Patton electronics OnSite 2800 Series User Manual

OnSite 2800 Series

Managed VPN Router

User Manual

Important

This is a Class A device and is intended for use in a light industrial environment. It is not intended nor approved for use in an industrial or residential environment.

Sales Office: +1 (301) 975-1000

Technical Support: +1 (301) 975-1007

E-mail: support@patton.com

WWW: www.patton.com

Part Number: 07M2800-GS, Rev. F

Revised: February 22, 2012

Patton Electronics Company, Inc.

7622 Rickenbacker Drive

Gaithersburg, MD 20879 USA

Tel: +1 (301) 975-1000 Fax: +1 (301) 869-9293

Support: +1 (301) 975-1007

URL: www.patton.com

E-Mail: support@patton.com

Trademark Statement

The term OnSite is a trademark of Patton Electronics Company. All other trademarks presented in this document are the property of their respective owners.

The information in this document is subject to change without notice. Patton Electronics assumes no liability for errors that may appear in this document.

Warranty Information

The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of such license.

Patton Electronics warrants all OnSite router components to be free from defects, and will—at our option—repair or replace the product should it fail within one year from the first date of the shipment.

This warranty is limited to defects in workmanship or materials, and does not cover customer damage, abuse or unauthorized modification. If the product fails to perform as warranted, your sole recourse shall be repair or replacement as described above. Under no condition shall Patton Electronics be liable for any damages incurred by the use of this product. These damages include, but are not limited to, the following: lost profits, lost savings and incidental or consequential damages arising from the use of or inability to use this product. Patton Electronics specifically disclaims all other warranties, expressed or implied, and the installation or use of this product shall be deemed an acceptance of these terms by the user.

Summary Table of Contents

1 General information...................................................................................................................................... 17

2 Hardware installation.................................................................................................................................... 26

3 Getting started with the OnSite Managed VPN Router ................................................................................ 38

4 Serial port configuration ............................................................................................................................... 44

5 T1/E1 port configuration .............................................................................................................................. 58

6 VPN configuration ........................................................................................................................................ 67

7 Access control list configuration.................................................................................................................... 79

8 Link scheduler configuration ........................................................................................................................ 93

9 LEDs status and monitoring ....................................................................................................................... 112

10 Contacting Patton for assistance ................................................................................................................. 114

A Compliance information ............................................................................................................................ 117

B Specifications .............................................................................................................................................. 120

C Cabling ....................................................................................................................................................... 124

D Port pin-outs .............................................................................................................................................. 128

E OnSite 2800 Series factory configuration ................................................................................................... 132

F Installation checklist .................................................................................................................................. 134

Table of Contents

Summary Table of Contents ........................................................................................................................... 3

Table of Contents ........................................................................................................................................... 4

List of Figures ............................................................................................................................................... 10

List of Tables ................................................................................................................................................ 11

About this guide ........................................................................................................................................... 12

Audience............................................................................................................................................................... 12

Structure............................................................................................................................................................... 12

Precautions........................................................................................................................................................... 13

Safety when working with electricity ...............................................................................................................14

General observations .......................................................................................................................................15

Typographical conventions used in this document................................................................................................ 16

General conventions .......................................................................................................................................16

1 General information...................................................................................................................................... 17

OnSite Model 2800 Series overview ......................................................................................................................18

OnSite 2800 Series detailed description ..........................................................................................................19

OnSite 2800 Series model codes ................................................................................................................19

Serial WAN models ............................................................................................................................19

Ethernet WAN models .......................................................................................................................20

Model code extensions ..............................................................................................................................21

Ports descriptions ......................................................................................................................................22

Applications overview............................................................................................................................................23

Branch-Office virtual private network over Frame Relay service ......................................................................23

Corporate multi-function virtual private network ...........................................................................................24

2 Hardware installation.................................................................................................................................... 26

Planning the installation ........................................................................................................................................27

Installation checklist .......................................................................................................................................28

Site log ............................................................................................................................................................29

Network information ......................................................................................................................................29

Network Diagram .....................................................................................................................................29

IP related information .....................................................................................................................................29

Software tools .................................................................................................................................................29

Power source ...................................................................................................................................................29

Location and mounting requirements .............................................................................................................30

Installing the VPN router......................................................................................................................................30

Mounting the VPN router ..............................................................................................................................30

Connecting cables ...........................................................................................................................................30

Installing the Ethernet cable ......................................................................................................................30

Installing the serial WAN cable .................................................................................................................31

Installing the V.35 interface cable .......................................................................................................32

Installing the X.21 interface cable .......................................................................................................33

OnSite 2800 Series User Manual Table of Contents

Installing the T1/E1 twisted pair cables ..............................................................................................34

Installing the E1 dual coaxial cables ....................................................................................................35

Connecting to external power source .........................................................................................................36

3 Getting started with the OnSite Managed VPN Router ................................................................................ 38

Introduction..........................................................................................................................................................39

1. Configure IP address .........................................................................................................................................40

Power connection and default configuration ...................................................................................................40

Connect with the serial interface .....................................................................................................................40

Login ..............................................................................................................................................................41

Changing the IP address .................................................................................................................................41

2. Connect the OnSite VPN Router to the network..............................................................................................42

3. Load configuration ............................................................................................................................................42

4 Serial port configuration ............................................................................................................................... 44

Introduction..........................................................................................................................................................45

Serial port configuration task list ...........................................................................................................................45

Disabling an interface .....................................................................................................................................45

Enabling an interface ......................................................................................................................................46

Configuring the encapsulation for Frame Relay ..............................................................................................47

Enter Frame Relay mode .................................................................................................................................48

Configuring the LMI type ...............................................................................................................................48

Configuring the keep-alive interval .................................................................................................................49

Entering Frame Relay PVC configuration mode .............................................................................................49

Configuring the PVC encapsulation type ........................................................................................................50

Binding the Frame Relay PVC to IP interface .................................................................................................50

Enabling a Frame Relay PVC ..........................................................................................................................52

Disabling a Frame Relay PVC .........................................................................................................................52

Displaying serial port information ...................................................................................................................53

Displaying Frame Relay information ...............................................................................................................54

Integrated service access ..................................................................................................................................55

5 T1/E1 port configuration .............................................................................................................................. 58

Introduction..........................................................................................................................................................59

T1/E1 port configuration task list..........................................................................................................................59

Enable/Disable T1/E1 port .............................................................................................................................59

Configuring T1/E1 port-type ..........................................................................................................................60

Configuring T1/E1 clock-mode ......................................................................................................................60

Configuring T1/E1 line-code ..........................................................................................................................60

Configuring T1/E1 framing ............................................................................................................................61

Configuring T1/E1 line-build-out (T1 only) ..................................................................................................61

Configuring T1/E1 used-connector (E1 only) .................................................................................................61

Configuring T1/E1 application mode .............................................................................................................62

Configuring T1/E1 LOS threshold .................................................................................................................62

Configuring T1/E1 encapsulation

Create a Channel-Group .................................................................................................................................62

...................................................................................................................62

OnSite 2800 Series User Manual Table of Contents

Configuring Channel-Group Timeslots ..........................................................................................................63

Configuring Channel-Group Encapsulation ...................................................................................................63

Entering HDLC Configuration Mode ............................................................................................................63

Configuring HDLC CRC-Type .....................................................................................................................64

Configuring HDLC Encapsulation .................................................................................................................64

T1/E1 Configuration Examples ......................................................................................................................64

Example 1: Frame Relay without a channel-group ....................................................................................65

Example 2: Framerelay with a channel-group ............................................................................................66

Example 3: PPP without a channel-group .................................................................................................66

Example 4: PPP with a channel-group ......................................................................................................66

6 VPN configuration ........................................................................................................................................ 67

Introduction..........................................................................................................................................................68

Authentication ................................................................................................................................................68

Encryption ......................................................................................................................................................68

Transport and tunnel modes ...........................................................................................................................69

VPN configuration task list ...................................................................................................................................69

Creating an IPsec transformation profile .........................................................................................................69

Creating an IPsec policy profile .......................................................................................................................70

Creating/modifying an outgoing ACL profile for IPsec ...................................................................................72

Configuration of an IP interface and the IP router for IPsec ............................................................................73

Displaying IPsec configuration information ....................................................................................................73

Debugging IPsec .............................................................................................................................................74

Sample configurations ...........................................................................................................................................75

IPsec tunnel, DES encryption .........................................................................................................................75

OnSite configuration .................................................................................................................................75

Cisco router configuration ........................................................................................................................76

IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC-SHA1-96 ....................76

OnSite configuration .................................................................................................................................76

Cisco router configuration ........................................................................................................................77

IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96 ..................77

OnSite configuration .................................................................................................................................77

Cisco router configuration ........................................................................................................................77

7 Access control list configuration.................................................................................................................... 79

Introduction..........................................................................................................................................................80

About access control lists .......................................................................................................................................80

What access lists do .........................................................................................................................................80

Why you should configure access lists .............................................................................................................80

When to configure access lists .........................................................................................................................81

Features of access control lists .........................................................................................................................81

Access control list configuration task list................................................................................................................82

Mapping out the goals of the access control list ...............................................................................................82

Creating an access control list profile and enter configuration mode ...............................................................83

Adding a filter rule to the current access control list profile .............................................................................83

OnSite 2800 Series User Manual Table of Contents

Adding an ICMP filter rule to the current access control list profile ................................................................85

Adding a TCP, UDP or SCTP filter rule to the current access control list profile ...........................................87

Binding and unbinding an access control list profile to an IP interface ............................................................89

Displaying an access control list profile ...........................................................................................................90

Debugging an access control list profile ...........................................................................................................90

Examples ...............................................................................................................................................................92

Denying a specific subnet ................................................................................................................................92

8 Link scheduler configuration ........................................................................................................................ 93

Introduction..........................................................................................................................................................94

Configuring access control lists..............................................................................................................................94

Configuring quality of service (QoS) .....................................................................................................................95

Applying scheduling at the bottleneck .............................................................................................................95

Using traffic classes .........................................................................................................................................95

Introduction to Scheduling .............................................................................................................................96

Priority ......................................................................................................................................................96

Weighted fair queuing (WFQ) ..................................................................................................................96

Shaping .....................................................................................................................................................97

Burst tolerant shaping or wfq ....................................................................................................................97

Hierarchy ..................................................................................................................................................97

Quick references....................................................................................................................................................98

Setting the modem rate ...................................................................................................................................98

Command cross reference ...............................................................................................................................99

Link scheduler configuration task list.....................................................................................................................99

Defining the access control list profile ...........................................................................................................100

Packet classification .................................................................................................................................100

Creating an access control list ..................................................................................................................101

Creating a service policy profile .....................................................................................................................102

Specifying the handling of traffic-classes ........................................................................................................104

Defining fair queuing weight ...................................................................................................................104

Defining the bit-rate ...............................................................................................................................105

Defining absolute priority .......................................................................................................................105

Defining the maximum queue length ......................................................................................................105

Specifying the type-of-service (TOS) field ...............................................................................................105

Specifying the precedence field ................................................................................................................106

Specifying differentiated services codepoint (DSCP) marking .................................................................106

Specifying layer 2 marking ......................................................................................................................107

Defining random early detection .............................................................................................................108

Discarding Excess Load ...........................................................................................................................108

Devoting the service policy profile to an interface .........................................................................................109

Displaying link arbitration status ..................................................................................................................110

Displaying link scheduling profile information .............................................................................................110

Enable statistics gathering .............................................................................................................................110

LEDs status and monitoring ....................................................................................................................... 112

OnSite 2800 Series User Manual Table of Contents

Status LEDs.........................................................................................................................................................113

10 Contacting Patton for assistance ................................................................................................................. 114

Introduction........................................................................................................................................................115

Contact information............................................................................................................................................115

Patton Support Headquarters in the USA .....................................................................................................115

Alternate Patton support for Europe, Middle Ease, and Africa (EMEA) ........................................................115

Warranty Service and Returned Merchandise Authorizations (RMAs).................................................................115

Warranty coverage ........................................................................................................................................115

Out-of-warranty service ...........................................................................................................................116

Returns for credit ....................................................................................................................................116

Return for credit policy ...........................................................................................................................116

RMA numbers ..............................................................................................................................................116

Shipping instructions ..............................................................................................................................116

A Compliance information ............................................................................................................................ 117

Compliance .........................................................................................................................................................118

EMC .............................................................................................................................................................118

Safety ............................................................................................................................................................118

PSTN Regulatory ..........................................................................................................................................118

Radio and TV Interference (FCC Part 15) ..........................................................................................................118

CE Declaration of Conformity............................................................................................................................118

Authorized European Representative...................................................................................................................119

FCC Part 68 (ACTA) Statement (Model 2803 only)...........................................................................................119

Industry Canada Notice (Model 2803 only)........................................................................................................119

B Specifications .............................................................................................................................................. 120

Ethernet interfaces...............................................................................................................................................121

Sync serial interface .............................................................................................................................................121

T1/E1 interface (Model 2803 only).....................................................................................................................121

PPP support ........................................................................................................................................................121

IP services............................................................................................................................................................122

Management .......................................................................................................................................................122

Operating environment .......................................................................................................................................122

Operating temperature ..................................................................................................................................122

Operating humidity ......................................................................................................................................122

System.................................................................................................................................................................122

Dimensions .........................................................................................................................................................122

Power supply .......................................................................................................................................................123

Internal AC version ..............................................................................................................................

.........123

12VDC version with External AC Power Adapter

(Models 2802, 2821, 2835) ..........................................................................................................................123

5VDC Version with External Power Adapter (Model 2805) .........................................................................123

C Cabling ....................................................................................................................................................... 124

Introduction........................................................................................................................................................125

Serial console.......................................................................................................................................................125

OnSite 2800 Series User Manual Table of Contents

Ethernet 10Base-T and 100Base-T ......................................................................................................................126

D Port pin-outs .............................................................................................................................................. 128

Introduction........................................................................................................................................................129

Console port, RJ-45, EIA-561 (RS-232)..............................................................................................................129

Ethernet 10Base-T and 100Base-T port ..............................................................................................................130

Sync serial port....................................................................................................................................................130

V.35 serial port .............................................................................................................................................130

X.21 serial port .............................................................................................................................................131

E OnSite 2800 Series factory configuration ................................................................................................... 132

Introduction........................................................................................................................................................133

F Installation checklist .................................................................................................................................. 134

Introduction........................................................................................................................................................135

List of Figures

1 OnSite Managed VPN Router (2805 shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2 OnSite 2800 Series X.21, and V.35 connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3 OnSite 2800 Series 10Base-T Ethernet port connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4 OnSite 2800 Series power input connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

5 OnSite 2800 Series front panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

6 Branch-office virtual private network over a Frame-Relay service network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

7 Corporate multi-function virtual private network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

8 Connecting an OnSite 2800 Series device to a hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

9 Rear view of the router showing location of V.35 interface connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

10 Rear view of the router showing location of X.21 interface connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

11 Rear panel of 2803K/EUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

12 Rear panel of 2803T/EUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

13 Rear panel of 2803K/UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

14 Power connector location on rear panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

15 VPN Router front panel LEDs and Console port locations (OnSite 2835 shown) . . . . . . . . . . . . . . . . . . . . . . 37

16 Steps for setting up a new OnSite VPN Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

17 Connecting to the terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

18 Connecting the OnSite VPN Router to the network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

19 IP interface wan is bound to PVC 1 on port serial 0 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

20 Typical Integrated Service Access Scenario with dedicated PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

21 IP Context with logical IP interfaces bound to Ethernet port, serial port PVC 1 and PVC 2 . . . . . . . . . . . . . . 56

22 Using traffic filters to prevent traffic from being routed to a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

23 Deny a specific subnet on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

24 IP context and related elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

25 Packet routing in OnSite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

26 Example of Hierarchical Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

27 Elements of link scheduler configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

28 Scenario with Web server regarded as a single source host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

29 Structure of a Service-Policy Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

30 Using a Service Policy Profile on an IP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

31 Examples of OnSite 2800 Series front panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

32 Connecting a serial terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

33 Ethernet cross-over . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

34 Ethernet straight-through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

35 EIA-561 (RJ-45 8-pin) port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

List of Tables

1 General conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2 Rear panel ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Installation checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

4 Sample site log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5 Ethernet 10/100Base-T (RJ-45) port pin-outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6 Signal pin-outs for the V.35 interface on the OnSite 2800 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

7 Signal pin-outs for the X.21 interface on the OnSite 2800 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

8 RJ-48C receptacle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

9 Factory default IP address and network mask configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

10 Command cross reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

11 TOS values and their meaning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

12 Traffic control info (TCI) field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

13 Values defining detail of the queuing statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

14 OnSite LED Indications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

15 RS-232 Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

16 RJ-45 socket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

17 V.35 Female DB-25 connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

18 X.21 Female DB-15 connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

19 Installation checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

About this guide

This guide describes OnSite VPN router hardware, installation, and configuration.

Audience

This guide is intended for the following users:

• Operators

• Installers

• Maintenance technicians

Structure

This guide contains the following chapters and appendices:

• Chapter 1 on page 17 provides information about router features, capabilities, operation, and applications

• Chapter 2 on page 26 provides hardware installation procedures

• Chapter 3 on page 38 provides quick-start procedures for configuring the OnSite VPN router

• Chapter 4 on page 44 provides an overview of the serial port and describes the tasks involved in its configu-

ration through the OnSite router.

• Chapter 5 on page 58 provides information on T1/E1 port configuration.

• Chapter 6 on page 67 describes how to configure the VPN connections between two OnSite routers or

between an OnSite and a third-party device.

• Chapter 7 on page 79 provides an overview of IP access control lists and describes the tasks involved in their

configuration through the OnSite router.

• Chapter 8 on page 93 describes how to use and configure OnSite quality of service (QoS) features.

• Chapter 9 on page 112 provides LED definitions

• Chapter 10 on page 114 contains information on contacting Patton technical support for assistance

• Appendix A on page 117 contains compliance information

• Appendix B on page 120 contains specifications for the routers

• Appendix C on page 124 provides cable recommendations

• Appendix D on page 128 describes the router’s ports and pin-outs

• Appendix E on page 132 lists the factory configuration settings for the OnSite VPN router

• Appendix F on page 134 provides license information that describes acceptable usage of the software pro-

vided with the OnSite VPN router

For best results, read the contents of this guide before you install the router.

OnSite 2800 Series User Manual About this guide

Precautions

Notes, cautions, and warnings, which have the following meanings, are used throughout this guide to help you become aware of potential problems. Warnings are intended to prevent safety hazards that could result in personal injury. Cautions are intended to prevent situations that could result in property damage or impaired functioning.

Note

IMPORTANT

CAUTION

WARNING

A note presents additional information or interesting sidelights.

The alert symbol and IMPORTANT heading calls attention to important information.

The alert symbol and CAUTION heading indicate a potential hazard. Strictly follow the instructions to avoid property damage.

The shock hazard symbol and CAUTION heading indicate a potential electric shock hazard. Strictly follow the instructions to avoid property damage caused by electric shock.

The alert symbol and WARNING heading indicate a potential safety hazard. Strictly follow the warning instructions to avoid personal injury.

The shock hazard symbol and WARNING heading indicate a potential electric shock hazard. Strictly follow the warning instructions to avoid injury caused by electric shock.

OnSite 2800 Series User Manual About this guide

Safety when working with electricity

The OnSite contains no user serviceable parts. The equipment shall be returned to Patton Electronics for repairs, or repaired by qualified service per-

WARNING

sonnel. Opening the OnSite case will void the warranty.

Mains Voltage: Do not open the case the when the power cord is attached. For systems without a power switch, line voltages are present within the power supply when the power cords are connected. The mains outlet that is utilized to power the devise shall be within 10 feet (3 meters) of the device, shall be easily accessible, and protected by a circuit breaker.

For units with an external power adapter, the adapter shall be a listed Limited Power Source.

For AC powered units, ensure that the power cable used with this device meets all applicable standards for the country in which it is to be installed, and that it is connected to a wall outlet which has earth ground.

WARNING

Hazardous network voltages are present in WAN ports regardless of whether power to the OnSite is ON or OFF. To avoid electric shock, use caution when near WAN ports. When detaching cables, detach the end away from the OnSite first.

Do not work on the system or connect or disconnect cables during periods of lightning activity.

Before opening the chassis, disconnect the telephone network cables to avoid contact with telephone line voltages. When detaching the cables, detach the end away from the OnSite first.

OnSite 2800 Series User Manual About this guide

The power supply automatically adjusts to accept an input voltage from 100 to 240 VAC (50/60 Hz).

CAUTION

Verify that the proper voltage is present before plugging the power cord into the receptacle. Failure to do so could result in equipment damage.

The interconnecting cables shall be acceptable for external use and shall be rated for the proper application with respect to voltage, current, anticipated temperature, flammability, and mechanical serviceability.

In accordance with the requirements of council directive 2002/ 96/EC on Waste of Electrical and Electronic Equipment (WEEE), ensure that at end-of-life you separate this product from other waste and scrap and deliver to the WEEE collection system in your country for recycling.

General observations

• Clean the case with a soft slightly moist anti-static cloth

• Place the unit on a flat surface and ensure free air circulation

• Avoid exposing the unit to direct sunlight and other heat sources

• Protect the unit from moisture, vapors, and corrosive liquids

OnSite 2800 Series User Manual About this guide

Typographical conventions used in this document

This section describes the typographical conventions and terms used in this guide.

General conventions

The procedures described in this manual use the following text conventions:

Table 1. General conventions

Convention Meaning

Garamond blue type Indicates a cross-reference hyperlink that points to a figure, graphic, table, or sec-

tion heading. Clicking on the hyperlink jumps you to the reference. When you have finished reviewing the reference, click on the Go to Previous View

button in the Adobe® Acrobat® Reader toolbar to return to your starting point.

Futura bold type Commands and keywords are in boldface font. Futura bold-italic type Parts of commands, which are related to elements already named by the user, are

in boldface italic font.

Italicized Futura type Variables for which you supply values are in italic font

Futura type

Garamond bold type Indicates the names of command buttons that execute an action.

< >

[ ] Elements in square brackets are optional. {a | b | c} Alternative but required keywords are grouped in braces ({ }) and are separated

blue screen Information you enter is in blue screen font. screen Terminal sessions and information the system displays are in screen font. node The leading IP address or nodename of an OnSite is substituted with node in

2800 The leading 2800 on a command line represents the nodename of the OnSite # An hash sign at the beginning of a line indicates a comment line.

Indicates the names of fields or windows.

Angle brackets indicate function and keyboard keys, such as <SHIFT>, <CTRL>, <C>, and so on.

by vertical bars ( | )

boldface italic font.

Chapter 1 General information

Chapter contents

OnSite Model 2800 Series overview....................................................................................................................18

OnSite 2800 Series detailed description ........................................................................................................19

OnSite 2800 Series model codes ..............................................................................................................19

Serial WAN models ........................................................................................................................... 19

Ethernet WAN models ....................................................................................................................... 20

Model code extensions .............................................................................................................................21

Ports descriptions .....................................................................................................................................22

Applications overview..........................................................................................................................................23

Branch-Office virtual private network over Frame Relay service .................................................................23

Corporate multi-function virtual private network ..........................................................................................24

OnSite 2800 Series User Manual 1 • General information

OnSite Model 2800 Series overview

The OnSite Model 2800 Series Managed VPN Router (see figure 1) delivers secure, optimized communications across unsecured IP networks between any enterprise headquarters and remote offices, home offices (RoHo), or mobile users. Patton’s OnSite 2800 family of VPN routers combines an integrated synch-serial interface for access to the Internet (or any IP network) with full-service IP routing, VPN security via IPSec, and type-of-service/quality-of-service (ToS/QoS) traffic shaping and prioritization. The built-in V.35 or X.21 serial interface delivers LAN-to-WAN connectivity without the additional expense of external adapters or CSU/DSU devices. The Model 2800 Series’ flexible AC or DC power-source options accommodate virtually any installation environment.

Figure 1. OnSite Managed VPN Router (2805 shown)

Each member of the Model 2800 family provides two 10/100Base-T Ethernet ports and one integrated T1/E1, V.35, or X.21 synchronous serial WAN port to deliver a managed virtual-private-network (VPN) connection over the Internet or any unsecured IP network.

OnSite 2800 Series Routers support Frame-Relay and PPP networking with VPN and firewall functionality. Authentication and firewall services protect against unauthorized users while encryption, and anti-replay capabilities preserve data confidentiality. Patton's powerful CoS and QoS mechanisms provide traffic-shaping and prioritization to guarantee your mission-critical data is delivered promptly and unimpeded by traffic from other users on the same LAN. Besides assuring first priority for key information, Patton's advanced QoS technology enhances the quality and clarity of realtime application such as live voice and video communications with the main office. These compact VPN Routers support PPP/PPPoE and Frame Relay services over the serial WAN link.

The OnSite VPN Router performs the following major functions:

• Routed LAN-to-WAN connectivity between two 10/100 Ethernet LAN ports and one V.35, X.21, or syn-

chronous serial WAN port.

• IP Routing with class-of-service/quality-of-service (CoS/QoS) support for Internet or IP-WAN access with

traffic shaping and prioritization.

OnSite Model 2800 Series overview 18

OnSite 2800 Series User Manual 1 • General information

• VPN tunneling for secure traversal of unsecured IP networks

• IPSec payload encryption with authentication header (AH, specified in RFC 2402) and encapsulating secu-

rity payload (ESP, specified in RFC 2406) protects data integrity and confidentiality and prevents unauthorized data-replay.

• Firewall capabilities including IP-address and IP-port filtering, access control lists (ACLs), and denial-of-

service (DoS) attack detection.

• Enhanced IP services include domain name service (DNS) resolver and relay, NAT/NAPT, dynamic DNS,

and DHCP server.

OnSite 2800 Series detailed description

The OnSite 2800 Series Managed VPN Router provides secure managed VPN routed networking with 2-port Ethernet LAN connectivity and serial WAN access via a built-in V.35 or X.21 serial WAN interface (see figure 2).

IPLink 2835 V.35 serial WAN port connector

10/100Base-T Ethernet LAN ports 0/1 and 0/0

Figure 2. OnSite 2800 Series X.21, and V.35 connectors

IPLink 2821 X.21 serial WAN port connector

OnSite 2800 Series model codes

Serial WAN models. The following models come equipped with an integrated V.35 or X.21 serial WAN port and two 10/100Base-T Ethernet ports (see figure 2):

• OnSite 2821—X.21 WAN interface and two Ethernet ports

• OnSite 2835—V.35 WAN interface and two Ethernet ports

• OnSite 2803—T1/E1 WAN interface and two Ethernet ports

OnSite Model 2800 Series overview 19

OnSite 2800 Series User Manual 1 • General information

IPLink 2805 10/100Base-T Ethernet WAN port 0/0

Ethernet LAN ports 0/1 – 0/4

IPLink 2802 10/100Base-T Ethernet ports 0/1 and 0/0

Figure 3. OnSite 2800 Series 10Base-T Ethernet port connectors

Ethernet WAN models. The following models come equipped with 10/100Base-T Ethernet ports only (see

figure 3):

• OnSite 2802—Dual 10/100Base-T Ethernet ports, one for LAN connection and one for connection to

aWAN

• OnSite 2805—Integrated Ethernet switch with four 10/100Base-T Ethernet ports and one 10/100Base-T

Ethernet port for connection to a WAN

• OnSite 2823—Three 10/100 Base-T Ethernet ports with the independent purpose of WAN, LAN, and

DMZ

OnSite Model 2800 Series overview 20

OnSite 2800 Series User Manual 1 • General information

lnternal power supply connector accepts 100–240 VAC, 50/60 Hz, up to 1 A

External power supply connector accepts 12 VDC, 1 A, from external AC adapter (some models accept +5VDC, see Appendix B, “Specifications” for details)

Figure 4. OnSite 2800 Series power input connectors

Model code extensions

A model-code extension indicates the type of power supply the Router model provides. The model-code conventions are:

• UI stands for internal 100–240V AC universal input power supply (see figure 4)

• EUI stands for external 100–240V AC universal input power supply (see figure 4)

For example, the model code 2821/EUI describes an OnSite configured with the following:

• Two 10/100 Base-T Ethernet ports

• X.21 serial WAN data port

• External 120–220 VAC universal input power supply

OnSite Model 2800 Series overview 21

OnSite 2800 Series User Manual 1 • General information

Link

100M

Activity

Enet 0

IPLink VPN Router

Run

Link

100M

Activity

Enet 1

Power

Console

Ports descriptions

The OnSite 2800 Series rear-panel ports are described in table 2.

Table 2. Rear panel ports

Port Location Description

10/100 Ethernet ETH 0/0 (WAN) &

ETH 0/1–0/4 (LAN) WAN Rear panel DB-25 or DB-15 receptacle provides a V.35 or X.21 serial interface for

T1/E1 Rear panel

Power Rear panel

Console Front panel Used for service and maintenance and available on all OnSite 2800

Rear panel

RJ-45 connectors (see

figure 2

on page 19 and

figure 3

on page 20) that connect the router to an Ethernet device (e.g., a cable or DSL modem, LAN hub or switch).

leased-line connection to a WAN at rates up to 2 Mbps. E1—G.703/G.704 with HDB3 or AMI encoding. RJ-48C and dual

coaxial connectors. T1

—

ANSI T1.403 & AT&T TR54016 with AMI coding/D4 framing or

B8ZS coding/ESF framing. RJ-48C connector. The router is available in a DC or AC power input version (see

figure 4

on page 21), labeled as follows: AC version (Internal power supply): 100–240 VAC, 50/60 Hz, 1 A DC version: +12 V, 1 A (Model 2821, 2802, 2835) or

+5 VDC 1 A (Model 2805)

models except the OnSite 2805, the Console port (see

figure 5

), an RS232 RJ-45 connector, connects the router to a serial terminal such as a PC or ASCII terminal (also called a dumb terminal).

OnSite Model 2800 Series overview 22

IPLink 2805

Power

1234

LAN WAN

IPLink 2835, 2821, 2802

Link

100M

Enet 0

Activity

Link

Enet 1

100M

Activity

Power

Run

Figure 5. OnSite 2800 Series front panels

IPLink VPN Router

Console

Console port

OnSite 2800 Series User Manual 1 • General information

Note

For LED descriptions, refer to chapter 9, “LEDs status and monitor-

ing” on page 112.

Applications overview

Patton’s OnSite managed VPN routers deliver the features you need for secure, optimized communication over non-secured IP networks. Combining VPN tunneling, standard IPSec encryption, and firewall capabilities with Patton’s powerful quality of service technology, OnSite VPN routers deliver private, prioritized networking for business, government, and military applications.

Banking, insurance, retail, utilities, railroads, or government, any organization with more than one site can benefit from the security and traffic-shaping advantages of the OnSite family of VPN routers. As traffic traverses unsecured networks, VPN tunneling with standard IPSec encryption plus firewall capabilities preserve data security and integrity. Meanwhile, OnSite’s ToS/Qos traffic-shaping and prioritization prevent critical information getting blocked or impeded by less important traffic while enhancing the quality of real-time applications such as voice and video.

OnSite 2800 Series Serial WAN models provide dual 10/100Base-T Ethernet ports with a selection of various synchronous serial WAN ports: V.35, X.21, or T1/E1. The two Ethernet ports provide full-featured IP routing plus Ethernet and IP-layer QoS services. The sync-serial port provides WAN access by means of a leased-line connection to the network. OnSite 2800 Series Ethernet WAN models provide one or four Ethernet LAN ports in addition to the Ethernet WAN interface. The following sections show some typical applications for the OnSite 2800 Series.

This chapter describes typical applications for which the OnSite 2800 Series series is uniquely suited.

Branch-Office virtual private network over Frame Relay service

Featuring VPN tunneling combined with built-in frame-relay support and a selection of standard serial interfaces on-board, the OnSite 2800 Series offers the remote-branch office a secure, private and prioritized network connection to another location over virtually any available network service and any standard WAN interface.

Figure 6. Branch-office virtual private network over a Frame-Relay service network

Figure 6 shows a branch-to-branch VPN connection through a frame-relay service network as delivered on

serial lines. The OnSite 2800 Series can support a similar scenario with network service delivered via V.35 or

Applications overview 23

OnSite 2800 Series User Manual 1 • General information

X.21 serial interfaces, or an Ethernet WAN interface. For remote sites where PPP service is available, the 2800 Series also supports PPP network access over all the standard WAN interface options mentioned above.

In this specific application, all traffic between the branch and corporate offices is carried in an IPSec tunnel. All of the IPSec VPN traffic is encapsulated in Frame Relay for transport over the Frame Relay service network. The serial port is configured for Frame Relay.

To configure this application, you need to configure the following features:

• The serial port with Frame Relay as the encapsulation protocol

• An IPSec VPN between the two endpoints.

See chapter 4 on page 44 to configure the serial port and chapter 6 on page 67 to configure the VPN.

Corporate multi-function virtual private network

The OnSite 2800 Series can deliver both private corporate intranet service and public Internet access to multiple remote sites by leveraging OnSite’s multiple frame-relay PVC support (see figure 7). The enterprise enjoys the benefits of secure multi-office virtual private networking with QoS for prioritized traffic flow for missioncritical information.

Figure 7. Corporate multi-function virtual private network

Applications overview 24

OnSite 2800 Series User Manual 1 • General information

In figure 7, the blue pipes represent VPN connections for private traffic within the corporate intranet, while the green pipes represent the Internet traffic. The red pipe is a Frame Relay PVC transporting Internet traffic and private corporate traffic over the VPN. Each of the three remote sites is connected with headquarters via an OnSite VPN router. Each remote site can take advantage of the most convenient and locally available interface the WAN service can offer, whether X.21, or V.35.

The corporate multi-function application carries two types of traffic between each remote office and corporate’s central office:

• Private corporate traffic (the intranet/extranet)

• Internet traffic

The service provider offers a Frame Relay network for access, so both the private corporate traffic and the Internet traffic is transported over a Frame Relay PVC with one DLCI. The corporate traffic is transported within IPSec VPN that is in the Frame Relay PVC. The separation of corporation and Internet traffic is managed by using an ACL using IP addresses as the watershed.

To configure this application, you must configure the following features:

• A serial Frame Relay link as the WAN service which will carry both private corporate traffic and public

Internet traffic

• An IPSec VPN for private corporate traffic

• An ACL to distinguish between the two types of traffic so only the private corporate traffic is carried over

the VPN.

See chapter 4 on page 44 to configure the serial port, chapter 6 on page 67 to configure the VPN, and chapter

7 on page 79 to configure the ACL. Chapter 8 on page 93 provides more in-depth explanations of scheduling

various types of traffic. Various techniques are also described, including QoS and TOS.

Applications overview 25

Chapter 2 Hardware installation

Chapter contents

Planning the installation.......................................................................................................................................27

Installation checklist ......................................................................................................................................28

Site log ...........................................................................................................................................................29

Network information .....................................................................................................................................29

Network Diagram .....................................................................................................................................29

IP related information ....................................................................................................................................29

Software tools ................................................................................................................................................29

Power source ..................................................................................................................................................29

Location and mounting requirements ............................................................................................................30

Installing the VPN router .....................................................................................................................................30

Mounting the VPN router ..............................................................................................................................30

Connecting cables ..........................................................................................................................................30

Installing the Ethernet cable .....................................................................................................................30

Installing the serial WAN cable ...............................................................................................................31

Installing the V.35 interface cable ..................................................................................................... 32

Installing the X.21 interface cable ..................................................................................................... 33

Installing the T1/E1 twisted pair cables............................................................................................. 34

Installing the E1 dual coaxial cables.................................................................................................. 35

Connecting to external power source .......................................................................................................36

OnSite 2800 Series User Manual 2 • Hardware installation

Planning the installation

Before you start the actual installation, we strongly recommend that you gather all the information you will need to install and setup the device. See table 3 for an example of what pre-installment checks you might need to carry out. Completing the pre-installation checks enables you to install and set up your VPN router within an existing network infrastructure with confidence.

