet 0804 Chaosnet 0805 X.25 Level 3 0806 ARP 0807 XNS Compatibility 6001 DEC MOP Dump/Load 6002 DEC MOP Remote Console 6003 DEC DECNET Phase IV Route 6004 DEC LAT 6005 DEC Diagnostic Protocol 6006 DEC Customer Protocol 6007 DEC LAVC, SCA 8035 Reverse ARP

803D DEC Ethernet Encryption

803F DEC LAN Traffic Monitor 809B Appletalk 80D5 IBM SNA Service on Ether

80F3 AppleTalk AARP (Kinetics)

8137-8138 Novell, Inc.

814C SNMP

Octet Locations on Ethernet Frames

Octet Locations on an IP Routed TCP/IP Frame

Octet Locations on an IPX Routed Novell Netware Frame

Octet Locations on Ethernet Frames

Octet Locations on a Bridged XNS Frame

Octet Locations on Ethernet Frames

* * * *

Servicing Information

APPENDIX C

SERVICING INFORMATION

Opening of the case is only to be performed by

qualified service personnel.

WARNING !

Before servicing ensure that appliance coupler is disconnected.

Always disconnect the power cord from the rear panel of the

router.

Geraetesteckvorrichtung trennen vor den Wartung.

Opening the case

1) Remove power from the router and remove the other cabling.

2) Turn the router over and place it on a flat, cushioned surface.

3) Remove the two Phillips head screws that fasten the case together.

4) Hold the two halves of the case together and turn the router right side up.

5) Lift off the top half of the case.

Servicing Information

Identifying the Internal Components

The major components of concern and the jumper strap positions are shown in the following illustration.

Figure C-1 Top Internal View of the Router Router

Connecting to the ISDN-U Link Module

The connection to the central office is made with the RJ45 ISDN connector on the rear panel. Pins 4 and 5 are used for the connection. These pins are polarity insensitive.

Servicing Information

To Clear a “Lost” Password

1) Remove power from the router.

2) Remove the case cover.

3) Remove the jumper strap on pins 3-6 of W1.

4) Re-attach the power to the router and wait for Power LED to go

green.

5) Remove power from the router.

6) Re-install the jumper strap on pins 3-6 of W1.

7) Install the case cover

8) Power up the router.

9) Log into the router using the default password “BRIDGE” and change the password as desired.

Changing the Termination Straps on the ISDN Interface

The ISDN ST interface module has two configurable straps that control whether the ISDN connector is set to terminated or unterminated.

Straps W3 and W4 are set to the TERM position by default. The TERM position is used when the router is the only ISDN device connected to the ISDN circuit.

Setting W3 and W4 to be open (unterminated) allows this router to be part of a daisy-chain connection to the ISDN circuit.

Servicing Information

Connecting to the Console Connector

The console connector on the router is a DCE interface on a RJ45 pinout. The supplied DB9 to RJ45 converter should be used to connect to the DB9 connector of a DTE terminal. This connection will then provide access to the built-in menu system.

If the console interface is to be connected to a modem or other DCE device, a standard RS-232 crossover converter should be used.

The following table illustrates the console pinouts.

RJ45 connector

on unit (DCE)

DB9 connector

on converter (DCE)

RS-232

signal name

2 6 CTS 3 4 DTR 4 5 GND 5 2 RxD 6 3 TxD 7 8 DSR 8 1 CD

Figure C-2 Rear View of the Console Connector

APPENDIX D SOFTWARE UPGRADES

Procedures for performing a Console ZMODEM Flash Load to upgrade the operating software of the router:

1) Save the current configuration of the router (Main menu: option 6).

2) Execute the Console (ZMODEM) command from the Load FLASH

Set-Up menu.

3) Confirmation is required. Enter “yes” to proceed.

4) After the router restarts, the router will be in receive ZMODEM mode.

The router will display the following messages on the console port: System startup

Receiving ZMODEM ... **B0100000023be50

5) Start the ZMODEM transfer and send the file “###.all” from the

Operational/Boot Code directory on the CD-ROM.

6) Once the ZMODEM transfer is complete, the router will verify the file

“###.all” in memory, program and verify the FLASH, clear the configuration to default values (except the password), and then reset. After the reset, the router will operate normally using the newly upgraded software. A byte status message will be displayed on the console port during the programming of the FLASH.

On the rare occasion that during the programming of the FLASH something happens to the router (power hit or hardware reset), causing the FLASH to become corrupted, the router will restart in ZMODEM receive mode only. If the router does not start in ZMODEM receive mode, refer to Appendix D: Servicing Information for recovery procedure.

The ZMODEM Load Flash operation may be aborted by aborting the ZMODEM transfer and then entering 5 control-X characters “^X” from the console keyboard. After the control-X characters are sent, the router will display a limited menu system. Choose the Abort Load option from the Load FLASH Set-Up menu. This will cause the router to reset and return to normal operations operating from the existing software.

If the ZMODEM transfer operation needs to be restarted after it has been canceled or after loading the first file, simply choose the Console (ZMODEM) option from the Load FLASH Set-Up menu once again.

Considerations:

When the router is placed in Console load BOOT mode, the LAN interface and the WAN interface will be disabled. The router will only accept information from the console management port.

The BOOT code of the Router may be upgraded by performing a load of the “###.all” file from the Operational/Boot Code directory on the CDROM.

Servicing Information

Procedures for performing a TFTP Flash Load to upgrade the operating software of the router:

1) Execute the Network (TFTP) command from the Load FLASH Set-

Up menu.

2) Enter “none” to connect locally or enter the remote site ID number or

alias to connect to a remote site.

3) Start the TFTP application to be used for transfers to the router. The

IP address of the router may be found in the Internet Set-Up menu.).

4) Put the file “###.all” for this router from the Operational/Boot Code

directory on the CD-ROM to the router. (Any router not in Network Load BOOT mode will respond with an access violation error.)

5) The router will verify the file “###.all” in memory, program and verify

the FLASH, clear the configuration to default values (except: IP Address, IP Routing state, IP Forwarding state, WAN Environment, Link 1 & 2 State, Password and connection data for the remote site, if applicable), and then reset. After the reset, the router will operate normally using the newly upgraded software.

The router may take up to two (2) minutes to program and verify the FLASH. The console will not respond during this time.

To check on the router’s current state during this process, get the file “status.txt” from the router. This file will report the router’s state: both the mode and version if no errors have occurred, or an error message.

The TFTP Load Flash operation may be aborted by re-connecting to the console of the router and choosing the Abort Load option from the Load FLASH Set-Up menu. This will cause the router to

reset and return to normal operations operating from the existing software.

In the following diagram of a cluster of routers, when upgrading the three Router routers in the diagram, the upgrade order should be Router C, then Router B, and finally Router A.

A TFTP software load to Router C would be performed as follows:

- Using TFTP, get config.txt from each router and save.

- Telnet to Router C. Enter the ID or alias of Router B in the

Network (TFTP) option to put Router C in Network Load mode. When Router C restarts in Network Load mode, the connection to “Router B” will be re-established only if autocall is enabled on router B.

The TFTP transfer of the upgrade code may now be performed from the PC to Router C. Once Router C has completed programming the flash and has restarted in operational mode, the connection to Router B will be reestablished only if autocall is enabled on router B.

Once router C is operating with the new software, the PC may be used to reload the config.txt file back to Router C.

Repeat for Router B, then again for Router A. Perform the Router B upgrade using the ID or alias of Router A. Router A upgrades would not require a remote site ID as the PC used for TFTP transfers is located on the same LAN as Router A.

Servicing Information

* * * *

5500092-10

Router A

PC used for

TFTP transfers

Link 1

Link 2

Router B

Router C

Black Box LR1500A-US-R3, LR1560A-EU-STR2, LR1580A-ST-R2, LR1580A-EU-STR2, LR1500A-EU-R2 User And System Administration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual