RuggedCom RX1100 User Manual
RuggedRouter®
RX1000/RX1100™ User Guide
RuggedCom Inc.
300 Applewood Crescent,
Concord, Ontario
Canada L4K 5C7
Tel: +1 905 856 5288
Fax: +1 905 856 1995
Toll Free: 1 888 264 0006
support@ruggedcom.com
RuggedRouter®
RuggedRouter® User Guide
for use with RX1000/RX1100 Products
ROX™ 1.14.3 release date: July 6, 2010
User guide: December 22, 2010
RuggedCom Inc.
300 Applewood Crescent,
Concord, Ontario
Canada L4K 5C7
Tel: +1 905 856 5288
Fax: +1 905 856 1995
Toll Free: 1 888 264 0006
support@ruggedcom.com
Disclaimer
RuggedCom Inc. makes no warranty of any kind with regard to this material.
RuggedCom shall not be liable for errors contained herein or for consequential damages in
connection with the furnishing, performance, or use of this material.
Warranty
Five (5) years from date of purchase, return to factory. For warranty details, visit
www.ruggedcom.com or contact your customer service representative.
ALL RIGHTS RESERVED
This document contains proprietary information, which is protected by copyright. All rights
are reserved.
The RuggedRouter® includes components licensed under the GPL and BSD style licenses.
The full licences of such are included in an associated document.
No part of this document may be photocopied, reproduced or translated to another language
without the prior written consent of RuggedCom Inc.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive
licensee of Linus Torvalds, owner of the mark on a world-wide basis.
Industrial Defender® is the registered trademark of Industrial Defender Corporation.
RuggedRouter®
Table of Contents
About this User Guide ................................................................................................................... 19
Applicable Firmware Revision ................................................................................................ 19
Who Should Use This User Guide ........................................................................................ 19
How To Use This User Guide ............................................................................................... 19
Document Conventions .......................................................................................................... 19
Quick Start Recommendations .............................................................................................. 20
1. Setting Up And Administering The Router ................................................................................ 23
1.1. Introduction .................................................................................................................... 23
1.1.1. Access Methods ................................................................................................... 23
1.1.2. Accounts And Password Management ................................................................ 23
1.1.3. Default Configuration ............................................................................................ 23
1.2. Accessing The RuggedRouter Command Prompt .......................................................... 24
1.2.1. From the Console Port ....................................................................................... 24
1.2.2. From SSH ............................................................................................................ 24
1.3. The RuggedRouter Setup Shell ...................................................................................... 24
1.3.1. Configuring Passwords ........................................................................................ 25
1.3.2. Configuring IP Address Information ..................................................................... 25
1.3.3. Setting The Hostname and Domain .................................................................... 26
1.3.4. Configuring RADIUS Authentication ..................................................................... 26
1.3.5. Enabling And Disabling The SSH and Web Server ............................................. 26
1.3.6. Enabling And Disabling The Gauntlet Security Appliance .................................... 27
1.3.7. Configuring The Date, Time And Timezone ........................................................ 27
1.3.8. Displaying Hardware Information ......................................................................... 27
1.3.9. Restoring A Configuration .................................................................................... 28
1.4. The RuggedRouter Web Interface .................................................................................. 29
1.4.1. Using a Web Browser to Access the Web Interface ............................................ 29
1.4.2. SSL Certificate Warnings ..................................................................................... 30
1.4.3. The Structure of the Web Interface ...................................................................... 30
1.5. Using The LED Status Panel ........................................................................................ 32
1.6. Obtaining Chassis Information ........................................................................................ 33
2. Webmin Configuration ............................................................................................................... 34
2.1. Introduction ...................................................................................................................... 34
2.2. Webmin Configuration Menu .......................................................................................... 34
2.2.1. IP Access Control ................................................................................................ 34
2.2.2. Change Help Server ............................................................................................ 36
2.2.3. Logging ................................................................................................................. 36
2.2.4. Authentication ....................................................................................................... 37
2.2.5. Webmin Events Log ............................................................................................. 38
3. Configure Webmin Users .......................................................................................................... 39
3.1. Introduction ...................................................................................................................... 39
3.2. Webmin User and Group Fundamentals ........................................................................ 39
3.3. RADIUS User Access Control Fundamentals ................................................................. 39
3.4. Webmin Users Menu ...................................................................................................... 40
3.5. Edit Webmin User menu ................................................................................................. 41
3.6. Current Login Sessions Menu ........................................................................................ 42
3.7. Password Restrictions Menu .......................................................................................... 42
Revision 1.14.3 3 RX1000/RX1100™
RuggedRouter®
4. Configuring The System ............................................................................................................ 44
4.1. Introduction ...................................................................................................................... 44
4.2. Bootup And Shutdown ................................................................................................... 45
4.3. Change Password Command ........................................................................................ 46
4.4. Scheduled Commands .................................................................................................... 47
4.5. Scheduled Cron Jobs .................................................................................................... 47
4.6. System Hostname ......................................................................................................... 49
4.7. System Time .................................................................................................................. 49
5. Configuring Networking .............................................................................................................. 50
5.1. Introduction ...................................................................................................................... 50
5.2. IPv6 Fundamentals ......................................................................................................... 50
5.3. Network Configuration ..................................................................................................... 50
5.3.1. Core Settings ....................................................................................................... 51
5.3.2. Dummy Interface .................................................................................................. 52
5.3.3. Static Routes ...................................................................................................... 52
5.3.4. Static Multicast Routing ........................................................................................ 55
5.3.5. DNS Client ........................................................................................................... 55
5.3.6. Host Addresses .................................................................................................... 56
5.3.7. End To End Backup ............................................................................................. 56
5.3.8. Current Routing & Interface Table ....................................................................... 58
6. Configuring Ethernet Interfaces ................................................................................................. 59
6.1. Introduction ...................................................................................................................... 59
6.1.1. Ethernet Interface Fundamentals ......................................................................... 59
6.1.2. VLAN Interface Fundamentals ............................................................................. 59
6.1.3. PPPoE On Native Ethernet Interfaces Fundamentals .......................................... 60
6.1.4. IPv6 on Ethernet Fundamentals ........................................................................... 60
6.1.5. Bridge Fundamentals ........................................................................................... 60
6.2. Ethernet Configuration .................................................................................................... 61
6.2.1. Ethernet Interfaces ............................................................................................... 62
6.2.2. Editing Currently Active Interfaces ...................................................................... 62
6.2.3. Edit Boot Time Interfaces .................................................................................... 63
6.2.4. Bridge Configuration ............................................................................................. 64
6.2.5. PPPoE On Native Ethernet Interfaces ................................................................ 64
6.2.6. Edit PPPoE Interface ........................................................................................... 65
6.2.7. PPP Logs ............................................................................................................. 66
6.2.8. Current Routes & Interface Table ........................................................................ 66
7. Configuring Frame Relay/PPP And T1/E1 ................................................................................ 67
7.1. Introduction ...................................................................................................................... 67
7.1.1. T1/E1 Fundamentals ............................................................................................ 67
7.2. T1/E1 Configuration ........................................................................................................ 68
7.2.1. T1/E1 Network Interfaces ..................................................................................... 69
7.2.2. Editing A T1/E1 Interface ..................................................................................... 71
7.2.3. Editing A Logical Interface (Frame Relay) .......................................................... 72
7.2.4. Editing A Logical Interface (PPP) ....................................................................... 73
7.2.5. T1/E1 Statistics .................................................................................................... 74
7.2.6. T1/E1 Loopback ................................................................................................... 76
7.2.7. Current Routes & Interface Table ........................................................................ 78
7.2.8. Upgrading Software .............................................................................................. 78
7.2.9. Upgrading Firmware ............................................................................................. 78
Revision 1.14.3 4 RX1000/RX1100™
RuggedRouter®
8. Configuring Frame Relay/PPP And T3/E3 ................................................................................ 79
8.1. Introduction ...................................................................................................................... 79
8.1.1. T3/E3 Fundamentals ............................................................................................ 79
8.1.2. Location Of Interfaces And Labeling .................................................................... 79
8.1.3. LED Designations ................................................................................................. 79
8.2. T3/E3 Configuration ....................................................................................................... 80
8.2.1. T3/E3 Trunk Interfaces ......................................................................................... 80
8.2.2. Editing Logical Interfaces ..................................................................................... 82
8.2.3. T3/E3 Statistics .................................................................................................... 83
8.2.4. Current Routes & Interface Table ........................................................................ 84
8.2.5. Upgrading Software ............................................................................................ 84
9. Configuring Frame Relay/PPP And DDS .................................................................................. 85
9.1. Introduction ...................................................................................................................... 85
9.1.1. DDS Fundamentals .............................................................................................. 85
9.2. DDS Configuration .......................................................................................................... 85
9.2.1. DDS Network Interfaces ....................................................................................... 86
9.2.2. Editing A Logical Interface (Frame Relay) ........................................................... 87
9.2.3. Editing A Logical Interface (PPP) ......................................................................... 88
9.2.4. DDS Statistics ...................................................................................................... 88
9.2.5. DDS Loopback ..................................................................................................... 89
9.2.6. Current Routes & Interface Table ........................................................................ 89
9.2.7. Upgrading Software .............................................................................................. 90
10. Multilink PPP over T1/E1 ....................................................................................................... 91
10.1. Introduction .................................................................................................................... 91
10.1.1. Multilink PPP Fundamentals .............................................................................. 91
10.1.2. Notes on T1/E1 Channelization ......................................................................... 91
10.2. Configuring PPP Multilink over T1/E1 ......................................................................... 91
10.3. Multilink PPP Statistics ................................................................................................. 92
11. Configuring PPPoE/Bridged Mode On ADSL .......................................................................... 94
11.1. Introduction .................................................................................................................... 94
11.1.1. ADSL Fundamentals .......................................................................................... 94
11.1.2. PPPoE/Bridged Mode Fundamentals ................................................................. 94
11.2. ADSL Configuration ...................................................................................................... 96
11.2.1. ADSL Network Interfaces ................................................................................... 96
11.2.2. Editing A Logical Interface (PPPoE) .................................................................. 97
11.2.3. Editing A Logical Interface (Bridged) ................................................................. 98
11.2.4. ADSL Statistics .................................................................................................. 99
11.2.5. Current Routes & Interface Table ...................................................................... 99
11.2.6. Upgrading Software ............................................................................................ 99
12. Configuring PPP And the Embedded Modem ....................................................................... 100
12.1. Introduction .................................................................................................................. 100
12.1.1. PPP and Modem Fundamentals ...................................................................... 100
12.2. PPP Modem Configuration ......................................................................................... 101
12.2.1. Modem Configuration ....................................................................................... 102
12.2.2. Modem PPP Client Connections ...................................................................... 104
12.2.3. Modem PPP Client ......................................................................................... 105
12.2.4. Modem PPP Server ........................................................................................ 106
12.2.5. Modem Incoming Call Logs ............................................................................. 108
12.2.6. Modem PPP Logs ............................................................................................ 108
Revision 1.14.3 5 RX1000/RX1100™
RuggedRouter®
12.2.7. Modem PPP Connection Logs ......................................................................... 109
12.2.8. Current Routes & Interface Table .................................................................... 109
13. Configuring PPP And The Cellular Modem ........................................................................... 110
13.1. Introduction ................................................................................................................ 110
13.1.1. PPP and Cellular Modem Fundamentals ......................................................... 110
13.2. PPP Cellular Modem Configuration ............................................................................ 111
13.2.1. Cellular Modem Account Activation ................................................................ 112
13.2.2. Cellular Modem Configuration .......................................................................... 113
13.2.3. Modem PPP Client Connections ...................................................................... 116
13.2.4. Modem PPP Client ........................................................................................... 117
13.2.5. PPP Logs, PPP Connection Logs .................................................................... 117
13.2.6. Current Route and Interfaces Table ................................................................. 117
14. Configuring The Firewall ........................................................................................................ 118
14.1. Introduction .................................................................................................................. 118
14.2. Firewall Fundamentals ................................................................................................ 118
14.2.1. Stateless vs Stateful Firewalls ......................................................................... 118
14.2.2. Linux® netfilter, iptables And The Shoreline Firewall ....................................... 118
14.2.3. Network Address Translation ........................................................................... 119
14.2.4. Port Forwarding ................................................................................................ 119
14.3. Shorewall Quick Setup ................................................................................................ 120
14.4. ShoreWall Terminology And Concepts ....................................................................... 121
14.4.1. Zones ................................................................................................................ 121
14.4.2. Interfaces .......................................................................................................... 121
14.4.3. Hosts ................................................................................................................ 122
14.4.4. Policy ................................................................................................................ 122
14.4.5. Masquerading And SNAT ................................................................................ 123
14.4.6. Rules ................................................................................................................ 124
14.5. Configuring The Firewall And VPN ............................................................................. 125
14.5.1. Policy Based Virtual Private Networking .......................................................... 125
14.5.2. Virtual Private Networking To A DMZ .............................................................. 126
14.6. Firewall Configuration ................................................................................................. 126
14.6.1. Network Zones ................................................................................................. 128
14.6.2. Network Interfaces ........................................................................................... 129
14.6.3. Network Zone Hosts ......................................................................................... 131
14.6.4. Default Policies ................................................................................................. 131
14.6.5. Masquerading ................................................................................................... 132
14.6.6. Firewall Rules ................................................................................................... 133
14.6.7. Static NAT ........................................................................................................ 134
14.6.8. TC (Traffic Control) Interfaces, Classes, and Rules ......................................... 135
14.6.9. Actions When Stopped ..................................................................................... 135
15. Traffic Control ....................................................................................................................... 137
15.1. Traffic Control (TC) Fundamentals ............................................................................ 137
15.1.1. Traffic Control Example .................................................................................... 137
15.2. Traffic Control Configuration ....................................................................................... 138
15.2.1. TC Interfaces (tcdevices) ................................................................................. 138
15.2.2. TC Classes ....................................................................................................... 139
15.2.3. TC Rules .......................................................................................................... 141
16. Configuring IPsec VPN ......................................................................................................... 144
16.1. Introduction .................................................................................................................. 144
Revision 1.14.3 6 RX1000/RX1100™
RuggedRouter®
16.1.1. VPN Fundamentals .......................................................................................... 144
16.2. IPsec VPN Configuration ............................................................................................ 147
16.2.1. VPN Main Menu Before Key Generation ......................................................... 147
16.2.2. VPN Main Menu ............................................................................................... 148
16.2.3. Server Configuration ........................................................................................ 149
16.2.4. L2TPD Configuration ........................................................................................ 150
16.2.5. Public Key ........................................................................................................ 151
16.2.6. Pre-shared Keys ............................................................................................... 151
16.2.7. List Certificates ................................................................................................. 151
16.2.8. VPN Connections ............................................................................................. 152
16.2.9. Showing IPsec Status ...................................................................................... 155
16.2.10. IPSec X.509 Roaming Client Example ........................................................... 156
17. Configuring Dynamic Routing ................................................................................................ 160
17.1. Introduction .................................................................................................................. 160
17.1.1. Quagga, RIP, OSPF, and BGP ....................................................................... 160
17.1.2. BGP Fundamentals .......................................................................................... 160
17.1.3. RIP Fundamentals .......................................................................................... 160
17.1.4. OSPF Fundamentals ....................................................................................... 161
17.1.5. Key OSPF And RIP Parameters ...................................................................... 162
17.1.6. OSPF And VRRP Example Network ................................................................ 164
17.2. Dynamic Routing Configuration .................................................................................. 165
17.2.1. Enable Protocols .............................................................................................. 166
17.2.2. Core .................................................................................................................. 166
17.2.3. BGP configuration ............................................................................................ 167
17.2.4. OSPF ................................................................................................................ 173
17.2.5. RIP ................................................................................................................... 177
18. Link Backup ........................................................................................................................... 182
18.1. Introduction .................................................................................................................. 182
18.1.1. Link Backup Fundamentals .............................................................................. 182
18.2. Link Backup Configuration .......................................................................................... 183
18.2.1. Link Backup Main Menu ................................................................................... 183
18.2.2. Link Backup Configurations .............................................................................. 184
18.2.3. Edit Link Backup Configuration ........................................................................ 184
18.2.4. Link Backup Logs ............................................................................................. 185
18.2.5. Link Backup Status .......................................................................................... 186
18.2.6. Testing A Link Backup Configuration ............................................................... 186
18.2.7. Scheduled Link Backup Test ........................................................................... 186
19. Configuring VRRP .................................................................................................................. 189
19.1. Introduction .................................................................................................................. 189
19.1.1. VRRP Fundamentals ........................................................................................ 189
19.2. VRRP Configuration .................................................................................................... 192
19.2.1. VRRP Main Menu ............................................................................................ 192
19.2.2. VRRP Configuration Menu ............................................................................... 192
19.2.3. Editing A VRRP Instance ................................................................................. 193
19.2.4. Editing A VRRP Group .................................................................................... 194
19.2.5. Viewing VRRP Instances Status ...................................................................... 194
20. Traffic Prioritization ............................................................................................................... 196
20.1. Introduction .................................................................................................................. 196
20.1.1. Traffic Prioritization Fundamentals .................................................................. 196
Revision 1.14.3 7 RX1000/RX1100™
RuggedRouter®
20.1.2. Prioritization Example ....................................................................................... 198
20.2. Configuring Traffic Prioritization .................................................................................. 199
20.2.1. Traffic Prioritization Main Menu ........................................................................ 199
20.2.2. Interface Prioritization Menu ............................................................................. 200
20.2.3. Prioritization Statistics ...................................................................................... 202
21. Link Layer Discovery Protocol (LLDP) ................................................................................. 203
21.1. LLDP Status .............................................................................................................. 203
22. Configuring Generic Routing Encapsulation ......................................................................... 204
22.1. Introduction .................................................................................................................. 204
22.1.1. GRE Fundamentals .......................................................................................... 204
22.2. GRE Configuration ...................................................................................................... 205
22.2.1. GRE Main Menu .............................................................................................. 205
22.2.2. GRE Configuration Menu ................................................................................. 205
23. Network Utilities ..................................................................................................................... 207
23.1. Introduction .................................................................................................................. 207
23.2. Network Utilities Main Menu ....................................................................................... 207
23.3. Ping Menu ................................................................................................................. 208
23.4. Ping Check Menu ...................................................................................................... 208
23.5. Traceroute Menu ......................................................................................................... 209
23.6. Host Menu ................................................................................................................... 210
23.7. Trace Menu ................................................................................................................. 210
23.7.1. Tcpdump A Network Interface ........................................................................ 211
23.7.2. Frame Relay Link Layer Trace A WAN Interface ............................................. 212
23.7.3. Serial Trace A Serial Server Port ..................................................................... 212
23.8. Interface Statistics Menu ............................................................................................. 213
23.8.1. Current Routing & Interface Table ................................................................... 213
24. Configuring Serial Protocols ................................................................................................. 215
24.1. Introduction .................................................................................................................. 215
24.1.1. Serial IP Port Features .................................................................................... 215
24.1.2. Serial Protocols Applications ............................................................................ 216
24.1.3. Serial Protocols Concepts And Issues ............................................................. 217
24.1.4. TcpModBus Server Application ........................................................................ 218
24.1.5. TcpModbus Concepts And Issues ................................................................... 219
24.1.6. DNP (Distributed Network Protocol) ................................................................. 221
24.2. Serial Protocols Configuration ..................................................................................... 222
24.2.1. Serial Protocols Main Menu ............................................................................. 222
24.2.2. Assign Protocols Menu .................................................................................... 223
24.2.3. Port Settings Menu .......................................................................................... 223
24.2.4. RawSocket Menu ............................................................................................. 224
24.2.5. TcpModBus Menu ............................................................................................ 224
24.2.6. DNP Menu ........................................................................................................ 225
24.2.7. Serial Protocols Statistics Menu ....................................................................... 227
24.2.8. Serial Protocols Trace Menu ............................................................................ 228
24.2.9. Serial Protocols Sertrace Utility ........................................................................ 228
25. Synchronous Serial Ports ..................................................................................................... 230
25.1. Introduction .................................................................................................................. 230
25.1.1. Synchronous Serial Port Features ................................................................... 230
25.1.2. Raw Socket Operation On Synchronous Ports ................................................ 230
25.2. Synchronous Serial Port Configuration ....................................................................... 230
Revision 1.14.3 8 RX1000/RX1100™
RuggedRouter®
25.2.1. Synchronous Port Settings Menu ..................................................................... 231
25.2.2. Configuring Raw Socket On Synchronous Serial Ports .................................... 232
25.3. Synchronous Serial Diagnostics ................................................................................. 233
26. Configuring Layer 2 Tunnels ................................................................................................. 234
26.1. Introduction .................................................................................................................. 234
26.1.1. IEC61850 GOOSE Fundamentals .................................................................... 234
26.1.2. Generic Layer 2 Tunnel Fundamentals ............................................................ 235
26.2. Layer 2 Tunnel Configuration ..................................................................................... 236
26.2.1. Layer 2 Tunnels Main Menu ............................................................................ 236
26.2.2. General Configuration Menu ............................................................................ 237
26.2.3. GOOSE Tunnels Menu .................................................................................... 237
26.2.4. Generic L2 Tunnels Menu ................................................................................ 238
26.2.5. GOOSE Statistics Menu ................................................................................... 240
26.2.6. Generic L2 Tunnel Statistics Menu .................................................................. 241
26.2.7. Activity Trace Menu .......................................................................................... 242
27. Configuring The DHCP server ............................................................................................... 243
27.1. Introduction .................................................................................................................. 243
27.1.1. DHCP Fundamentals ...................................................................................... 243
27.1.2. Example DHCP Scenarios And Configurations ................................................ 245
27.2. DHCP Configuration .................................................................................................... 249
27.2.1. DHCP Server Main Menu ................................................................................ 249
27.2.2. DHCP Shared Network Configuration .............................................................. 249
27.2.3. DHCP Subnet Configuration ............................................................................ 250
27.2.4. DHCP Group Configuration .............................................................................. 251
27.2.5. DHCP Host Configuration ................................................................................ 252
27.2.6. DHCP Pool Configuration ................................................................................ 253
28. DHCP Relay ......................................................................................................................... 254
28.1. Introduction .................................................................................................................. 254
28.1.1. DHCP Relay Fundamentals ............................................................................ 254
28.2. Configuring DHCP Relay ........................................................................................... 254
29. Configuring NTP .................................................................................................................... 256
29.1. Introduction .................................................................................................................. 256
29.1.1. NTP Fundamentals ......................................................................................... 256
29.2. NTP Configuration ....................................................................................................... 257
29.2.1. NTP Server Main Menu ................................................................................... 257
29.2.2. Generic Options ............................................................................................... 258
29.2.3. Servers Configuration ....................................................................................... 258
29.2.4. Peers Configuration .......................................................................................... 259
29.2.5. Viewing NTP Status ......................................................................................... 259
29.2.6. Viewing The NTP Log ...................................................................................... 260
29.2.7. Viewing GPS Status ......................................................................................... 261
29.2.8. Viewing The GPS Log ..................................................................................... 261
30. Configuring SSH ................................................................................................................... 262
30.1. Introduction .................................................................................................................. 262
30.1.1. SSH Fundamentals ......................................................................................... 262
30.2. SSH Configuration ...................................................................................................... 263
30.2.1. SSH Main Menu ............................................................................................... 263
30.2.2. Authentication ................................................................................................... 263
30.2.3. Networking ........................................................................................................ 264
Revision 1.14.3 9 RX1000/RX1100™
RuggedRouter®
30.2.4. Access Control ................................................................................................ 264
31. Configuring The Telnet Server ............................................................................................. 266
31.1. Introduction .................................................................................................................. 266
31.2. Telnet Fundamentals ................................................................................................. 266
31.3. Telnet Server Configuration ....................................................................................... 266
32. Configuring IRIGB And IEEE1588 ......................................................................................... 268
32.1. Introduction .................................................................................................................. 268
32.1.1. IEEE1588 Fundamentals .................................................................................. 268
32.1.2. IRIGB Fundamentals ........................................................................................ 269
32.1.3. GPS Cable compensation ............................................................................... 270
32.2. IRIGB/IEEE1588 Configuration ................................................................................... 271
32.2.1. IRIGB/IEEE1588 Main Menu ............................................................................ 271
32.2.2. General Configuration ...................................................................................... 271
32.2.3. IRIGB Configuration ......................................................................................... 271
32.2.4. IEEE1588 Configuration ................................................................................... 272
32.2.5. IRIGB Status .................................................................................................... 273
32.2.6. IEEE1588 Status .............................................................................................. 273
32.2.7. IRIGB Log ........................................................................................................ 274
33. Configuring the Intrusion Detection System .......................................................................... 275
33.1. Introduction .................................................................................................................. 275
33.1.1. Snort Fundamentals ......................................................................................... 275
33.2. IDS Configuration ........................................................................................................ 276
33.2.1. Snort IDS Main Menu ...................................................................................... 276
33.2.2. Network Settings .............................................................................................. 278
33.2.3. PreProcessors .................................................................................................. 279
33.2.4. Alerts & Logging ............................................................................................... 279
33.2.5. Edit Config File ................................................................................................. 279
34. Maintaining The Router ......................................................................................................... 280
34.1. Introduction .................................................................................................................. 280
34.2. Alert System ................................................................................................................ 280
34.2.1. Alert Main Menu ............................................................................................... 281
34.2.2. Alert Configuration ............................................................................................ 282
34.3. Industrial Defender ...................................................................................................... 285
34.3.1. What information is sent to an SEM unit ......................................................... 285
34.3.2. Industrial Defender Configuration ..................................................................... 286
34.4. Access Manager Security ........................................................................................... 288
34.4.1. What Access Manager's Secure Access Portal Protects And How .................. 288
34.4.2. Access Manager And The Firewall .................................................................. 288
34.4.3. Access Manager's Secure Access Portal Status Menu .................................... 291
34.4.4. Upgrading the Access Manager's Secure Access Portal ................................. 291
34.5. Backup And Restore ................................................................................................... 291
34.5.1. General Configuration ...................................................................................... 292
34.5.2. Configuration Rollback ..................................................................................... 293
34.5.3. Archive History ................................................................................................. 295
34.5.4. Archive Backup ................................................................................................ 296
34.5.5. Archive Restore ................................................................................................ 296
34.5.6. Archive Difference Tool .................................................................................... 298
34.6. SNMP Configuration .................................................................................................. 299
34.6.1. SNMP Main Configuration Menu .................................................................... 300
Revision 1.14.3 10 RX1000/RX1100™
RuggedRouter®
34.6.2. System Configuration ....................................................................................... 300
34.6.3. Network Addressing Configuration .................................................................. 301
34.6.4. Access Control ................................................................................................. 301
34.6.5. Trap Configuration ............................................................................................ 303
34.6.6. MIB Support ..................................................................................................... 304
34.7. RADIUS Authentication .............................................................................................. 305
34.7.1. Introduction ....................................................................................................... 305
34.7.2. RADIUS Authentication Configuration .............................................................. 307
34.7.3. Edit RADIUS Server Parameters ..................................................................... 307
34.8. Outgoing Mail .............................................................................................................. 308
34.9. Chassis Parameters .................................................................................................... 309
34.10. Power over Ethernet ................................................................................................. 309
34.10.1. Power over Ethernet Menu ............................................................................ 310
34.11. Banner Configuration ................................................................................................ 311
34.12. System Logs ............................................................................................................. 313
34.12.1. Syslog Factory Defaults ................................................................................. 314
34.12.2. Remote Logging ............................................................................................. 314
34.13. Upgrade System ....................................................................................................... 316
34.13.1. RuggedRouter Software Fundamentals ......................................................... 316
34.13.2. Upgrade to RX1100 ....................................................................................... 317
34.13.3. Change Repository Server ............................................................................. 317
34.13.4. Upgrading All Packages ................................................................................. 318
34.13.5. Installing A New Package .............................................................................. 319
34.13.6. Pre-upgrade/Post-upgrade scripts .................................................................. 319
34.14. Uploading And Downloading Files ............................................................................ 320
35. Security Considerations ......................................................................................................... 322
35.1. Introduction .................................................................................................................. 322
35.1.1. Security Actions ................................................................................................ 322
A. Setting Up A Repository .......................................................................................................... 323
A.1. Repository Server Requirements .................................................................................. 323
A.2. Initial Repository Setup ................................................................................................. 323
A.3. Upgrading The Repository ............................................................................................ 324
A.4. Setting Up The Routers ................................................................................................ 324
A.4.1. An Alternate Approach ....................................................................................... 324
A.4.2. Upgrading Considerations .................................................................................. 325
B. Re-Flashing Router Software ................................................................................................. 326
B.1. Introduction ................................................................................................................... 326
B.2. Use Cases .................................................................................................................... 326
B.3. Re-flashing The ROX System Software ....................................................................... 326
C. Installing Apache Web Server On Windows ........................................................................... 328
D. Installing IIS Web Server On Windows ................................................................................... 329
E. RADIUS Server Configuration ................................................................................................. 331
E.1. Webmin Privilege Levels and FreeRADIUS ................................................................. 332
E.2. Webmin Privilege Levels and Windows IAS ................................................................. 332
E.3. PPP / CHAP and Windows IAS .................................................................................... 335
F. VPN/L2TP Configuration in Windows ...................................................................................... 337
Index ............................................................................................................................................. 338
Revision 1.14.3 11 RX1000/RX1100™
RuggedRouter®
List of Figures
1.1. RuggedRouter Setup Main Menu ........................................................................................... 24
1.2. RuggedRouter Setup Password Change Menu ...................................................................... 25
1.3. RuggedRouter Interfaces Setup Menu ................................................................................... 25
1.4. RuggedRouter DNS Client Menu ........................................................................................... 25
1.5. Hostname and Domain Configuration Menu ........................................................................... 26
1.6. RADIUS Server Configuration menu ...................................................................................... 26
1.7. Gauntlet Setup Menu .............................................................................................................. 27
1.8. RuggedRouter Date/Time/Timezone Menu ............................................................................ 27
1.9. RuggedRouter Hardware Information Menu ........................................................................... 28
1.10. Selecting a configuration to reload ....................................................................................... 29
1.11. Selecting a previously made configuration ........................................................................... 29
1.12. Signing On To The Router With A Web Browser ................................................................. 30
1.13. RuggedRouter Web Interface Main Menu Window .............................................................. 31
1.14. LED Status Panel ................................................................................................................. 33
2.1. Webmin Configuration Menu .................................................................................................. 34
2.2. Webmin Configuration Menu, IP Access Control .................................................................... 34
2.3. Webmin Configuration Menu, Ports and Addresses ............................................................... 35
2.4. Webmin Configuration Menu, Change Help Server ................................................................ 36
2.5. Webmin Configuration Menu, Logging ................................................................................... 36
2.6. Webmin Configuration Menu, Authentication .......................................................................... 37
2.7. Webmin Events Log ............................................................................................................... 38
3.1. Webmin users menu ............................................................................................................... 40
3.2. Edit Webmin User Menu ........................................................................................................ 41
3.3. Current login sessions menu .................................................................................................. 42
3.4. Password Restrictions Menu .................................................................................................. 42
4.1. Bootup and Shutdown, Part 1 ................................................................................................ 45
4.2. Bootup and Shutdown, Part 2 ................................................................................................ 46
4.3. System Menu Change Password Command .......................................................................... 46
4.4. Scheduled Commands ............................................................................................................ 47
4.5. Scheduled Commands Displaying a Command ..................................................................... 47
4.6. Webmin Scheduled Cron Jobs ............................................................................................... 47
4.7. Creating a Cron Job ............................................................................................................... 48
4.8. Scheduled Cron Jobs menu displaying cron jobs ................................................................... 48
4.9. System Hostname ................................................................................................................... 49
4.10. System Time ......................................................................................................................... 49
5.1. Network Configuration Menu .................................................................................................. 50
5.2. Core Networking Settings ....................................................................................................... 51
5.3. Dummy Interface ..................................................................................................................... 52
5.4. Static Routes .......................................................................................................................... 53
5.5. Static Multicast Routing .......................................................................................................... 55
5.6. DNS Client .............................................................................................................................. 55
5.7. Host Addresses ...................................................................................................................... 56
5.8. End To End Backup Example ................................................................................................ 57
5.9. End To End Backup ............................................................................................................... 58
6.1. Ethernet Menu ........................................................................................................................ 61
6.2. Current and Boot Time Ethernet Configuration ...................................................................... 62
Revision 1.14.3 12 RX1000/RX1100™
RuggedRouter®
6.3. Editing a Network Interface .................................................................................................... 62
6.4. Creating a Virtual Lan Interface .............................................................................................. 63
6.5. Editing a Boot Time Interface ................................................................................................. 63
6.6. Creating an Ethernet Bridge ................................................................................................... 64
6.7. List PPPoE Interfaces ............................................................................................................. 65
6.8. Editing a PPPoE Interface ...................................................................................................... 65
6.9. Display PPP Logs ................................................................................................................... 66
7.1. T1/E1 Trunks And Interfaces .................................................................................................. 68
7.2. T1/E1 Network Interfaces Initial Configuration ....................................................................... 69
7.3. T1/E1 Network Interfaces After Channel Creation .................................................................. 69
7.4. T1/E1 Network Interfaces After Interface Creation ................................................................. 70
7.5. Edit T1 Interface ..................................................................................................................... 71
7.6. Editing A Logical Interface (Frame Relay) .............................................................................. 72
7.7. Edit Logical Interface (PPP) ................................................................................................... 73
7.8. T1/E1 Link Statistics ............................................................................................................... 74
7.9. Frame Relay Statistics ............................................................................................................ 75
7.10. PPP Link Statistics ............................................................................................................... 76
7.11. T1/E1 Loopback Menu .......................................................................................................... 77
7.12. T1/E1 Loopback .................................................................................................................... 77
8.1. T3/E3 Trunks And Interfaces .................................................................................................. 80
8.2. T3/E3 Network Interface Initial Configuration ......................................................................... 80
8.3. T3/E3 Network Interface With Logical Interfaces .................................................................... 81
8.4. Edit T3 Interface ..................................................................................................................... 81
8.5. Edit E3 Interface ..................................................................................................................... 82
8.6. Creating a Frame Relay Logical Interface .............................................................................. 82
8.7. Edit Logical Interface (Frame Relay) ...................................................................................... 83
8.8. Edit Logical Interface (PPP) ................................................................................................... 83
9.1. DDS Trunks And Interfaces .................................................................................................... 85
9.2. DDS WAN Interfaces .............................................................................................................. 86
9.3. DDS WAN Interfaces after logical interface assignment ........................................................ 86
9.4. Edit Logical Interface (Frame Relay), single DLCI ................................................................. 87
9.5. Edit Logical Interface (Frame Relay), multiple DLCIs ............................................................. 87
9.6. Edit Logical Interface (PPP) ................................................................................................... 88
9.7. DDS Link Statistics ................................................................................................................. 89
10.1. T1/E1 WAN Interfaces .......................................................................................................... 92
10.2. Edit MLPPP Logical Interface Menu ..................................................................................... 92
10.3. MLPPP Link Statistics .......................................................................................................... 93
11.1. ADSL Interfaces .................................................................................................................... 96
11.2. ADSL WAN Interfaces .......................................................................................................... 96
11.3. Edit Logical Interface (PPPoE) ............................................................................................. 97
11.4. Edit Logical Interface (Bridged) ............................................................................................ 98
11.5. ADSL Link Statistics ............................................................................................................. 99
12.1. Modem Configuration Main Menu ....................................................................................... 101
12.2. Edit Internal Modem Configuration ..................................................................................... 102
12.3. Edit External Modem Configuration .................................................................................... 102
12.4. Modem PPP Client Connections ........................................................................................ 104
12.5. Configure Modem PPP Client ............................................................................................. 105
12.6. Configure Modem PPP Server ........................................................................................... 106
12.7. Add Routes for PPP User .................................................................................................. 107
Revision 1.14.3 13 RX1000/RX1100™
RuggedRouter®
12.8. Incoming Call Logs ............................................................................................................. 108
12.9. PPP Logs ............................................................................................................................ 108
12.10. PPP Connection Logs ....................................................................................................... 109
13.1. Cellular Modem Interface .................................................................................................... 111
13.2. Cellular Modem Interface (CDMA modem not yet activated) .............................................. 111
13.3. Over The Air Account Activation ........................................................................................ 112
13.4. Manual Account Activation ................................................................................................. 113
13.5. Cellular Modem Configuration (with an Edge/GPRS modem) ............................................ 114
13.6. Cellular Modem Status (HSPA/GPRS) ............................................................................... 115
13.7. Cellular Modem Status (CDMA) ......................................................................................... 116
13.8. Modem PPP Client Connections ........................................................................................ 116
13.9. Configure Modem PPP Client ............................................................................................. 117
14.1. Starting Shorewall Firewall Menu ....................................................................................... 126
14.2. Shorewall Firewall Menu ..................................................................................................... 127
14.3. Firewall Network Zones ...................................................................................................... 128
14.4. Firewall Network Interfaces ................................................................................................ 129
14.5. Editing Network Interface's Firewall Settings ...................................................................... 129
14.6. Firewall Zone Hosts ............................................................................................................ 131
14.7. Firewall Default Policies ...................................................................................................... 131
14.8. Editing A Firewall Default Policy ......................................................................................... 132
14.9. Firewall Masquerading And SNAT ...................................................................................... 132
14.10. Editing A Masquerading Rule ........................................................................................... 132
14.11. Firewall Rules ................................................................................................................... 133
14.12. Editing A Firewall Rule ..................................................................................................... 133
14.13. Static NAT ......................................................................................................................... 134
14.14. Creating a Static NAT Entry ............................................................................................. 135
14.15. Actions When Stopped ..................................................................................................... 135
15.1. TC Interfaces ...................................................................................................................... 138
15.2. Edit TC Interface ................................................................................................................. 139
15.3. TC Classes ......................................................................................................................... 139
15.4. Edit TC Classes .................................................................................................................. 140
15.5. TC Rules ............................................................................................................................. 141
15.6. Edit TC Rule ....................................................................................................................... 142
16.1. IPsec VPN Configuration Menu Before Key Generation ..................................................... 147
16.2. IPsec VPN Configuration Menu Before After Generation ................................................... 148
16.3. IPsec VPN Configuration After Connections Have Been Created ...................................... 149
16.4. Server Configuration ........................................................................................................... 149
16.5. L2TPD Configuration Menu ................................................................................................ 150
16.6. Show Public Key ................................................................................................................. 151
16.7. Pre-shared Keys ................................................................................................................. 151
16.8. List Certificates ................................................................................................................... 151
16.9. Editing A VPN Connection, Part 1 ...................................................................................... 152
16.10. Editing A VPN Connection, Part 2 .................................................................................... 154
16.11. IPSec X.509 Roaming Client Example ............................................................................. 156
17.1. OSPF and VRRP Example ................................................................................................. 164
17.2. Dynamic Routing Main Menu ............................................................................................. 165
17.3. Dynamic Protocol Enable Menu ......................................................................................... 166
17.4. Core Menu .......................................................................................................................... 166
17.5. Core Global Parameters ..................................................................................................... 166
Revision 1.14.3 14 RX1000/RX1100™
RuggedRouter®
17.6. Core Interface Parameters ................................................................................................. 167
17.7. BGP Main Configuration Menu ........................................................................................... 167
17.8. BGP Global Parameter Menu ............................................................................................. 168
17.9. BGP Networks Menu .......................................................................................................... 170
17.10. BGP Network Neighbor Configuration Menu .................................................................... 171
17.11. BGP Status Display .......................................................................................................... 172
17.12. View BGP Configuration Menu ......................................................................................... 173
17.13. OSPF Menu ...................................................................................................................... 173
17.14. OSPF Global Parameters ................................................................................................. 174
17.15. OSPF Interfaces ............................................................................................................... 176
17.16. Network Areas .................................................................................................................. 177
17.17. RIP Menu .......................................................................................................................... 177
17.18. RIP Global Parameters ..................................................................................................... 178
17.19. RIP Interfaces ................................................................................................................... 180
17.20. RIP Networks .................................................................................................................... 181
18.1. Link Backup Example ......................................................................................................... 183
18.2. Link Backup Main Menu ..................................................................................................... 183
18.3. Link Backup Configurations ................................................................................................ 184
18.4. Edit Link Backup Configuration .......................................................................................... 184
18.5. Link Backup Log ................................................................................................................. 185
18.6. Link Backup Status ............................................................................................................. 186
18.7. Test Link Backup ................................................................................................................ 186
19.1. VRRP Example ................................................................................................................... 190
19.2. VRRP Group Example ........................................................................................................ 191
19.3. VRRP Main Menu ............................................................................................................... 192
19.4. VRRP Configuration Menu ................................................................................................. 192
19.5. VRRP Instance ................................................................................................................... 193
19.6. VRRP Group ....................................................................................................................... 194
19.7. VRRP Instances Status ...................................................................................................... 194
20.1. Traffic Prioritization Main Menu .......................................................................................... 199
20.2. Interface Prioritization Menu ............................................................................................... 200
20.3. Prioritization Queue Configuration ...................................................................................... 200
20.4. Prioritization Filter Configuration ......................................................................................... 201
20.5. Prioritization Statistics ......................................................................................................... 202
21.1. LLDP Summary Display ...................................................................................................... 203
22.1. GRE Example ..................................................................................................................... 204
22.2. GRE Main Menu ................................................................................................................. 205
22.3. GRE Tunnel Configuration Menu ........................................................................................ 205
23.1. Network Utilities Main Menu ............................................................................................... 207
23.2. Ping Menu ........................................................................................................................... 208
23.3. Ping Check Menu ............................................................................................................... 208
23.4. Ping Check Edit Menu ........................................................................................................ 209
23.5. Traceroute Menu ................................................................................................................. 209
23.6. Host Menu .......................................................................................................................... 210
23.7. Tcpdump Menu ................................................................................................................... 211
23.8. Frame Relay Trace Menu ................................................................................................... 212
23.9. Serial Server Port Trace Menu ........................................................................................... 212
23.10. Interface Statistics Menu .................................................................................................. 213
23.11. Current Routing & Interface Table .................................................................................... 213
Revision 1.14.3 15 RX1000/RX1100™
RuggedRouter®
24.1. Sources of Delay and Error in an End to End Exchange ................................................... 220
24.2. Serial Protocols Server Main Menu .................................................................................... 222
24.3. Assign Protocols Menu ....................................................................................................... 223
24.4. Port Settings Menu ............................................................................................................. 223
24.5. Raw Socket Menu .............................................................................................................. 224
24.6. TcpModbus Menu ............................................................................................................... 224
24.7. DNP Settings ...................................................................................................................... 225
24.8. DNP Device Table Settings ................................................................................................ 226
24.9. Serial Protocols Statistics Menu ......................................................................................... 227
24.10. Serial Protocols Trace Menu ............................................................................................ 228
25.1. Synchronous Serial Main Menu .......................................................................................... 231
25.2. Synchronous Port Settings Menu ....................................................................................... 231
25.3. Edit Synchronous Serial Port Parameters .......................................................................... 232
25.4. Edit Synchronous Serial Raw Socket Parameters .............................................................. 232
26.1. Layer 2 Tunnels Main Menu ............................................................................................... 236
26.2. General Configuration Menu ............................................................................................... 237
26.3. GOOSE Menu ..................................................................................................................... 237
26.4. GOOSE Menu ..................................................................................................................... 238
26.5. Generic L2 Tunnels Menu .................................................................................................. 238
26.6. Create an L2 Tunnel ........................................................................................................... 238
26.7. Edit Generic L2 Tunnel ....................................................................................................... 239
26.8. GOOSE Statistics Menu ..................................................................................................... 240
26.9. Generic L2 Statistics Menu ................................................................................................. 241
26.10. Activity Trace Menu .......................................................................................................... 242
27.1. DHCP Server Menu ............................................................................................................ 249
27.2. DHCP Shared Network Configuration ................................................................................ 250
27.3. DHCP Subnet Configuration ............................................................................................... 251
27.4. DHCP Group Configuration ................................................................................................ 252
27.5. DHCP Host Configuration ................................................................................................... 252
27.6. DHCP Pool Configuration ................................................................................................... 253
28.1. DHCP Relay Configuration ................................................................................................. 254
29.1. NTP Server ......................................................................................................................... 257
29.2. NTP Generic Options .......................................................................................................... 258
29.3. NTP Server List .................................................................................................................. 258
29.4. NTP Status ......................................................................................................................... 259
29.5. NTP Log .............................................................................................................................. 260
29.6. GPS Status ......................................................................................................................... 261
29.7. GPS Log ............................................................................................................................. 261
30.1. SSH Server ......................................................................................................................... 263
30.2. SSH Server Authentication Menu ....................................................................................... 263
30.3. SSH Server Networking ...................................................................................................... 264
30.4. SSH Server Access Control ............................................................................................... 264
31.1. Telnet Server Configuration Main Menu ............................................................................. 266
32.1. IRIGB/1588 Main Menu ...................................................................................................... 271
32.2. IRIGB/IEEE1588 General Configuration menu ................................................................... 271
32.3. IRIGB Configuration menu .................................................................................................. 271
32.4. IEEE1588 Configuration Menu ........................................................................................... 272
32.5. IRIGB GPS Status .............................................................................................................. 273
32.6. IEEE1588 Status ................................................................................................................. 273
Revision 1.14.3 16 RX1000/RX1100™
RuggedRouter®
32.7. IRIGB GPS Status .............................................................................................................. 274
33.1. Snort Main Menu part 1 ...................................................................................................... 276
33.2. Snort Main Menu part 2 ...................................................................................................... 277
33.3. Snort Main Menu part 3 ...................................................................................................... 277
33.4. Snort Ruleset Edit ............................................................................................................... 277
33.5. Snort Network Settings ....................................................................................................... 278
33.6. Snort Preprocessors ........................................................................................................... 279
33.7. Snort Alerts ......................................................................................................................... 279
34.1. Alert Main Menu ................................................................................................................. 281
34.2. Alert Configuration Menu .................................................................................................... 282
34.3. Alert Filter Configuration Menu ........................................................................................... 282
34.4. Alert Definition Configuration Menu .................................................................................... 283
34.5. Change Alert Definition Menu ............................................................................................. 284
34.6. Industrial Defender Agent Configuration ............................................................................. 286
34.7. Industrial Defender Configuration – IP addresses saved .................................................... 287
34.8. Industrial Defender Configuration - key obtained ............................................................... 287
34.9. Access Manager's Secure Access Portal Status ................................................................ 291
34.10. System Backup And Restore ............................................................................................ 291
34.11. Backup and Restore General Configuration ..................................................................... 292
34.12. Configuration Rollback menu ............................................................................................ 293
34.13. Ethernet main menu while Configuration Rollback is active ............................................. 294
34.14. Configuration Rollback menu ready to accept changes .................................................... 294
34.15. Archive History .................................................................................................................. 295
34.16. Archive Backup ................................................................................................................. 296
34.17. Archive Backup, Complete ............................................................................................... 296
34.18. Archive Restore Menu ...................................................................................................... 297
34.19. Start Restore ..................................................................................................................... 297
34.20. Archive Differences Menu ................................................................................................. 298
34.21. Archive Differences List .................................................................................................... 298
34.22. Show Difference for selected file between two targets ..................................................... 299
34.23. SNMP Main Configuration Menu ...................................................................................... 300
34.24. System Configuration Menu .............................................................................................. 300
34.25. Network Addressing Configuration Menu, Client Address ................................................ 301
34.26. Network Addressing Configuration Menu, Addresses to listen on .................................... 301
34.27. Access Control Menu, SNMP V1 and V2c ....................................................................... 301
34.28. Access Control Menu, SNMP V3 ...................................................................................... 302
34.29. Trap Configuration Menu, Trap Options ........................................................................... 303
34.30. Trap Destinations V1 and V2c .......................................................................................... 303
34.31. Trap Destinations V3 ........................................................................................................ 304
34.32. RADIUS Authentication Main Menu .................................................................................. 307
34.33. RADIUS Authentication Server Parameters ...................................................................... 307
34.34. Outgoing Mail .................................................................................................................... 308
34.35. Chassis Parameters Menu ............................................................................................... 309
34.36. PoE pinout on 10/100BaseT ports .................................................................................... 310
34.37. Power over Ethernet Menu ............................................................................................... 310
34.38. Banner Configuration Menu .............................................................................................. 311
34.39. Webmin Banner Configuration Fields ............................................................................... 312
34.40. System Logs ..................................................................................................................... 313
34.41. Changing a Syslog entry to log remotely .......................................................................... 315
Revision 1.14.3 17 RX1000/RX1100™
RuggedRouter®
34.42. Software Upgrade System ................................................................................................ 316
34.43. Upgrade to RX1100 .......................................................................................................... 317
34.44. Change Repository Server ............................................................................................... 317
34.45. Upgrading All Packages ................................................................................................... 318
34.46. Installing A New Package ................................................................................................. 319
34.47. Upload/Download menu .................................................................................................... 320
B.1. Bootloader Menu .................................................................................................................. 327
B.2. Re-flashing prompt ............................................................................................................... 327
C.1. Apache Default Web Page ................................................................................................... 328
D.1. Installing IIS .......................................................................................................................... 329
E.1. IAS Window - Edit Remote Access Policy ........................................................................... 333
E.2. IAS Window - Edit Profile ..................................................................................................... 333
E.3. IAS Window - Add Attribute ................................................................................................. 334
E.4. IAS Window - Multivalued Attribute Information ................................................................... 334
E.5. IAS Window - Vendor-Specific Attribute Information ............................................................ 335
E.6. IAS Window - Configure VSA (RFC compliant) ................................................................... 335
E.7. Active Directory - User Account Properties .......................................................................... 336
Revision 1.14.3 18 RX1000/RX1100™
About this User Guide
About this User Guide
The aim of this user guide is to provide a reference and to aid in the configuration and operation of the
RuggedRouter® using the RuggedCom command line, setup menu and web management interfaces.
Specifically, this guide details aspects of:
• Accessing the user interfaces
• Configuring the router
• Security
• Status determination
• Performance measurement
• Uploading and downloading files
• Dealing with alarms
This guide also details operation of the RX1100 security appliance.
This guide is intended solely for the purpose of familiarizing the reader with the ways that the
RuggedRouter can be used to support routing over Ethernet, T1/E1, T3 ADSL, DDS and Frame Relay
as well as act as a Serial server and time synchronization device.
Applicable Firmware Revision
This guide is applicable to ROX software revision 1.14.3.
Who Should Use This User Guide
This guide is to be used by network technical support personnel who are familiar with the operation
of networks. Others who might find the book useful are network and system planners, system
programmers and line technicians.
How To Use This User Guide
Each chapter has been prepared with a feature description, an application section and a description
of the default mode of operation. It is recommended that you use this guide along with the following
applicable documents.
1. RuggedRouter® Installation Guide
2. Rugged MediaConverter Installation Guide
3. RuggedCom Fiber Guide
4. Industrial Defender Access Manager User Manual
5. Industrial Defender Access Client User Manual
6. Industrial Defender Access Manager System Installation Manual
Document Conventions
This publication uses the following conventions:
Revision 1.14.3 19 RX1000/RX1100™
About this User Guide
Note
Means reader take note. Notes contain helpful suggestions or references to materials not
contained in this guide.
Helpful Hint
This type of note indicates useful shortcuts or methods employed by other RuggedCom
customers.
Quick Start Recommendations
The following description is included to aid those users experienced with communications equipment
that may wish to attempt to configure the router without fully reading the guide.
1. Locate/mount the chassis in its final resting place and apply power.
2. The router can be configured through its web management interface, or for advanced users,
through ssh. The default Ethernet addresses for ports one through four are 192.168.1.1
through 192.168.4.1. Two shell accounts, rrsetup and root, are provided. Both accounts have a
default password of “admin”. The web management interface uses the root account password.
The rrsetup account provides a shell that configures such items as passwords, addresses,
date/time and services offered by the router. The root account provides a full shell.
3. Attach a PC running terminal emulation software to the RS232 port and apply power to the
chassis (default baud rate, data bits, parity - “38400 8 n 1”, no hardware/software flow control).
Set the terminal type to VT100. Press ENTER to obtain a login prompt.
Initial Configuration Before Attaching To The Network
4. Login as the rrsetup user with password “admin”.
5. Change the root and rrsetup passwords from the shell. Record the passwords in
a secure manner. If RADIUS authentication will be employed, configure at least one
authentication server address.
6. Configure the router’s hostname, IP address, subnet mask, and gateway addresses for the
built-in Ethernet ports.
7. For an RX1100 router, the Gauntlet Security application may be configured with the
passphrase allocated to the network the network address of the Command and Control Center
(CCC). Note that you must also configure and activate the firewall before using the Gauntlet.
8. Ensure that the date, time and timezone fields are correctly set.
9. If Web or SSH services will not be used, these can be disabled from the setup shell.
10. All further configuration is accomplished through the web management interface. Attach
the configuring host to one of the Ethernet ports configured above. Point your web
browser at the address for that port, use https and specify a port number of 10000, e.g.
https://192.168.1.1:10000 (or otherwise if configured in step 4). Login with the root user and
password (configured above). If RADIUS authentication is configured and a server is available,
you may also login via a RADIUS user.
Revision 1.14.3 20 RX1000/RX1100™
About this User Guide
Basic Web Based Configuration
11. Change the router password from the System menu, Change Password sub-menu.
12. If you are using the web management interface you may wish to restrict the allowed users to a
specific subnet. This can be done in the Webmin menu, Webmin Configuration, IP Access
Control sub-menu.
13. If you are planning to SSH in to the router you may wish to restrict the allowed users to a
specific subnet. This can be done in the Servers menu, SSH Server, Networking sub-menu.
14. The router's local hostname may configured in the System Menu, System Hostname sub-
menu.
15. The router may be configured to log to a remote server by the Maintenance menu, System
Logs sub-menu. See the chapter “Maintaining The Router” for more details.
16. The router's DNS settings may configured in the DNS Clients sub-menu. You may also specify
the IP addresses of frequently used hosts. See the chapter “Configuring Networking” for more
details.
Physical Interface Related
17. Ethernet port parameters may be changed in the Networking menu, Ethernet sub-menu.
The Ethernet Interfaces sub-menu will configure the IP address, subnet mask, gateway
address, proxy arping and media type of each interface. See the chapter “Configuring Ethernet
Interfaces” for more details.
18. If your router is equipped with T1/E1 WAN interfaces, the Networking menu, T1/E1 sub-
menu will allow you to configure them with Frame Relay or PPP connections. See the chapter
“Configuring Frame Relay/PPP And T1/E1” for more details.
19. If your router is equipped with T3 WAN interfaces, the Networking menu, T3 sub-menu
will allow you to configure them with Frame Relay or PPP connections. See the chapter
“Configuring Frame Relay/PPP And T3” for more details.
20. If your router is equipped with DDS interfaces, the Networking menu, DDS sub-menu
will allow you to configure them with Frame Relay or PPP connections. See the chapter
“Configuring Frame Relay/PPP And DDS” for more details.
21. If your router is equipped with ADSL interfaces, the Networking menu, ADSL sub-menu will
allow you to configure them. See the chapter “Configuring PPPoE On ADSL” for more details.
If you wish to use PPPOE with an external ADSL modem, the Networking menu, Ethernet
sub-menu will configure it.
22. If your router is equipped with an embedded modem, the Networking menu, Modem sub-
menu will allow you to configure it with PPP or incoming console connections. See the chapter
“Configuring PPP And Modem” for more details.
23. If your router is equipped with Serial Interfaces, the Servers menu, Serial Protocols sub-
menu will allow you to configure them with an operating protocol. See the chapter “Configuring
Serial Protocols” for more details.
24. If your router is equipped with a Precision Time Protocol Card, the Servers menu, IRIGB sub-
menu will allow you to enable and configure its output ports. See the chapter “Configuring
IRIGB” for more details.
Revision 1.14.3 21 RX1000/RX1100™
About this User Guide
Additional Configuration
25. You may wish to configure a backup interface to use in the event of a failure of your default
gateway interface. This can be done in the Networking menu, Network Configuration, End
To End Backup sub-menu.
26. If you are planning to connect your router to the Internet, configure the firewall and then
activate it. This can be done in the Networking menu, Shorewall Firewall sub-menu.
27. The router provides a default event logging configuration. You can modify this configuration
through the Maintenance menu, System Logs sub-menu. Remote logging can be activated
here.
28. The routers SSH and Web Management interfaces are enabled by default. The routers
DHCP server, IPsec VPN server, NTP server, OSPF/RIP protocol, VRRP protocol and firewall
are disabled by default. To changes these services visit the System menu, Bootup and
Shutdown sub-menu.
29. You can install static IP and Multicast routings for Ethernet and WAN interfaces via
the Networking menu, Network Configuration, Routing and Default Route and Static
Multicast Routing sub-menus.
30. You can configure the NTP server through the Servers menu, NTP Server sub-menu. See
the chapter “Configuring NTP” for more details.
31. You can configure SSH through the Servers menu, SSH Server sub-menu. SSH can be set-
up to issue a login banner from this menu. See the chapter “Configuring SSH” for more details.
32. Traffic prioritization can be configured on the network interfaces through the Networking
menu, Traffic Prioritization sub-menu.. See the chapter “Traffic Prioritization” for more
details.
33. SNMP is disabled by default. You can configure SNMP by following the instructions in the
Appendix on SNMP. You may allow read and write access, set community names, enable
traps and program the router to issue traps with a specific client address.
34. If your router is an RX1100 you may configure and activate the Snort Intrusion Detection
system and the Gauntlet Security Appliance. If you decide to forward daily email summaries
you must configure a mail forwarder in the Maintenance menu Miscellaneous sub-menu
Outgoing Mail sub-menu.
35. When your routers configuration is stable, it is recommended that the configuration should
be uploaded from the router and stored as a backup. The Maintenance menu Backup And
Restore sub-menu will be useful.
36. Should you need to transfer files to or from the router, the Maintenance menu Upload/
Download Files sub-menu will be useful.
37. Further concerns such as ensuring robustness, measuring and optimizing performance are
dealt with by reading the guide fully.
Revision 1.14.3 22 RX1000/RX1100™
1. Setting Up And Administering The Router
1. Setting Up And Administering The Router
1.1. Introduction
This chapter familiarizes the user with the RuggedCom Serial Console interface, the RuggedRouter
Setup script and signing on to the Web interface. This chapter describes the following procedures:
• Running the Setup Script
• Signing on the Web Interface
• Signing on to the Command Prompt
• Restoring the default configuration
1.1.1. Access Methods
You can access the router through the console, Ethernet ports, WAN ports and the modem port.
1.1.2. Accounts And Password Management
The router provides an "rrsetup" account which provides a shell that quickly configures such items as
passwords, addresses, date/time and services offered by the router. It is very useful to sign-in to this
shell first, harden the router, and configure network addresses in order that the router be reachable
from the network through Web Management.
Note
The rrsetup password should be changed, recorded securely and restricted to qualified personnel.
The root account provides a superuser capability for SSH shell access and the Web server.
Note
The root password should be changed, recorded securely and restricted to qualified personnel.
The root and rrsetup accounts may be also be managed through RADIUS authentication.
The Web management agent can be accessed through the root account. It may also be accessed
through a number of RADIUS accounts via RADIUS authentication. This offers the advantage of
attributing actions in logs to the specific user, as opposed to the root user.
1.1.3. Default Configuration
Your RuggedRouter is shipped from the factory with the following defaults:
• Ethernet ports are enabled and have an address of 192.168.X.1 where X is the port number,
• WAN and modem ports are disabled,
• IRIG-B output ports are disabled,
• Setup account "rrsetup", password "admin",
Revision 1.14.3 23 RX1000/RX1100™
1. Setting Up And Administering The Router
• Superuser account "root", password "admin",
• SSH and Web Management interfaces are enabled by default. All other services (including
Serial Protocol Server, DHCP server, NTP server, End to End Backup Server, VPN Server,
NFS, OSPF/RIP protocol and firewall) are disabled by default.
1.2. Accessing The RuggedRouter Command Prompt
1.2.1. From the Console Port
Attach a terminal (or PC running terminal emulation software) to the RS232 port on the rear of the
chassis. The terminal should be configured for 8 bits, no parity operation at 38.4 Kbps. Hardware and
software flow control must be disabled. Select a terminal type of VT100.
Once the terminal is connected, pressing <CR> will prompt for the user to login as and that user's
password. Sign-in as either the rrsetup or root user. The router is shipped with default passwords of
"admin" for either of these accounts.
1.2.2. From SSH
Use an SSH agent running the version 2 protocol. SSH to either the rrsetup or root accounts of the
router at one of its IP addresses described above. The router is shipped with default passwords of
"admin" for either of these accounts.
1.3. The RuggedRouter Setup Shell
Signing-in as the rrsetup user will automatically enter the configuration shell shown below. Quitting
the shell (with cancel, or by entering escape) will cause the connection to close.
Figure 1.1. RuggedRouter Setup Main Menu
The shell provides a number of configuration commands, described below.
Revision 1.14.3 24 RX1000/RX1100™
1. Setting Up And Administering The Router
1.3.1. Configuring Passwords
The Change Passwords command changes the rrsetup and root account passwords. These
passwords should be changed before installing the router on the network.
Figure 1.2. RuggedRouter Setup Password Change Menu
1.3.2. Configuring IP Address Information
The Change Port IP Address command configures port IP addresses and gateways.
Figure 1.3. RuggedRouter Interfaces Setup Menu
Each port number X has a default address of 192.168.X.1 and a mask of 255.255.255.0.
The Configure Default Gateway Settings command configures the default gateway.
The Configure DNS Client Settings command configures the DNS server address. If the router is
part of a domain, enter the domain name in the Search Domain field.
Figure 1.4. RuggedRouter DNS Client Menu
Revision 1.14.3 25 RX1000/RX1100™
1. Setting Up And Administering The Router
1.3.3. Setting The Hostname and Domain
The Set Hostname command sets the hostname and the domain.
Figure 1.5. Hostname and Domain Configuration Menu
1.3.4. Configuring RADIUS Authentication
The Set RADIUS Authentication command configures the address of a RADIUS server, if one is
available.
Figure 1.6. RADIUS Server Configuration menu
The Hostname/IP field configures the RADIUS server's IP address.
The Port Number field sets the port number used by the RADIUS server. The default port for RADIUS
is 1812.
The Shared Secret field configures a unique password used to authenticate communications with
this server. Note that the shared secret must also be configured on the RADIUS server for the router
being configured.
The Timeout field sets the maximum time in seconds to wait for responses from the RADIUS server
before aborting a transaction.
The entry, created for both LOGIN and PPP Login, can be changed from the web interface.
1.3.5. Enabling And Disabling The SSH and Web Server
By default SSH and Web Management are enabled. The Disable SSH and Disable Web
Management commands allows these services to be disabled. The servers will be immediately
Revision 1.14.3 26 RX1000/RX1100™
1. Setting Up And Administering The Router
stopped. If access to the shell has been made through ssh the session will continue, but no new
sessions will be allowed.
Upon disabling the services, the titles in the main menu will change to Enable SSH and Enable Web
Management to reflect the disabled state. Enabling a service automatically restarts it.
1.3.6. Enabling And Disabling The Gauntlet Security Appliance
The Gauntlet security Appliance requires a pass phrase unique to your network. This menu will
configure it.
Figure 1.7. Gauntlet Setup Menu
1.3.7. Configuring The Date, Time And Timezone
The Set The Date, Time And Timezone command allows these parameters to be set.
Figure 1.8. RuggedRouter Date/Time/Timezone Menu
Once set, the router will account for Daylight Savings time.
1.3.8. Displaying Hardware Information
The Display Hardware Information command describes commissioned hardware.
Revision 1.14.3 27 RX1000/RX1100™
1. Setting Up And Administering The Router
Figure 1.9. RuggedRouter Hardware Information Menu
1.3.9. Restoring A Configuration
The Restore A Previous Configuration command provides a means to restore a previously taken
snapshot of the configuration of the router.
Note
The router will reboot immediately after restoring configuration.
The user is first prompted to select either the factory default configuration or a previously made
archive.
Note
Restoring the factory defaults will reset IP addresses and may make the router impossible to reach
from the network.
Revision 1.14.3 28 RX1000/RX1100™
1. Setting Up And Administering The Router
Figure 1.10. Selecting a configuration to reload
Initially, your RuggedRouter will have no previously saved configurations. The factory defaults will
always be available.
Once a configuration is selected the archive will be restored. After the configuration is restored, the
router will reboot immediately.
Figure 1.11. Selecting a previously made configuration
1.4. The RuggedRouter Web Interface
The RuggedCom Web interface is provided by an enhanced version of the popular Webmin interface.
1.4.1. Using a Web Browser to Access the Web Interface
Start a web browser session and open a connection to the router by entering a URL that specifies its
hostname or IP address (e.g. h ttps://179.1.0.45:10000). Once the router is contacted, start the login
process by clicking on the Login link. The resulting page should be similar to that presented below.
Enter the "root" user name and the appropriate password for that user, then click on the Login button.
The router is shipped with a default administrator password of "admin". Once successfully logged in,
the user will be presented with the main menu.
Revision 1.14.3 29 RX1000/RX1100™
1. Setting Up And Administering The Router
Figure 1.12. Signing On To The Router With A Web Browser
1.4.2. SSL Certificate Warnings
Your browser may complain about the SSL certificate that Webmin issues.
This happens because the default SSL certificate that comes with Webmin is not issued by a
recognized certificate authority. From a security point of view, this makes the certificate less secure
because an attacker could theoretically redirect traffic from your server to another machine without
you knowing, which is normally impossible if using a proper SSL certificate.
Network traffic is still encrypted though, so you are safe against attackers who are just listening in
on your network connection.
If you are initiating the connection to the router, and your network is private, a VPN or firewalled, it
should be safe to have your browser permanently accept the certificate.
If you want to be really sure that the Webmin server you are connecting to is really your own, the only
solution is to order a certificate from an authority like Verisign that is associated with your router's
hostname and will be recognized by web browsers.
1.4.3. The Structure of the Web Interface
The Web interface presents an web page with two frames. The leftmost or index frame selects
subsystems to configure and is always displayed.
The rightmost or configuration frame presents the configuration for the currently selected subsystem,
or in the case of signing-on, the home page window. The home page window presents an annotated
view of the front of the chassis as well as a number of important system parameters. These parameters
include:
• The router uptime and load averages for the past 1, 5 and 15 minutes. Under normal operation
the load average should be less than 2.0.
• The disk usage. A disk usage higher than 92% requires attention.
• The memory usage, indicating the amount of memory used by applications. Under normal
operation memory usage should be less than 60%.
• The chassis temperature.
• Any major alarms, such as the failure of hardware components.
Revision 1.14.3 30 RX1000/RX1100™
Loading...