The mains outlet that is utilized to power the equipment must be within 1 meter (3 feet) of the device and shall be easily accessible.

CAUTION

Note

When setting up your VPN router you must consider cable length limitations, and potential electromagnetic interference (EMI) as defined by the applicable local and international regulations. Ensure that your site is properly prepared before beginning installation.

Before installing the VPN Router device, the following tasks should be completed:

• Create a network diagram (see section “Network information” on page 29)

• Gather IP related information (see section “IP related information” on page 29 for more information)

• Install the hardware and software needed to configure the OnSite router. (See section “Software tools”

on page 29)

• Verify power source reliability (see section “Power source” on page 29).

When you finish preparing for your VPN Router installation, go to section “Installing the VPN router” on page 30 to install the device.

Planning the installation 27

OnSite 2800 Series User Manual 2 • Hardware installation

Installation checklist

The installation checklist (see table 3) lists the tasks for installing an OnSite 2800 Series VPN Router. Make a copy of this checklist and mark the entries as you complete each task. For each OnSite 2800 Series VPN Router, include a copy of the completed checklist in your site log.

Table 3. Installation checklist

Task Verified by Date

Network information available & recorded in site log

Environmental specifications verified

Site power voltages verified

Installation site pre-power check completed

Required tools available

Additional equipment available

All printed documents available

OnSite release & build number verified

Rack, desktop, or wall mounting of chassis completed

Initial electrical connections established

ASCII terminal attached to console port

Cable length limits verified

Initial configuration performed

Initial operation verified

Planning the installation 28

OnSite 2800 Series User Manual 2 • Hardware installation

Site log

Patton recommends that you maintain a site log to record all actions relevant to the system, if you do not already keep such a log. Site log entries should include information such as listed in table 4.

Table 4. Sample site log entries

Entry Description

Installation Make a copy of the installation checklist and insert it into the site log

Upgrades and maintenance Use the site log to record ongoing maintenance and expansion history

Configuration changes Record all changes and the reasons for them

Maintenance Schedules, requirements, and procedures performed

Comments Notes, and problems

Software Changes and updates to OnSite software

Network information

When planning your installation there are certain network-connection considerations that you should take into account. The following sections describe such considerations for several types of network interfaces.

Network Diagram

Draw a network overview diagram that displays all neighboring IP nodes, connected elements and telephony components.

IP related information

Before you can set up the basic IP connectivity for your OnSite 2800 Series you should have the following information:

• IP addresses and subnet masks used for Ethernet LAN and WAN ports

• IP addresses and subnet masks used for the V.35 or X.21 serial WAN port

• IP addresses and subnet masks used for the T1/E1 WAN port

• IP addresses of central TFTP Server used for configuration upload and download

• Login and password for PPPoE Access.

Software tools

You will need a PC (or equivalent) with a VT-100 emulation program (e.g. HyperTerminal) to configure the software on your OnSite VPN Router.

Power source

If you suspect that your AC power is not reliable, for example if room lights flicker often or there is machinery with large motors nearby, have a qualified professional test the power. Install a power conditioner if necessary.

Planning the installation 29

OnSite 2800 Series User Manual 2 • Hardware installation

Location and mounting requirements

The OnSite VPN Router is intended to be placed on a desktop or similar sturdy, flat surface that offers easy access to the cables. Allow sufficient space at the rear of the chassis for cable connections. Additionally, you should consider the need to access the unit for future upgrades and maintenance.

Installing the VPN router

OnSite VPN Router installation consists of the following:

• Placing the device at the desired installation location (see section “Mounting the VPN router” on page 30)

• Installing the interface and power cables (see section “Connecting cables” on page 30)

When you finish installing the OnSite router, go to chapter 3, “Getting started with the OnSite Managed VPN

Router” on page 38.

Mounting the VPN router

Place the VPN Router on a desktop or similar sturdy, flat surface that offers easy access to the cables. The VPN Router should be installed in a dry environment with sufficient space to allow air circulation for cooling.

Note

For proper ventilation, leave at least 2 inches (5 cm) to the left, right, front, and rear of the OnSite VPN Router.

Connecting cables

Do not work on the system or connect or disconnect cables during periods of lightning activity.

WARNING

The interconnecting cables must be acceptable for external use and must be rated for the proper application with respect to volt-

CAUTION

age, current, anticipated temperature, flammability, and mechanical serviceability.

Installing VPN Router cables takes place in the following order:

1. Installing the 10/100 Ethernet port cable or cables (see section “Installing the Ethernet cable” on page 30)

2. Installing the cables:

a. V.35 or X.21 serial WAN cable (see section “Installing the serial WAN cable” on page 31) or

b. T1/E1 WAN cable (see section “Installing the serial WAN cable” on page 31)

3. Installing the power input (see section “Connecting to external power source” on page 36)

Installing the Ethernet cable

The OnSite 2800 Series has automatic MDX (auto-cross-over) detection and configuration on the Ethernet ports. Any of the two ports (five on the Model 2805 and three on the Model 2823) can be connected to a host or hub/switch with a straight-through wired cable (see figure 1). Ethernet devices (10Base-T or 100Base-T) are

Installing the VPN router 30

+ 105 hidden pages

Patton electronics OnSite 2800 Series User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual